Re: Log4j

2021-12-13 Thread Karl
sorry i think part of me might understand thanks for these great shares

Re: Log4j

2021-12-13 Thread Karl
right. thanks. i thought i had seen it before but checking my inbox i think i was wrong. what was the reason you shared the exfiltrated malware binaries?

Re: Log4j

2021-12-13 Thread zeynepaydogan
> On 12/13/21, zeynepaydogan wrote: >> https://twitter.com/bountyoverflow/status/1470060508447272960?s=21 >> >> I just saw this, and I wanted you to see it too. I'm on campus right now, so I'll check it out when I get home

Re: Log4j

2021-12-13 Thread Karl
source code appears to be a different project decompile malware before using for pentests unless you're a profesisonal On 12/13/21, zeynepaydogan wrote: > https://twitter.com/bountyoverflow/status/1470060508447272960?s=21 > > Sent from ProtonMail for iOS > > Açık Pzt, Ara 13, 2021 14:18, Karl y

Re: Log4j

2021-12-13 Thread Karl
I'm interested in buying it, is the source code included so i can properly mutate the binary signatures to prevent detection?

Re: Log4j

2021-12-13 Thread zeynepaydogan
eans the > device from competitors and starts mining. Other miner loaders also appear. > They even throw a grumbling Cobalt Strike at victims via log4j. A good set of > tools for pentest, because of the crack it turns into a very real observer of > the network and a backdoor for re

Re: Log4j

2021-12-13 Thread zeynepaydogan
Kinsing backdoor happily addressed the vulnerability: The malware cleans the device from competitors and starts mining. Other miner loaders also appear. They even throw a grumbling Cobalt Strike at victims via log4j. A good set of tools for pentest, because of the crack it turns into a very

Re: Log4j

2021-12-13 Thread Karl
I've rebundled into .tar.bz2 . nft.storage doesn't preserve filenames. https://bafybeibfppl57sszyk733lswextgmkbu2aaysboldqtibu5capjxgwrw7y.ipfs.dweb.link/ ./Log4J Malware ./Log4J Malware/Mirai ./Log4J Malware/Mirai/776c341504769aa67af7efc5acc66c338dab5684a8579134d3f23165c7abcc00.

Re: Log4j

2021-12-13 Thread Karl
Hey zeynep, I imagine this is a great fun share for analysts, and I see the files are named based on their sha256sum which is super helpful in a situation like this. Are you able to rebundle them without the password? On Mon, Dec 13, 2021, 4:39 AM zeynepaydogan wrote: > Malware using LO

Re: Log4j

2021-12-13 Thread zeynepaydogan
Malware using LOG4J exploit:) Açık Pzt, Ara 13, 2021 12:11, zeynepaydogan yazdı: > Password: infected