PbBot bootkit (alias Plite, GBPBoot) - Page 3

#28812 by Ludvig
Tue Jul 05, 2016 1:05 pm

nobody say about payload, only installer, dropper, mbr and etc boring things, what is payload this malware? is it only downloader?

Username

Ludvig

Posts

7

Joined

Fri Jan 29, 2016 9:30 am

#28814 by EP_X0FF
Tue Jul 05, 2016 3:52 pm

Because it purpose is more boring. It is S.Korean online games spy/backdoor.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact

#29420 by EP_X0FF
Sat Oct 15, 2016 7:36 am

ikolor wrote:next..
https://www.virustotal.com/en/file/c127 ... 467457618/

https://www.virustotal.com/en/file/5bf7 ... 467459457/

resources.rar is a GbpBoot (alias Urelas) bootkit data (in your post https://www.virustotal.com/en/file/5bf7 ... 467459457/ is MBR file).

Second archive is Backdoor HtBot (https://www.virustotal.com/en/file/c127 ... 467457618/).

It would be nice if you will upload files separately in different posts so we can move them to dedicated threads once they are identified.

Ring0 - the source of inspiration

Username

EP_X0FF

Rank

Global Moderator

Posts

4947

Joined

Sun Mar 07, 2010 5:35 am

Location

Russian Federation

Contact