Linux.Siggen.415
Added to the Dr.Web virus database:
2018-02-12
Virus description added:
2018-02-12
Technical Information
Malicious functions:
Substitutes application name for:
- orb-wallet
- orb-start
- orb-rpclist
- orb-shutdown
- orb-ext-ip
- orb-ircseed
- orb-net
- orb-dnsseed
- orb-opencon
- orb-adrdump
- orb-msghand
Performs operations with the file system:
Creates folders:
- /root/.orbitcoin
- /root/.orbitcoin/database
- /root/.orbitcoin/blktree
- /root/.orbitcoin/coins
- /root/.orbitcoin/blocks
Creates or modifies files:
- /root/.orbitcoin/debug.log
- /root/.orbitcoin/.lock
- /root/.orbitcoin/db.log
- /root/.orbitcoin/blktree/LOG
- /root/.orbitcoin/blktree/LOCK
- /root/.orbitcoin/blktree/MANIFEST-000001
- /root/.orbitcoin/blktree/000001.dbtmp
- /root/.orbitcoin/blktree/000003.log
- /root/.orbitcoin/blktree/MANIFEST-000002
- /root/.orbitcoin/blktree/000002.dbtmp
- /root/.orbitcoin/coins/LOG
- /root/.orbitcoin/coins/LOCK
- /root/.orbitcoin/coins/MANIFEST-000001
- /root/.orbitcoin/coins/000001.dbtmp
- /root/.orbitcoin/coins/000003.log
- /root/.orbitcoin/coins/MANIFEST-000002
- /root/.orbitcoin/coins/000002.dbtmp
- /root/.orbitcoin/blocks/blk00000.dat
- /root/.orbitcoin/database/log.0000000001
- /root/.orbitcoin/__db.80000001.de529f6f
- /root/.orbitcoin/wallet.dat
- /root/.orbitcoin/peers.dat.4f7b
Deletes files:
- /root/.orbitcoin/blktree/MANIFEST-000001"
- /root/.orbitcoin/coins/MANIFEST-000001"
Network activity:
Awaits incoming connections on ports:
Establishes connection:
- <LOCAL_DNS_SERVER>
- 16#.##7.250.114:0
- 18#.##.128.119:0
- 10#.##1.164.223:0
- [2#######8:1004::3ace:c493]:0
HTTP GET requests:
DNS ASK:
- se###.#hoenixcoin.org
- or##eed0
- se###.#hoenixcoin.org
- or##eed1
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細