SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.roboto (Back to overview)

Roboto

P2P Botnet discovered by Netlab360. The botnet infects linux servers via the Webmin RCE vulnerability (CVE-2019-15107) which allows attackers to run malicious code with root privileges and take over older Webmin versions. Based on the Netlabs360 analysis, the botnet serves mainly 7 functions: reverse shell, self-uninstall, gather process' network information, gather Bot information, execute system commands, run encrypted files specified in URLs and four DDoS attack methods: ICMP Flood, HTTP Flood, TCP Flood, and UDP Flood.

References
2019-11-20360 netlabAlex Turing, GenShen Ye
The awaiting Roboto Botnet
Roboto
2019-11-20ZDNetCatalin Cimpanu
New Roboto botnet emerges targeting Linux servers running Webmin
Roboto

There is no Yara-Signature yet.