Friday, August 10, 2012

Gauss samples - Nation-state cyber-surveillance + Banking trojan


Just a quick post for those who can't sleep until get to play with Gauss
Excerpt:
The highest number of infections is recorded in Lebanon, with more than 1600 computers affected. The Gauss code  (winshell.ocx) contains direct commands to intercept data required to work with Lebanese banks – including the Bank of  Beirut, Byblos Bank and Fransabank. 
In Israel and the Palestinian Territory, 750 incidents have been recorded." (Kaspersky)



Download

   Download all the files listed below as a password protected archive (email me if you need the password)


List of files




List of files for download:

├───devwiz.ocx
│       CBB982032AED60B133225A2715D94458_devwiz.ocx
├───dskapi.ocx
│       08D7DDB11E16B86544E0C3E677A60E10_100-dskapi.ocx
│       23D956C297C67D94F591FCB574D9325F_100-dskapi.ocx
├───mcdmn.ocx
│       9CA4A49135BCCDB09931CF0DBE25B5A9-mcdmn.ocx
├───smdk.ocx
│       5604A86CE596A239DD5B232AE32E02C6_smdk.ocx
│       90F5C45420C295C73067AF44028CE0DD_smdk.ocx
├───windig.ocx
│       DE2D0D6C340C75EB415F7263388351
25_windig.ocx
└───winshell.ocx
        4FB4D2EB303160C5F419CEC2E9F57850_winshell.ocx
        7AC2799B5337B4BE54E5D5B03B214572_winshell.ocx
        EF6451FDE3751F698B49C8D4975A58B5_winshell.ocx

5 comments:

  1. Is Gauss an indication of military grade malware now migrating to commercial sector, then to all the other high-value victim groups?

    ReplyDelete
  2. No, it's looking into funds going in and out of Hezbollah and the like. And not likely military.

    ReplyDelete
  3. If it is the proved, it is deployed by a state actor to espionage political funding movements, rights?

    ReplyDelete
  4. Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga.

    It was probably created in mid-2011 and deployed for the first time in August-September 2011.

    Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-peace.

    ReplyDelete