{"id":11208,"date":"2017-02-16T18:37:24","date_gmt":"2017-02-16T18:37:24","guid":{"rendered":"https:\/\/evosec.eu\/?p=11208"},"modified":"2017-02-16T18:37:24","modified_gmt":"2017-02-16T18:37:24","slug":"iot-malware-advances","status":"publish","type":"post","link":"https:\/\/evosec.eu\/fr\/iot-malware-advances\/","title":{"rendered":"IoT Malware advances"},"content":{"rendered":"<p>A new strain (as long as December 2016 can be called new) has been spotted on GitHub that combines both a standard telnet scanner and also MIRAI. <\/p>\n<p>It has been uploaded here:<a href=\"https:\/\/github.com\/geo93033\/u\">https:\/\/github.com\/geo93033\/u<\/a>.<\/p>\n<p>In the header(s) you can find some credentials:<\/p>\n<blockquote><p>Xmpp: b1nary@nigge.rs<br \/>\nTwitter: @P2PBOTNET<br \/>\nInstragram: @Rebirth.c<br \/>\nSkype: b1narythag0d<\/p><\/blockquote>\n<p>and<\/p>\n<blockquote><p>\nSkype: uriede<br \/>\nXMPP: Crypt@nigge.rs<br \/>\nChanges:<br \/>\nMade Date: 7-30-16<\/p><\/blockquote>\n<p>And also a \u00ab\u00a0nice\u00a0\u00bb notice:<\/p>\n<blockquote><p>\/*<br \/>\nRebirth Is an ongoing project, that will have many builds, and updates.<br \/>\nThis Client is being constantly worked on.<br \/>\nAnyone that bought Rebirth Legitly will have access to the builds, and updates.<br \/>\nFor anyone that leeches, or leaks, well fuck you.<br \/>\n*\/<\/p><\/blockquote>\n<hr \/>\n<p>Besides that, you can also find several names of the ELF binaries used by this (or other) infections, as well as the architectures they are designed for:<\/p>\n<blockquote><p>\t\u00ab\u00a0jackmymips\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmymips64\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmymipsel\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmysh2eb\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmysh2elf\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmysh4\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmyx86\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmyarmv5\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmyarmv4tl\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmyarmv4\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmyarmv6\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmyi686\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmypowerpc\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmypowerpc440fp\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmyi586\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmym68k\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0jackmysparc\u00a0\u00bb,<\/p><\/blockquote>\n<blockquote><p>\t\u00ab\u00a0hackmymips\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0hackmymipsel\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0hackmysh4\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0hackmyx86\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0hackmyarmv6\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0hackmyi686\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0hackmypowerpc\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0hackmyi586\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0hackmym68k\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0hackmysparc\u00a0\u00bb,<\/p><\/blockquote>\n<blockquote><p>\t\u00ab\u00a0busyboxterrorist\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0DFhxdhdf\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0dvrHelper\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0FDFDHFC\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0FEUB\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0FTUdftui\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0GHfjfgvj\u00a0\u00bb,<\/p><\/blockquote>\n<blockquote><p>\t\u00ab\u00a0jhUOH\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0JIPJIPJj\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0JIPJuipjh\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0kmyx86_64\u00a0\u00bb,    \/\/<- Kami?<\/p><\/blockquote>\n<blockquote><p>\t\u00ab\u00a0TwoFacearmv61\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0TwoFacei586\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0TwoFacei686\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0TwoFacem86k\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0TwoFacemips\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0TwoFacemipsel\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0TwoFacepowerpc\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0TwoFacesh4\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0TwoFacesparc\u00a0\u00bb,<br \/>\n\t\u00ab\u00a0TwoFacex86_64\u00a0\u00bb,<\/p><\/blockquote>\n<p>and others&#8230;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A new strain (as long as December 2016 can be called new) has been spotted on GitHub that combines both a standard telnet scanner and also MIRAI. It has been uploaded here:https:\/\/github.com\/geo93033\/u. In the header(s) you can find some credentials: Xmpp: b1nary@nigge.rs Twitter: @P2PBOTNET Instragram: @Rebirth.c Skype: b1narythag0d and Skype: &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[98,932,947,99],"tags":[74,60,981],"class_list":["post-11208","post","type-post","status-publish","format-standard","hentry","category-iot-newsupdates","category-iot-security","category-it-security","category-it-security-newsupdates","tag-iot","tag-malware","tag-mirai"],"translation":{"provider":"WPGlobus","version":"3.0.2","language":"fr","enabled_languages":["en","da","de","es","fi","fr","it","hu","nl","no","pl","pt","ru","sv"],"languages":{"en":{"title":true,"content":true,"excerpt":false},"da":{"title":false,"content":false,"excerpt":false},"de":{"title":false,"content":false,"excerpt":false},"es":{"title":false,"content":false,"excerpt":false},"fi":{"title":false,"content":false,"excerpt":false},"fr":{"title":false,"content":false,"excerpt":false},"it":{"title":false,"content":false,"excerpt":false},"hu":{"title":false,"content":false,"excerpt":false},"nl":{"title":false,"content":false,"excerpt":false},"no":{"title":false,"content":false,"excerpt":false},"pl":{"title":false,"content":false,"excerpt":false},"pt":{"title":false,"content":false,"excerpt":false},"ru":{"title":false,"content":false,"excerpt":false},"sv":{"title":false,"content":false,"excerpt":false}}},"_links":{"self":[{"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/posts\/11208","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/comments?post=11208"}],"version-history":[{"count":1,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/posts\/11208\/revisions"}],"predecessor-version":[{"id":11209,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/posts\/11208\/revisions\/11209"}],"wp:attachment":[{"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/media?parent=11208"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/categories?post=11208"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/evosec.eu\/fr\/wp-json\/wp\/v2\/tags?post=11208"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}