[Community-sigs] new sig Linux.Trojan.Mrblack
Angel Villegas
anvilleg at sourcefire.com
Tue Apr 7 12:02:42 EDT 2015
Andrei Saygo,
Thanks for the signature. Linux.Trojan.Mrblack has passed FP testing
and will be published soon.
Thanks,
Angel M. Villegas
On Tue, Apr 7, 2015 at 7:11 AM, <andreisaygo at live.ie> wrote:
> Signature:
> Linux.Trojan.Mrblack:6:16:00020008*2d2d2d7365727665722025733a25642d2d2d*56455253304e45583a25737c25647c25647c2573*4d722e426c61636b*557365722d4167656e743a204d6f7a696c6c612f352e302b28636f6d70617469626c653b2b42616964757370696465722f322e303b2b2b687474703a2f2f7777772e62616964752e636f6d2f7365617263682f7370696465722e68746d6c29*706173737764*7075626c69636b6579*736861646f7700
>
> The first 2 bytes are the "e_type" and "e_machine" from the ELF file header. They values are: "ELF executable" and "MIPS architecture".
>
> Hashes (SHA256):
> 1bd07d33aa5e05cf19f98df638aeee77d04fc0a42225761c133f05ea942b7126
> 1c29c378382fde4fee30a6036fbedaf35da4b451b2dde9d319a8cdd224040e11
> bf93b9d6064628c522bf1ecf3e85558f144c2acbde7a6cece24e9d800e79c985
> cc327ec94d7bab4ddfae373c30fb8bbf0ee4479ad3be8001365cbcb68abe3e34
> f26cdb8f643c382ddf045a82180e2287e9cf6ae37ad3506843b5a611df66b7ae
>
>
> Regards,
> Andrei Saygo
> _______________________________________________
> Community-sigs mailing list
> Community-sigs at lists.clamav.net
> http://lists.clamav.net/cgi-bin/mailman/listinfo/community-sigs
>
> http://www.clamav.net/contact.html#ml
More information about the Community-sigs
mailing list