ELF_SETAG.AV
2016年2月4日
別名:
Backdoor:Linux/Setag!rfn (Microsoft), Linux/Setag.B.Gen trojan (ESET)
プラットフォーム:
Linux
危険度:
ダメージ度:
感染力:
感染確認数:
情報漏えい:
- マルウェアタイプ: バックドア型
- 破壊活動の有無: なし
- 暗号化:
- 感染報告の有無: はい
概要
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
詳細
ファイルサイズ 1,224,704 bytes
タイプ ELF
発見日 2016年2月1日
侵入方法
マルウェアは、他のマルウェアに作成されるか、悪意あるWebサイトからユーザが誤ってダウンロードすることによりコンピュータに侵入します。
インストール
マルウェアは、以下のファイルを作成します。
- /tmp/bill.lock
- /tmp/notify.file
- /proc/net/pktgen/kpktgend_{number}
- /proc/net/pktgen/pgctrl
マルウェアは、感染したコンピュータ内に以下のように自身のコピーを作成します。
- /usr/lib/libamplify.so
その他
マルウェアは、以下の不正なWebサイトにアクセスします。
- {BLOCKED}.60.224.5
- {BLOCKED}.60.224.3
- {BLOCKED}.31.233.1
- {BLOCKED}.31.1.1
- {BLOCKED}.236.93.33
- {BLOCKED}.235.70.98
- {BLOCKED}.235.164.18
- {BLOCKED}.235.164.13
- {BLOCKED}.234.254.5
- {BLOCKED}.233.9.9
- {BLOCKED}.233.9.61
- {BLOCKED}.187.98.6
- {BLOCKED}.187.98.3
- {BLOCKED}.177.7.1
- {BLOCKED}.166.25.129
- {BLOCKED}.166.150.139
- {BLOCKED}.166.150.123
- {BLOCKED}.166.150.101
- {BLOCKED}.147.37.1
- {BLOCKED}.139.54.66
- {BLOCKED}.139.39.73
- {BLOCKED}.139.2.69
- {BLOCKED}.134.1.4
- {BLOCKED}.132.163.68
- {BLOCKED}.130.254.34
- {BLOCKED}.128.192.68
- {BLOCKED}.128.128.68
- {BLOCKED}.128.114.166
- {BLOCKED}.128.114.133
- {BLOCKED}.10.1.130
- {BLOCKED}.10.0.130
- {BLOCKED}.191.244.5
- {BLOCKED}.51.78.210
- {BLOCKED}.242.2.2
- {BLOCKED}.241.208.46
- {BLOCKED}.240.57.33
- {BLOCKED}.22.96.66
- {BLOCKED}.88.88.88
- {BLOCKED}.85.85.85
- {BLOCKED}.75.152.129
- {BLOCKED}.52.118.162
- {BLOCKED}.47.62.142
- {BLOCKED}.47.29.93
- {BLOCKED}.46.120.5
- {BLOCKED}.45.1.40
- {BLOCKED}.45.0.110
- {BLOCKED}.246.129.80
- {BLOCKED}.243.129.81
- {BLOCKED}.222.222.222
- {BLOCKED}.221.5.240
- {BLOCKED}.172.200.68
- {BLOCKED}.7.92.98
- {BLOCKED}.7.92.86
- {BLOCKED}.7.34.10
- {BLOCKED}.7.136.68
- {BLOCKED}.7.128.68
- {BLOCKED}.7.1.20
- {BLOCKED}.6.4.66
- {BLOCKED}.5.88.88
- {BLOCKED}.5.203.98
- {BLOCKED}.5.203.90
- {BLOCKED}.5.203.86
- {BLOCKED}.4.66.66
- {BLOCKED}.3.131.11
- {BLOCKED}.232.129.30
- {BLOCKED}.228.255.1
- {BLOCKED}.176.4.9
- {BLOCKED}.176.4.6
- {BLOCKED}.176.4.21
- {BLOCKED}.176.4.18
- {BLOCKED}.176.4.15
- {BLOCKED}.176.4.12
- {BLOCKED}.176.3.85
- {BLOCKED}.176.3.83
- {BLOCKED}.176.3.79
- {BLOCKED}.176.3.76
- {BLOCKED}.176.3.73
- {BLOCKED}.176.3.70
- {BLOCKED}.131.143.69
- {BLOCKED}.130.33.60
- {BLOCKED}.130.33.52
- {BLOCKED}.130.32.109
- {BLOCKED}.130.32.106
- {BLOCKED}.130.32.103
- {BLOCKED}.130.32.100
- {BLOCKED}.130.252.200
- {BLOCKED}.12.33.227
- {BLOCKED}.12.1.227
- {BLOCKED}.11.132.2
- {BLOCKED}.170.64.68
- {BLOCKED}.168.208.6
- {BLOCKED}.168.208.3
- {BLOCKED}.72.225.253
- {BLOCKED}.239.26.42
- {BLOCKED}.235.127.1
- {BLOCKED}.150.32.132
- {BLOCKED}.149.6.99
- {BLOCKED}.149.194.55
- {BLOCKED}.148.204.66
- {BLOCKED}.147.198.230
- {BLOCKED}.147.1.66
- {BLOCKED}.146.1.66
- {BLOCKED}.141.148.39
- {BLOCKED}.141.148.37
- {BLOCKED}.141.140.10
- {BLOCKED}.141.136.10
- {BLOCKED}.89.0.124
- {BLOCKED}.85.157.99
- {BLOCKED}.85.152.99
- {BLOCKED}.76.192.100
- {BLOCKED}.6.200.139
- {BLOCKED}.30.19.50
- {BLOCKED}.30.19.40
- {BLOCKED}.203.160.194
- {BLOCKED}.203.101.3
- {BLOCKED}.202.152.130
- {BLOCKED}.201.17.2
- {BLOCKED}.2.135.1
- {BLOCKED}.108.248.245
- {BLOCKED}.108.248.219
- {BLOCKED}.106.127.122
- {BLOCKED}.106.127.114
- {BLOCKED}.104.78.2
- {BLOCKED}.104.32.106
- {BLOCKED}.104.128.106
- {BLOCKED}.104.111.122
- {BLOCKED}.104.111.114
- {BLOCKED}.98.72.7
- {BLOCKED}.98.4.1
- {BLOCKED}.98.2.4
- {BLOCKED}.98.121.27
- {BLOCKED}.97.96.65
- {BLOCKED}.97.64.129
- {BLOCKED}.95.72.1
- {BLOCKED}.95.193.97
- {BLOCKED}.95.1.97
- {BLOCKED}.93.64.129
- {BLOCKED}.93.24.129
- {BLOCKED}.93.0.81
- {BLOCKED}.92.144.161
- {BLOCKED}.92.136.81
- {BLOCKED}.91.88.129
- {BLOCKED}.90.80.65
- {BLOCKED}.90.72.65
- {BLOCKED}.78.130.1
- {BLOCKED}.162.62.60
- {BLOCKED}.162.62.1
- {BLOCKED}.162.61.255
- {BLOCKED}.162.61.235
- {BLOCKED}.162.61.225
- {BLOCKED}.161.159.3
- {BLOCKED}.161.158.11
- {BLOCKED}.147.6.3
- {BLOCKED}.142.210.98
- {BLOCKED}.142.210.100
- {BLOCKED}.141.90.68
- {BLOCKED}.141.16.99
- {BLOCKED}.140.197.58
- {BLOCKED}.139.73.34
- {BLOCKED}.139.29.68
- {BLOCKED}.139.29.170
- {BLOCKED}.139.29.150
- {BLOCKED}.139.2.18
- {BLOCKED}.139.1.3
- {BLOCKED}.138.91.1
- {BLOCKED}.138.75.123
- {BLOCKED}.138.245.180
- {BLOCKED}.138.242.18
- {BLOCKED}.138.240.100
- {BLOCKED}.138.200.69
- {BLOCKED}.138.180.2
- {BLOCKED}.138.164.6
- {BLOCKED}.138.156.66
- {BLOCKED}.138.151.161
- {BLOCKED}.138.145.194
- {BLOCKED}.138.106.19
- {BLOCKED}.137.32.178
- {BLOCKED}.137.241.34
- {BLOCKED}.137.160.5
- {BLOCKED}.137.160.185
- {BLOCKED}.136.28.237
- {BLOCKED}.136.28.234
- {BLOCKED}.136.28.231
- {BLOCKED}.136.17.107
- {BLOCKED}.136.150.66
- {BLOCKED}.136.112.50
- {BLOCKED}.103.13.101
- {BLOCKED}.42.241.1
- {BLOCKED}.38.192.33
- {BLOCKED}.21.4.130
- {BLOCKED}.21.3.140
- {BLOCKED}.21.196.6
- {BLOCKED}.200.211.225
- {BLOCKED}.200.211.193
- {BLOCKED}.80.96.9
- {BLOCKED}.186.94.241
- {BLOCKED}.186.94.20
- {BLOCKED}.142.100.21
- {BLOCKED}.142.100.18
- {BLOCKED}.99.96.68
- {BLOCKED}.99.224.8
- {BLOCKED}.99.224.67
- {BLOCKED}.99.192.68
- {BLOCKED}.99.192.66
- {BLOCKED}.99.168.8
- {BLOCKED}.99.166.4
- {BLOCKED}.99.160.68
- {BLOCKED}.99.104.68
- {BLOCKED}.98.96.68
- {BLOCKED}.98.5.68
- {BLOCKED}.98.224.68
- {BLOCKED}.98.198.167
- {BLOCKED}.98.192.67
- {BLOCKED}.98.0.68
- {BLOCKED}.97.7.6
- {BLOCKED}.97.7.17
- {BLOCKED}.97.224.68
- {BLOCKED}.96.96.68
- {BLOCKED}.96.86.18
- {BLOCKED}.96.75.68
- {BLOCKED}.96.69.38
- {BLOCKED}.96.64.68
- {BLOCKED}.96.209.5
- {BLOCKED}.96.209.133
- {BLOCKED}.96.154.15
- {BLOCKED}.96.144.47
- {BLOCKED}.96.134.33
- {BLOCKED}.96.134.133
- {BLOCKED}.96.128.86
- {BLOCKED}.96.128.68
- {BLOCKED}.96.128.166
- {BLOCKED}.96.107.27
- {BLOCKED}.96.104.26
- {BLOCKED}.96.104.15
- {BLOCKED}.96.103.36
- {BLOCKED}.85.128.32
- {BLOCKED}.60.252.8
- {BLOCKED}.45.84.67
- {BLOCKED}.45.84.58
- {BLOCKED}.38.64.1
- {BLOCKED}.203.224.33
- {BLOCKED}.203.208.33
- {BLOCKED}.203.192.33
- {BLOCKED}.203.160.33
- {BLOCKED}.203.144.33
- {BLOCKED}.203.128.33
- {BLOCKED}.196.64.1
- {BLOCKED}.193.64.33
- {BLOCKED}.175.3.8
- {BLOCKED}.175.3.3
- {BLOCKED}.14.67.4
- {BLOCKED}.14.67.14
- {BLOCKED}.118.1.53
- {BLOCKED}.118.1.29
- {BLOCKED}.117.96.5
- {BLOCKED}.117.96.10
- {BLOCKED}.115.32.39
- {BLOCKED}.115.32.36
- {BLOCKED}.114.240.6
- {BLOCKED}.114.0.242
- {BLOCKED}.113.16.11
- {BLOCKED}.113.16.10
- {BLOCKED}.112.144.30
- {BLOCKED}.112.112.10
- {BLOCKED}.106.46.151
- {BLOCKED}.106.196.237
- {BLOCKED}.106.196.232
- {BLOCKED}.106.196.230
- {BLOCKED}.106.196.228
- {BLOCKED}.106.196.212
- {BLOCKED}.106.196.115
- {BLOCKED}.106.195.68
- {BLOCKED}.106.0.20
- {BLOCKED}.103.96.112
- {BLOCKED}.103.44.150
- {BLOCKED}.103.243.112
- {BLOCKED}.103.24.68
- {BLOCKED}.103.225.68
- {BLOCKED}.103.224.68
- {BLOCKED}.103.176.22
- {BLOCKED}.103.0.68
- {BLOCKED}.103.0.117
- {BLOCKED}.102.9.141
- {BLOCKED}.102.8.141
- {BLOCKED}.102.7.90
- {BLOCKED}.102.3.144
- {BLOCKED}.102.3.141
- {BLOCKED}.102.24.34
- {BLOCKED}.102.227.68
- {BLOCKED}.102.224.68
- {BLOCKED}.102.213.68
- {BLOCKED}.102.200.101
- {BLOCKED}.102.199.68
- {BLOCKED}.102.192.68
- {BLOCKED}.102.154.3
- {BLOCKED}.102.152.3
- {BLOCKED}.102.134.68
- {BLOCKED}.102.128.68
- {BLOCKED}.101.98.55
- {BLOCKED}.101.6.2
- {BLOCKED}.101.226.68
- {BLOCKED}.101.224.68
- {BLOCKED}.101.107.85
- {BLOCKED}.100.96.68
- {BLOCKED}.100.199.8
- {BLOCKED}.100.192.68
- {BLOCKED}.168.255.18
- {BLOCKED}.95.192.174
- {BLOCKED}.95.192.1
- {BLOCKED}.95.1.1
- {BLOCKED}.175.55.244
- {BLOCKED}.175.252.16
- {BLOCKED}.175.150.20
- {BLOCKED}.175.10.20
- {BLOCKED}.207.160.110
- {BLOCKED}.161.97.242
- {BLOCKED}.161.97.238
- {BLOCKED}.161.97.234
- {BLOCKED}.72.33.240
- {BLOCKED}.6.6.6
- {BLOCKED}.233.255.228
- {BLOCKED}.29.249.54
- {BLOCKED}.29.249.50
- {BLOCKED}.228.111.118
- {BLOCKED}.114.115.115
- {BLOCKED}.114.114.114
- {BLOCKED}.111.211.22
- {BLOCKED}.4.0.55
- {BLOCKED}.100.100.100
- {BLOCKED}.47.189.18
- {BLOCKED}.47.189.10