[Squirl]

Hi all,

Does anybody have a copy of the payload (jar file, HTML, anything) that was hosted on this site up until 01/30/2013?

I've tried multiple cache sources, but cannot find anything.

I know it's not a lot to go on, but if anybody at all could help, that would be amazing!

[N3mes1s]

What about http://web.archive.org/web/201301151912 ... evsdk.com/ ?

[Squirl]

Hey N3mes1s,

Thanks for the reply.

I've tried a lot of commercial archivers, but cannot find what I'm looking for. It's likely (though unconfirmed) that the payload was on page other than the Landing, which makes it a bit tougher.

I doubt I'll find it, but it's just possible somebody at least has the original link.

[N3mes1s]

Could help?
http://img15.imageshack.us/img15/84/trojand.jpg

[EP_X0FF]

http://eromang.zataz.com/2013/02/20/fac ... ormations/

[rkhunter]

http://eromang.zataz.com/2013/02/20/fac ... ormations/

It seems there are already enough hysterics in media about all this info. Guess main question now whether the attack was targeted or not [and is there a connection between attacks to NY Times, WSJ, Twitter, Facebook and Apple]. Anyway I think guys who know native nature of this attack wouldn't share info with community. For me strange that all these companies do not want to share any detailed info. We don't know real chronology of all these attacks too.
Btw, latest Mandiant report is really fantastic.

Chinese Defense Ministry
"It is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence"

FANTASTIC!!!!!

[Squirl]

Thanks guys.

Managed to find a sample of the payload.

I don't, personally, believe this is a targeted attack - I think they got lucky compromising two massive companies. The "wateringhole" (I hate buzzwords, don't you?) attack was most likely a hope-for-the-best campaign.

I agree with you on the Mandiant report; absolutely brilliant - really set a new standard for attack forensics.