Usr6 Posted September 7, 2013 Report Share Posted September 7, 2013 geographical location of the attacking hostsThe malware sample we retrieved from Usenet has an unusually large size (almost 15MB)The core code base composes a very simple Tor-enabled IRC bot which incorporates DDoS and a few other capabilities. A large part of the binary appears to be junk data, possibly to better disguise it as a legitimate download. It also empowers several obfuscation routines to twist detection.The malware comes along with 4 additional embedded resources:A ZeuS bot.The Tor client for Windows.The CGMiner bitcoin mining tool.A copy of OpenCL.dll, used by CGMiner for CPU and GPU hash crackingAnaliza: https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-redditSample:Download Coldplay-Live_2012-2012-BriBerY.rar from Sendspace.com - send big files the easy way (descarcati doar pentru analiza, la nevoie mai am cateva sampleuri)Parola: rst Quote Link to comment Share on other sites More sharing options...
Maximus Posted September 29, 2013 Report Share Posted September 29, 2013 este interesant! Quote Link to comment Share on other sites More sharing options...
seboo00111 Posted September 29, 2013 Report Share Posted September 29, 2013 Freenet > TOR Quote Link to comment Share on other sites More sharing options...
dancingriver Posted June 24, 2015 Report Share Posted June 24, 2015 Bun?, mul?umesc pentru proba, dar link-ul de download nu func?ioneaz? !! Quote Link to comment Share on other sites More sharing options...
Sir-Galahad Posted June 25, 2015 Report Share Posted June 25, 2015 07-09-2013, 10:54 AM Quote Link to comment Share on other sites More sharing options...
Usr6 Posted June 25, 2015 Author Report Share Posted June 25, 2015 UpdateSkynet samples: https://www.sendspace.com/file/9yqortpass: infected @dancingriver Quote Link to comment Share on other sites More sharing options...
zebra Posted June 29, 2015 Report Share Posted June 29, 2015 UpdateSkynet samples: https://www.sendspace.com/file/9yqortpass: infected @dancingriversigy? Quote Link to comment Share on other sites More sharing options...
zebra Posted June 29, 2015 Report Share Posted June 29, 2015 rarchestia iti apare la sigy sau la chesti din genul asta crede-ma Quote Link to comment Share on other sites More sharing options...