IoT Malware advances

A new strain (as long as December 2016 can be called new) has been spotted on GitHub that combines both a standard telnet scanner and also MIRAI.

It has been uploaded here:https://github.com/geo93033/u.

In the header(s) you can find some credentials:

Xmpp: b1nary@nigge.rs
Twitter: @P2PBOTNET
Instragram: @Rebirth.c
Skype: b1narythag0d

and

Skype: uriede
XMPP: Crypt@nigge.rs
Changes:
Made Date: 7-30-16

And also a “nice” notice:

/*
Rebirth Is an ongoing project, that will have many builds, and updates.
This Client is being constantly worked on.
Anyone that bought Rebirth Legitly will have access to the builds, and updates.
For anyone that leeches, or leaks, well fuck you.
*/


Besides that, you can also find several names of the ELF binaries used by this (or other) infections, as well as the architectures they are designed for:

“jackmymips”,
“jackmymips64”,
“jackmymipsel”,
“jackmysh2eb”,
“jackmysh2elf”,
“jackmysh4”,
“jackmyx86”,
“jackmyarmv5”,
“jackmyarmv4tl”,
“jackmyarmv4”,
“jackmyarmv6”,
“jackmyi686”,
“jackmypowerpc”,
“jackmypowerpc440fp”,
“jackmyi586”,
“jackmym68k”,
“jackmysparc”,

“hackmymips”,
“hackmymipsel”,
“hackmysh4”,
“hackmyx86”,
“hackmyarmv6”,
“hackmyi686”,
“hackmypowerpc”,
“hackmyi586”,
“hackmym68k”,
“hackmysparc”,

“busyboxterrorist”,
“DFhxdhdf”,
“dvrHelper”,
“FDFDHFC”,
“FEUB”,
“FTUdftui”,
“GHfjfgvj”,

“jhUOH”,
“JIPJIPJj”,
“JIPJuipjh”,
“kmyx86_64”, //<- Kami?

“TwoFacearmv61”,
“TwoFacei586”,
“TwoFacei686”,
“TwoFacem86k”,
“TwoFacemips”,
“TwoFacemipsel”,
“TwoFacepowerpc”,
“TwoFacesh4”,
“TwoFacesparc”,
“TwoFacex86_64”,

and others…

Leave a Reply

Your email address will not be published.