OSX Kirino (BigFive) BackDoor

#30532 by K_Mikhail
Mon Jul 03, 2017 10:59 am

Subj

[1] https://virustotal.com/en/file/2ccd0e9d ... 499079161/ (HEUR:Exploit.OSX.CVE-2016-4625.a || Exploit.CVE-2016-4625.1 || a variant of OSX/Exploit.CVE-2016-4625.B)

[2] https://virustotal.com/en/file/5b13a275 ... 499079170/

[3] https://virustotal.com/en/file/dd065e79 ... 499079184/

[4] https://virustotal.com/en/file/b2638362 ... 499079198/

Dr.Web anti-virus vendor resume: Mac.BackDoor.BigFive.1, Mac.BackDoor.BigFive.2, Mac.BackDoor.BigFive.3

UPD: Kaspersky anti-virus vendor resume: HEUR:Backdoor.OSX.Rinoki.a

Username

K_Mikhail

Posts

41

Joined

Tue Apr 13, 2010 4:13 pm

Re: OSX Kirino (BigFive) BackDoor

#30534 by K_Mikhail
Mon Jul 03, 2017 6:16 pm

Mac.BackDoor.BigFive.1, Mac.BackDoor.BigFive.2, Mac.BackDoor.BigFive.3 renamed on Mac.BackDoor.Kirino.1, Mac.BackDoor.Kirino.2, Mac.BackDoor.Kirino.3.

Username

K_Mikhail

Posts

41

Joined

Tue Apr 13, 2010 4:13 pm

Re: OSX Kirino (BigFive) BackDoor

#30541 by maddog4012
Wed Jul 05, 2017 1:03 pm

Samples from VT

Attachments

OSX_RINOKI.A.zip

pw virus
(28.1 KiB) Downloaded 41 times

Username

maddog4012

Posts

82

Joined

Mon Aug 04, 2014 6:53 pm