![]() NOCLIENT Seems to be the CnC for NOPEN*.INCISION Rootkit/Backdoor Linux Can be upgrade to StoicSurgeon(more recent version).STOICSURGEON Rootkit/Backdoor Linux MultiArchi.SUCTIONCHAR: 32 or 64 bit OS, solaris sparc 8,9, Kernel level implant - transparent, sustained, or realtime interception of processes input/output vnode traffic, able to intercept ssh, telnet, rlogin, rsh, password, login, csh, su, ….Strifeworld reconstructs the actual data streams and stores each session in a file for later analysis. Strifeworld is a program that captures data transmitted as part of TCP connections and stores the data in a memory for analysis. STRIFEWORLD: Network-monitoring for UNIX, needs to be launched as root.SLYHERETIC SLYHERETIC is a light-weight implant for AIX 5.1:-5.2 Uses Hide-in-Plain-Sight techniques to provide stealth.(thanks to SECONDDATE Implant for Linux/FreeBSD/Solaris/JunOS SAMPLEMAN / ROUTER TOUCH Clearly hits Cisco via some sort of redirection via a tool on port 2323.NOPEN Backdoor? A RAT or post-exploitation shell consisting of a client and a server that encrypts data using RC6 source** SunOS5.8.FUNNELOUT: database-based web-backdoor for vbulletin.ESMARKCONANT exploits phpBB remote command execution (4.1) verify doesn't complain.EE proftpd 1.2.8 RCE, for RHL 7.3+/Linux, CVE-2011-4130? another reason not to use proftpd.eggbasket another NetScape Enterprise RCE, this time version 3.5, likely SPARC only.nsent RCE for NetScape Enterprise server 4.1 for Solaris.EBBISLAND RCE Solaris 2.6 -> 2.10 Inject shellcode in vulnerable rpc service.VIOLENTSPIRIT RCE for ttsession daemon in CDE on Solaris 2.6-2.9 on SPARC and x86.TOOLTALK DEC, IRIX, or Sol2.6 or earlier Tooltalk buffer overflow RCE.sneer: mibissa (Sun snmpd) RCE, with DWARF symbols :D.EBBISLAND/ ELVISCICADA/ snmpXdmid and frown: CVE-2001-0236, Solaris 2.6-2.9 - snmpXdmid Buffer Overflow.EASYSTREET/ CMSEX and cmsd Solaris rpc.cmsd remote root.CATFLAP Solaris 7/8/9 (SPARC and Intel) RCE (for a LOT of versions).ITIME Change Date/Time of a last change on a file of an unix filesystem.uX_local Micro X server, likely for remote management.PORKSERVER inetd-based server for the PORK implant.egg_timer execution delayer (equivalent to at).DITTLELIGHT (HIDELIGHT) unhide NOPEN window to run unix oracle db scripts.Nested Tar archives have been uncompressed in the archive_files folder. This summary is provided by the community: complaints/credits to jvoisin and Some binaries may be picked up by your antivirus.Passphrase: (as disclosed by the ShadowBrokers, source).Original file: !zEAU1AQL!oWJ63n-D6lCuCQ4AY0Cv_405hX8kn7MEsa1iLH5UjKU.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |