Home / malware Linux.Groundhog
First posted on 04 November 2015.
Source: SymantecAliases :
There are no other names known for Linux.Groundhog.
Explanation :
When the Trojan is executed, it creates the following file: /tmp/[RANDOM CHARACTERS]
Next, the Trojan connects to the following remote locations: GroUndHog.MapSnode.CoM211.110.1.32
The Trojan connects to these locations through one of the following TCP ports: 225380443143315213306
The Trojan then gathers the following information: IP addressProcessor numberSize of physical memoryOS versionTrojan version
The Trojan may also perform the following actions: Download filesExecute commands and filesEnumerate processesEnd processesDelete filesDelete itselfLast update 04 November 2015