Linux.Siggen.1197
Added to the Dr.Web virus database:
2018-10-16
Virus description added:
2018-10-16
Technical Information
Malicious functions:
Launches itself as a daemon
Gets access to SSH keys
- /root/.ssh/authorized_keys
Launches processes:
- /usr/bin/getconf CLK_TCK
- <SAMPLE_FULL_PATH>
Performs operations with the file system:
Creates folders:
Creates or modifies files:
Network activity:
Establishes connection:
- 47.##.22.148:8000
- 10#.##.191.118:8000
- 47.##.250.157:8000
- 47.##.201.42:8000
- 21#.##.214.34:8000
- 47.##.242.3:8000
- 47.##.57.82:8000
- 12#.##.104.116:8000
- 47.##.81.156:8000
- 20#.###.249.211:8000
- 47.##.118.224:8000
- 12#.##.212.106:8000
- 47.##.9.127:8000
- 39.###.82.141:8000
- 47.##.31.61:8000
- 12#.##.57.107:8000
- 11#.##.203.39:8000
- 13#.##4.232.93:8000
- 18#.###.221.254:8000
- 12#.##.146.42:8000
- 58.##.65.8:8000
- 47.##.85.7:8000
- 11#.##.177.210:8000
- 43.###.240.20:8000
- 52.##.148.234:8000
- 47.##.0.232:8000
- 47.##.249.13:8000
- 47.##.38.172:8000
- 51.##.137.192:8000
- 10#.##1.232.44:8000
- 47.##.128.19:8000
- 47.##.4.107:8000
- 47.##.93.206:8000
- 69.##.149.164:8000
- 47.##.1.41:8000
- 12#.##7.166.84:8000
- 47.##.217.93:8000
- 11#.##.189.61:8000
HTTP POST requests:
- 21#.###.40.228:8000/slave
Receives data from the following servers:
Other:
Collects information about network activity
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細