Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


여우귀성애자 last won the day on December 11 2018

여우귀성애자 had the most liked content!

Community Reputation

8 Neutral

Recent Profile Visitors

557 profile views
  1. 여우귀성애자

    perl 한글 편하게 다루기

    오 좋은 정보 감사합니다
  2. 여우귀성애자

    ATM jacpotting [PLOUTUS-D]

    Hello, This is FoxEarPhile. I recently learned about PLOUTUS-D, it is ATM jackpotting Program. This Program 's base language is visual basic 7.0 C++, this program is so strong to ATM devices. bellow infos are analysis infos about Diebold.exe. this is maybe made from deutsche. malwarebytes's md5 : C04A7CB926CCBF829D0A36A91EBF91BD malwarebyte's size : 198 kB File type : 32Win execute file File Code siae : 199168 Legal version : Copyright © 2015 Product version : unobserved features of Ploutus-D Previously unobserved features of Ploutus-D It uses the Kalignite multivendor ATM Platform. It could run on ATMs running the Windows 10, Windows 8, Windows 7 and XP operating systems. It is configured to control Diebold ATMs. It has a different GUI interface. It comes with a Launcher that attempts to identify and kill security monitoring processes to avoid detection. It uses a stronger .NET obfuscator called Reactor. This are how Ploutus-D works... 1. Criminals gain physical access to ATM’s core CPU by means of breaking the top-box or using front-cover keys. 2. Once physical access is gained they leverage access to the USB ports or CDROM drive to infect the ATM with the malware. They also connect a standard keyboard to be able to operate it. 3. Ploutus-D contains an executable (AgilisConfigurationUtility.exe) and a Launcher (Diebold.exe). The executable can run as a standalone application or as a service installed by the Launcher, and will be controlled from the keyboard. 4. PLOUTUS-D runs in the background waiting for a combination of keystrokes to activate and take control of the ATM. It then displays a custom GUI asking for an authorization code, to guarantee control of the mule. 5. If authorization is granted, PLOUTUS-D displays details of how much money is available on each cash cassette and uses Kalignite’s XFS components to interact with the ATM dispenser, allowing the cybercriminal to issue multiple dispensing commands to empty the cash. 6. Activation and dispensing codes can be sent to PLOUTUS-D from the keyboard or from the ATM pinpad. 7. Finally, after the “cash-out” is completed, PLOUTUS-D provides with a cleanup mechanism to remove any traces of the attack. So, this Script do capture the Credit card's info and credit card ic chip psswd(which are typed use atm keyboard...) and send it to attacker. and also attakcer will control ATM devices which are attacker installed its.
  3. 최근 새로이 밝혀진 녀석입니다. 요즘 악성코드들이 신기하게도 이미지 파일로 많이 변조되더라구요. 스테카노그라피 형식은 당연히 아니고, 악성코드를 용량을 많지 않게 작성한 뒤에 압축하여 이미지 파일에 숨기는 형식으로 많이 배포되더라구요. 제가 이번에 가져온 악성코드는 프랑스 에 위치한 nginx 서버에서 발견된 아주 작은 용량의 루트킷입니다. 데비안 리눅스 서버의 루트 디렉토리 밑의 table.png라는 이름으로 작성되었으며, 해당 악성코드의 탐지율은 초기에 20%조차도 안되었습니다.(virustotal-78개 백신엔진) 지금은 그나마 분석이 되고 있어서 38/78 정도의 탐지율을 보유하고 있는 악성코드인데요, 특정 의도를 가진 루트킷이 작은 용량으로 이미지 파일에 숨어있는 케이스다보니 악성코드 분석하면서 리버싱 연습또한 적당히 될 것 같아서 공유합니다. table.zip
  4. 여우귀성애자

    파이썬 빌드에 관련된 모듈

    pyinstaller와 같은 배포자 입장에서의 빌드는 많이 사용해봤지만요, 사용자 입장에서 py파일을 바로 빌드해서 사용하는 것은 본적이 없네요... 그런것이 있는지 몰랐습니다. 한번 찾아봐야겠네요.

Important Information

I have read and accept the above terms.