.png){kind=link}
Stuxnet-Source Hidden Mallware For Botnet
STUXNET is a Worm that attacked Nuclear Power plants, trough unusual Vulns. So-called 0Day Vulns.
Includes:
- Source files,
- Binaries,
- PLC Sample program - [with usage, etc.]
Malware samples I have, which I may provide for further research:
-
Fanny (known as fanny.bmp or, the classical a,b,c,d,e,...,j.lnk worm, propagates trough Removable USB devices But He can uses For Botnet, which has a extremely sophisticated Rootkit, which not only hides itself, but adds itself at startup in the reg in windows machines, but it has also some other, quite shocking capabilities, such as a submodule to re-program hardware, (more specifically, HDD's Firmware) for Extreme persistence.) It exploited same vulns as Stuxnet did, and has striking similarities with it, and was used before even Stuxnet was used)
Link to fanny.bmp: https://github.com/loneicewolf/fanny.bmp
-
Flame( Aka, SKyWiper, Flame, FlameR!, PROPS_FLAME, )
-
https://www.theregister.com/2015/02/17/kaspersky_labs_equation_group/
Overview of Files in FILES.ZIP
STUXNET.DLL_EMBEDDED_RSRCS:
bin201.bin
bin202.bin
bin203.bin
bin205.bin
bin208.bin
bin209.bin
bin210.bin
bin221.bin
bin222.bin
bin240.bin
bin241.bin
bin242.bin
bin250.bin
STEP7:
STL-cheat-sheet-by-category.pdf -'STL-cheat-sheet-by-alphabet (1).pdf'
S_ST70_XX_00030V.TIF
SIMATIC_STEP7_Basic_software.jpg
HW_e.gif
25209116_STEP7Example.zip
BINS:
'~WTR4141_J_37FC7C5D89F1E5A96F54318DF1A2B905.dll'
wincc_kernel32.dll.aslr.00013b86.livebin.exe
unknown_hook_in_services_memorymod-0x006b0000-0x006b1000.livebin.exe
S_D102BDAD06B27616BABE442E14461059
R_98FBEBD8883021FBE6464C37ACF17938
Q_C1CB4117D9998C79AE10C1B890C23A4D
P_F9BAE53E77B31841235F698955AECE30.dll
O_CC1DB5360109DE3B857654297D262CA1.dll
N_CA9EABEAB482524E5797C684398335D5
mrxnet.sys.livebin.exe
mrxnet.sys.593503354.mapped.livebin
mrxcls.sys.livebin.exe
mrxcls.sys.1278394761.mapped.livebin
memorymod-pe-0x10000000-0x10138000.1155327658.mapped.livebin
memorymod-pe-0x00090000-0x0010a000.1990061290.mapped.livebin
memorymod-0x006b0000-0x006b1000.450210202.mapped.livebin
maindll_dropper_memorymod-pe-0x10000000-0x10138000.livebin.exe
M_1E17D81979271CFA44D471430FE123A5
lsass.exe.1373553098.mapped.livebin
lsass2_memorymod-pe-0x00090000-0x0010a000.livebin.exe
lsass1_lsass.exe.livebin.exe
L_4589EF6876E9C8C05DCF4DB00A54887B
kernel32.dll.aslr.00013b86.1616636409.mapped.livebin
K_055A3421813CAF77E1387FF77B2E2E28
I_F8153747BAE8B4AE48837EE17172151E
H_A3844A1B6BEA3F6FAF9C276858F40960
G_F979C6A3E668C5073C4C6506461B034E
F_335707EABBE7FF256E0650432ACCEC9B
E_789F6F8DE3F140CF5D73BEF0B8ABAF78
desktop.ini
D_7A4E2D2638A454442EFB95F23DF391A1
C_016169EBEBF1CEC2AAD6C7F0D0EE9026
B_74DDC49A7C121A61B8D06C03F92D0C13
'A_30DF51C9F0D9B010350DC09ABE1E4E97.ex$'
ONLY FOR ACADEMICAL RESEARCH AND EDUCATIONAL PURPOSES
If you do not know what you are doing here, now would be a great time to leave! (Only proceed if you do know what you are doing)
Please Be careful with this. This is only for research and Educational Purposes.
- Nevertheless It goes without saying that even if you run these in a Virtual Machine, I would [still] USE CAUTION.
INFECTEDIKNOWWHATIAMDOING