[Community-sigs] linux backdoors trapped by kippo
Janos Cservenak
hawk at hwk.hu
Tue Mar 24 06:36:14 EDT 2015
Filename: npc
Architecture: x86
Detected actions:
- it copies itself as /usr/bin/acpid
- start running itself many copies (as npc and as acpid too)
- connecting to remote server: 182.92.26.210 / port 12027
inetnum: 182.92.0.0 - 182.92.255.255
netname: ALISOFT
descr: Aliyun Computing Co., LTD
country: CN
External virus scanners knowledge:
https://www.virustotal.com/en/file/4fb50087fd3ecf8590b34a6ef40bdc227caee4314f480a4b01abab01c3e805ea/analysis/1427192727/
Signatures:
md5: 0c2fced6cd1b58dc85669dae1736a19e:1135000:Linux.Backdoor.I
sha1: 775a3e0e4c5e0b53c7adf2e81ab13b0994338e0a:1135000:Linux.Backdoor.I
sha256:
4fb50087fd3ecf8590b34a6ef40bdc227caee4314f480a4b01abab01c3e805ea:1135000:Linux.Backdoor.I
------------------------
Filename: npc1
Architecture: x86
Detected actions:
- it copies itself as /usr/bin/acpid
- start running itself many copies (as npc and as acpid too)
- connecting to remote server: 182.92.26.210 / port 12027
inetnum: 182.92.0.0 - 182.92.255.255
netname: ALISOFT
descr: Aliyun Computing Co., LTD
country: CN
External virus scanners knowledge:
https://www.virustotal.com/en/file/d17f05e997d869f7e632b88f2d93bb4a1a3519cc4dad8cf319d0e7ac19aecba4/analysis/1427192846/
Signatures:
md5: 0837d98901aa7ccf84d416d9ffdfe402:1521642:Backdoor.Linux.Gates.B
sha1:
7de0e5037c53c9e44f61c90e24bfeeaa324e55ba:1521642:Backdoor.Linux.Gates.B
sha256:
d17f05e997d869f7e632b88f2d93bb4a1a3519cc4dad8cf319d0e7ac19aecba4:1521642:Backdoor.Linux.Gates.B
More information about the Community-sigs
mailing list