PaperBall Posted October 19, 2011 Share Posted October 19, 2011 (edited) Anyone have a copy of this new malware that was discovered last week? Edited October 19, 2011 by PaperBall Link to comment Share on other sites More sharing options...
deepzero Posted October 19, 2011 Share Posted October 19, 2011 binaries have not been made public yet, afaik, as they are still analyzing it in greater detail. Link to comment Share on other sites More sharing options...
deepzero Posted October 19, 2011 Share Posted October 19, 2011 the symantec whitepaper can be found here />http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdfTHere is supposed to be a 2x page attachment (the inital analysis), but i can only see the 14p symantec analysis... Link to comment Share on other sites More sharing options...
STRELiTZIA Posted October 19, 2011 Share Posted October 19, 2011 http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1210 Link to comment Share on other sites More sharing options...
deepzero Posted October 19, 2011 Share Posted October 19, 2011 http://www.kernelmode.info/forum/viewtopic.php?f=16&t=1210I hope there are no moral issues with me attaching them here...?If so, please let me know...drivers.rar pass: malwarec9a31ea148232b201fe7cb7db5c75f5e.zip pass: infectedc9a31ea148232b201fe7cb7db5c75f5e.zipdrivers.rar Link to comment Share on other sites More sharing options...
STRELiTZIA Posted October 19, 2011 Share Posted October 19, 2011 I hope there are no moral issues with me attaching them here...?If so, please let me know... No... it's ok! enjoy! Regards Link to comment Share on other sites More sharing options...
fireworld Posted October 21, 2011 Share Posted October 21, 2011 c9a31ea148232b201fe7cb7db5c75f5e not dropper Link to comment Share on other sites More sharing options...
STRELiTZIA Posted October 21, 2011 Share Posted October 21, 2011 http://www.securelist.com/en/blog/208193182/The_Mystery_of_Duqu_Part_One Link to comment Share on other sites More sharing options...
chickenbutt Posted October 23, 2011 Share Posted October 23, 2011 It's an industrial rootkit..The PLC payload and leaked PKI usage is all that is really unique. It Does some DKOM and stuff with tables, or at least it did when I looked at the last one.I'm not going to use what little time I have to re-analyse anything Link to comment Share on other sites More sharing options...
STRELiTZIA Posted October 26, 2011 Share Posted October 26, 2011 Win32/Duqu: It’s A Datehttp://blog.eset.com/2011/10/25/win32duqu-it%e2%80%99s-a-date Link to comment Share on other sites More sharing options...
frank_boldewin Posted October 29, 2011 Share Posted October 29, 2011 http://blog.eset.com/2011/10/28/win32duqu-analysis-the-rpc-edition Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now