elf.roboto (Back to overview)


P2P Botnet discovered by Netlab360. The botnet infects linux servers via the Webmin RCE vulnerability (CVE-2019-15107) which allows attackers to run malicious code with root privileges and take over older Webmin versions. Based on the Netlabs360 analysis, the botnet serves mainly 7 functions: reverse shell, self-uninstall, gather process' network information, gather Bot information, execute system commands, run encrypted files specified in URLs and four DDoS attack methods: ICMP Flood, HTTP Flood, TCP Flood, and UDP Flood.

2019-11-20360 netlabAlex Turing, GenShen Ye
@online{turing:20191120:awaiting:eefead1, author = {Alex Turing and GenShen Ye}, title = {{The awaiting Roboto Botnet}}, date = {2019-11-20}, organization = {360 netlab}, url = {}, language = {English}, urldate = {2020-01-10} } The awaiting Roboto Botnet
2019-11-20ZDNetCatalin Cimpanu
@online{cimpanu:20191120:new:f9c81de, author = {Catalin Cimpanu}, title = {{New Roboto botnet emerges targeting Linux servers running Webmin}}, date = {2019-11-20}, organization = {ZDNet}, url = {}, language = {English}, urldate = {2019-12-17} } New Roboto botnet emerges targeting Linux servers running Webmin

There is no Yara-Signature yet.