Linux/.IptabLex|s

Forum for analysis and discussion about malware.
unixfreaxjp
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm

Linux/.IptabLex|s CNC tool in .NET (WinPE)

Post by unixfreaxjp » Sun Jul 19, 2015 7:33 am

IptabLes|x botnet CNC in WinPE, served IptabLes|x ELF malware bot clients
For many good details as reference, is written in http://blog.malwaremustdie.org/2015/07/ ... shock.html
Image
Thanks to benkow (credit) to helpo on "xxxx" THIS on CNC while I was deep in analysis.
MD5 (Control.exe) = "315d102f1f6b3c6298f6df31daf03dcd"
No client ELF shared here. Reason: has risk of Infected w/ELF Viruses, grab the md5 of them in analysis above but test risk are your own. rgds #MalwareMustDie
You do not have the required permissions to view the files attached to this post.

User avatar
fade
Posts: 10
Joined: Tue Jun 24, 2014 3:12 am

Re: Linux/.IptabLex|s

Post by fade » Sun Jul 19, 2015 11:20 pm

Where did you come across the controller?

unixfreaxjp
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm

Re: Linux/.IptabLex|s

Post by unixfreaxjp » Mon Jul 20, 2015 5:49 am

fade wrote:Where did you come across the controller?
Who are you, again?

Post Reply