A forum for reverse engineering, OS internals and malware analysis 

Search found 501 matches

 Go to advanced search

Re: (The recent) | Re: Linux/Tsunami

 by unixfreaxjp ¦  Sun Jan 10, 2016 6:14 pm ¦  Forum: Malware ¦  Topic: Linux/Tsunami ¦  Replies: 28 ¦  Views: 56855

unixfreaxjp wrote:(maybe to couple thousands nodes tops in overall total of groups that's using it like lizard-stresser, kaitenbbot, etc)
If you think I am bullshitting count the node in this paste https://pastebin.com/655ba54R all are gayfgt and kaiten (with and without STD version)

Java/oss.war Trojan remote downloader/RCE

 by unixfreaxjp ¦  Sat Jan 09, 2016 11:46 am ¦  Forum: Malware ¦  Topic: Java/oss.war Trojan remote downloader/RCE ¦  Replies: 0 ¦  Views: 4222

Re: Linux/DDOSTF

 by unixfreaxjp ¦  Tue Jan 05, 2016 5:54 pm ¦  Forum: Malware ¦  Topic: Linux/DDOSTF ¦  Replies: 3 ¦  Views: 8312

Older version was spotted in virus total, thanks to Michal Malik for informing. Sample: https://www.virustotal.com/en/file/98a0e070e4675915dcd6317b266cc8e025a271e7ff3e633bc21bb6f6933f0223/analysis/ Added new comment for older version and hidden cnc http://blog.malwaremustdie.org/2016/01/mmd-0048-201...

Re: (The recent) | Re: Linux/Tsunami

 by unixfreaxjp ¦  Tue Jan 05, 2016 8:38 am ¦  Forum: Malware ¦  Topic: Linux/Tsunami ¦  Replies: 28 ¦  Views: 56855

I don't know who you are. But thank's for the sharing of thought, appreciate it. Most important new thing is this telnet scanner... That's hardly a major improvement over the existing Kaiten. . Oh, I agreed with you perfectly, and I didn't say majorly improved, but they added services bruter/scanner...


 by unixfreaxjp ¦  Tue Jan 05, 2016 7:01 am ¦  Forum: Malware ¦  Topic: Linux/DDOSTF ¦  Replies: 3 ¦  Views: 8312

Analysis: http://blog.malwaremustdie.org/2016/01/mmd-0048-2016-ddostf-new-elf-windows.html Samples: https://www.virustotal.com/en/file/40749978fd60ac0a1c8e2a753193973af4ad330091f27805e1a1010f2f44ab30/analysis/1451976226/ https://www.virustotal.com/en/file/01a4e78d04b7d27710a66a256735bbaf2b18e0fa672f...

Re: Linux/SSHV: SSH bruter worm

 by unixfreaxjp ¦  Wed Dec 30, 2015 5:47 pm ¦  Forum: Malware ¦  Topic: Linux/SSHV: SSH bruter worm ¦  Replies: 9 ¦  Views: 16582

The getdents64 system call is available on 32 bit Linux, ARM, MIPS... etc... As it has nothing to do with the CPU architecture, but rather, the sizes of data the syscall can deal with. To be very honest, I missed deep checks on the above getdents* man(2) details during observation, as I just read t...

Re: Linux/SSHV: SSH bruter worm

 by unixfreaxjp ¦  Sat Dec 26, 2015 9:06 am ¦  Forum: Malware ¦  Topic: Linux/SSHV: SSH bruter worm ¦  Replies: 9 ¦  Views: 16582

This is not exactly a f-- APT or anything, its effectively copypasta. It probably *is* some poor sods college assignment for a network security class or something that went a bit awry. Thank you for your post. I think you should see the post/blog report well, instead using some Fxxx words in our re...

Re: Linux/SSHV: SSH bruter worm

 by unixfreaxjp ¦  Fri Dec 25, 2015 3:46 am ¦  Forum: Malware ¦  Topic: Linux/SSHV: SSH bruter worm ¦  Replies: 9 ¦  Views: 16582

Just an additional information, worth to mention too here. Here's a nice Q & A I assist with the linux security community folks, for the linux security hardening and mitigation purpose: https://www.reddit.com/r/linux/comments/3y2n4o/malware_must_die_mmd00472015_sshv_ssh_bruter_elf/ I can understand ...

Re: Linux/SSHV: SSH bruter worm

 by unixfreaxjp ¦  Thu Dec 24, 2015 5:24 pm ¦  Forum: Malware ¦  Topic: Linux/SSHV: SSH bruter worm ¦  Replies: 9 ¦  Views: 16582

Thanks, nice analysis. Did you manage to obtain a x64 sample mentioned on one of the screenshots from the article? I thought so too (main part x64 could be a nastier stuff..like rootkit etc) actually. Tried to seek everywhere for it, it's just not in there. Upon surveillance of the university activ...

Linux/SSHV: SSH bruter worm

 by unixfreaxjp ¦  Thu Dec 24, 2015 8:27 am ¦  Forum: Malware ¦  Topic: Linux/SSHV: SSH bruter worm ¦  Replies: 9 ¦  Views: 16582

A university kid in Shanghai, China made this malware in his "school project" and run a wide-test for it, he uploaded the sample for checking its FUD.. why a friend poke me for that. His purpose is definitely suspicious. I analyzed it in here: http://blog.malwaremustdie.org/2015/12/mmd-0047-2015-ssh...

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 51