Linux/DDOSTF

Forum for analysis and discussion about malware.

Linux/DDOSTF

Postby unixfreaxjp » Tue Jan 05, 2016 7:01 am

You do not have the required permissions to view the files attached to this post.
unixfreaxjp
 
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm
Reputation point: 89

Re: Linux/DDOSTF

Postby unixfreaxjp » Tue Jan 05, 2016 5:54 pm

Older version was spotted in virus total, thanks to Michal Malik for informing.
Sample: https://www.virustotal.com/en/file/98a0 ... /analysis/
Added new comment for older version and hidden cnc http://blog.malwaremustdie.org/2016/01/ ... tml#oldver
cnc:
Code: Select all
(hostname basis) balei.f3322.org, port: 6666
  {
  "ip": "222.186.34.143",
  "city": "Nanjing",
  "region": "Jiangsu Sheng",
  "country": "CN",
  "org": "AS23650 AS Number for CHINANET jiangsu province backbone"
  "prefix:" "222.186.34.0/23"
}
You do not have the required permissions to view the files attached to this post.
unixfreaxjp
 
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm
Reputation point: 89

Re: Linux/DDOSTF

Postby benkow_ » Tue Jan 12, 2016 7:49 am

You do not have the required permissions to view the files attached to this post.
benkow_
 
Posts: 69
Joined: Sat Jan 24, 2015 12:14 pm
Reputation point: 41

Re: Linux/DDOSTF

Postby unixfreaxjp » Fri Apr 08, 2016 2:46 pm

Recent 2 ELF and 2 PE samples:
https://www.virustotal.com/en/file/d9d3 ... 460109289/
https://www.virustotal.com/en/file/c907 ... 460111745/
https://www.virustotal.com/en/file/4c56 ... 460115917/
https://www.virustotal.com/en/file/68a4 ... 460125835/

It's from this panel in Hongkong (On clean up now)
Image

The typical loops used for attacks in the Win32 PE samples I reversed as below, can be used as indicator:
Image
You do not have the required permissions to view the files attached to this post.
unixfreaxjp
 
Posts: 501
Joined: Thu Apr 12, 2012 4:53 pm
Reputation point: 89


Return to Malware

Who is online

Users browsing this forum: Bing [Bot], Xylitol and 5 guests