Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on March 17, 2019, 06:05:31 PM

Title: Avast detects as ELF:Mirai-ADQ [Trj]
Post by: polonus on March 17, 2019, 06:05:31 PM: Google Safebrowsing has it as malicious.

See: https://urlhaus.abuse.ch/url/160880/
See: https://urlscan.io/result/fd5a1f0e-d220-4329-a8e5-256f15c736ee
On domain: https://www.virustotal.com/#/domain/vampwrotesatori.cf
On file HTTP response: https://www.virustotal.com/#/url/cdefc7f6dd702e52721502354dd7ef489fadca4cafc42b61981006aee8ea2915/details
Re: ELF:Mirai-ADQ [Trj] -> https://www.virustotal.com/nl/file/9f52f65dc02c31b422527e108108a6ec06c1347055a86a420dd283cd697e4cfb/analysis/1552795448/

Detected also at : https://tracker.h3x.eu/ and at Prof. Dr. Dietrich's site: https://chrisdietri.ch/files/iotsamples.html

polonus
Title: Re: Avast detects as ELF:Mirai-ADQ [Trj]
Post by: polonus on March 17, 2019, 11:40:43 PM: Another example on such bad network scanning activity:
Re: https://urlhaus.abuse.ch/url/160973/
Re Internet scanner - vulnerabilities: https://www.shodan.io/host/185.22.154.153
Reported thrice and recently active: https://www.abuseipdb.com/check/185.22.154.153

No uri detection here: https://www.virustotal.com/#/url/6aa1a139569815f50fd4f20c5ce6fcb143c38a27f8eb31de29425445ed6a4daf/detection
But avast has it covered here: https://www.virustotal.com/#/file/301427fa5807a9244e097c1dc849eac241f031b7249d3cdf3500ec5608a78259/detection

Avast detects ELF:Mirai-GH [Trj]

polonus

SMF 2.0.18 | SMF © 2015, Simple Machines