rand_port, retrieve_c2_server or attack_tcp_raw) are based on original Mirai functions but modified to fit the necessities of the author. These functions were scrapped verbatim from the original Mirai source code and the matches have been found by comparing the function symbols from both the source code and the binary sample. Struct resolv_entries * resolv_lookup(char *domain) Void resolv_entries_free(struct resolv_entries *entries) Uint16_t checksum_tcpudp(struct iphdr *iph, void *buff, uint16_t data_len, int len) Uint16_t checksum_generic(uint16_t *addr, uint32_t count) Void attack_udp_plain(uint8_t targs_len, struct attack_target *targs, uint8_t opts_len, struct attack_option *opts) By comparing this unstripped sample to the codebase of Mirai we can see what was reused:
0 kommentar(er)
