Linux Shishiga malware using LUA scripts

Talk here about security in general. Posting illegals software is prohibited. All stuffs in this forum must be considered as for "Educational purpose only".
Evan
Shogun
Shogun
Posts: 466
Joined: 11 Apr 2016, 09:00
Distribution: Distribution: *

Linux Shishiga malware using LUA scripts

Post#1 by Evan » 28 Apr 2017, 22:38

https://www.welivesecurity.com/2017/04/ ... a-scripts/

https://www.theregister.co.uk/2017/04/25/linux_malware/
the usage of the BitTorrent protocol and Lua modules separates it from the herd, according to ESET.

KnallKopf
Samurai
Samurai
Posts: 134
Joined: 18 Sep 2012, 20:56
Distribution: Porteus 64bit KDE4
Location: Absurdistan

Re: Linux Shishiga malware using LUA scripts

Post#2 by KnallKopf » 05 May 2017, 22:51

Unfortunately I do not have the link any more,
but for years i read a description for Windows how to detect a trojan that are do not use the normal IP-Stack.
(It mean 'netstat -utapn' can not see them)
The procedure was as follows:
Dumping the RAM to an Image on Disk, and analyze them.
Know everbody a instructions for the same procedure on Linux ?

anajames
Black ninja
Black ninja
Posts: 33
Joined: 12 Jun 2017, 08:38
Distribution: Gentoo Linux
Location: USA

Re: Linux Shishiga malware using LUA scripts

Post#3 by anajames » 23 Jun 2017, 12:53

i think i will try this procedure out over the weekend.

Post Reply