Fandom

Malware Wiki

Tsunami

1,321pages on
this wiki
Add New Page
Comments0 Share

Backdoor.Linux.Tsunami.gen or Tsunami is a Linux backdoor that allows remote access to infected machines.

PayloadEdit

The backdoor allows access to the following host:

80.***.54.131

In response, the backdoor recieves the following commands from the attacker:

TSUNAMI
UNKNOWN
NICK
SERVER
GETSPOOFS
SPOOFS
DISABLE
ENABLE
KILL
VERSION
KILLALL
HELP
IRC
SH
PAN
MOVE
UDP
GET

Pending on the command inputted by the attacker, the backdoor may perform the following actions.

  • Download and execute files from the Internet
  • Execute shell commands
  • Communicate via HTTP and IRC channels.
  • Organise and execute Denial of Service Attacks.

The actions thusfar allow full access to the computer, allowing the computer to become part of a BotNet.

As of February 20th 2016, the official Linux Mint website has been hacked with ISO images containing this trojan. The website is taken offline because of this as investigations are still underway. Source

Further technical informationEdit

MD5: What is this? 1610768b1524e24d840ae25964d02c8e
SHA1: What is this? 8766ba34a15e56850feab896b37a987077b0d2a4

SourcesEdit

Securelist (Kaspersky Labs), Backdoor.Linux.Tsunami.gen

Ad blocker interference detected!


Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.