ioc[.]one - OSINT Cyber Threat Intelligence Database

MMD-0020-2014 - Analysis of Linux/Mayhem infection: A shared DYN libs malicious ELF: libworker.so

Tags

country:	Netherlands Germany France Luxembourg Ukraine United States Of America
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Direct Botnet - T1583.005 Botnet - T1584.005 Credentials - T1589.001 Dns - T1071.004 Dns - T1590.002 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Server - T1583.004 Server - T1584.004 Ssh - T1021.004 Web Service - T1481 Trap - T1546.005 Tool - T1588.002 Whois - T1596.002 Web Service - T1102 Trap - T1154

Show in Graph

Common Information

Type	Value
UUID	6612ff1e-bea0-4fc6-af1b-e99bfc9f1a48
Fingerprint	2cb13c53ad275681
Analysis status	DONE
Considered CTI value	2
Text language
Published	May 8, 2014, 1:09 a.m.
Added to db	Jan. 18, 2023, 7:35 p.m.
Last updated	Nov. 17, 2024, 10:43 p.m.
Headline	UNKNOWN
Title	MMD-0020-2014 - Analysis of Linux/Mayhem infection: A shared DYN libs malicious ELF: libworker.so
Detected Hints/Tags/Attributes	128/3/120

Source URLs

	Redirection	Url
Details	Source	http://blog.malwaremustdie.org/2014/05/elf-shared-so-dynamic-library-malware.html

URL Provider

Details	Provider	Source level domain
Details	malwaremustdie.org	blog.malwaremustdie.org

Attributes

Details	Type	#Events	Value
Details	Autonomous System Number	2	AS5577
Details	Domain	3	libworker.so
Details	Domain	538	pic.twitter.com
Details	Domain	1	evilfopen.so
Details	Domain	117	ld.so
Details	Domain	1	sample1-32.so
Details	Domain	1	sample1-64.so
Details	Domain	1	sample2-32.so
Details	Domain	1	sample2-64.so
Details	Domain	1	sample3-32.so
Details	Domain	1	sample3-64.so
Details	Domain	707	google.com
Details	Domain	1	libresolv-2.13.so
Details	Domain	1	13.so
Details	Domain	2	libc-2.13.so
Details	Domain	1	libdl-2.13.so
Details	Domain	2	ld-2.13.so
Details	Domain	1	xxxx.malwaremustdie.org
Details	Domain	1	ns3002507.ip-37-59-5.eu
Details	Domain	6	ovh.com
Details	Domain	1	hennersy.com
Details	Domain	11	bizcn.com
Details	Domain	3	whois.bizcn.com
Details	Domain	5	www.bizcn.com
Details	Domain	11	dnspod.com
Details	Domain	1	ip-static-94-242-216-183.as5577.net
Details	Domain	1	nowa.nl
Details	Domain	1	ns220038.ip-188-165-238.eu
Details	Domain	1	ns38119.ip-91-121-10.eu
Details	Domain	1	static.181.238.63.178.clients.your-server.de
Details	Domain	1	c-76-30-159-18.hsd1.tx.comcast.net
Details	Domain	1	176.clients.your-server.de
Details	Domain	1	5-248-80-16-broadband.kyivstar.net
Details	Domain	1	176-8-90-64-lvv.broadband.kyivstar.net
Details	Domain	1	ec2-23-23-222-104.compute-1.amazonaws.com
Details	Domain	1	lw930.ua-hosting.com.ua
Details	Domain	1	root.lu
Details	Domain	1	widexs.nl
Details	Domain	1	it-networks.net
Details	Domain	21	comcast.net
Details	Domain	11	hetzner.de
Details	Domain	2	kyivstar.ua
Details	Domain	295	amazon.com
Details	Domain	6	leaseweb.com
Details	Domain	2	hostkey.ru
Details	Domain	1	libworker32.so
Details	Domain	1	libworker64.so
Details	Domain	1	libworker1-32.so
Details	Domain	1	libworker1-64.so
Details	Domain	1	libworker2-32.so
Details	Domain	1	libworker2-64.so
Details	Domain	1	libworker3-32.so
Details	Domain	1	libworker3-64.so
Details	Domain	1	rss-aggr-32.so
Details	Domain	1	rss-aggr-64.so
Details	File	1	checkandall.php
Details	File	1	nextstyles.php
Details	File	1	oldstyle.php
Details	File	1	stylered.php
Details	File	1	rss-info.php
Details	File	1	function_php.php
Details	File	1	tempstyle.php
Details	File	1	sodump.php
Details	File	1	neostyle.php
Details	File	1	maink.php
Details	File	59	wp-login.php
Details	File	3	theme-editor.php
Details	File	3	archive.php
Details	File	9	plugin-install.php
Details	File	56	update.php
Details	File	9	footer.php
Details	File	1	atom-conf.php
Details	File	1	exostyle.php
Details	File	1	sears.php
Details	md5	1	71fb293439b826ef79a9caed64624f32
Details	md5	3	63a9f0ea7bb98050796b649e85481845
Details	md5	1	bb73bdf5c20b6614bf2e0a90f5119f17
Details	md5	1	79fca73775eba2d2086788add6a370e8
Details	md5	1	8fd38d60e214129afa2e5c5c08fd4cda
Details	md5	1	2e9d840422eed5629fc2e04d6522690e
Details	md5	1	81feb18560aae54a143e8b8fbef1e940
Details	md5	1	2994c02d1af6c40b65448c4f6b41d862
Details	md5	1	7dd65093e2817261841ba1ef58fdd63a
Details	md5	1	ce91cd455af378cdd20ff8845577cdaa
Details	md5	1	8cf854c15f5de3607019a4877ff790cb
Details	md5	1	4821764e30efb1b8eac19ea312204efd
Details	md5	1	d1fa49ac024bf67a5ed9d751e05cff6e
Details	md5	1	ad28e7a4a65e31af354ce51b9d62258d
Details	md5	1	09d3ce840dff07e4691e0e68a1fd1758
Details	sha256	1	9b45ede71823a041386ceeded598d7c7c27a46370f0f0151bcb172191a01ccaa
Details	sha256	1	9a3080c635199ec57405db4945b37176243d82e6da90a2183db37921d7aa5657
Details	IPv4	295	8.8.8.8
Details	IPv4	1	37.59.5.67
Details	IPv4	1	37.59.0.0
Details	IPv4	1	94.242.216.183
Details	IPv4	1	212.204.192.14
Details	IPv4	1	188.165.238.180
Details	IPv4	1	91.121.10.229
Details	IPv4	1	181.238.63.178
Details	IPv4	1	178.63.238.181
Details	IPv4	1	76.30.159.18
Details	IPv4	1	4.40.9.176
Details	IPv4	1	176.9.40.4
Details	IPv4	1	5.248.80.16
Details	IPv4	1	23.23.222.104
Details	IPv4	1	37.48.81.37
Details	IPv4	1	94.242.192.0
Details	IPv4	1	212.204.192.0
Details	IPv4	1	188.165.0.0
Details	IPv4	1	91.121.0.0
Details	IPv4	1	178.63.0.0
Details	IPv4	1	76.16.0.0
Details	IPv4	3	176.9.0.0
Details	IPv4	2	5.248.0.0
Details	IPv4	1	176.8.90.64
Details	IPv4	2	176.8.0.0
Details	IPv4	1	23.22.0.0
Details	IPv4	1	37.48.64.0
Details	IPv4	1	5.39.222.141
Details	Url	5	http://www.bizcn.com