Malware family created by ChinaZ actor.
Trojan is being installed by compromised SSH access. Originally file is located on HFS and downloaded to target system via script or command.
Trojan is designed for routers and known to be compiled only for ARM and MIPS archs. Overall view of code reminds me MrBlack family.
Commands list includes HTTP Flood, SYN Flood, DNS Flood and stop attack.
This trojan has been spotted in-the-wild on compromised router.
#1
bot version: 20150412
C&C: 216.99.151.186
https://www.virustotal.com/ru/file/f0e7 ... /analysis/
#2
bot version: 20150412
C&C:222.186.21.82
https://www.virustotal.com/ru/file/4477 ... /analysis/
@unixfreaxjp samples include debug info, so you can take list of source files for your collection ;)
Trojan is being installed by compromised SSH access. Originally file is located on HFS and downloaded to target system via script or command.
Trojan is designed for routers and known to be compiled only for ARM and MIPS archs. Overall view of code reminds me MrBlack family.
Commands list includes HTTP Flood, SYN Flood, DNS Flood and stop attack.
This trojan has been spotted in-the-wild on compromised router.
#1
bot version: 20150412
C&C: 216.99.151.186
https://www.virustotal.com/ru/file/f0e7 ... /analysis/
#2
bot version: 20150412
C&C:222.186.21.82
https://www.virustotal.com/ru/file/4477 ... /analysis/
@unixfreaxjp samples include debug info, so you can take list of source files for your collection ;)
Attachments
infected
(454.81 KiB) Downloaded 62 times
(454.81 KiB) Downloaded 62 times