Index
advisory.html : Technical advisory.
analysis.html : Detailed analysis of the binary.
answers.html : Answers to the questions.
costs.html : Cost estimate.
summary.html : Summary for a non-technical audience.
timestamp.html : Timestamp of MD5 checksums of all files listed and submitted.
files.tar.gz:
ips.txt : Listing of DNS servers hard-coded IPs (used for DNS flood).
libc.sig : Signature file for IDA (for the C library v. 5.3.12).
strings.txt : output of the string command.
the-binary.asm : ASM file of the binary, produced by IDA.
the-binary.idb : IDA database for the binary.
client/ : source code for the backdoor client/sniffer/scanner.
screenshots/ : various screenshots from IDA (referenced from analysis.html).
scripts/2pelf-0.1.tar.gz : David Eriksson's tool to build IDA signatures from ELF file.
scripts/a2pat : shell script to create signatures from .a static libraries.
scripts/resolve : shell script to resolve IPs addresses from byte definitions (as produced by IDA).
scripts/std2pat : shell script to rename function names in signature files from "name" to "_name".