Rootkit driver in attach.
https://www.virustotal.com/ru/file/b179 ... /analysis/
MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled.. ~ http://blog.malwaremustdie.org/2016/08/mmd-0056-2016-linuxmirai-just.html Frankly speaking, I'm really glad to see that he started to do something directly related to his work, besides war with windmills, "approve" ppl in own twitt...
Guys, can anyone point me resources which describe subj? Interesting early loading steps, before execution flow pass to ntoskrnl.