{"id":11208,"date":"2017-02-16T18:37:24","date_gmt":"2017-02-16T18:37:24","guid":{"rendered":"https:\/\/evosec.eu\/?p=11208"},"modified":"2017-02-16T18:37:24","modified_gmt":"2017-02-16T18:37:24","slug":"iot-malware-advances","status":"publish","type":"post","link":"https:\/\/evosec.eu\/es\/iot-malware-advances\/","title":{"rendered":"IoT Malware advances"},"content":{"rendered":"

A new strain (as long as December 2016 can be called new) has been spotted on GitHub that combines both a standard telnet scanner and also MIRAI. <\/p>\n

It has been uploaded here:https:\/\/github.com\/geo93033\/u<\/a>.<\/p>\n

In the header(s) you can find some credentials:<\/p>\n

Xmpp: b1nary@nigge.rs
\nTwitter: @P2PBOTNET
\nInstragram: @Rebirth.c
\nSkype: b1narythag0d<\/p><\/blockquote>\n

and<\/p>\n

\nSkype: uriede
\nXMPP: Crypt@nigge.rs
\nChanges:
\nMade Date: 7-30-16<\/p><\/blockquote>\n

And also a \u00abnice\u00bb notice:<\/p>\n

\/*
\nRebirth Is an ongoing project, that will have many builds, and updates.
\nThis Client is being constantly worked on.
\nAnyone that bought Rebirth Legitly will have access to the builds, and updates.
\nFor anyone that leeches, or leaks, well fuck you.
\n*\/<\/p><\/blockquote>\n

\n

Besides that, you can also find several names of the ELF binaries used by this (or other) infections, as well as the architectures they are designed for:<\/p>\n

\t\u00abjackmymips\u00bb,
\n\t\u00abjackmymips64\u00bb,
\n\t\u00abjackmymipsel\u00bb,
\n\t\u00abjackmysh2eb\u00bb,
\n\t\u00abjackmysh2elf\u00bb,
\n\t\u00abjackmysh4\u00bb,
\n\t\u00abjackmyx86\u00bb,
\n\t\u00abjackmyarmv5\u00bb,
\n\t\u00abjackmyarmv4tl\u00bb,
\n\t\u00abjackmyarmv4\u00bb,
\n\t\u00abjackmyarmv6\u00bb,
\n\t\u00abjackmyi686\u00bb,
\n\t\u00abjackmypowerpc\u00bb,
\n\t\u00abjackmypowerpc440fp\u00bb,
\n\t\u00abjackmyi586\u00bb,
\n\t\u00abjackmym68k\u00bb,
\n\t\u00abjackmysparc\u00bb,<\/p><\/blockquote>\n

\t\u00abhackmymips\u00bb,
\n\t\u00abhackmymipsel\u00bb,
\n\t\u00abhackmysh4\u00bb,
\n\t\u00abhackmyx86\u00bb,
\n\t\u00abhackmyarmv6\u00bb,
\n\t\u00abhackmyi686\u00bb,
\n\t\u00abhackmypowerpc\u00bb,
\n\t\u00abhackmyi586\u00bb,
\n\t\u00abhackmym68k\u00bb,
\n\t\u00abhackmysparc\u00bb,<\/p><\/blockquote>\n

\t\u00abbusyboxterrorist\u00bb,
\n\t\u00abDFhxdhdf\u00bb,
\n\t\u00abdvrHelper\u00bb,
\n\t\u00abFDFDHFC\u00bb,
\n\t\u00abFEUB\u00bb,
\n\t\u00abFTUdftui\u00bb,
\n\t\u00abGHfjfgvj\u00bb,<\/p><\/blockquote>\n

\t\u00abjhUOH\u00bb,
\n\t\u00abJIPJIPJj\u00bb,
\n\t\u00abJIPJuipjh\u00bb,
\n\t\u00abkmyx86_64\u00bb, \/\/<- Kami?<\/p><\/blockquote>\n

\t\u00abTwoFacearmv61\u00bb,
\n\t\u00abTwoFacei586\u00bb,
\n\t\u00abTwoFacei686\u00bb,
\n\t\u00abTwoFacem86k\u00bb,
\n\t\u00abTwoFacemips\u00bb,
\n\t\u00abTwoFacemipsel\u00bb,
\n\t\u00abTwoFacepowerpc\u00bb,
\n\t\u00abTwoFacesh4\u00bb,
\n\t\u00abTwoFacesparc\u00bb,
\n\t\u00abTwoFacex86_64\u00bb,<\/p><\/blockquote>\n

and others…<\/p>\n","protected":false},"excerpt":{"rendered":"

A new strain (as long as December 2016 can be called new) has been spotted on GitHub that combines both a standard telnet scanner and also MIRAI. It has been uploaded here:https:\/\/github.com\/geo93033\/u. In the header(s) you can find some credentials: Xmpp: b1nary@nigge.rs Twitter: @P2PBOTNET Instragram: @Rebirth.c Skype: b1narythag0d and Skype: …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[98,932,947,99],"tags":[74,60,981],"class_list":["post-11208","post","type-post","status-publish","format-standard","hentry","category-iot-newsupdates","category-iot-security","category-it-security","category-it-security-newsupdates","tag-iot","tag-malware","tag-mirai"],"translation":{"provider":"WPGlobus","version":"3.0.2","language":"es","enabled_languages":["en","da","de","es","fi","fr","it","hu","nl","no","pl","pt","ru","sv"],"languages":{"en":{"title":true,"content":true,"excerpt":false},"da":{"title":false,"content":false,"excerpt":false},"de":{"title":false,"content":false,"excerpt":false},"es":{"title":false,"content":false,"excerpt":false},"fi":{"title":false,"content":false,"excerpt":false},"fr":{"title":false,"content":false,"excerpt":false},"it":{"title":false,"content":false,"excerpt":false},"hu":{"title":false,"content":false,"excerpt":false},"nl":{"title":false,"content":false,"excerpt":false},"no":{"title":false,"content":false,"excerpt":false},"pl":{"title":false,"content":false,"excerpt":false},"pt":{"title":false,"content":false,"excerpt":false},"ru":{"title":false,"content":false,"excerpt":false},"sv":{"title":false,"content":false,"excerpt":false}}},"_links":{"self":[{"href":"https:\/\/evosec.eu\/es\/wp-json\/wp\/v2\/posts\/11208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/evosec.eu\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/evosec.eu\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/evosec.eu\/es\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/evosec.eu\/es\/wp-json\/wp\/v2\/comments?post=11208"}],"version-history":[{"count":1,"href":"https:\/\/evosec.eu\/es\/wp-json\/wp\/v2\/posts\/11208\/revisions"}],"predecessor-version":[{"id":11209,"href":"https:\/\/evosec.eu\/es\/wp-json\/wp\/v2\/posts\/11208\/revisions\/11209"}],"wp:attachment":[{"href":"https:\/\/evosec.eu\/es\/wp-json\/wp\/v2\/media?parent=11208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/evosec.eu\/es\/wp-json\/wp\/v2\/categories?post=11208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/evosec.eu\/es\/wp-json\/wp\/v2\/tags?post=11208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}