[iodust]

Hello everyone,

Does anyone have the following sample mentioned in the article below?

https://citizenlab.org/2014/03/maliciou ... d-psiphon/

MD5: 28bf01f67db4a5e8e6174b066775eae0
filename: psiphon.exe

Thanks,

iodust

[CloneRanger]

Hi, i'm not sure what's going on here because both files have dodgy certs !

cert.png (1.89 KiB) Viewed 207 times

I downloaded psiphon3.exe from the "official" www https://psiphon.ca/en/index.html & psiphon3a.exe from -https://555777.biz/rgVaxk/?lang=en I renamed psiphon3.exe to psiphon3a.exe

5. Psiphon’s website states:”The SHA1 thumbprint for the Psiphon Inc. certificate public key is displayed in the Certificate dialog Details tab. For the certificate valid for the period June 16, 2011 to June 21, 2012 the SHA1 thumbprint is:8f:b7:ef:bd:20:a9:20:3a:38:37:08:a2:1e:0a:1d:2e:ad:7b:ee:6dThe certificate valid for the for the period May 21, 2011 to July 30, 2014 the SHA1 thumbprint is:84:c5:13:5b:13:d1:53:96:7e:88:c9:13:86:0e:83:ee:ef:48:8e:91

https://citizenlab.org/2014/03/maliciou ... ed-psiphon

psiphon3.exe - SHA1 = 2bd632f03c0d8de53948a100bf9ad9f1283b8117

http://r.virscan.org/report/4dc1d1e04da ... cdd727e943

psiphon3a.exe - SHA1 = 5de435df5a55b8f0b4f3b6643c53cdc7bd43a012

http://r.virscan.org/report/966a5761c78 ... 16a7008a0f

PW = infected

psiphon3a.7z

(690.8 KiB) Downloaded 49 times

[EP_X0FF]

What he wants is Bladabindi MSIL crap (aka NJ rat). Yes, iodust also banned on VT and this forum search button seems unavailable for him.