[Community-sigs] new sig Linux.Trojan.Mrblack
andreisaygo at live.ie
andreisaygo at live.ie
Tue Apr 7 07:11:52 EDT 2015
Signature:
Linux.Trojan.Mrblack:6:16:00020008*2d2d2d7365727665722025733a25642d2d2d*56455253304e45583a25737c25647c25647c2573*4d722e426c61636b*557365722d4167656e743a204d6f7a696c6c612f352e302b28636f6d70617469626c653b2b42616964757370696465722f322e303b2b2b687474703a2f2f7777772e62616964752e636f6d2f7365617263682f7370696465722e68746d6c29*706173737764*7075626c69636b6579*736861646f7700
The first 2 bytes are the "e_type" and "e_machine" from the ELF file header. They values are: "ELF executable" and "MIPS architecture".
Hashes (SHA256):
1bd07d33aa5e05cf19f98df638aeee77d04fc0a42225761c133f05ea942b7126
1c29c378382fde4fee30a6036fbedaf35da4b451b2dde9d319a8cdd224040e11
bf93b9d6064628c522bf1ecf3e85558f144c2acbde7a6cece24e9d800e79c985
cc327ec94d7bab4ddfae373c30fb8bbf0ee4479ad3be8001365cbcb68abe3e34
f26cdb8f643c382ddf045a82180e2287e9cf6ae37ad3506843b5a611df66b7ae
Regards,
Andrei Saygo
More information about the Community-sigs
mailing list