We want to keep you up-to-date so we collected the Top 5 New Malware Signatures for you from the past two weeks! Don’t forget that you are able to create your own malware signature too! We experienced that this crowdsourcing method between severals thousands of servers works fantastic in our IP reputation system, so keep on making the internet a safer place together! Thanks to your contribution we already have more than 15 000 malware signatures in our database.
A simple remote code executor script that receives data via cookies and posts. It has an additional parameter to decide which function should be used: str_rot13, pack or strrev.
Source code:
An obfuscated HTML file manager with base64 encoding, using eval to run decoded PHP code. According to VirusTotal, it runs by the name Tencent Heur: Trojan.Script.LS_Gencirc.7179453.0 .
An advanced webshell for malicious activities. It uses base64, url, htmlspecialchars encoding and forks a new process. Also matches to some Yara rules for both the source code and output.
The malware downloads the source code to be executed from domainnamespace.top/lf.txt (198.204.244.186 – blacklisted by BitNinja), the script checks and updates itself from this file. The backdoor owner can manipulate the behavior by changing this file. At the time of the SA signature creation this source contains a complete hacker toolset. The access is password protected for the hacker.
An obfuscated variant of the WSO Webshell. The script pretends to show a 403 or 404 error page.
If you haven’t tried BitNinja yet don’t forget to registerfor the 7-day free trial! No credit card needed!
Sign up for a free trial
For our subscribers we also provide valuable information about malwares and the most recent news from the cybersecurity world.
Start the 7-day free trial with full functionality without spending a cent.
Yay! It’s update time! Our newest agent version is...
We have some interesting news coming: Let’s say goodbye...