Jump to content


- - - - -

W32.Duqu a.k.a. Stuxnet II

Started by PaperBall, Oct 19 2011 02:49 PM

  • Please log in to reply
10 replies to this topic

#1 PaperBall

PaperBall

    Newbie

  • (Junior)
  • 1 posts

Posted 19 October 2011 - 02:49 PM

Anyone have a copy of this new malware that was discovered last week?

Edited by PaperBall, 19 October 2011 - 03:11 PM.

#2 deepzero

deepzero

    Postmaster

  • (Full Member)
  • 729 posts
  • Gender:Male

Posted 19 October 2011 - 02:51 PM

binaries have not been made public yet, afaik, as they are still analyzing it in greater detail.
Scientia potentia est.

#3 deepzero

deepzero

    Postmaster

  • (Full Member)
  • 729 posts
  • Gender:Male

Posted 19 October 2011 - 03:30 PM

the symantec whitepaper can be found here

http://www.symantec....ext_stuxnet.pdf

THere is supposed to be a 2x page attachment (the inital analysis), but i can only see the 14p symantec analysis...
Scientia potentia est.

#4 STRELiTZIA

STRELiTZIA

    Slug Analysis Lab

  • (Junior+)
  • 19 posts
  • Gender:Male

Posted 19 October 2011 - 05:29 PM 

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1210

Software Analysis, Reverse Code Engineering and Malware Fighting.

#5 deepzero

deepzero

    Postmaster

  • (Full Member)
  • 729 posts
  • Gender:Male

Posted 19 October 2011 - 05:37 PM

View PostSTRELiTZIA, on 19 October 2011 - 05:29 PM, said:

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1210

I hope there are no moral issues with me attaching them here...?
If so, please let me know...

Quote

drivers.rar
    pass: malware
c9a31ea148232b201fe7cb7db5c75f5e.zip
    pass: infected

Attached Files


Scientia potentia est.

#6 STRELiTZIA

STRELiTZIA

    Slug Analysis Lab

  • (Junior+)
  • 19 posts
  • Gender:Male

Posted 19 October 2011 - 06:21 PM

Quote

I hope there are no moral issues with me attaching them here...?
If so, please let me know...
No... it's ok! enjoy! :)
Regards
Software Analysis, Reverse Code Engineering and Malware Fighting.

#7 fireworld

fireworld

    Newbie

  • (Junior)
  • 1 posts

Posted 21 October 2011 - 05:37 AM

c9a31ea148232b201fe7cb7db5c75f5e not dropper

#8 STRELiTZIA

STRELiTZIA

    Slug Analysis Lab

  • (Junior+)
  • 19 posts
  • Gender:Male

Posted 21 October 2011 - 09:36 AM 

http://www.securelist.com/en/blog/208193182/The_Mystery_of_Duqu_Part_One

Software Analysis, Reverse Code Engineering and Malware Fighting.

#9 chickenbutt

chickenbutt

    Mega Poster

  • (Full Member)
  • 153 posts
  • Gender:Male

Posted 23 October 2011 - 06:44 AM

It's an industrial rootkit..The PLC payload and leaked PKI usage is all that is really unique. It Does some DKOM and stuff with tables, or at least it did when I looked at the last one.

I'm not going to use what little time I have to re-analyse anything

#10 STRELiTZIA

STRELiTZIA

    Slug Analysis Lab

  • (Junior+)
  • 19 posts
  • Gender:Male

Posted 26 October 2011 - 08:47 AM

Win32/Duqu: It’s A Date
http://blog.eset.com/2011/10/25/win32duqu-it%e2%80%99s-a-date

Software Analysis, Reverse Code Engineering and Malware Fighting.

#11 frank_boldewin

frank_boldewin

    Newbie

  • (Junior+)
  • 11 posts

Posted 29 October 2011 - 08:53 AM

http://blog.eset.com...the-rpc-edition
Back to Malicious Software Research


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Tuts 4 You
  2. Professional Engineering
  3. Malicious Software Research
  4. Privacy Policy
  5. The Board Rules ·