Clik here to view.
MMD-0060-2016 - Linux/UDPfker and ChinaZ threat today
BackgroundChinaZ is the PRC (Public Rep of China) actor's made Linux ELF DDoS malware and its service. This threat has been covered several times in this blog post, several takedown efforts also had...
View ArticleMMD-0061-2016 - EnergyMech 2.8 overkill mod
This is a new threat analysis report I wrote in MalwareMustDie blog (this) after we moved out from blogger, I hope you like the new blog system and design, and enjoy the post! An unattended or...
View ArticleMMD-0062-2017 - Credential harvesting by SSH Direct TCP Forward attack via...
Sticky note: We call this threat as "Strudels Attack" 1. Background In this post there is no malicious software/malware analyzed, but this is one of the impact of the malware infecting IoT devices...
View ArticleMMD-0063-2019 - Summarized report of three years MalwareMustDie research...
Hello, it's unixfreaxjp here. It has been a while since I wrote our own blog, and it is good to be back. Thank you for your patience for all of this time. The background It was after September 2016...
View ArticleMMD-0064-2019 - Linux/AirDropBot
Prologue There are a lot of botnet aiming multiple architecture of Linux basis internet of thing, and this story is just one of them, but I haven't seen the one coded like this before. Like the most...
View ArticleMore About My 2019.HACK.LU Keynote Talk
As promised, this is my additional notes and review about my Keynote talk in 2019.HACK.LU (link) About 2019.HACK.LU HACK.LU is a great conference, thank you for having me this year, I could interact...
View ArticleMMD-0065-2020 - Linux/Mirai-Fbot's new encryption explained
Prologue I setup a local brand new ARM base router I bought online around this new year 2020 to replace my old pots, and yesterday, it was soon pwned by malware and I had to reset it to the factory...
View ArticleMMD-0066-2020 - Linux/Mirai-Fbot - A re-emerged IoT threat
Prologue A month ago I wrote about IoT malware for Linux operating system, a Mirai botnet's client variant dubbed as FBOT. The writing [link] was about reverse engineering Linux ELF ARM 32bit to...
View ArticleMMD-067-2021 - Recent talks on Linux process injection and shellcode analysis...
The background of these research and talks After HACK.LU-2019's talk in 2019 [link], I was asked a lot of questions about Linux process injection that can trigger code execution and yes, one of...
View ArticleMMD-068-2024 - "FHAPPI Campaign" (APT10) FreeHosting APT PowerSploit Poison Ivy
I am @unixfreaxjp of MalwareMustDie team. This is the English translation of APT overall analysis I made in Japanese at my Japan security blog: "#OCJP-136: 「FHAPPI」 Geocities.jpとPoison...
View ArticleMMD-0069-2024 - An old ELF Ransomware pivoted crypto (OpenSSL to PolarSSL)...
This malware analysis was originally posted in 2015 on my-soon-to-be-closed Japanese blog and to avoid the research information disappearing I re-posted it as an English translation over here. During...
View Article