Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on March 03, 2019, 06:32:24 PM

Title: Avast detects this as ELF:Mirai-HU [Trj]
Post by: polonus on March 03, 2019, 06:32:24 PM: Where we met with it: https://urlhaus.abuse.ch/url/150271/
More info: https://www.shodan.io/host/67.205.130.217
and we see excessive info proliferation: SSH-2.0-OpenSSH_7.6p1 Ubuntu-4ubuntu0.2
Re: https://www.virustotal.com/#/url/3fdf287bca6eee522462cf4fc4047c4590c467fbbec8cb042ffb5ea675cb14c5/detection
Re: https://www.virustotal.com/#/ip-address/67.205.130.217
and https://www.virustotal.com/#/file/4a274428b5b7c42e911a8d04e022c5448462b48d9dee41553c9280c8d04b90ed/detection
has -shstrtab.init.text.fini.rodata.ctors.dtors.data.sdata.sbss.bss -> https://pastebin.com/vqSPkJzb
also consider link: -http://c-1e9371d5.09-708-73746f39.bbcust.telenor.se/nobody/login.js?noCache
Missed here: https://urlquery.net/report/abf8059c-3ceb-4ec4-a2d0-efa7c2747122

polonus (volunteer website security analyst and website error-hunter)

SMF 2.0.18 | SMF © 2015, Simple Machines