Try   HackMD

Similar malware

Mirai variant

Matching Features

  • C2 port: 38241
  • Embedded C2: sdfsd.xyz
  • table_init: xor key is 0x3a
  • Output strings: gosh that chinese family at the other table sure ate a lot
No. Sample Download C2 Exploits Ports notes
1 5adf25df621f5a2d55a5d277ff9eb4a160e8806e8484d7ea4aa447173acd6dd3 45.139.105.145 skid.uno:38241 None 23, 53, 38241, 60023 scanne_init: 0xea, table_init: 0x3a, Embedded C2: shetoldmeshewas12.uno, infectedchink.cat, dogeatingchink.uno, skid.uno, sdfsd.xyz, Output strings: gosh that chinese family at the other table sure ate a lot
2 2d54d7a786a01f7a4742e3cb2191b0aef94e7e9c4fbea3c479e1d8170dd9a3e7 45.95.55.157 hujunxa.cc:38241 37 (CVE-2017-17215, MVPowerDVRs, etc) 53, 80, 81, 82, 88, 8083, 8088, 37215, 38241 scanne_init: None, table_init: 0x3a, Embedded C2: hujunxa.cc, sdfsd.xyz, Output strings: gosh that chinese family at the other table sure ate a lot
3 c4ab14889779c1f253946f6275b0b094ecc8f19dbb322fdb69aa60351f0862fd 45.66.230.47 shetoldmeshewas12.uno:38241, infectedchink.cat:38241, dogeatingchink.uno:38241, chinkona.buzz:38241, dogeating.monster:38241, sdfsd.xyz:38241 None 23, 53, 38241, 60023 scanne_init: 0xea, table_init: 0x3a, Embedded C2: shetoldmeshewas12.uno, infectedchink.cat, dogeatingchink.uno, chinkona.buzz, dogeating.monster, sdfsd.xyz, Output strings: gosh that chinese family at the other table sure ate a lot
Last changed by 
Uky
0
339

Read more

Index

2023/01/01 - 2023/01/15

Jan 17, 2023
Honeypot visible notes @ukycircle

Overview Honeypot: Tpot Location: Japan Instance: AWS Notes 2022/12/17-2022/12/24

Dec 24, 2022
Read more from Uky
Published on HackMD