W32.Duqu a.k.a. Stuxnet II

[PaperBall]

Anyone have a copy of this new malware that was discovered last week?

Edited October 19, 2011 by PaperBall

[deepzero]

binaries have not been made public yet, afaik, as they are still analyzing it in greater detail.

[deepzero]

the symantec whitepaper can be found here

/>http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf

THere is supposed to be a 2x page attachment (the inital analysis), but i can only see the 14p symantec analysis...

[STRELiTZIA]

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1210

[deepzero]

http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1210

I hope there are no moral issues with me attaching them here...?

If so, please let me know...

drivers.rar

pass: malware

c9a31ea148232b201fe7cb7db5c75f5e.zip

pass: infected

c9a31ea148232b201fe7cb7db5c75f5e.zip

drivers.rar

[STRELiTZIA]

I hope there are no moral issues with me attaching them here...?

If so, please let me know...

No... it's ok! enjoy!

Regards

[fireworld]

c9a31ea148232b201fe7cb7db5c75f5e not dropper

[STRELiTZIA]

http://www.securelist.com/en/blog/208193182/The_Mystery_of_Duqu_Part_One

[chickenbutt]

It's an industrial rootkit..The PLC payload and leaked PKI usage is all that is really unique. It Does some DKOM and stuff with tables, or at least it did when I looked at the last one.

I'm not going to use what little time I have to re-analyse anything

[STRELiTZIA]

Win32/Duqu: It’s A Date

http://blog.eset.com/2011/10/25/win32duqu-it%e2%80%99s-a-date

[frank_boldewin]

http://blog.eset.com/2011/10/28/win32duqu-analysis-the-rpc-edition