Overview

overview

6

Static

static

3

Stuxnet-So...in.zip

windows7-x64

6

Stuxnet-So...in.zip

windows10-2004-x64

1

Stuxnet-So..._1.pdf

windows7-x64

1

Stuxnet-So..._1.pdf

windows10-2004-x64

1

Stuxnet-So..._2.pdf

windows7-x64

1

Stuxnet-So..._2.pdf

windows10-2004-x64

1

Stuxnet-So....0.pdf

windows7-x64

1

Stuxnet-So....0.pdf

windows10-2004-x64

1

00000000.dll

windows7-x64

1

00000000.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Stuxnet-Source-main.zip

  • Size

    13.1MB

  • MD5

    e0153af3dc9c458b474fc50e1c399a68

  • SHA1

    57ade59cbd405c68682aca82d423f67c585e0d57

  • SHA256

    c1cd0a13140754775f6e76c73115bbf35eb1513730fa2fd5532d88bc858e558a

  • SHA512

    45cc3955f80ced55e8d2d55608e027582013e4828a50e2950f792d97913ac7281b4659bd0662184a46efd756deb89582ef224da612bb148e81fa29c674f03e62

  • SSDEEP

    393216:e0xXjUgBGOyVv5A9XBQYGAHAgIjMyPRRbI/k2:eNOyVvOQYp1yp1I/k2

Score
3/10
pdflink

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink
  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • Stuxnet-Source-main.zip
    .zip
  • Stuxnet-Source-main/Docs/Stuxnet_1.pdf
    .pdf

    • http://www.windowsupdate.com

    • http://www.msn.com

    • http://www.mypremierfutbol.com

    • http://www.todaysfutbol.com

  • Stuxnet-Source-main/Docs/Stuxnet_2.pdf
    .pdf

    • http://www.mypremierfutbol.com

    • http://www.todaysfutbol.com

    • http://www.isis-online.org

    • http://isis-online.org/uploads/isis-reports/documents/stuxnet_FEP_22Dec%2010.pdf,December2010.3DavidAlbright,PaulBrannan,andChristinaWalrond.Stuxnetmalwareandnatanz:Updateofisisdecember22,2010report.Technicalreport,WorldWideWeb,http://isis-online.org/uploads/isis-reports/documents/stuxnet_update_15%Feb2011.pdf,February2011.4MarkClayton.Stuxnetcyberweaponlookstobeoneonaproductionline,researcherssay.Technicalreport,WorldWideWeb,http://www.csmonitor.com/USA/2012/0106/Stuxnet-cyberweapon-looks-to-be-%one-on-a-production-line-researchers-say,January2012.5Contributors.Stuxnet.Technicalreport,WorldWideWeb,http://en.wikipedia.org/wiki/Stuxnet.6RalphLangneret.al.Theblogoflangner.com.Technicalreport,WorldWideWeb,http://www.langner.com/en/blog/.7NicolasFalliere,LiamOMurchu,andEricChien.W32.stuxnetdossier

    • http://www.symantec.com/content/en/us/enterprise/media/security_respons%e/whitepapers/w32_stuxnet_dossier.pdf,February2011.8MarkHosenball.Expertssayiranhas

    • http://www.reuters.com/article/2012/02/14/us-iran-usa-stuxnet-idUSTRE81%D24Q20120214,February2012.9NuclearThreatInitiative.Iran'spro

    • http://www.nti.org/country-profiles/iran/nuclear/,March2012.[10]RalphLangnerandassociates.Theprezshowshiscascadeshape.Technicalreport,WorldWideWeb,http://www.langner.com/en/2011/12/07/the-prez-shows-his-cascade-shape/,December2011.[11]AleksandrMatrosov,EugeneRodionov,DavidHarley,andJurajMalcho.Stuxnetunderthemicroscope

    • http://go.eset.com/us/resources/white-papers/Stuxnet_Under_the_Microscope.pdf.[12]SymantecSecurityResponse.W32.duqu-theprecursortothenextstuxnet.Technicalre-port,WorldWideWeb,http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet,October2011.[13]MarkRussinovich.Analyzingastuxnetinfectionwiththesysinternalstools,part1.Technicalreport,WorldWideWeb,http://blogs.technet.com/b/markrussinovich/archive/2011/03/30/3416253.a%spx,March2011.[14]Wikipedia.Simatics5plc.Technicalreport,WorldWideWeb,http://en.wikipedia.org/wiki/Simatic_S5_PLC/,February2012.11

    • http://www.telegraph.co.uk/technology/news/8326274/Israeli-security-chi%ef-celebrates-Stuxnet-cyber-attack.html,February2011.[16]KimZetter.Howdigitaldetectivesdecipheredstuxnet,themostmenacingmalwareinhis-tory.Technicalreport,WorldWideWeb,http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphe%red-stuxnet/all/1,2011.5CreditsforImagesUsedintheFiguresTheUSandIsrael

    • Show all
  • Stuxnet-Source-main/Docs/Symantec - Stuxnet 0.5 - The Missing Link v1.0.pdf
    .pdf

    • http://www.securityfocus.com/bid/54651

    • http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

    • http://www.isa.org/Template.cfm?Section=Standards8&Template=/Ecommerce/ProductDisplay.cfm&ProductID=10768

    • http://www.symantec.com/security_response/writeup.jsp?docid=2011-101814-1119-99

    • http://www.symantec.com/security_response/writeup.jsp?docid=2012-052811-0308-99

    • http://www.symantec.com/security_response/writeup.jsp?docid=2010-071400-3123-99

    • http://www.symantec.com/connect/blogs/stuxnet-05-missing-link

    • http://www.symantec.com/connect/blogs/stuxnet-05-disrupting-uranium-processing-natanz

    • http://www.symantec.com/connect/blogs/stuxnet-05-how-it-evolved

    • Show all
  • Stuxnet-Source-main/Docs/readme.md
  • Stuxnet-Source-main/ErrorinUsermode.png
    .png
  • Stuxnet-Source-main/FRAMEWORK_OVERVIEW_Equation_Stux_Gauss_Flame_Grayfish.jpg
    .jpg
  • Stuxnet-Source-main/Fanny(Overview-NotTheMalware).png
    .png
  • Stuxnet-Source-main/Malware/00000000AltDuqDrop.dll.7z
    .7z

    Password: infected

  • 00000000.dll
    .dll regsvr32 windows:5 windows x86 arch:x86

    be2c3036d981fa5ac54d71ba4ce15c7d


    Headers

    Imports

    Exports

    Sections

  • Stuxnet-Source-main/Malware/FILES.zip
    .zip
  • Stuxnet-Source-main/Malware/readme.md
  • Stuxnet-Source-main/Password
  • Stuxnet-Source-main/README.md
  • Stuxnet-Source-main/Tree_overview.md
  • Stuxnet-Source-main/Utils.c
  • Stuxnet-Source-main/XOR_KEY
  • Stuxnet-Source-main/stub.c