|
jeffv via plug on 29 Apr 2021 07:52:43 -0700
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
[PLUG] RotaJakiro backdoor
|
- From: jeffv via plug <plug@lists.phillylinux.org>
- To: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Subject: [PLUG] RotaJakiro backdoor
- Date: Thu, 29 Apr 2021 10:52:37 -0400
- Authentication-results: smtp04.aqua.bos.sync.lan smtp.user=jeffv@op.net; auth=pass (LOGIN)
- Dkim-signature: v=1; a=rsa-sha1; d=op.net; s=20180222; c=relaxed/simple; q=dns/txt; i=@op.net; t=1619707958; h=From:Subject:Date:To:MIME-Version:Content-Type; bh=qKZyygIMOd0+EGXQFtkgIf2eMQI=; b=ZaChLTGYs5gcCdBMMHmMXkVYGmD9UW+7/Iw+a+nEzY0cMNrRqvDCh0icfBxo6sA6 Dj3fuWovOk+N/bkWMoF0+s5zt7p5PxVZGiayyw3ryWg3HMgKPanRkg9xh+Mo5R+p sss5bzbbOSAuOHP6/8+eeGmVwKdocgPfzPZSLhfAxPNWKaDihjHPadFfi1+AUoDc 7SDHomA8Idowz8M08XwMHrqpUebxFTOSRrxQnv03voTSEcGpPctbCb9ODuGI9fXV 5mLrdI8mVqdpUvL2fXqdNNQfBKOYuuBELMjOBlLUxu0tTDcnv99i4bVB+7jl17iG SQpt2u3/hN53+WK0CK4K6A==;
- Reply-to: jeffv <jeffv@op.net>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.1
On March 25, 2021, 360 NETLAB's BotMon system flagged a suspiciousELF
file (MD5=64f6cfe44ba08b0babdd3904233c4857) with 0 VT detection, the
sample communicates with 4 domains on TCP 443 (HTTPS), but the traffic
is not of TLS/SSL. A close look at the sample revealed it to be a
backdoor targeting Linux X64 systems, a family that has been around for
at least 3 years.
https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug