Index

advisory.html : Technical advisory.

analysis.html : Detailed analysis of the binary.

answers.html : Answers to the questions.

costs.html : Cost estimate.

summary.html : Summary for a non-technical audience.

timestamp.html : Timestamp of MD5 checksums of all files listed and submitted.

files.tar.gz:

ips.txt : Listing of DNS servers hard-coded IPs (used for DNS flood).

libc.sig : Signature file for IDA (for the C library v. 5.3.12).

strings.txt : output of the string command.

the-binary.asm : ASM file of the binary, produced by IDA.

the-binary.idb : IDA database for the binary.

client/ : source code for the backdoor client/sniffer/scanner.

screenshots/ : various screenshots from IDA (referenced from analysis.html).

scripts/2pelf-0.1.tar.gz : David Eriksson's tool to build IDA signatures from ELF file.

scripts/a2pat : shell script to create signatures from .a static libraries.

scripts/resolve : shell script to resolve IPs addresses from byte definitions (as produced by IDA).

scripts/std2pat : shell script to rename function names in signature files from "name" to "_name".