SpeakUp: A New Undetected Backdoor Linux Trojan - Check Point Research
Tags
country: China Laos Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Botnet - T1583.005 Botnet - T1584.005 Cron - T1053.003 Domains - T1583.001 Domains - T1584.001 Exploits - T1587.004 Exploits - T1588.005 Ip Addresses - T1590.005 Malware - T1587.001 Malware - T1588.001 Python - T1059.006 Server - T1583.004 Server - T1584.004 Vulnerabilities - T1588.006
Show in Graph
Common Information
Type Value
UUID 819296c8-d286-4be9-8dcf-23f26d2f4bab
Fingerprint 3181ad7166b5be91
Analysis status DONE
Considered CTI value 2
Text language
Published Feb. 4, 2019, 2:01 p.m.
Added to db Jan. 18, 2023, 10:13 p.m.
Last updated Nov. 17, 2024, 5:55 p.m.
Headline SpeakUp: A New Undetected Backdoor Linux Trojan
Title SpeakUp: A New Undetected Backdoor Linux Trojan - Check Point Research
Detected Hints/Tags/Attributes 77/3/53
Source URLs
Redirection Url
Details Source https://research.checkpoint.com/2019/speakup-a-new-undetected-backdoor-linux-trojan/
URL Provider
Details Provider Source level domain
Details checkpoint.com research.checkpoint.com
Attributes
Details Type #Events CTI Value
Details CVE 12 
cve-2018-20062
Details CVE 4 
cve-2012-0874
Details CVE 5 
cve-2010-1871
Details CVE 81 
cve-2017-10271
Details CVE 10 
cve-2018-2894
Details CVE 10 
cve-2016-3088
Details Domain 1 
speakupomaha.com
Details Domain 1 
linuxservers.000webhostapp.com
Details Domain 1 
linuxsrv134.xp3.biz
Details File 1204 
index.php
Details File 1 
pprtnp153www.php
Details File 1 
indxe.php
Details File 1 
hp.html
Details md5 1 
e3ac24a0bcddfacd010a6c10f4a814bc
Details md5 1 
E9BC3BD76216AFA560BFB5ACAF5731A3
Details md5 1 
0a4e5831a2d3115acb3e989f0f660a6f
Details md5 1 
0b5e1eb67be7c3020610b321f68375c1
Details md5 1 
968d1906be7eb8321a3afac5fde77467
Details md5 1 
074d7a4417d55334952d264c0345d885
Details md5 1 
f357f32d7c2ddfef4b5850e7506c532b
Details md5 1 
b6311bffcea117dceac5ccac0a243ae5
Details md5 1 
2adf4e4512aaafab75e8411aa7121ffa
Details md5 1 
a73c7b777d31b0a8ef270809e2ed6510
Details md5 1 
114cda60d215e44baeef22b7db0c64d5
Details md5 1 
8f725fc5406ebf679c5c7ade3e8d5f70
Details md5 1 
4a80a075c7c6b5e738a7f4b60b7b101f
Details md5 1 
e18749e404baec2aa29f4af001164d1b
Details md5 1 
1a377b5d5d2162327f0706cc84427780
Details md5 1 
1da94e156609d7e880c413a124bad004
Details md5 1 
713260a53eff05ad44aad8d6899f1c6e
Details md5 1 
36cda3c77ba380d6388a01aafcbaa6c7
Details md5 1 
0f83482368343f5c811bac84a395d2c0
Details md5 1 
8dd6cb5f33d25512805c70bd3db5f433
Details md5 1 
e4ca1e857034cbe0428d431c15ec8608
Details md5 1 
36502273cee61825dc97d62a3dffe729
Details md5 1 
f16c5a6342ccc253b1de177d3fa310b1
Details md5 1 
08d7674532cc226931570e6a99d5ba30
Details md5 1 
279c4aa955085480f3ad0c19aa36a93b
Details md5 1 
f79be3df4cbfe81028040796733ab07f
Details md5 1 
a21a3d782d30b51515834a7bf68adc8e
Details md5 1 
c572a10ca12f3bd9783c6d576aa080fb
Details md5 1 
b60ec230644b740ca4dd6fd45059a4be
Details md5 1 
5e6b6fcd7913ae4917b0cdb0f09bf539
Details md5 1 
ae875c496535be196449547a15205883
Details md5 1 
068d424a1db93ec0c1f90f5e501449a3
Details md5 1 
996e0c8190880c8bf1b8ffb0826cf30f
Details IPv4 1 
67.209.177.163
Details IPv4 23 
255.255.0.0
Details IPv4 1 
173.82.104.196
Details IPv4 1 
5.196.70.86
Details IPv4 1 
120.79.247.183
Details IPv4 1 
5.2.73.127
Details Url 1 
http://67.209.177.163/ibus