- First seen: December 2019
- Aliases:
- Samples:
- fabece475f5a63d9c58ce5f7fb1f8d4e9c7171ac5d603b7b1ec31b0932008cd3 | linux | trojan | elf
- c6f6ca23761292552e6ea5f12496dc9c73374be0c5f9d0b2142ca3ae0bb8fe14 | linux | trojan | elf
| Property | Value |
|---|---|
| Size | 277952 bytes |
| CRC32 | 0xde57a014 |
| MD5 | eda730498b3d0a97066807a2d98909f3 |
| SHA1 | 0c1af66757c6a0390cd190a14f9430aee2f0ba6e |
| SHA256 | fabece475f5a63d9c58ce5f7fb1f8d4e9c7171ac5d603b7b1ec31b0932008cd3 |
| SHA512 | 0bc329e91f0d5399ddc2eef01a497c5de334d21ec5855ac4dde1a5cf44f750ad2a9e16c9361d8d2a1cfd14c21cf7629fb05ca0359f601e4daa08eb1e83b3a5ff |
| Ssdeep | 6144:1otKHAPn4iiXbrtxXU1AAV65fmET4DPqO1:uxn4iiXX3UaAV6h3ePqO1 |
| Magic | ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped |
| Packer | ELF: Nothing found |
| TrID | 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1) |
- Avast: ELF:DDoS-S [Trj]
- Avira: Linux/Agent.lfbzy
- Bitdefender: Trojan.Linux.Generic.149545
- Clamav: Unix.Trojan.Mirai-6981169-0
- Comodo: Malware
- Drweb: Linux.BackDoor.Fgt.2839
- Eset: Linux/Mozi.A
- Fsecure: Malware.LINUX/Agent.lfbzy
- Kaspersky: HEUR:Backdoor.Linux.Gafgyt.a
- Mcafee: Linux/Agent.f
- Sophos: Linux/DDoS-BI
- Symantec: Trojan.Gen.2
- Trendmicro: Worm.Linux.MOZIMOBOT.AA.tmsr
- Windefender: Trojan:Win64/CoinMiner| Property | Value |
|---|---|
| Size | 129280 bytes |
| CRC32 | 0x4f9866f1 |
| MD5 | 849b165f28ae8b1cebe0c7430f44aff3 |
| SHA1 | 1e3605f5a7c3b0ed8dd0333660e9b43431f395bd |
| SHA256 | c6f6ca23761292552e6ea5f12496dc9c73374be0c5f9d0b2142ca3ae0bb8fe14 |
| SHA512 | 5857d84597e7cda9c51e66630796577190184282c6a34474258bfb6a493d27d786a0e5f6edf0e3c82258ff4a526d295ae21601a8c2f51b947a6f4c6d6acb2f35 |
| Ssdeep | 3072:vDH1Y9gKmUr3SD+NQ39o+F1+AehjW6Bh1ciG1qp5oiM:vDV2zmUjGv39o+F1+NJj1G1qp5oiM |
| Magic | ELF 32-bit LSB executable, MIPS, MIPS-I version 1 (SYSV), statically linked, no section header |
| Packer | ELF: packer: UPX(3.95)[NRV,best] |
| TrID | 50.1% (.) ELF Executable and Linkable format (Linux) (4022/12) 49.8% (.O) ELF Executable and Linkable format (generic) (4000/1) |
+ Avast: clean
- Avira: Linux/Agent.nphwa
- Bitdefender: Trojan.Linux.Generic.165738
- Clamav: Unix.Malware.Agent-7148704-0
- Comodo: Malware
- Drweb: Linux.Packed.1032
- Eset: Linux/Mozi.A
- Fsecure: Malware.LINUX/Agent.nphwa
- Kaspersky: HEUR:Backdoor.Linux.Gafgyt.a
- Mcafee: Linux/Agent.f
- Sophos: Linux/DDoS-BI
- Symantec: Trojan.Gen.2
- Trendmicro: Backdoor.Linux.GAFGYT.ANU
- Windefender: Backdoor:Linux/Gafgyt!MTB- https://www.youtube.com/watch?v=cDFO_MRlg3M
- https://blog.netlab.360.com/mozi-another-botnet-using-dht/
- https://blog.netlab.360.com/the-mostly-dead-mozi-and-its-lingering-bots/
- https://blog.lumen.com/new-mozi-malware-family-quietly-amasses-iot-bots/
- https://www.elastic.co/security-labs/collecting-and-operationalizing-threat-data-from-the-mozi-botnet
- https://www.microsoft.com/en-us/security/blog/2021/08/19/how-to-proactively-defend-against-mozi-iot-botnet/