- Threat Encyclopedia
- Malware
- ELF_SETAG.SM
Backdoor:Linux/Setag.A(Microsoft)
Linux
Via vulnerability(ies), Downloaded from the Internet, Dropped by other malware
This malware is part of an attack chain that involves searching for exposed or publicly accessible Elasticsearch databases/servers. The malware would invoke a shell with an attacker-crafted search query with encoded Java commands.
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
ELF
Yes
09 Mar 2017
Compromises system security, Connects to URLs/IPs, Steals information
Arrival Details
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
This malware arrives via the following means:
Installation
This Backdoor drops the following files:
It creates the following folders:
Information Theft
This Backdoor gathers the following data:
Other Details
This Backdoor does the following:
NOTES:
This backdoor connects to the following website to send and receive information:
It adds the following scripts in /etc/rc{1-5}.d/ and /etc/init.d/ to automatically execute itself when the system starts up:
9.850
12.831.50
11 Oct 2016
12.832.50
12 Oct 2016
Scan your computer with your Trend Micro product to delete files detected as ELF_SETAG.SM. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information: