Home / malware
First posted on 22 January 2016.
There are no other names known for Linux.Mokes.
The Trojan requires GLIBC library version 2.14 or greater to be installed.
When The Trojan is executed, it copies itself to one of the following paths:
The Trojan may install itself in the following location so that it persists even after reboot:
The Trojan may connect to one of the following locations using ports 80 and 443:
The Trojan takes screenshots at regular intervals and saves them to the following location:
/tmp/ss[RANDOM NUMBERS]-[TIME STAMP].sst
The Trojan may check the temporary folder and upload every file based on the following filters:
The Trojan may download and run an uninstaller from the following location:
Last update 22 January 2016