[Community-sigs] new sig Linux.Backdoor.Concbak
andreisaygo at live.ie
andreisaygo at live.ie
Mon Mar 16 19:52:21 EDT 2015
Signature:
Linux.Backdoor.Concbak;Target:6;(0&1&2)&(3|4|5);2F676174652E706870;2670636E616D653D00;26687769643D00;756470666C6F6F6400;6261636B636F6E6E65637400;2F6574632F736861646F7700
Hashes:
MD5: 88119dc700357d2d486efb2d1369b105
SHA1: 36361d6472d3c675182a2ca01ceed968d6c8e46b
SHA256: 6b2cc3d64aa719c4910b89dc841f7ae07a5eab481d9ad2ed75059ac5173092b1
Sig0:
/gate.php
Sig1:
&pcname=
Sig2:
&hwid=
Sig3:
udpflood
Sig4:
backconnect
Sig5:
/etc/shadow
Additional details:
Full link:
hxxp://webcrawl.marketplay.be:80//platforms/linux_v6//gate.php
HTTP header:
User-Agent: Firefox.3.5
Referer: http://google.com/
Accept-Encoding: identity
Regards,
Andrei Saygo
More information about the Community-sigs
mailing list