Linux.Siggen.559
Added to the Dr.Web virus database:
2018-04-29
Virus description added:
2018-04-29
Technical Information
Malicious functions:
Substitutes application name for:
- magi-wallet
- magi-start
- magi-rpclist
- magi-shutoff
- magi-net
- magi-dnsseed
- magi-opencon
- magi-ext-ip
- magi-msghand
- magi-adrdump
Performs operations with the file system:
Creates folders:
- /root/.magi
- /root/.magi/database
- /root/.magi/blocks
- /root/.magi/blocks/index
Creates or modifies files:
- /root/.magi/.lock
- /root/.magi/debug.log
- /root/.magi/db.log
- /root/.magi/blocks/index/LOG
- /root/.magi/blocks/index/LOCK
- /root/.magi/blocks/index/MANIFEST-000001
- /root/.magi/blocks/index/000001.dbtmp
- /root/.magi/blocks/index/000003.log
- /root/.magi/blocks/index/MANIFEST-000002
- /root/.magi/blocks/index/000002.dbtmp
- /root/.magi/blocks/blk00000.dat
- /root/.magi/database/log.0000000001
- /root/.magi/__db.80000001.f87e8874
- /root/.magi/wallet.dat
- /root/.magi/peers.dat.5f0c
Deletes files:
- /root/.magi/blocks/index/MANIFEST-000001"
Network activity:
Awaits incoming connections on ports:
Establishes connection:
- <LOCAL_DNS_SERVER>
- 10#.##8.225.215:0
- 21#.##9.151.56:0
- 10#.#1.64.40:0
- [2#######0:302:2100::4c54]:0
- 21#.#2.21.37:0
HTTP GET requests:
DNS ASK:
- se##.m-core.org
- se##.#-chain.info
- se##.##gi.filoozom.com
- se##.systms.org
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細