ELF_MIRAI.LBOUG
Linux/Mirai.acgfb (Avira)
Linux
Threat Type: Worm
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
This Worm may be downloaded by other malware/grayware from remote sites.
It executes then deletes itself afterward.
It connects to a website to send and receive information.
TECHNICAL DETAILS
Arrival Details
This Worm may be downloaded by the following malware/grayware from remote sites:
Installation
This Worm drops a copy of itself in the following folders using different file names:
- /boot/
- /data/local/tmp/
- /dev/
- /dev/netslink/
- /dev/shm/
- /home
- /mnt/
- /sdcard/Download/
- /tmp/
- /usr/
- /var/
- /var/run/
- /var/tmp/
It executes then deletes itself afterward.
Backdoor Routine
This Worm connects to the following websites to send and receive information:
- {BLOCKED}.{BLOCKED}.62.169:7267
Other Details
This Worm does the following:
- Perform DDOS Attacks
- Download Files
- Execute Shell Commands
- Search for connected android devices with enabled 5555 Android Debug Bridge Ports.
- Resolve its C&C server by sending a query to a DNS Server using the hostname “n.{BLOCKED}ianhorseriding.com”.
SOLUTION
Scan your computer with your Trend Micro product to delete files detected as ELF_MIRAI.LBOUG. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:
Did this description help? Tell us how we did.