Tuesday, 10 May 2016
A collection of PHP backdoors
Just a quick post to announce I've set up a GitHub repository with a collection of PHP backdoors for educational and/or testing purposes only:
Feel free to check it out and/or contribute here:
https://github.com/bartblaze/PHP-backdoors
The repository will be updated continuously and gradually.
If you're interested in analysing a PHP backdoor, check out my post on PHP/C99shell:
C99Shell not dead
Additionally, find tools to deobfuscate PHP backdoors here:
PHP tools
Wednesday, 4 May 2016
SteamStealer IP visualisations
Just for fun I decided to visualise all SteamStealer IPs I've encountered (till now). They are hosting multiple fake screenshot websites, fake voice communication software, fake streaming websites, fake Steam websites and others. They may also be a C&C for the malware, or fake gambling/lottery websites.
Any additional information can also be found on my blog:
Malware spreading via Steam chat
Additionally, be sure to read the paper I wrote with Santiago from Kaspersky about SteamStealers here: The evolution of malware targeting Steam accounts and inventory
Now for the fun part:
View SteamStealer IPs in a full screen map
Alternatively, check out the following map and stats:
a
Country | Count |
Russian Federation | 163 |
United Kingdom | 19 |
Netherlands | 18 |
United States | 14 |
Germany | 9 |
Ukraine | 6 |
France | 6 |
Poland | 4 |
Romania | 1 |
Italy | 1 |
Czech Republic | 1 |
Canada | 1 |
Australia | 1 |
Belarus | 1 |
Belize | 1 |
Kazakhstan | 1 |
Virgin Islands, British | 1 |
Spain | 1 |
Moldova, Republic of | 1 |
As you can see, most of them are hosted in Russia; while the United Kingdom and The Netherlands rank second and third respectively.
Note: CloudFlare is gaining popularity in 'hiding' the real server IP address. CloudFlare IPs are not included.
That's about it, hope you enjoyed! Please find below tools used to create the mapping.
Resources
Geomapping:
Batchgeo
GIPC
Data:
SteamStealer IPs IOCs
Subscribe to:
Posts (Atom)
Display Color Calibration tool DCCW and UAC bypasses
In today's post we'll look at yet another way to bypass UAC using the Display Color Calibration tool, hereafter referred to as ...
-
In today's post we'll look at yet another way to bypass UAC using the Display Color Calibration tool, hereafter referred to as ...
-
Unless you didn't have any internet access today, you must have heard about the compromise of PHP.net today. An excerpt: One of the firs...
-
In this post we'll be focusing on a certain kind of malware: Linux/Xor.DDoS (also known as DDoS.XOR or Xorddos). As usual, we'll br...