SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.unidentified_001 (Back to overview)

Unidentified Linux 001

According to Cybereason, these scripts have been used in an ongoing campaign exploiting a widespread vulnerability in the Exim MTA: CVE-2019-10149. This attack leverages a week-old vulnerability to gain remote command execution on the target machine, search the Internet for other machines to infect, and initiates a crypto miner.

References
2019-06-13CybereasonAmit Serper, Mary Zhao
New Pervasive Worm Exploiting Linux Exim Server Vulnerability
Unidentified Linux 001

There is no Yara-Signature yet.