ta ddos binary bot iptables v6 us
DESCRIPTION
Explot report for IptabLes/IptabLex DDoS BotsTRANSCRIPT
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
1/15
1
Risk Factor - High
!"#$%&'()!"#$%&'* ,,-. /-#(
0&1 2345563.! !,7 "#$$
89549!5:
%&'()* +, ,#"-. /0121(34 5'6789(: ;8:&'()*()88'()* 1)? @8481':A B812 C5DE48'
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
2/15
2
=?@AB' C7 4'D E$# "A%F?GFH B'"-B#'D #I' G-J"B-J?(' #- ?#( GA(#-J'B(
=?@AB' K7 < L?G#?J -M !"#$%&'( ?NM'G#?-N "-(#'D B'"-B#( -M #I' I$GO( -N $ "A%F?G M-BAJ
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
3/15
3
=?@AB' P7 < #B$N(F$#'D B'"-B# -M !1#$%&'* ) !"#$%&'(
BA8 ()H8:
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
4/15
4
/J1:A8 @6778' NPKD S)b8:
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
5/15
5
=?@AB' R7 ;-D' (N?""'# -M $ D-SNF-$D'B D-SNF-$D?N@ $ B'J-#' !"#$%&%M?F'
BA8 /04!$*$H(78. 4A6Q) () V(*&'8 [. :6)
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
6/15
6
1
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
7/15
7
9,9,'fi',0Ah9,9,'fi',0Ah9,9,'fi',0Ah'exit',0Ah,0
=?@AB' Y7 ;F'$NA" A" (GB?"# '*'GA#'D %H #I' %?N$BH #- "B'L'N# JAF#?"F' ?NM'G#?-N
V(*&'8 d 4A6Q4 1 4:8)1'(6 QA8'8 2&7=! _876Q (4 1 )8
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
8/15
8
1
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
9/15
9
U!"#$%&'( G-JJ$ND "B-#-G-F
S)(
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
10/15
10
if ( a1 ){new_data = 0;new_len = 2048;if ( HbLDeCompress(a1 + 6, a2, &new_data, &new_len) || new_len != 112 ){
v2 = new_data;}else{
v2 = new_data;if ( *(_BYTE *)(new_data + 8) & 1 ){
v3 = *(_DWORD *)(new_data + 0x50);v4 = *(_DWORD *)(new_data + 0x54);v5 = *(_DWORD *)(new_data + 0x58);v6 = *(_DWORD *)(new_data + 0x5C);v7 =AddTask(new_data);
MySend(&v3, 20);v2 = new_data;
}}free(v2);
}}
=?@AB' CR7 < "('AD- G-D' D'J-N(#B$#?-N -M #I' D'G-J"B'((?-N $ND "$B(?N@ -M #I' ,,-. G-JJ$ND(
;628 6H
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
11/15
11
=?@AB' CV7 ,6. $ND .Q6 MF--D #IB'$D MANG#?-N( G$FF'D %H #I'
SYN Flood10:41:03.933780 IP x.x.x.x.10535 > x.x.x.x.80: Flags [S], seq 536:1560, win 6000,
length 1024
DNS Flood15:37:30.794536 IP x.x.x.x.2679 > x.x.x.x.53: 17664+ A? xx.xx.xx. (33)
=?@AB' CZ7
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
12/15
12
.$N a-(' &-ND-N E-N@ `-N@:$(I?N@#-N
,;=B$NOMAB#
5810 G(
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
13/15
13
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
14/15
14
$code4 = "Service.c"
$code5 = "srvnet.c"
$code6 = "ckbuf"
$code7 = "udptest.c"
condition:
($elf at 0 and all of ($st*) and 5 of ($code*) )
}
=?@AB' K_7 Q
-
5/20/2018 TA DDos Binary Bot IptabLes v6 US
15/15
15
;8604!/b084.7 1&>('B#
!; .5;b4!0Q 563!6554!63