sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex ... - CrySyS Lab
15.07.2013 Views
Share Embed Flag

sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex ... - CrySyS Lab

sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex ... - CrySyS Lab

sKyWIper (a.k.a. Flame a.k.a. Flamer): A complex ... - CrySyS Lab

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
crysys.hu

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

C:\Program Files\Common Files\Microsoft Shared\MSAuthCtrl\secindex.dat<br />

https://XXXX.info:443/cgi-bin/counter.cgi<br />

https://XXXX.info:443/cgi-bin/counter.cgi<br />

…<br />

GATOR.SERVERS.1.data.SITE<br />

SINGLE_CMD_RUNNER<br />

GATOR.SERVERS.1.data.SITE XXXX.info->XXXXX.com<br />

GATOR.SERVERS.1.data.URL cgi-bin/counter.cgi->wp-content/rss.php<br />

…<br />

GATOR.SERVERS.-1.SITE [NoValue]->XXXX.info<br />

GATOR.SERVERS.-1.USESSL [NoValue]->False<br />

GATOR.SERVERS.-1.TIMEOUT [NoValue]->180000<br />

GATOR.SERVERS.-1.URL [NoValue]->wp-content/rss.php<br />

GATOR.SERVERS.-1.PORT [NoValue]->80<br />

GATOR.SERVERS.-1.PASSWORD [NoValue]->LifeStyle2<br />

…<br />

XXX.info<br />

SINGLE_CMD_RUNNER<br />

P_CMDS.RESTORE_REDIRECTION_STATE<br />

SINGLE_CMD_RUNNER<br />

SINGLE_CMD_RUNNER<br />

P_CMDS.RESTORE_REDIRECTION_STATE.SECS_BETWEEN_RUNS [NoValue]->87654<br />

P_CMDS.RESTORE_REDIRECTION_STATE.MAX_RUNS [NoValue]->2<br />

P_CMDS.RESTORE_REDIRECTION_STATE.CMD_BUF [NoValue]->BUF_SITE:271 CRC:525FXXXX<br />

P_CMDS.RESTORE_REDIRECTION_STATE.NUM_OF_RUNS [NoValue]->0<br />

SINGLE_CMD_RUNNER<br />

SINGLE_CMD_RUNNER<br />

GATOR.LEAK.NEXT_REQUEST_TIME 314821->1222222222<br />

GATOR.LEAK.NEXT_REQUEST_SYS_TIME 133XXX2106->1222222222<br />

SINGLE_CMD_RUNNER<br />

SINGLE_CMD_RUNNER<br />

MANAGER.FLAME_ID 13XXXXX15X->13<br />

SINGLE_CMD_RUNNER<br />

SINGLE_CMD_RUNNER<br />

GATOR.CMD.NEXT_REQUEST_TIME 340504->0<br />

…<br />

COMAGENT<br />

COMAGENTWORKER<br />

WEASEL<br />

IDLER<br />

CommandExecuter<br />

CommandFileFinder<br />

MICROBE<br />

MICROBE_SECURITY<br />

GadgetSupplierWaitThread<br />

MICROBE_SECURITY<br />

MICROBE<br />

SINGLE_CMD_RUNNER<br />

C:\WINDOWS\system32\advpck.dat<br />

C:\WINDOWS\system32\advpck.dat, EnableTBS<br />

C:\WINDOWS\system32\advpck.dat<br />

C:\WINDOWS\system32\ntaps.dat, EnableSHR<br />

C:\WINDOWS\system32\ntaps.dat, EnableOFR<br />

<strong>Lab</strong>oratory of Cryptography and System Security (<strong>CrySyS</strong>)<br />

Budapest University of Technology and Economics<br />

www.crysys.hu 42

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!