Virus Total detection for the ELF payload and its shell script companion are ZERO:
https://www.virustotal.com/en/file/2b22 ... 435255038/
https://www.virustotal.com/en/file/55b6 ... 435255748/
Analysis of the threat and the malware I released in MMD-0034-2015 http://blog.malwaremustdie.org/2015/06/ ... w-elf.htmlQuoted from the posted alert: As a summary, this malware will run under current user privilege and check whether it can escalate its privilege. After the self-check for the current version and previous installation, it will continue to run initially, or stopped if the previous running instance was detected, or requesting the update to the motherhost. During the initial installation, it will register an autorun in crontab, And it will then contacting motherhost via HTTP to poke and requesting a download, and then to decrypt the part of downloaded data (DES2) and save it in the work directory to be executed, the downloaded data which was dropped in the same directory of this malware...
Please help to do the best to release detection signature and all mitigation/filtration available.