Deutsch | English
This blog does not contain official statements of, only personal opinions of the individual contributors.

Elastic Search being hacked automatically today


At the moment we are seeing a lot of automatic scanning and hacking of Elastic Search installations worldwide.  Please make sure that port 9200 is locked down in case you run ES.


  • C&C IP address:  (China)
  • C&C Port: 10991
  • AV analysis: Zillya: Trojan.Agent.Linux.5 Avast: ELF:Elknot-H [Trj] Kaspersky: Backdoor.Linux.Mayday.g DrWeb: Linux.DDoS.7 VIPRE: Backdoor.Linux.Elknot.f (v) Jiangmin: Backdoor/Linux.ju Microsoft: DoS:Linux/Elknot.F ESET-NOD32: Linux/Agent.F.Gen Ikarus: DoS.Linux.Elknot Scanned: 2014-07-09 00:47:38 - 53 scans - 9 detections (16.0%)
  • Analysis of similar malware: 

Author: L. Aaron Kaplan

Last Change: 2014/7/9 - 15:59:36
Haftungsausschluss / Data Protection & Privacy Policy