A forum for reverse engineering, OS internals and malware analysis 

Search found 62 matches

 Go to advanced search

Re: Old osx worm "Niqtana"

 by tWiCe ¦  Thu Aug 03, 2017 2:36 pm ¦  Forum: Completed Malware Requests ¦  Topic: Old osx worm "Niqtana" ¦  Replies: 2 ¦  Views: 9960

Thanks!

Old osx worm "Niqtana"

 by tWiCe ¦  Mon Jun 26, 2017 10:04 am ¦  Forum: Completed Malware Requests ¦  Topic: Old osx worm "Niqtana" ¦  Replies: 2 ¦  Views: 9960

Hi all,

I'm interested in files of the old worm called "Niqtana" for OSX. Google doesn't help :/

As far as I understand it consists of several files? If so, it would be nice to get a full pack.

Re: Possibly OS/X Ransomware (File coder)

 by tWiCe ¦  Sat Jun 24, 2017 10:19 am ¦  Forum: Malware ¦  Topic: Possibly OS/X Ransomware (File coder) ¦  Replies: 5 ¦  Views: 14122

4.The malware will generate the key by creating a buffer with a size of 256 that contains [0-0x100] (like buffer[0]=0 buffer[1] = 1 etc) and swapping the value based on MAC Address. (I can't explain it well, english is not my native language. can someone explain this? hehe) It's initialization of R...

Re: Possibly OS/X Ransomware (File coder)

 by tWiCe ¦  Sat Jun 24, 2017 10:14 am ¦  Forum: Malware ¦  Topic: Possibly OS/X Ransomware (File coder) ¦  Replies: 5 ¦  Views: 14122

Seriously, stop call malware CTF tasks. This one is a binary task #4 of https://labyrenth.com CTF challenge 2017.

Re: Linux/FileCoder (Linux.Encoder)

 by tWiCe ¦  Thu May 18, 2017 7:13 pm ¦  Forum: Malware ¦  Topic: Linux/FileCoder (Linux.Encoder) ¦  Replies: 18 ¦  Views: 52219

K_Mikhail wrote:be9d1a4dc0755a8cb16fd441c49e3231207600a6 ( - (probably, will be Linux.Encoder.8 in some future) || HEUR:Trojan-Ransom.Linux.Cryptor.g || Linux/Filecoder.J (due to response from ESET Malware Response Team))
It's not a trojan. It's a task from CTF.

Re: Malware collection

 by tWiCe ¦  Thu Jan 12, 2017 5:39 pm ¦  Forum: Malware ¦  Topic: Win32/Cerber ¦  Replies: 76 ¦  Views: 164663

maddog4012, Could you please use "code" tags for such long logs next time?

Re: Linux.CyberEurope

 by tWiCe ¦  Fri Dec 16, 2016 5:50 pm ¦  Forum: Malware ¦  Topic: Linux.CyberEurope ¦  Replies: 7 ¦  Views: 12300

A detailed description could be found here: http://vms.drweb.com/virus/?_is=1&i=8598627

Re: Request Linux malwares

 by tWiCe ¦  Fri Dec 02, 2016 7:33 am ¦  Forum: Malware ¦  Topic: Request Linux malwares ¦  Replies: 1 ¦  Views: 8822

You can read topics of this forum regarding different linux malware families. The list of topics: http://www.kernelmode.info/forum/viewto ... =16&t=3471

Re: Understending Botnet Mirai/GayFgt

 by tWiCe ¦  Thu Oct 06, 2016 3:09 pm ¦  Forum: Malware ¦  Topic: Understending Botnet Mirai/GayFgt ¦  Replies: 15 ¦  Views: 17411

>But I don't see file where was call """Apache ""

huh? The link you provided has compiled binaries of downloaders and sources for downloader and mirai itself. Where you saw file called "apache" ?

Re: Understending Botnet Mirai/GayFgt

 by tWiCe ¦  Thu Oct 06, 2016 12:41 pm ¦  Forum: Malware ¦  Topic: Understending Botnet Mirai/GayFgt ¦  Replies: 15 ¦  Views: 17411

Okey, then it's just blocking requests from my ip. :) >What hacker doing with this source .Insert in infected server.???????? A hacker would need to compile these sources into binary file before distributing it. Of course, one may want to distribute it in source and compile it on thte target device,...

  • 1
  • 2
  • 3
  • 4
  • 5
  • 7