disknyp 2

Meanwhile I captured  268 samples of disknyp.

Can be found on: http://198.2.192.204:22/disknyp

cool .. webserver on the ssh-port 🙂

The server answers with:

Content-Type: text/html
Content-Length: 4440
Accept-Ranges: bytes
Server: HFS 2.3 beta
Cache-Control: no-cache, no-store, must-revalidate, max-age=-1

Looks like the webserver running is from:

http://ha-hfs.googlecode.com/files/hfs2.3 beta271.exe

Also available for download on this webserver is a

svch.exe , probably infected for window-machines.

Virustotal says, only 24 from 48 antivir-vendors discover this

trojan.

MD5 9d37ef3a5388b1d3d67a8759f178dd2d
SHA1 c09437f9d2752fc8ded68429ac33392c846370fc
SHA256 5c7d2aa53e55977b1bd677d6a3415c7e9900769fc49e9e3bed1fd42d73f0381b

 

 

Tags:

Leave a Reply

You must be logged in to post a comment.