[Squirl]

Hi all,

Does anybody have any of the droppers mentioned here:
http://blog.crysys.hu/2013/02/miniduke/
http://www.crysys.hu/miniduke/miniduke_ ... public.pdf

MD5s:
3668b018b4bb080d1875aee346e3650a
88292d7181514fda5390292d73da28d4
3f301758aa3d5d123a9ddbad1890853b
0cdf55626e56ffbf1b198beb4f6ed559
cf5a5239ada9b43592757c0d7bf66169
c03bcb0cde62b3f45b4d772ab635e2b0

VT:
https://www.virustotal.com/en/file/784d ... /analysis/
https://www.virustotal.com/en/file/8a84 ... /analysis/
https://www.virustotal.com/en/file/59b6 ... /analysis/
https://www.virustotal.com/en/file/5fbe ... /analysis/
https://www.virustotal.com/en/file/da7f ... /analysis/

I'm happy to share dropped files/research if I get them.

Squirl

[r2nwcnydc]

Here are all but c03bcb0cde62b3f45b4d772ab635e2b0

[r2nwcnydc]

Here is c03bcb0cde62b3f45b4d772ab635e2b0

[kodo]

Looking for any Win32 samples from MiniDuke campagin

Kaspersky: HEUR:Backdoor.Win32.MiniDuke.gen, Symantec: Backdoor.Miniduke
https://www.virustotal.com/en/file/7815 ... /analysis/

[r2nwcnydc]

Here are a few

[hx1997]

Related post
http://www.kernelmode.info/forum/viewto ... 65&p=18362

http://www.f-secure.com/static/doc/labs ... epaper.pdf
http://www.securelist.com/en/blog/20821 ... gen_Studio

Part of the samples (see below) in attach.

Miniduke
edf7a81dab0bf0520bfb8204a010b730
93382e0b2db1a1283dbed5d9866c7bf2 (missing)
b80232f25dbceb6953994e45fb7ff749 (missing)
7fcf05f7773dc3714ebad1a9b28ea8b9 (missing)
ba57f95eba99722ebdeae433fc168d72 (missing)

CosmicDuke
- Exploit files
353540c6619f2bba2351babad736599811d3392e
5295b09592d5a651ca3f748f0e6401bd48fe7bda
65681390d203871e9c21c68075dbf38944e782e8
8949c1d82dda5c2ead0a73b532c4b2e1fbb58a0e
74bc93107b1bbae2d98fca6d819c2f0bbe8c9f8a
c671786abd87d214a28d136b6bafd4e33ee66951 (missing)

- Droppers
f621ec1b363e13dd60474fcfab374b8570ede4de
7631f1db92e61504596790057ce674ee90570755
5a199a75411047903b7ba7851bf705ec545f6da9
0e5f55676e01d8e41d77cdc43489da8381b68086

- Loaders
fecdba1d903a51499a3953b4df1d850fbd5438bd
b54b3c67f1827dab4cc2b3de94ff0af4e5db3d4c
764add69922342b8c4200d64652fbee1376adf1c
6a43ada6a3741892b56b0ef38cdf48df1ace236d
5c5ec0b5112a74a95edc23ef093792eb3698320e
55f83ff166ab8978d6ce38e80fde858cf29e660b
8aa9f5d426428ec360229f4cb9f722388f0e535c
ccb29875222527af4e58b9dd8994c3c7ef617fd8
580eca9e36dcd1a2deb9075bcae90afee46aace2
4e3c9d7eb8302739e6931a3b5b605efe8f211e51
9700c8a41a929449cfba6567a648e9c5e4a14e70 (missing)
6db1151eeb4339fc72d6d094e2d6c2572de89470 (missing)
ed14da9b9075bd3281967033c90886fd7d4f14e5 (missing)

- Info-stealers (all missing)
4fc6701a621f2a5ce3451c7969e4361bc3b836eb
16aa08ba5e1d27ac68b6ebf24d846bf6f2a204d1
853679ae3172e448d676cbc9503f1474a5ca656f
f9ba115b673be04ac09c9ee497ef03c5aa75429e
ef3ce46a81d3f30fbcfbe5e0db18284329cc0d99
fb3b8f6494b211386381a7e4f6524d3e4643c9e9
b072577447cdf3936d95e612057e510dd3435963
3e76dfa82161c64417e214b7607ad22ab40a8d69
f513b21738ae3083d79e4fa1039889e1c3efff58
c715e94dd187f3626f1b3e1511ae11525abf91e6
2c7c9ceeb61eac89e18b6e4ae0c855d982a0f232
98f81b03a3b0f7b0b914d783683817953e8d4cf0
620165967306d08d6a38dbd1381d84c71d62dea2

[Blaze]

Some new CosmicDuke samples.

See:
http://www.f-secure.com/weblog/archives/00002745.html
http://bartblaze.blogspot.com/2014/09/a ... cduke.html