Linux.Siggen.5670
Added to the Dr.Web virus database:
2023-10-06
Virus description added:
2023-10-06
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
Launches processes:
- cat /var/tmp/.systemd.*
- rm -f /tmp/.X11-unix/* /var/tmp/.systemd.* /tmp/kinsing* /tmp/kdev* /tmp/*watchdog*
- rm -f i
- rm -rf
- rm -rf /tmp/systemd-private-9a696143c12e4a2d879683f675cf06b2-systemd-logind.service-d16u7f
- kill -9
- md5sum
- kill -9 2 17 600
- chmod +x ./.c6f1d9e8862a3d2abfa3
- grep -E kinsing|kdevtmpfs|kthreadd|watchdog
- ss -antp
- find /tmp -type d -name *systemd-logind*
- /usr/bin/pgrep pkill -9 -f kinsing|kdevtmpfs|kthreadd|watchdog
- crontab -l
- /usr/bin/mawk awk {print $1}
- xargs rm -rf
- find /root/.config/systemd/user/systemd-tmpfiles-cleanup -type f
- cut -d/ -f1
- echo
- sed s/pid=//g
- ps x
- rm -f ./.c6f1d9e8862a3d2abfa3
- grep -q tor2w /etc/hosts
- bash
- grep -E gs-dbus-kernel|wget|curl|base64|systemd-private|watchdog|\x5c* \x5c* \x5c* \x5c* \x5c*
- grep -v vkHzrg
- /usr/bin/mawk awk {print $NF}
- date
- head -c20
- base64 -d
- xargs kill -9
- cat /tmp/.X11-unix/*
- /usr/bin/mawk awk -F {print $(NF-1)}
- chmod +x ./i
Kills the following processes:
Performs operations with the file system:
Modifies file access rights:
Deletes folders:
- /tmp/systemd-private-9a696143c12e4a2d879683f675cf06b2-systemd-logind.service-d16u7f/tmp
- /tmp/systemd-private-9a696143c12e4a2d879683f675cf06b2-systemd-logind.service-d16u7f
Creates or modifies files:
- /tmp/systemd-private-de2381ccba8aa44b77bda1c971a33b5e-systemd-logind.service-vkHzrg/i
- /root/i
- /tmp/.systemd.1
Deletes files:
Locks files:
Other:
Collects OS information
Collects CPU information
Collects RAM information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細