Leouncia - Yet another backdoor - Part 2
Jump to navigation
Jump to search
(Publication) Google search: [1]
Leouncia - Yet another backdoor - Part 2 | |
---|---|
Botnet | Leouncia |
Malware | |
Botnet/malware group | |
Exploit kits | |
Services | |
Feature | |
Distribution vector | |
Target | |
Origin | |
Campaign | |
Operation/Working group | |
Vulnerability | |
CCProtocol | |
Date | 2010 / 2010-12-14 |
Editor/Conference | FireEye |
Link | http://blog.fireeye.com/research/2010/12/leouncia-yet-another-backdoor-part-2.html (Archive copy) |
Author | Atif Mushtaq |
Type |
Abstract
“ Leouncia's C&C payload decryption consists of two major phases. The first part is the formulation of a dynamic permutation table using a variable 128 bit key. This permutation table is further used to decrypt the actual payload.
Let me explain it step by step...
Bibtex
@misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2010BFR1205, editor = {FireEye}, author = {Atif Mushtaq}, title = {Leouncia - Yet another backdoor - Part 2}, date = {14}, month = Dec, year = {2010}, howpublished = {\url{http://blog.fireeye.com/research/2010/12/leouncia-yet-another-backdoor-part-2.html}}, }