Linux.Siggen.7845
Added to the Dr.Web virus database:
2024-07-27
Virus description added:
2024-07-26
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
- server_listener
- router
- signal_listener
- server_router
- input_handler
- stdin_handler
- screen
- pty
- background_jobs
- pty_writer
- wasm
- async-io
- async-std/runti
Launches processes:
- /bin/bash
- <SAMPLE_FULL_PATH> --server /run/user/0/zellij/0.40.1/blossoming-newt
Performs operations with the file system:
Modifies file access rights:
- /tmp/zellij-0
- /tmp/zellij-0/zellij-log
- /tmp/zellij-0/zellij-log/zellij.log
- /run/user/0/zellij/0.40.1
- /run/user/0/zellij/0.40.1/blossoming-newt
Creates folders:
- /tmp/zellij-0
- /tmp/zellij-0/zellij-log
- /zellij
- /zellij/0.40.1
- /root/.cache
- /root/.cache/zellij
- /root/.cache/zellij/0.40.1
- /root/.cache/zellij/0.40.1/session_info
- /root/.cache/zellij/0.40.1/session_info/blossoming-newt
- /root/.cache/zellij/63d99202-3433-4c14-88ac-e6ea0cad5ee5
- /root/.cache/zellij/63d99202-3433-4c14-88ac-e6ea0cad5ee5/zellij:tab-bar
- /root/.cache/zellij/63d99202-3433-4c14-88ac-e6ea0cad5ee5/zellij:tab-bar/0-1
Creates or modifies files:
- /tmp/zellij-0/zellij-log/zellij.log
- /root/.cache/zellij/0.40.1/session_info/blossoming-newt/session-metadata.kdl
- /dev/pts/1
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細