I was reported this GOARM Binary: https://www.virustotal.com/en/file/81c9 ... 410603481/ Many downloads:
It's an ARM architecture bot, based on Go programming compiled for Armv6 with Cypto and Encoding libs. Go projects PoC:
It's an ARM architecture bot, based on Go programming compiled for Armv6 with Cypto and Encoding libs. Go projects PoC:
Code: Select all
HTTP send template:
// go runtime..
0x29B39C runtime.selectgo
0x2AB1EC runtime.gogo
(etc)
// go project..
0x31A3D1 /Users/fc/GoProjects/armv6/src/server2/server.go
0x31A403 /Users/fc/GoProjects/armv6/src/server2/message.pb.go
0x31A439 /Users/fc/GoProjects/armv6/src/server2/client.go
0x31BDE1 /Users/fc/GoProjects/armv6/src/main.go
0x31A3D1 /Users/fc/GoProjects/armv6/src/server2/server.go
0x31A403 /Users/fc/GoProjects/armv6/src/server2/message.pb.go
0x31A439 /Users/fc/GoProjects/armv6/src/server2/client.go
0x31BDE1 /Users/fc/GoProjects/armv6/src/main.go
// Go source codes:
%3d: t=%3d start
%3d: t=%3d bytes [%d]
%3d: t=%3d end err %v
%3d: t=%3d fix32 %d
%3d: t=%3d fix64 %d
%3d: t=%3d varint %d
%3d: fetching op err %v
%3d: t=%3d fix32 err %v
%3d: t=%3d fix64 err %v
%3d: t=%3d start err %v
%3d: t=%3d unknown wire=%d
%3d: t=%3d varint err %v
%3d: t=%3d end
%3d: start-end not balanced %d
Code: Select all
^^ Spotted together with the DDoS'er tools. Feel free to verdict this further :D%s %s HTTP/1.1
User-Agent: %s
; Domain=%s
; Path=%s
; Expires=%s
; Max-Age=%d
Host: %s
Attachments
7z,pwd:infected
(771.74 KiB) Downloaded 100 times
(771.74 KiB) Downloaded 100 times
Last edited by unixfreaxjp on Wed Sep 17, 2014 8:45 am, edited 1 time in total.