Clik here to view.
020 Crime Ramnit Rootkit - web -May, 10 2012
Sample credit - Artem Baranov and Hendrik AdrianResearch: Download (pass infected)Size: 135680MD5: 607B2219FBCFBFE8E6AC9D7F3FB8D50EAppData\ftaubilx\px1.tmpAppData\obrymkdk.log%tmp%\bledqixd.sys MD5:...
View ArticleClik here to view.
021 Crime TDL - web - June 4, 2012
malicious domainnewgenerationp.com/d/u Download (pass infected)xor key 85 MD5 A16977E9CCBF86168CE20DFC33E0A93CSHA-256...
View ArticleClik here to view.
022 Crime Win32/Bakcorox.A - proxy bot - web - June 7, 2012
Download (pass infected)pcap fileDNS query: day7read.infoDNS response: day7read.info ⇒ 74.207.249.7Connects to: day7read.info:443 (74.207.249.7)Sends data to: 8.8.8.8:53Sends data to:...
View ArticleClik here to view.
023 Crime Downloader Trojan (name?) - web - June 7, 2012
Audio_Recording_MP3MD5: FDC170166CB958E138E7D401F3C6F896SHA256: A3253B1732A50146038A68B3B46260F80BEC6C1C Download (pass infected)pcap fileAudio_Recording_MP3.exeCreates: c:\Documents and...
View ArticleClik here to view.
023 Crime OSX DNS Changer / OSX.RSPlug.A - web -2007
SHA256:2bdcdab0a5d41f4b6aa48e2ab55177552c8419c3f8ce140c4850a0616d7a2f3eSHA1:f620af9a43d6e46e6b028dc8b109ff5d4cced911MD5:5291beb71cba2c5779119bff7a10abdbFile size:16.6 KB ( 17034 bytes )File...
View ArticleClik here to view.
COOKIES Cookiebag Dalbot strings - APT (1)
File: COOKIEBAG_sample_0C28AD34F90950BC784339EC9F50D288MD5: 0c28ad34f90950bc784339ec9f50d288Size: 151552Ascii Strings:---------------------------------------------------------------------------!This...
View ArticleClik here to view.
COOKIES Cookiebag Dalbot strings - APT (2)
File: COOKIEBAG_sample_543E03CC5872E9ED870B2D64363F518BMD5: 543e03cc5872e9ed870b2d64363f518bSize: 126976Ascii Strings:---------------------------------------------------------------------------!This...
View ArticleClik here to view.
Coswid strings - APT
File: D62CD4AD2A919B6ACFA6D49D446DFFDB_svchost.exe_MD5: d62cd4ad2a919b6acfa6d49d446dffdbSize: 19968see md5 other belowAscii...
View ArticleClik here to view.
Torpig miniloader strings - CRIME
File: Torpig miniloader_0F82964CF39056402EE2DE9193635B34MD5: 0f82964cf39056402ee2de9193635b34Size: 242688Ascii Strings:---------------------------------------------------------------------------!This...
View ArticleClik here to view.
Chebri.C strings - CRIME
File: Chebri_B605C8E99315C330A015F36DE2A870EEMD5: b605c8e99315c330a015f36de2a870eeSize: 8704Ascii Strings:---------------------------------------------------------------------------!This program...
View ArticleClik here to view.
Sality strings - CRIME
File: salityMD5: ceaf4d9e1f408299144e75d7f29c1810Size: 997537Ascii Strings:---------------------------------------------------------------------------!This program cannot be run in DOS...
View ArticleClik here to view.
Nitedrem strings - CRIME
MD5: 508af8c499102ad2ebc1a83fdbcefecbSize: 147456Ascii Strings:---------------------------------------------------------------------------!This program cannot be run in DOS...
View ArticleClik here to view.
Refeys.A strings - CRIME
TrafficPOST /sys.php HTTP/1.0Host: rxform.orgContent-type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.0.1) Gecko/20021216...
View ArticleClik here to view.
njRat / Backdoor.LV strings - APT
C2 checkinlv|'|'|TndfQzQyNjRFQkI=|'|'|VICTIM|'|'|Examiner|'|'|2013-06-21|'|'|USA|'|'|Win XP ProfessionalSP2 x86|'|'|No|'|'|0.5.0E|'|'|..|'|'|Y3B0YnRfUHJvY2Vzc19SZWdpc3RyeV9GaWxlX0luZm8ubG9nIC0gTm90ZXB...
View ArticleClik here to view.
Vidgrab strings - APT
File: DW20.exeMD5: 588d3316d4bbfdbb25658d436f06ed96Size: 118784!This program cannot be run in DOS...
View ArticleClik here to view.
Gh0st hgif strings - APT
File: DW20.exeMD5: 5d2a996e66369c93f9e0bdade6ac5299Size: 102400GET /h.gif?pid =113&v=130586214568 HTTP/1.1Accept: */*Accept-Language: en-usPragma: no-cacheUser-Agent: Mozilla/4.0(compatible; MSIE...
View ArticleClik here to view.
Mongall strings - APT
File: DW20.exeMD5: d7dd5cda909190c6c03db5e7f8afd721Size: 24576GET...
View ArticleClik here to view.
Taidoor strings - APT
File: DW20.exeMD5: 46ef9b0f1419e26f2f37d9d3495c499fSize: 47104Ascii Strings:---------------------------------------------------------------------------!This program cannot be run in DOS...
View ArticleClik here to view.
Surtr (Smoaler) strings - APT
File: DW20.dllMD5: 8e187ae152c48099f715af442339c340Size: 44032Ascii Strings:---------------------------------------------------------------------------!This program cannot be run in DOS...
View ArticleClik here to view.
TBD 8202 strings - APT
File: DW20.dllMD5: 064ae9b451f0503982842c9f41a58053Size: 60416Ascii Strings:---------------------------------------------------------------------------!This program cannot be run in DOS...
View Article