Linux.Lady.81
Added to the Dr.Web virus database:
2020-03-27
Virus description added:
2020-03-26
Technical Information
Malicious functions:
Gets access to SSH keys
- /root/.ssh/authorized_keys
Launches processes:
- /usr/bin/getconf CLK_TCK
- <SAMPLE_FULL_PATH>
- /usr/bin/lsb_release
- dpkg-query -f ${Version} ${Provides
- /usr/bin/chattr -i /root/.ssh/authorized_keys
Kills system processes:
Kills the following processes:
- systemd
- kthreadd
- ksoftirqd/0
- kworker/0:0
- kworker/0:0H
- kworker/u2:0
- rcu_sched
- rcu_bh
- migration/0
- watchdog/0
- khelper
- kdevtmpfs
- netns
- khungtaskd
- writeback
- ksmd
- crypto
- kintegrityd
- bioset
- kblockd
- kworker/0:1
- kswapd0
- fsnotify_mark
- kthrotld
- ipv6_addrconf
- deferwq
- kworker/u2:1
- ata_sff
- scsi_eh_0
- scsi_tmf_0
- scsi_eh_1
- scsi_tmf_1
- kworker/u2:2
- kworker/u2:3
- kworker/0:2
- kworker/0:1H
- jbd2/sda1-8
- ext4-rsv-conver
- kauditd
- systemd-journal
- systemd-udevd
- kpsmoused
- ttm_swap
- kvm-irqfd-clean
- kworker/0:3
- dhclient
- rpcbind
- rpc.statd
- rpciod
- nfsiod
- rpc.idmapd
- cron
- atd
- systemd-logind
- rsyslogd
- acpid
- dbus-daemon
- agetty
- exim4
- (sd-pam)
- bash
- run.sh
- <SAMPLE>
Performs operations with the file system:
Creates folders:
- /var/lib/.ecob
- /root/.ssh
Creates or modifies files:
Locks files:
Network activity:
Establishes connection:
- 11#.###.164.224:36430
- 22#.#.5.5:53
- 10#.##.198.47:37411
- 20#.##.222.222:443
- 1.#.1.1:53
- 8.#.8.8:53
- 11#.#9.29.29:53
- 12#.##.27.35:45907
- 47.###.177.218:41748
- 20#.#.21.4:22166
- 13#.##9.215.2:39534
- 67.###.168.20:8000
DNS ASK:
- ip##fo.io
- ip##ho.net
- ip##.#canhazip.com
- v4.#dent.me
- ch#####.amazonaws.com
- bo#.####ismyipaddress.com
- wh#####yip.akamai.com
Other:
Collects CPU information
Collects RAM information
Collects information about network activity
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細