ELF_MIRAI.LBOUG
Linux/Mirai.acgfb (Avira)
Linux
Threat Type: Worm
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
Dropped by other malware, Downloaded from the Internet
This Worm may be downloaded by other malware/grayware from remote sites.
It executes then deletes itself afterward.
It connects to a website to send and receive information.
TECHNICAL DETAILS
52,280 bytes
ELF
Yes
16 Jul 2018
Compromises system security, Connects to URLs/IPs
Arrival Details
This Worm may be downloaded by the following malware/grayware from remote sites:
Installation
This Worm drops a copy of itself in the following folders using different file names:
- /boot/
- /data/local/tmp/
- /dev/
- /dev/netslink/
- /dev/shm/
- /home
- /mnt/
- /sdcard/Download/
- /tmp/
- /usr/
- /var/
- /var/run/
- /var/tmp/
It executes then deletes itself afterward.
Backdoor Routine
This Worm connects to the following websites to send and receive information:
- {BLOCKED}.{BLOCKED}.62.169:7267
Other Details
This Worm does the following:
- Perform DDOS Attacks
- Download Files
- Execute Shell Commands
- Search for connected android devices with enabled 5555 Android Debug Bridge Ports.
- Resolve its C&C server by sending a query to a DNS Server using the hostname “n.{BLOCKED}ianhorseriding.com”.
SOLUTION
9.850
14.388.05
18 Jul 2018
14.389.00
19 Jul 2018
Scan your computer with your live casino online product to delete files detected as ELF_MIRAI.LBOUG. If the detected files have already been cleaned, deleted, or quarantined by your live casino online product, no further step is required. You may opt to simply delete the quarantined files. Please check the following live casino online Support pages for more information: