Hey zeynep, I imagine this is a great fun share for analysts, and I see the files are named based on their sha256sum which is super helpful in a situation like this. Are you able to rebundle them without the password? On Mon, Dec 13, 2021, 4:39 AM zeynepaydogan <zeynepaydogan@protonmail.com> wrote:
Malware using LOG4J exploit:)
Açık Pzt, Ara 13, 2021 12:11, zeynepaydogan <zeynepaydogan@protonmail.com> yazdı:
Password: infected
I've rebundled into .tar.bz2 . nft.storage doesn't preserve filenames. https://bafybeibfppl57sszyk733lswextgmkbu2aaysboldqtibu5capjxgwrw7y.ipfs.dwe... ./Log4J Malware ./Log4J Malware/Mirai ./Log4J Malware/Mirai/776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00.7z ./Log4J Malware/Mirai/3f6120ca0ff7cf6389ce392d4018a5e40b131a083b071187bf54c900e2edad26.sh.7z ./Log4J Malware/Muhstik ./Log4J Malware/Muhstik/15e7942ebf88a51346d3a5975bb1c2d87996799e6255db9e92aed798d279b36b.7z ./Log4J Malware/Kinsing ./Log4J Malware/Kinsing/6e25ad03103a1a972b78c642bac09060fa79c460011dc5748cbb433cc459938b.elf.7z ./Log4J Malware/Kinsing/7e9663f87255ae2ff78eb882efe8736431368f341849fec000543f027bdb4512.sh.7z
Kinsing backdoor happily addressed the vulnerability: The malware cleans the device from competitors and starts mining. Other miner loaders also appear. They even throw a grumbling Cobalt Strike at victims via log4j. A good set of tools for pentest, because of the crack it turns into a very real observer of the network and a backdoor for reloading any code. Açık Pzt, Ara 13, 2021 12:38, zeynepaydogan <zeynepaydogan@protonmail.com> yazdı:
Malware using LOG4J exploit:)
Açık Pzt, Ara 13, 2021 12:11, zeynepaydogan <zeynepaydogan@protonmail.com> yazdı:
Password: infected
Temporary fix: JAVA_OPTS = "- Dlog4j.formatMsgNoLookups = true" Here are examples of what's vulnerable (From Cloudflare and Apple to minecraft servers). Açık Pzt, Ara 13, 2021 13:54, zeynepaydogan <zeynepaydogan@protonmail.com> yazdı:
Kinsing backdoor happily addressed the vulnerability: The malware cleans the device from competitors and starts mining. Other miner loaders also appear. They even throw a grumbling Cobalt Strike at victims via log4j. A good set of tools for pentest, because of the crack it turns into a very real observer of the network and a backdoor for reloading any code.
Açık Pzt, Ara 13, 2021 12:38, zeynepaydogan <zeynepaydogan@protonmail.com> yazdı:
Malware using LOG4J exploit:)
Açık Pzt, Ara 13, 2021 12:11, zeynepaydogan <zeynepaydogan@protonmail.com> yazdı:
Password: infected
I'm interested in buying it, is the source code included so i can properly mutate the binary signatures to prevent detection?
participants (2)
-
Karl -
zeynepaydogan