Moonlight Maze samples

0001-01-01

Here are some samples of assorted Moonlight Maze malware

Indicators of Compromise

Moonlight Maze Samples

IRIX Binaries

Filename MD5 Size Modification Date
df3 008ea82f31f585622353bd47fa1d84be 12KB Feb 13, 1998
eject 864e1d74e610a48c885ac719b5564eb1 17KB Feb 13, 1998
ig 4110c87e966d4ce6a03c5375353969af 77KB Jul 27, 1998
ilok 155d251e6e0dabce21ab26bd03487066 18KB Oct 6, 1998
lo (2) f8df359c909ae12f313d9444a6d958d2 41KB Jul 27, 1998
log a26bad2b79075f454c83203fa00ed50c 12KB Jan 11, 1997
loi dabee9a7ea0ddaf900ef1e3e166ffe8a 29KB Jan 3, 1997
los e59f92aadb6505f29a9f368ab803082e 37KB Oct 25, 1998
pset 86499f8e6cfc90770a65dc30f1c9939b 17KB Feb 13, 1998
sc (2) 59198b97f29fcf6e17f8653a99732a74 12KB Feb 13, 1998
snc c73bf945587aff7bc7761b16fc85b5d7 12KB Aug 24, 1996
tdni 74af85d293ceb1cfd1a47c0d794e44d5 277KB Aug 21, 1996
ua 73a518f0a73ab77033121d4191172820 17KB Oct 25, 1998
ux (2) dc9d91e8b2a90df6d25663778a312014 17KB Jul 28, 1998
xconsole f67fc6e90f05ba13f207c7fdaa8c2cab 13KB Feb 13, 1998
xlock 5937db3896cdd8b0beb3df44e509e136 16KB Feb 13, 1998
xterm f4ed5170dcea7e5ba62537d84392b280 13KB Feb 13, 1998

Solaris Binaries

Filename MD5 Size Modification Date
cle 647d7b711f7b4434145ea30d0ef207b0 9.3KB Apr 15, 1998
cli f106ab64b0dc773167a82da7635dfe27 10KB Aug 7, 1998
de 4bc7ed168fb78f0dc688ee2be20c9703 7.8KB Jul 16, 1998
deg 8b56e8552a74133da4bc5939b5f74243 8.5KB Aug 7, 1998
dt25 e32f9c0dac812bc7418685fa5dda6329 7.3KB Jun 9, 1998
dt26 7dc4f81ed408ff5a369cca737dff064c 10KB Jun 11, 1998
eje 7bc9d8da363091ad57456f8bd5027ab0 4.1KB Apr 16, 1998
ffb 26143b006710455888e01df9b58e1913 5.8KB May 20, 1998
g 338f20250b99d8dc064ba7ce8a9f48e1 68KB Jun 2, 1997
get 7c930162a676c46ac590342c91402dca 9.5KB Jul 14, 1998
lc 14cce7e641d308c3a177a8abb5457019 14KB Jul 14, 1998
lo a3164d2bbc45fb1eef5fde7eb8b245ea 18KB Apr 16, 1998
lopg 9ab532cd3c16b66d98e0e738ddbe05a1 40KB Oct 21, 1998
lopg (2) 1980958afffb6a9d5a6c73fc1e2795c2 45KB Nov 16, 1998
ora 7b86f40e861705d59f5206c482e1f2a5 20KB Apr 16, 1998
p9 2213867345a51ecf09d3a747046af78c 6.2KB Sep 30, 1998
rdi 34c3ea4d6cc814a174579d295bdd028d 25KB Oct 20, 1998
sc f684ecccd69cca88ba8508711f140240 3.4KB Apr 16, 1998
slok d0f208486c90384117172796dc07f256 8.4KB Feb 13, 1998
snc (2) 99a4a154ddecffdab5f0bf91f8bfabb8 5.1KB Sep 23, 1998
spl b4755c24e6a84e447c96b29ca6ed8633 6.1KB Oct 25, 1998
td_tr 66c8fa9569d6b5446eb865544ed67312 187KB Jul 20, 1998
tdn 927426b558888ad680829bd34b0ad0e7 91KB Jul 13, 1998
u d98796dcda1443a37b124dbdc041fe3b 9KB Apr 16, 1998
ufsr 07f070302f42219d37419d23ff9df091 5.9KB Jun 30, 1998
ux b831cbffa1aee70252bb0f6862265cc9 7.4KB Apr 16, 1998
wp e69efc504934551c6a77b525d5343241 11KB Nov 5, 1998
xk 4065d2a24240426f6e9912a22bbfbab5 8.4KB Apr 16, 1998

Scripts

Filename MD5 Size Modification Date
daynotify.sh 10096abc73b7b7540b607c0ac1a27b49 1.3KB Feb 13, 1998
f b17c00d6af4f8ab74af168db3fc7e6b5 209 bytes Jun 11, 1998
gr d8347b2e32086bd25d41530849472b8d 342 bytes Jul 14, 1998
gr (2) 534a1a3212894cf44d8071bdd96ba738 261 bytes Sep 15, 1998
io 25bcfc394d44d717f20d416354d2126e 176 bytes Oct 12, 1998
tr 35f87672e8b7cc4641f01fb4f2efe8c3 177 bytes Jul 12, 1998
ts 84218bfec08af6a329a277cad9e0044a 60 bytes Jan 22, 1997
ts (2) 7a0d6b2fdc43b1b2a96b6409d4eed6e4 74 bytes Sep 15, 1998
tsa 58e4aa80f14c16e9292bd8f4535fb0cd 74 bytes Aug 11, 1998

Penquin Turla Samples

MD5 Size Compilation Attributes
0994d9deb50352e76b0322f48ee576c6 642KB Stripped – Broken file
edf900cebb70c6d1fcab0234062bfc28 802KB Statically compiled for GNU/Linux 2.2.0
19fbd8cbfb12482e8020a887d6427315 802KB Statically compiled for GNU/Linux 2.2.0
e079ec947d3d4dacb21e993b760a65dc 802KB Statically compiled for GNU/Linux 2.2.0
ea06b213d5924de65407e8931b1e4326 799KB Statically compiled for GNU/Linux 2.2.0
14ecd5e6fc8e501037b54ca263896a11 653KB Statically compiled for GNU/Linux 2.2.5

Penquin Turla Trojan Variant

MD5 Size Compilation Attributes
296dc63ba0e62a33e9821f878f9b650d 855KB Statically compiled for GNU/Linux 2.2.18, stripped (Kernel released: December 11 2000)