Attachments
password = infected
(63.11 KiB) Downloaded 84 times
(63.11 KiB) Downloaded 84 times
PlugX
http://sophosnews.files.wordpress.com/2 ... rsion6.pdf
A forum for reverse engineering, OS internals and malware analysis
Another PlugX Article by FireEye. I didn't see this one on previous post.
http://www.fireeye.com/blog/technical/c ... trick.html
http://www.fireeye.com/blog/technical/c ... trick.html
rkhunter wrote:njRAThttp://www.kernelmode.info/forum/viewto ... =16&t=2742
http://threatgeek.typepad.com/files/fta ... ered-1.pdf
Ring0 - the source of inspiration
Androrat - Android Remote Access Tool
http://vrt-blog.snort.org/2013/07/andro ... -tool.html
http://www.symantec.com/connect/blogs/r ... apk-binder
http://vrt-blog.snort.org/2013/07/andro ... -tool.html
http://www.symantec.com/connect/blogs/r ... apk-binder
Any one have a copy of that Android RAT
k0ng0 wrote:Any one have a copy of that Android RATHere you can get the source of AndroRAT https://github.com/wcb972/androrat.
interesting questions...
A backdoor, originally an Unix word which means remote shell like netcat.No need extra features, just a few commands via a port.
A RAT usually means remote control a machine as it was our own.Remote access Tool for sysadmins, Trojan for hackers.
They can be used in a legal way for a sysadmin or for cybercrime like DDOS/carding and computer espionage between states or firms.
RAT are in a grey world market full of paradox.
RAT can be used for employee monitoring (Hire evidence).
It is a dynamic market, and Spector pro or IMonitor are popular official products.
http://en.wikipedia.org/wiki/Employee_m ... g_software
There is also underground rat that try to evolve and become respectable (Prorat is a typical example).
RAT career opportunities is sometimes a highway to jail (Blackshades), sometimes a highway for the Andy Warhol 15mn of celebrity (DarkComet)
http://weirderweb.com/2013/02/28/the-od ... civil-war/
https://www.fbi.gov/newyork/press-relea ... e-takedown
http://translate.google.fr/translate?sl ... wares.html
RAT are also used in law enforcement (FBI CIPAV and German Budestrojan can not be considered as RAT)
Remote forensic software as a niche market
DIRT was a pioneer http://www.thebirdman.org/Index/Others/ ... eviews.htm
http://cryptome.org/dirt-guide.htm
http://de.wikipedia.org/wiki/Remote_Forensic_Software
http://www.real-sec.com/datoteke-web/Ga ... tware).pdf
http://events.ccc.de/camp/2007/Fahrplan ... rensic.pdf
The famous HackingTeam RAT that i have talked already in 2008 in a previous Rootkit board
http://forum.sysinternals.com/z0mbie-ro ... age16.html
http://www.hackingteam.it/index.php/rem ... rol-system
http://securityaffairs.co/wordpress/794 ... tions.html
http://www.techweekeurope.co.uk/news/rs ... ect-109101
https://citizenlab.org/2012/10/backdoor ... f-dissent/
http://news.drweb.com/?i=2604&c=5&lng=en
http://www.techweekeurope.co.uk/news/rs ... ect-109101
http://surveillance.rsf.org/en/hacking-team/
There is mostly and widely used client/server RAT, which provide user spying and monitoring features, but also http (via browser) and php rat.
Java is interesting for its cròss platform environment.
Sorry for this literature...and regarding samples, a lot of RAT in a Box Cloud. And for time consuming i can not attach each of them here (any suggestion from EP? ).
I attach an interesting java sample, far from common Rats, BlueBanana
https://www.virustotal.com/en/file/17c6 ... 346852853/
https://www.virustotal.com/fr/file/5667 ... 374130638/
https://malwr.com/analysis/YTg1NDY1MjE4 ... MwZmUxMjA/
Rgds
A backdoor, originally an Unix word which means remote shell like netcat.No need extra features, just a few commands via a port.
A RAT usually means remote control a machine as it was our own.Remote access Tool for sysadmins, Trojan for hackers.
They can be used in a legal way for a sysadmin or for cybercrime like DDOS/carding and computer espionage between states or firms.
RAT are in a grey world market full of paradox.
RAT can be used for employee monitoring (Hire evidence).
It is a dynamic market, and Spector pro or IMonitor are popular official products.
http://en.wikipedia.org/wiki/Employee_m ... g_software
There is also underground rat that try to evolve and become respectable (Prorat is a typical example).
RAT career opportunities is sometimes a highway to jail (Blackshades), sometimes a highway for the Andy Warhol 15mn of celebrity (DarkComet)
http://weirderweb.com/2013/02/28/the-od ... civil-war/
https://www.fbi.gov/newyork/press-relea ... e-takedown
http://translate.google.fr/translate?sl ... wares.html
RAT are also used in law enforcement (FBI CIPAV and German Budestrojan can not be considered as RAT)
Remote forensic software as a niche market
DIRT was a pioneer http://www.thebirdman.org/Index/Others/ ... eviews.htm
http://cryptome.org/dirt-guide.htm
http://de.wikipedia.org/wiki/Remote_Forensic_Software
http://www.real-sec.com/datoteke-web/Ga ... tware).pdf
http://events.ccc.de/camp/2007/Fahrplan ... rensic.pdf
The famous HackingTeam RAT that i have talked already in 2008 in a previous Rootkit board
http://forum.sysinternals.com/z0mbie-ro ... age16.html
http://www.hackingteam.it/index.php/rem ... rol-system
http://securityaffairs.co/wordpress/794 ... tions.html
http://www.techweekeurope.co.uk/news/rs ... ect-109101
https://citizenlab.org/2012/10/backdoor ... f-dissent/
http://news.drweb.com/?i=2604&c=5&lng=en
http://www.techweekeurope.co.uk/news/rs ... ect-109101
http://surveillance.rsf.org/en/hacking-team/
There is mostly and widely used client/server RAT, which provide user spying and monitoring features, but also http (via browser) and php rat.
Java is interesting for its cròss platform environment.
Sorry for this literature...and regarding samples, a lot of RAT in a Box Cloud. And for time consuming i can not attach each of them here (any suggestion from EP? ).
I attach an interesting java sample, far from common Rats, BlueBanana
https://www.virustotal.com/en/file/17c6 ... 346852853/
https://www.virustotal.com/fr/file/5667 ... 374130638/
https://malwr.com/analysis/YTg1NDY1MjE4 ... MwZmUxMjA/
Rgds
Attachments
Password is kernelmode.info
(322.69 KiB) Downloaded 77 times
(322.69 KiB) Downloaded 77 times
Security? Yeah But Well: http://www.ouaismaisbon.ch/ )
