Malware Corpus Tracker - Info Whitepapers - dofloo

Info for Family: dofloo

PublishedFamilyAuthor - Title
2016-11-02 15:11 dofloo analyzing-backdoor-bot-mips-platform-35902

Info for parent family:

PublishedFamilyAuthor - Title
2016-10-17 18:10 linmalware Matteo Cantoni - NoThink!
2016-10-17 18:10 linmalware Matteo Cantoni - NoThink!
2016-10-14 22:10 linmalware honeypot_telnet_urls.txt

Info for sibling families:

PublishedFamilyAuthor - Title
venom https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/october/analysis-of-the-linux-backdoor-used-in-freenode-irc-network-compromise/
mirai MiraiAttacks
dirtycow DirtyCOWVuln
dirtycow 789879840195252224?lang=en
dirtycow cyb3rops?lang=en
2019-10-25 19:10 mirai @threatpost - Mirai-Fueled IoT Botnet Behind DDoS Attacks on DNS Providers
2019-10-25 19:10 mirai SANS Internet Storm Center - The Short Life of a Vulnerable DVR Connected to the Internet, Author: Johannes Ullrich
2019-10-22 15:10 mirai Alexander Khalimonenko / Kaspersky - DDoS attacks in Q4 2016
2019-10-22 15:10 mirai Denis Makrushin / Kaspersky - Is Mirai Really as Black as It’s Being Painted?
2018-01-04 09:01 cpuminer Hacker trying to send script thru FileUpload on tomcat 7
2017-12-05 16:12 mirai 360 Netlab Blog - Network Security Research Lab at 360 - Warning: Satori, a Mirai Branch Is Spreading in Worm Style on Port 37215 and 52869
2017-11-24 09:11 mirai 360 Netlab Blog - Network Security Research Lab at 360 - Early Warning: A New Mirai Variant is Spreading Quickly on Port 23 and 2323
2017-11-24 09:11 mirai Catalin Cimpanu / BleepingComputer - Mirai Activity Picks up Once More After Publication of PoC Exploit Code
2017-11-23 09:11 mirai bad_packets / Twitter - 933624559483346944
2017-08-29 14:08 mirai New Research Sheds Light on the Mirai Botnet
2017-08-02 17:08 sambacry Samba - Security Announcement Archive
2017-08-02 15:08 sambacry omri9741 / Twitter - 892766973985206274
2017-07-26 15:07 sambacry x0rz / Twitter - 890225836464504832
2017-07-26 12:07 sambacry omri9741 / Twitter - 890194915216551937
2017-07-26 11:07 sambacry “EternalMiner” Copycats exploiting SambaCry for cryptocurrency mining – Intezer
2017-07-19 08:07 sambacry Mohit Kumar / The Hacker News - New Linux Malware Exploits SambaCry Flaw to Silently Backdoor NAS Devices
2017-06-29 00:06 sambacry Alex Campbell / PCWorld - The SambaCry scare gives Linux users a taste of WannaCry-Petya problems
2017-06-10 19:06 sambacry @securityaffairs / Security Affairs - SambaCry is reality, crooks are abusing CVE-2017-7494 to spread miners
2017-06-09 22:06 sambacry Mikhail Kuzin / Kaspersky - SambaCry is coming
2017-05-25 16:05 sambacry Daniel Goldberg / GuardiCore - Data Center and Cloud Security - SambaCry, the Seven Year Old Samba Vulnerability, is the Next Big Threat (for now)
2017-02-21 08:02 mirai GReAT / Kaspersky - New(ish) Mirai Spreader Poses New Risks
2017-01-25 14:01 venom CERN Computer Security Information
2017-01-18 00:01 mirai Brian Krebs - Who is Anna-Senpai, the Mirai Worm Author? — Krebs on Security
2017-01-11 17:01 venom Report-venom.pdf
2017-01-11 15:01 venom MediaWiki 1.17.2 - Venom Rootkit - EGIWiki
2016-12-21 12:12 mirai SANS Internet Storm Center - InfoSec Handlers Diary Blog - Mirai Scanning for Port 6789 Looking for New Victims
2016-12-20 15:12 mirai Johannes / SANS Internet Storm Center - Port 7547 SOAP Remote Code Execution Attack Against DSL Modems
2016-11-28 21:11 mirai lennarthaagsma / Fox-IT International blog - Recent vulnerability in Eir D1000 Router used to spread updated version of Mirai DDoS bot
2016-11-24 13:11 mirai Catalin Cimpanu / BleepingComputer - You Can Now Rent a Mirai Botnet of 400,000 Bots
2016-11-08 00:11 mirai Flashpoint - Monitoring of Mirai Shows Attempted DDoS of Trump and Clinton Websites
2016-11-02 15:11 darlloz UnPHP - PHP Decode of "<?php
$disablefunc = @ini_get(""disabl..
2016-11-02 14:11 aidra Linux.Aidra Technical Details | Symantec
2016-11-02 14:11 aidra Worm.Linux.Aidra.A -
TELUS Security Labs
2016-11-02 14:11 wifatch Eduard Kovacs - Tens of Thousands of Routers, IP Cams Infected by Vigilante Malware | SecurityWeek.Com
2016-11-02 14:11 wifatch Eduard Kovacs - Developers of Mysterious Wifatch Malware Come Forward | SecurityWeek.Com
2016-11-02 14:11 wifatch GitLab - The White Team / linux.wifatch
2016-11-02 13:11 darlloz UNIX_DARLLOZ.A - Threat Encyclopedia - Trend Micro USA
2016-11-02 13:11 darlloz Charlie Osborne / ZDNet - Linux worm Darlloz targets Intel architecture to mine digital currency
2016-11-02 12:11 darlloz Linux.Darlloz | Symantec
2016-11-01 14:11 mirai Graham Cluley / Graham Cluley - 'Good' anti-Mirai worm is pulled from Github following backlash
2016-10-31 12:10 mirai Invincea Labs
2016-10-28 16:10 aidra unixfreaxjp - MMD-0059-2016 - Linux/IRCTelnet (new Aidra) - A DDoS botnet aims IoT w/ IPv6 ready
2016-10-27 07:10 mirai Swati Khandelwal / The Hacker News - Friday's Massive DDoS Attack Came from Just 100,000 Hacked IoT Devices
2016-10-24 08:10 dirtycow Linux Kernel CVE-2016-5195 Local Privilege Escalation Vulnerability
2016-10-24 08:10 dirtycow CVE-2016-5195
2016-10-24 08:10 dirtycow @nixcraft - How To Patch and Protect Linux Kernel Zero Day Local Privilege Escalation Vulnerability CVE-2016-5195 [ 21/Oct/2016 ]
2016-10-24 08:10 dirtycow dirtycow / GitHub - /.github.io
2016-10-24 08:10 dirtycow dirtycow / GitHub - /.github.io
2016-10-24 08:10 dirtycow gen_dirtycow.yar
2016-10-22 10:10 dirtycow JohnGalt14 / Pastebin - Dirty COW Samples
2016-10-21 13:10 mirai Swati Khandelwal / The Hacker News - Massive DDoS Attack Against Dyn DNS Service Knocks Popular Sites Offline
2016-10-20 15:10 ladylinux Linux.Lady.1 — Dr.Web - innovative anti-virus technologies. Comprehensive protection from Internet threats.
2016-10-19 18:10 dirtycow dirtycow / GitHub - /.github.io
2016-10-18 14:10 mirai Level 3 Threat Research Labs / Beyond Bandwidth - How the Grinch Stole IoT
2016-10-17 15:10 torlus reddit - Hint to decrypt/decode crypted/stripped ELF Torlus/LizKebab/GayFgt/Bashdoor BLJ version • /r/Malware
2016-10-14 18:10 mirai Dan Goodin / Ars Technica - Beware of all-powerful DDoS malware infecting cellular gateways, feds warn
2016-10-11 16:10 mirai sshowdown-exploitation-of-iot-devices-for-launching-mass-scale-attack-campaigns.pdf
2016-10-09 01:10 kaiten Antivirus scan for 0173924f3b91579c2ab3382333f81b09fa2653588b9595243a0d85bd97f7dd11 at
2014-09-04 21:00:39 UTC - VirusTotal
2016-10-08 08:10 mirai @securityaffairs / Security Affairs - More than 500,000 IoT devices potentially recruitable in the Mirai Botnet
2016-10-07 14:10 mirai _odisseus / Twitter - 784397412400070656
2016-10-07 13:10 mirai MalwareMustDie / Twitter - 784382923373842432
2016-10-07 00:10 mirai @imgur / Imgur - What Mirai's actor the wannabe "xxx.pokemon.inc" master "Anna-Senpai" is doing now.. after Mirai got exposed... Use new modded STD Bot  #MalwareMustDie!!
2016-10-05 16:10 mirai sierra%20wireless%20technical%20bulletin%20-%20mirai%20-%204oct2016.ashx?la=en
2016-10-05 12:10 mirai sudosev / Twitter - 783649032304463873
2016-10-05 02:10 mirai Steve Ragan / CSO Online - Here are the 61 passwords that powered the Mirai IoT botnet
2016-10-05 00:10 mirai Dr. J. / SANS Internet Storm Center - The Short Life of a Vulnerable DVR Connected to the Internet
2016-10-04 18:10 mirai Tim Greene / Network World - Largest DDoS attack ever delivered by botnet of hijacked IoT devices
2016-10-04 18:10 mirai wtfbbq / Pastebin - MIRAI BOTNET PAYLOAD
2016-10-04 18:10 wopbot ELF_BASHWOOP.SM - Threat Encyclopedia - Trend Micro USA
2016-10-04 17:10 wopbot @iTnews_au / iTnews - First Shellshock botnet attacks Akamai, US DoD networks
2016-10-04 15:10 torlus KernelMode.info • View topic - Linux/Bash0day alias Shellshock alias Bashdoor
2016-10-04 15:10 torlus Antivirus scan for 73b0d95541c84965fa42c3e257bb349957b3be626dec9d55efcc6ebcba6fa489 at
2014-09-25 08:35:18 UTC - VirusTotal
2016-10-04 15:10 mirai Initial analysis of four million login attempts | The Honeynet Project
2016-10-04 14:10 mirai Dr. J. / SANS Internet Storm Center - The Short Life of a Vulnerable DVR Connected to the Internet
2016-10-03 23:10 mirai Chris Brook / Threatpost | Новости информационной безопасности - Опубликован исходный код DDoS-зловреда Mirai
2016-10-03 15:10 mirai MalwareTech / MalwareTech - Mapping Mirai: A Botnet Case Study
2016-10-03 15:10 mirai wtfbbq / Pastebin - MIRAI DEFAULT PASSWORDS
2016-10-03 09:10 mirai @securityaffairs / Security Affairs - The source code of the Mirai IoT botnet leaked online. Do you trust it?
2016-10-03 03:10 mirai completedvrattack.pcap
2016-10-02 21:10 mirai Catalin Cimpanu / softpedia - Source Code of DDoS Botnet That Attacked Krebs Released by Its Author
2016-10-02 00:10 mirai wtfbbq / Pastebin - MIRAI BOTNET PAYLOAD
2016-10-02 00:10 torlus wtfbbq / Pastebin - TELNET HONEYPOT
2016-10-01 21:10 mirai _odisseus / Twitter - 782329521680842756
2016-10-01 00:10 mirai Brian Krebs - Source Code for IoT Botnet ‘Mirai’ Released — Krebs on Security
2016-09-30 20:09 mirai Pastebin - MIRAI BOTNET SETUP
2016-09-30 19:09 mirai Drew FitzGerald / WSJ - Hackers Infect Army of Cameras, DVRs for Massive Internet Attacks
2016-09-28 09:09 mirai Swati Khandelwal / The Hacker News - World's largest 1 Tbps DDoS Attack launched from 152,000 hacked Smart Devices
2016-09-27 18:09 mirai @securityaffairs / Security Affairs - 150,000 IoT Devices behind the 1Tbps DDoS attack on OVH
2016-09-22 05:09 mirai olesovhcom / Twitter - 778830571677978624
2016-09-21 00:09 mirai Brian Krebs - KrebsOnSecurity Hit With Record DDoS — Krebs on Security
2016-09-12 00:09 ladylinux @youtube / YouTube - r2con 2016 - zl0wram - Reversing Linux Malware
2016-09-05 16:09 luabot unixfreaxjp - MMD-0057-2016 - New ELF botnet: Linux/LuaBot
2016-09-05 07:09 mirai @securityaffairs / Security Affairs - Linux/Mirai ELF, when malware is recycled could be still dangerous
2016-09-05 07:09 mirai @securityaffairs / Security Affairs - Linux/Mirai ELF, when malware is recycled could be still dangerous
2016-09-01 07:09 mirai Bedřich Košata - Telnet stále žije – alespoň na „chytrých“ zařízeních | Blog zaměstnanců CZ.NIC
2016-09-01 02:09 mirai unixfreaxjp -
MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled..
2016-09-01 02:09 mirai
MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled..
2016-09-01 02:09 mirai unixfreaxjp - MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled..
2016-09-01 02:09 mirai MMD-0056-2016 - Linux/Mirai, how an old ELF malcode is recycled..
2016-08-05 00:08 mirai HackForums.net - Government Investigating Routernets?
2016-06-06 12:06 venom MediaWiki 1.17.2 - EGI CSIRT:Alerts/VENOM-2015-05-13 - EGIWiki
2016-04-15 16:04 kaiten unixfreaxjp - MMD-0053-2016 - A bit about ELF/STD IRC Bot: x00's CBack aka xxx.pokemon(.)inc
2016-03-31 17:03 dirtycow Dan Goodin / Ars Technica - “Most serious” Linux privilege-escalation bug ever is under active exploit (updated)
2016-03-04 07:03 torlus @github / Gist - Ok, shits real. Its in the wild... src:162.253.66.76
2016-02-07 10:02 torlus unixfreaxjp - MMD-0052-2016 - Overview of "SkidDDoS" ELF++ IRC Botnet
2016-02-07 10:02 kaiten unixfreaxjp - MMD-0052-2016 - Overview of "SkidDDoS" ELF++ IRC Botnet
2016-02-07 10:02 torlus unixfreaxjp - MMD-0052-2016 - Overview of "SkidDDoS" ELF++ IRC Botnet
2016-01-29 17:01 dirtycow CVE-2016-5195 - Red Hat Customer Portal
2015-11-18 14:11 torlus @wordpressdotcom / Malwr Posts - IOC for GafGyt Malware with MD5 hashes
2015-10-07 21:10 wifatch Samburaj Das / Hacked - Malware Peddling Vigilantes behind Linux.Wifatch Speak Up
2015-10-07 11:10 wifatch Catalin Cimpanu / softpedia - Creators of the Benevolent Linux.Wifatch Malware Reveal Themselves
2015-10-02 13:10 wifatch Samburaj Das / Hacked - Linux.Wifatch: Vigilante Hacker Infects Routers with Malware to Fight Bad Malware
2015-10-01 00:10 wifatch @Symantec / Symantec Security Response - Is there an Internet-of-Things vigilante out there?
2015-09-14 14:09 kaiten Jeff Jarmoc - RoR CVE-2013-0156 In the Wild - Jarmoc.com
2015-09-01 20:09 dirtycow scumjr / GitHub - /dirtycow-vdso
2015-09-01 20:09 dirtycow timwr / GitHub - /CVE-2016-5195
2015-09-01 20:09 dirtycow xlucas / GitHub - /dirtycow.cr
2015-09-01 20:09 mirai jgamblin / GitHub - /Mirai-Source-Code
2015-09-01 20:09 wopbot stamparm / GitHub - /hontel
2015-09-01 20:09 torlus gh0std4ncer / GitHub - /lizkebab
2015-06-24 05:06 dirtycow @github / Gist - PTRACE_POKEDATA variant of CVE-2016-5195
2015-05-20 09:05 darlloz BalicBilisim - Embedded Device Security & Zollard Botnet Analysis | Balich Information Security
2015-04-26 21:04 dirtycow @github / Gist - dirtycow-mem.c
2015-02-02 16:02 darlloz Neonprimetime / Pastebin - PHP Injection Attempt: 14.44.81.200
2015-01-09 00:01 torlus Brian Krebs - Lizard Stresser Runs on Hacked Home Routers — Krebs on Security
2014-12-12 09:12 dirtycow dirtycow / GitHub - /.github.io
2014-11-16 21:11 wifatch @loot_myself / l00t Myself - CASE 1 : Ifwatch Malware Part 2
2014-11-09 14:11 wifatch @loot_myself / l00t Myself - CASE 1 : ifwatch malware Part 1
2014-10-28 08:10 kaiten The Analysis Report About Relevant Malware Samples of Shellshock _V1.9 ——Series Two of Bash Shellshock - Antiy Labs | The Next Generation Anti-Virus Engine Innovator
2014-09-26 21:09 wopbot Trend Micro / TrendLabs Security Intelligence Blog - Shellshock Vulnerability Used in Botnet Attacks
2014-09-25 18:09 wopbot emgent / Twitter - 515200088067813376
2014-09-25 05:09 torlus tacticalmaid / Twitter - 515012126268604416
2014-08-14 08:08 venom Neo23x0 / GitHub - /signature-base
2014-05-27 16:05 dirtycow rapid7 / GitHub - CVE-2016-5195 - DirtyCow privilege escalation by nixawk · Pull Request #7476 · /metasploit-framework
2014-03-19 00:03 darlloz @Symantec / Symantec Security Response - IoT Worm Used to Mine Cryptocurrency
2014-02-20 00:02 darlloz AVG Now - Linux.Aidra vs Linux.Darlloz: War of the Worms
2014-02-20 00:02 aidra AVG Now - Linux.Aidra vs Linux.Darlloz: War of the Worms
2014-01-27 08:01 darlloz Fortinet Blog - Malware or Spam Campaign on Internet of Things
2013-12-09 15:12 darlloz @THEdarknet / Darknet - The Darkside - Linux.Darlloz Worm Targets x86 Linux PCs & Embedded Devices - Darknet
2013-12-03 22:12 darlloz Andre M. DiMino - SemperSecurus - Hey Zollard, leave my Internet of Things alone!
2013-11-27 00:11 darlloz @Symantec / Symantec Security Response - Linux Worm Targeting Hidden Devices
2013-11-20 19:11 wifatch @DarkReading / Dark Reading - And Now A Malware Tool That Has Your Back
2013-05-30 11:05 kaiten unixfreaxjp - Another story of Unix Trojan: Tsunami (IRC/Bot) w/ Flooder, Backdoor at a hacked xBSD via Web Panel Attack
2013-04-10 16:04 mirai Sierra Wireless Mitigations Against Mirai Malware | ICS-CERT
2008-12-19 08:12 dirtycow Dirty COW (CVE-2016-5195)
2006-10-24 07:10 dirtycow @github / Gist - A dirty cow exploit that automatically finds the current user in passwd and changes it's uid to 0
2006-10-23 11:10 dirtycow @github / Gist - exploit for CVE-2016-5195 nothing fancy
2006-10-23 11:10 dirtycow @github / Gist - CVE-2016-5195 (DirtyCow) Local Root PoC
2005-10-03 00:10 darlloz Technical details of - Linux.Darlloz Worm - General Linux - Admin-Ahead Community
2000-01-01 00:01 sambacry Waffles-2 / GitHub - /SambaCry
2000-01-01 00:01 sambacry opsxcq / GitHub - /exploit-CVE-2017-7494
1984-01-11 08:01 darlloz linux binary « spamversand