what's the link between iSCSI protocol and "stratum+tcp attacks

Question

I found a strange file under/var/tmp directory, named ietd.conf

{
    "url" : "stratum+tcp://188.165.254.85:80",
    "user" : "46Z6dQ77i2qAapF4kjLXaaYKCB59eajwaZbmtyyPsxDXWyxPS5nfYoe5t4R7yTgsvT
AxgE8DRwwtKiMxCmM39KCBPfEgL5b",
    "pass" : "x",
    "algo" : "cryptonight",
    "quiet" : true
}

Can someone explain it to me please

Are you running mining software for an altcoin such as Monero or Bytecoin? — Murch, May 29 '17 at 18:44
@Murch no it's just a Linux machine with ubuntu server, we installed on it a dcm4che server http://www.dcm4che.org/ — Inès Belhouchet, May 29 '17 at 20:31

score 2 · Answer 1 · answered May 29 '17 at 14:17

2

You most likely have a stealth Monero miner installed, I recommend checking your system for rootkits.

answered May 29 '17 at 14:17

what's the link between iSCSI protocol and "stratum+tcp attacks

1 Answers1