Malware Must Die!

The MalwareMustDie Blog (blog.malwaremustdie.org)

No posts. Show all posts
No posts. Show all posts
Home
View mobile version
Subscribe to: Posts (Atom)

About #MalwareMustDie!

Launched in August 2012, MalwareMustDie(or MMD), is a registered Non-profit Whitehat Organization, as a Blue-Teaming media to form work-flow activities to reduce malware in the internet ..[Read More]

Search keyword

Links

  • RSS Feed
  • Home Page
  • Send Sample
  • News Search
  • Web Search
  • Linux Malware
  • Github Repository
  • Video News, Demo, Reports
  • "Tango down!" project (Archive)
  • Disclaimer & Sharing Guide

Recommended reading

MMD-0059-2016 - Linux/IRCTelnet (new Aidra) - A DDoS botnet aims IoT w/ IPv6 ready

It's a Kaiten/Tsunami? No.. STD?? No! It's a GayFgt/Torlus/Qbot? No!! Is it Mirai?? NO!! It's a Linux/IRCTelnet (new Aidra) ! ....

Malware Analysis / Threat Reports (Indexed)

  • MMD-0069-2024 - An old ELF Ransomware pivoted crypto (OpenSSL to PolarSSL) Linux/Encoder.1-2
  • MMD-0068-2024 - "FHAPPI Campaign" (APT10) FreeHosting APT "PSploit" Poison Ivy
  • MMD-0067-2021 - Recent talks on Linux process injection and shellcode analysis series (ROOTCON-2020, R2CON-2020 ++)
  • MMD-0066-2020 - Linux/Mirai-Fbot - A re-emerged IoT threat
  • MMD-0065-2020 - Linux/Mirai-Fbot's new encryption explained
  • MMD-0064-2019 - Linux/AirDropBot
  • MMD-0063-2019 - Summary of three years research (Sept 2016-Sept 2019)
  • MMD-0062-2017 - IoT/Studels SSH-TCP Forward Threat
  • MMD-0061-2016 - EnergyMech 2.8 overkill mod
  • MMD-0060-2016 - Linux/UDPfker and ChinaZ threat today
  • MMD-0059-2016 - Linux/IRCTelnet (new Aidra)
  • MMD-0058-2016 - Linux/NyaDrop - MIPS IoT bad news
  • MMD-0057-2016 - Linux/LuaBot - IoT botnet as service
  • MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled
  • MMD-0055-2016 - Linux/PnScan ; A worm that still circles around
  • MMD-0054-2016 - ATMOS botnet facts you should know
  • MMD-0053-2016 - Linux/STD IRC Botnet: x00's CBack aka xxx.pokemon.inc
  • MMD-0052-2016 - Overview of Overall "SkidDDoS" Linux Botnet
  • MMD-0051-2016 - Debunking a Tiny Shellhock's ELF backdoor
  • MMD-0050-2016 - Linux/Torte infection (in Wordpress)
  • MMD-0049-2016 - Java Trojan Downloader/RCE) for minerd
  • MMD-0048-2016 - DDOS.TF = ELF & Win32 DDoS service with ASP + PHP/MySQL MOF webshells
  • MMD-0047-2015 - SSHV: SSH bruter Linux botnet w/hidden process rootkit
  • MMD-0046-2015 - Kelihos 10 nodes C2 / CNC on NJIIX (US) and its actor(Severa)
  • MMD-0045-2015 - Linux/KDefend: a new China origin Linux threat w/disclaimer
  • MMD-0044-2015 - Code disclosure of SkiDDoS threat
  • MMD-0043-2015 - Linux/Xor.DDOS Polymorphic feature
  • MMD-0042-2015 - Geting to Linux/Mr.Black actor via Zegost
  • MMD-0041-2015 - PE Mail-grabber Spambot & its C99 WebShell
  • MMD-0040-2015 - VBE Obfuscation & AutoIt Banco Trojan
  • MMD-0039-2015 - ChinaZ Linux/BillGates.Lite Edition
  • MMD-0038-2015 - ChinaZ's Ddos123.xyz
  • MMD-0037-2015 - Shellshock & Linux/XOR.DDoS C2
  • MMD-0036-2015 - KINS (ZeusVM)v2.0.0. builder & panel leaks
  • MMD-0035-2015 - Linux/.IptabLex or .IptabLes on Shellshock(by: ChinaZ)
  • MMD-0034-2015 - Linux/DES.Downloader on Elasticsearch
  • MMD-0033-2015 - Linux/XorDDoS case CNC:HOSTASA.ORG
  • MMD-0032-2015 - The ELF ChinaZ "reloaded"
  • MMD-0031-2015 - What is NetWire (multi platform) RAT
  • MMD-0030-2015 - New malware on Shellshock: Linux/ChinaZ
  • MMD-0029-2014 - Warning of Linux/Mayhem attack in Shellshock
  • MMD-0028-2014 - Linux/XOR.DDoS
  • MMD-0027-2014 - Linux/Bashdoor(GafGyt) & Small ELF Backdoor at shellshock
  • MMD-0026-2014 - Linux/AES.DDoS: Router Malware
  • MMD-0025-2014 - Linux/.IptabLex or .IptabLes - China/PRC origin DDoS bot
  • MMD-0024-2014 - Incident Report of Linux/Mayhem (LD_PRELOAD libworker.so)
  • MMD-0023-2014 - Linux/pscan & Linux/sshscan: SSH bruter malware
  • MMD-0022-2014 - Zendran, multi-arch Linux/Llightaidra - Part 1: background, installation, reversing & C2 access
  • MMD-0021-2014 - Linux/Elknot: China's origin ELF DDoS+backdoor
  • MMD-0020-2014 - Analysis of Linux/Mayhem infection: A shared libs ELF
  • MMD-0019-2014 - "Xakep.biz" evil tools
  • MMD-0018-2014 - Analysis note: "Upatre" is back to SSL?
  • MMD-0017-2014 - A post to sting Zeus P2P/Gameover
  • MMD-0016-2014 - The JackPOS Behind the Screen
  • MMD-0015-2014 - One upon the time with Phishing Session..
  • MMD-0014-2014 - New Locker: Prison Locker (aka: Power Locker)
  • MMD-0013-2014 - "Shadow Logger" - .NET's FUD Keylogger
  • MMD-0012-2013 - ARP Spoofing Malware
  • MMD-0011-2013 - Linux/Elknot - Let's be more serious about (mitigating) DNS Amp
  • MMD-0010-2013 - Wordpress Hack Case: Site's Credential Stealer
  • MMD-0009-2013 - JS/RunForrestRun DGA "Comeback" with new obfuscation
  • MMD-0008-2013 - What's Behind the #w00tw00t (PHP) Attack
  • MMD-0007-2013 - KINS? No! PowerZeuS, yes!
  • MMD-0006-2013 - Rogue 302-Redirector "Cushion Attack"
  • MMD-0005-2013 - A Leaked Malvertisement, Cutwail+BHEK & Triple Payloads of "Syria Campaign"
  • MMD-0004-2013 - "You hacked.. we cracked" - "WP Super Cache" & Glazunov EK
  • MMD-0003-2013 - First "comeback" of the .RU RunForrestRun's DGA
  • MMD-0002-2013 - How Cutwail and other SpamBot can fool (spoof) us?
  • MMD-0001-2013 - Proof of Concept of "CookieBomb" code injection attack
  • MMD-0000-2013 - Malware Infection Alert on Plesk/Apache Remote Code Execution zeroday

Presentation and Special Threat Reports

  • ROOTCON 2020 - Deeper diving into shellcode (advanced users)
  • R2CON 2020 - So you don't like shellcode too? (for r2 RE beginners)
  • HACK.LU 2019 Keynote talk: "Fileless Malware Infection and Linux Process Injection"
  • R2CON 2018 talk of: "Unpacking the non-unpackable ELF malware"
  • AVTOKYO 2013.5 - Threats of Kelihos, CookieBomb, RedKit's and its Bad Actor
  • BOTCONF 2013 - Kelihos: Botnet, Takedown, Mule Actor
  • CVE-2013-0634 This "Lady" Boyle is not a nice Lady at all
  • MMD-068-2024 - "FHAPPI Campaign" (APT10) FreeHosting APT PowerSploit Poison Ivy
  • APT-32 - The Vietnam Journalist Spy Campaign
  • Targeted attack of "Operation Torpedo"
  • Protest against usage of NSA malware spytool PITCHIMPAIR & INNOVATION on friendly countries
  • China/PRC origin Linux botnet's malware infection and its distribution scheme unleashed
  • Full disclosure of 309 Bots/Botnet Source Codes Found via Germany Torrent
  • The Evil Came Back: Linux/Darkleech's Apache Malware Module
  • DDoS in a Bruter Service - A camouflage of Stresser/Booter
  • How EVIL the PHP/C99Shell can be? From SQL Dumper, Hacktools, to Trojan Distributor Future?
  • A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 2
  • A journey to abused FTP sites (story of: Shells, Malware, Bots, DDoS & Spam) - Part 1
  • Case Study: How legitimate internet services like Amazon AWS, DropBox, Google Project/Code & ShortURL got abused to infect malware
  • Just another story of UNIX Trojan Tsunami/Kaiten.c (IRC/Bot) w/ Flooder, Backdoor at a hacked xBSD case
  • Discontinuation of "Malware Crusader" public forum
  • Hall of Shame
  • more..

Non-indexed (older) Analysis

  • Decoding Guide for CookieBomb's (as Front-end) Latest Threat, with Evil ESD.PHP Redirection (as the Back-end)
  • Some Decoding note(s) on modified #CookieBomb attack's obfuscated injection code
  • What is behind #CookieBomb attack? (by @malm0u53)
  • ..And another "detonating" method of CookieBomb 2.0 - Part 2
  • ..And another "detonating" method of CookieBomb 2.0 - Part 1
  • New PseudoRandom (JS/runforestrun?xxx=)
  • JS/RunForrestRun Infection ComeBack
  • CNC analysis of Citadel Trojan Bot-Agent - Part 2
  • CNC analysis of Citadel Trojan Bot-Agent - Part 1
  • Cracking of Strong Encrypted PHP / IRC Bot (PBOT)
  • more..

Loading...

Subscribe To

Posts
Atom
Posts
All Comments
Atom
All Comments
(c)MalwareMustDie, 2012-2021. Read LEGAL DISCLAIMER before quoting or copying our contents. Powered by Blogger.