[Community-sigs] new sig Linux.Backdoor.Turla

Douglas Goddard dgoddard at sourcefire.com
Tue Dec 9 11:42:26 EST 2014


Added for FP check, thank you!

On Tue, Dec 9, 2014 at 11:38 AM, <andreisaygo at live.ie> wrote:

> Just a small change:
>
> Linux.Backdoor.Turla;Target:6;(0|1|2|3)>2,2;5f5f77655f6172655f68617070795f5f;772b002f746d702f2e*00722b00;446573637c*46696c656e616d65*73697a65*7c73746174657c;80C305329A??????08889A??????084283FA0876E9
>
> > From: andreisaygo at live.ie
> > To: community-sigs at lists.clamav.net
> > Date: Tue, 9 Dec 2014 13:57:08 +0000
> > Subject: [Community-sigs] new sig Linux.Backdoor.Turla
> >
> > Signature:
> >
> Linux.Backdoor.Turla;Target:6;(0|1|2|3)>2;5f5f77655f6172655f68617070795f5f;772b002f746d702f2e*00722b00;446573637c*46696c656e616d65*73697a65*7c73746174657c;80C305329A??????08889A??????084283FA0876E9
> >
> > Hashes:
> > MD5: 19fbd8cbfb12482e8020a887d6427315
> > SHA1: 7f043eb95d74d051ac780aee52ebf1c497c43060
> > SHA256: 8856a68d95e4e79301779770a83e3fad8f122b849a9e9e31cfe06bf3418fa667
> >
> >
> > Sig3:
> > //08048372 80C305                          add        bl, 0x5
> > //08048375 329A??????08              xor        bl, byte
> [ds:edx+0x80cd6cb]
> > //0804837b 889A??????08              mov        byte
> [ds:edx+__xored__buffer__], bl
> > //08048381 42                                   inc        edx
> > //08048382 83FA08                          cmp        edx, 0x8
> > //08048385 76E9                              jbe        0x8048370
> >
> > Regards,
> > Andrei Saygo
> > _______________________________________________
> > Community-sigs mailing list
> > Community-sigs at lists.clamav.net
> > http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
> >
> > http://www.clamav.net/contact.html#ml
>
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
>



More information about the Community-sigs mailing list