Analysis: http://blog.malwaremustdie.org/2016/01/ ... ndows.html
Samples:
https://www.virustotal.com/en/file/4074 ... 451976226/
https://www.virustotal.com/en/file/01a4 ... /analysis/
Linux/DDOSTF
4 posts
• Page 1 of 1
Linux/DDOSTF
by unixfreaxjp » Tue Jan 05, 2016 7:01 am
You do not have the required permissions to view the files attached to this post.
- unixfreaxjp
- Posts: 501
- Joined: Thu Apr 12, 2012 4:53 pm
- Reputation point: 89
Re: Linux/DDOSTF
by unixfreaxjp » Tue Jan 05, 2016 5:54 pm
Older version was spotted in virus total, thanks to Michal Malik for informing.
Sample: https://www.virustotal.com/en/file/98a0 ... /analysis/
Added new comment for older version and hidden cnc http://blog.malwaremustdie.org/2016/01/ ... tml#oldver
cnc:
Sample: https://www.virustotal.com/en/file/98a0 ... /analysis/
Added new comment for older version and hidden cnc http://blog.malwaremustdie.org/2016/01/ ... tml#oldver
cnc:
- Code: Select all
(hostname basis) balei.f3322.org, port: 6666
{
"ip": "222.186.34.143",
"city": "Nanjing",
"region": "Jiangsu Sheng",
"country": "CN",
"org": "AS23650 AS Number for CHINANET jiangsu province backbone"
"prefix:" "222.186.34.0/23"
}
You do not have the required permissions to view the files attached to this post.
- unixfreaxjp
- Posts: 501
- Joined: Thu Apr 12, 2012 4:53 pm
- Reputation point: 89
Re: Linux/DDOSTF
by benkow_ » Tue Jan 12, 2016 7:49 am
2 sample ELF + 1 PE:
yummi: https://www.virustotal.com/fr/file/71f4 ... 452584836/
IP: https://www.virustotal.com/fr/file/33b6 ... 452584904/
8888.exe (infected by Ramnit): https://www.virustotal.com/fr/file/5707 ... 452584811/
Infection vector: Elasticsearch
attached
yummi: https://www.virustotal.com/fr/file/71f4 ... 452584836/
IP: https://www.virustotal.com/fr/file/33b6 ... 452584904/
8888.exe (infected by Ramnit): https://www.virustotal.com/fr/file/5707 ... 452584811/
Infection vector: Elasticsearch
attached
You do not have the required permissions to view the files attached to this post.
- benkow_
- Posts: 69
- Joined: Sat Jan 24, 2015 12:14 pm
- Reputation point: 41
Re: Linux/DDOSTF
by unixfreaxjp » Fri Apr 08, 2016 2:46 pm
Recent 2 ELF and 2 PE samples:
https://www.virustotal.com/en/file/d9d3 ... 460109289/
https://www.virustotal.com/en/file/c907 ... 460111745/
https://www.virustotal.com/en/file/4c56 ... 460115917/
https://www.virustotal.com/en/file/68a4 ... 460125835/
It's from this panel in Hongkong (On clean up now)
The typical loops used for attacks in the Win32 PE samples I reversed as below, can be used as indicator:
https://www.virustotal.com/en/file/d9d3 ... 460109289/
https://www.virustotal.com/en/file/c907 ... 460111745/
https://www.virustotal.com/en/file/4c56 ... 460115917/
https://www.virustotal.com/en/file/68a4 ... 460125835/
It's from this panel in Hongkong (On clean up now)
The typical loops used for attacks in the Win32 PE samples I reversed as below, can be used as indicator:
You do not have the required permissions to view the files attached to this post.
- unixfreaxjp
- Posts: 501
- Joined: Thu Apr 12, 2012 4:53 pm
- Reputation point: 89
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: Bing [Bot], Xylitol and 5 guests