Repository: rootkiter/Binary-files
Branch: master
Commit: 77674e8be201
Files: 2
Total size: 1.5 KB
Directory structure:
gitextract_fh0d6iuv/
├── README.md
└── check.yara
================================================
FILE CONTENTS
================================================
================================================
FILE: README.md
================================================
# 关于停止更新声明
最近有多方渠道报道该工具。
开发本意是给安全研究人员提供一个易用的工具,方便开展网络方面的安全研究,思考IoT时代面临的安全问题。
没想到它会造成这么严重的影响,为方便各安全厂商能更好的研究和查杀,特此声明,该工具将不再更新,并移除本项目的下载方式。
# 关于检测方式
我在这里附上检测规则([check.yara](https://github.com/rootkiter/Binary-files/blob/master/check.yara)),感谢“[Chris Doman](https://www.alienvault.com/blogs/labs-research/internet-of-termites)” 的警示及提供的规则。如未来出现新的变种,也欢迎大家在这里提交检测规则,该项目长期维护。
================================================
FILE: check.yara
================================================
rule EarthWorm : LinuxMalware
{
meta:
author = "AlienVault Labs"
copyright = "Alienvault Inc. 2019"
license = "Apache License, Version 2.0"
sha256 = "f4dd44bc19c19056794d29151a5b1bb76afd502388622e24c863a8494af147dd"
description = "EarthWorm Packet Relay Tool"
strings:
$elf = {7f 45 4c 46}
$string_1 = "I_AM_NEW_RC_CMD_SOCK_CLIENT"
$string_2 = "CONFIRM_YOU_ARE_SOCK_CLIENT"
$string_3 = "SOCKSv4 Not Support now!"
$string_4 = "rssocks cmd_socket OK!"
condition:
$elf at 0 and 2 of them
}
rule Termite : LinuxMalware
{
meta:
author = "AlienVault Labs"
copyright = "Alienvault Inc. 2019"
license = "Apache License, Version 2.0"
sha256 = "6062754dbe5503d375ad0e61f6b4342654624f471203fe50eb892e0029451416"
description = "Termite Packet Relay Tool"
strings:
$elf = {7f 45 4c 46}
$string_1 = "File data send OK!"
$string_2 = "please set the target first"
$string_3 = "It support various OS or CPU.For example"
$string_4 = "xxx -l [lport] -n [name]"
condition:
$elf at 0 and 2 of them
}
gitextract_fh0d6iuv/ ├── README.md └── check.yara
Condensed preview — 2 files, each showing path, character count, and a content snippet. Download the .json file or copy for the full structured content (2K chars).
[
{
"path": "README.md",
"chars": 373,
"preview": "# 关于停止更新声明\n最近有多方渠道报道该工具。 \n开发本意是给安全研究人员提供一个易用的工具,方便开展网络方面的安全研究,思考IoT时代面临的安全问题。 \n没想到它会造成这么严重的影响,为方便各安全厂商能更好的研究和查杀,特此声明,该"
},
{
"path": "check.yara",
"chars": 1151,
"preview": "rule EarthWorm : LinuxMalware\n{\n meta:\n author = \"AlienVault Labs\"\n copyright = \"Alienvault Inc. 2019\"\n "
}
]
About this extraction
This page contains the full source code of the rootkiter/Binary-files GitHub repository, extracted and formatted as plain text for AI agents and large language models (LLMs). The extraction includes 2 files (1.5 KB), approximately 636 tokens. Use this with OpenClaw, Claude, ChatGPT, Cursor, Windsurf, or any other AI tool that accepts text input. You can copy the full output to your clipboard or download it as a .txt file.
Extracted by GitExtract — free GitHub repo to text converter for AI. Built by Nikandr Surkov.