A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #26056  by Xylitol
 Wed Jun 10, 2015 2:21 pm
So it's all on the news today, KL got compromised, they says no risks for customers.

Kaspersky Finds New Nation-State Attack—In Its Own Network ~ http://www.wired.com/2015/06/kaspersky- ... k-network/
The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns ~ https://securelist.com/blog/research/70 ... r-returns/
Duqu 2.0: A comparison to Duqu v1.0 ~ http://www.crysys.hu/duqu2/duqu2.pdf
Duqu 2.0: Reemergence of an aggressive cyberespionage threat ~ http://www.symantec.com/connect/blogs/d ... age-threat

Identified by Sym as W32.Duqu.B apparently.
 #26057  by malwarelabs
 Wed Jun 10, 2015 2:37 pm
md5 based on IOC (https://securelist.com/files/2015/06/7c ... d8022f.ioc):
089a14f69a31ea5e9a5b375dc0c46e45 - https://www.virustotal.com/fr/file/6b14 ... /analysis/
16ed790940a701c813e0943b5a27c6c1 - https://www.virustotal.com/fr/file/5559 ... /analysis/
26c48a03a5f3218b4a10f2d3d9420b97 - https://www.virustotal.com/fr/file/3536 ... /analysis/
a6dcae1c11c0d4dd146937368050f655 - https://www.virustotal.com/fr/file/d8a8 ... /analysis/
acbf2d1f8a419528814b2efa9284ea8b - https://www.virustotal.com/fr/file/2a9a ... /analysis/
c04724afdb6063b640499b52623f09b5 - https://www.virustotal.com/fr/file/2796 ... /analysis/
e8eaec1f021a564b82b824af1dbe6c4d - https://www.virustotal.com/fr/file/8e97 ... /analysis/
10e16e36fe459f6f2899a8cea1303f06 - https://www.virustotal.com/fr/file/c164 ... /analysis/
48fb0166c5e2248b665f480deac9f5e1 - https://www.virustotal.com/fr/file/6c80 ... /analysis/
520cd9ee4395ee85ccbe073a00649602 - https://www.virustotal.com/fr/file/6de1 ... /analysis/
7699d7e0c7d6b2822992ad485caacb3e - https://www.virustotal.com/fr/file/2c9c ... /analysis/
84c2e7ff26e6dd500ec007d6d5d2255e - https://www.virustotal.com/fr/file/2ecb ... /analysis/
856752482c29bd93a5c2b62ff50df2f0 - https://www.virustotal.com/fr/file/e83c ... /analysis/
85f5feeed15b75cacb63f9935331cf4e - https://www.virustotal.com/fr/file/d5c5 ... /analysis/
8783ac3cc0168ebaef9c448fbe7e937f - https://www.virustotal.com/fr/file/d12c ... /analysis/
966953034b7d7501906d8b4cd3f90f6b - https://www.virustotal.com/fr/file/6217 ... /analysis/
a14a6fb62d7efc114b99138a80b6dc7d - https://www.virustotal.com/fr/file/6e09 ... /analysis/
a6b2ac3ee683be6fbbbab0fa12d88f73 - https://www.virustotal.com/fr/file/9900 ... /analysis/
cc68fcc0a4fab798763632f9515b3f92 - https://www.virustotal.com/fr/file/5ba1 ... /analysis/
Attachments
infected
(160.61 KiB) Downloaded 230 times
 #26064  by EP_X0FF
 Fri Jun 12, 2015 5:02 am
Eugene loves (and knows how to) making an elephant out of a fly.
 #26068  by Cr4sh
 Sat Jun 13, 2015 10:47 am
My respect to Duqu 2.0 team, all these shitty snake oil sellers from AV companies are totally deserving to be burned into ashes.
 #26071  by r3shl4k1sh
 Sat Jun 13, 2015 6:46 pm
I believe that the Duqu 2.0 team where those who wrote the "report" from Kaspersky...
Probably there is a cease-fire agreement now...
 #26072  by Cr4sh
 Sat Jun 13, 2015 8:06 pm
r3shl4k1sh wrote:I believe that the Duqu 2.0 team where those who wrote the "report" from Kaspersky...
Probably there is a cease-fire agreement now...
Image
 #26081  by t4L
 Mon Jun 15, 2015 1:51 am
Thanks a lot. This sample has the same name but is a little bit different to ones described in Kaspersky report (md5: 2751e4b50a08eb11a84d03f8eb580a4e)