Linux.Siggen.7950
Added to the Dr.Web virus database:
2024-08-16
Virus description added:
2024-08-16
Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- /etc/init.d/dpkg-deb-package
Malicious functions:
Launches processes:
- /usr/bin/pgrep pkill -9 -f \x5c./cliented
- /usr/bin/pgrep pkill -9 -f \x5c./\x5c.
- bash -c ufw disable
- /usr/bin/pgrep pkill -9 -f monero
- /usr/bin/pgrep pkill -9 -f kinsing
- sed /\x5c.bashgo\x5c|pastebin\x5c|onion\x5c|bprofr\x5c|python\x5c|curl\x5c|wget\x5c|\x5c.sh/d
- /usr/bin/pgrep pkill -9 -f dovecat
- /usr/bin/pgrep pkill -9 -f /tmp/system
- /usr/bin/pgrep pkill -9 -f sshpass
- /usr/bin/pgrep pkill -9 -f knthread
- /usr/bin/pgrep pkill -9 -f meminitsrv
- /usr/bin/pgrep pkill -9 -f stratum
- /usr/bin/pgrep pkill -9 -f init\x5c.sh
- bash -c iptables -P OUTPUT ACCEPT
- /usr/bin/pgrep pkill -9 -f \x5c./crun
- xargs -I % kill -9 %
- bash -c chattr -ia /etc/ld.so.preload
- /usr/bin/pgrep pkill -9 -f \x5c./system-xfwm4-session
- /usr/bin/mawk awk {print $2}
- /usr/bin/pgrep pkill -9 -f sysguard
- /usr/bin/pgrep pkill -9 -f so\x5c.txt
- /usr/bin/pgrep pkill -9 -f phpupdate
- /usr/bin/pgrep pkill -9 -f /dev/shm
- crontab -
- /usr/bin/pgrep pkill -9 -f kdevtmpfsi
- /usr/bin/pgrep pkill -9 -f networkservice
- /usr/bin/pgrep pkill -9 -f b64decode
- /usr/bin/pgrep pkill -9 -f bash -s 3673
- pgrep -f meshagent|kdevchecker|ipv6_addrconfd|kworkerr|cpuhelp|deamon|ksoftriqd|pastebin|solr.sh|solrd|kinsing|kdevtmpfsi|kthreaddk|linuxsys|rnv2ymcl|skid.x86|getpy.sh
- /usr/bin/pgrep pkill -9 -f sysupdate
- /usr/bin/pgrep pkill -9 -f loligang
- /usr/bin/pgrep pkill -9 -f xmr-stak
- /usr/bin/pgrep pkill -9 -f mysqldd
- bash -c cat /proc/mounts | awk \x27{print $2}\x27 | grep -P \x27/proc/\x5cd+\x27 | grep -Po \x27\x5cd+\x27 | xargs -I % kill -9 %
- /usr/bin/pgrep pkill -9 -f networkmanager
- /usr/sbin/xtables-nft-multi iptables -F
- /usr/bin/pgrep pkill -9 -f solr\x5c.sh
- /usr/bin/pgrep pkill -9 -f donate
- /usr/bin/pgrep pkill -9 -f attack
- /usr/bin/pgrep pkill -9 -f \x5c./lin64
- /usr/bin/pgrep pkill -9 -f /tmp/\x5c.
- /usr/sbin/xtables-nft-multi iptables -P FORWARD ACCEPT
- cat /proc/mounts
- crontab -l
- /usr/bin/pgrep pkill -9 -f sysDworker
- bash -c cat /dev/null > /etc/ld.so.preload
- /usr/bin/pgrep pkill -9 -f solrd
- grep -P /proc/\x5cd+
- bash -c crontab -l | sed \x27/\x5c.bashgo\x5c|pastebin\x5c|onion\x5c|bprofr\x5c|python\x5c|curl\x5c|wget\x5c|\x5c.sh/d\x27 | crontab -
- bash -c iptables -F
- /usr/bin/pgrep pkill -9 -f phpguard
- /usr/bin/pgrep pkill -9 -f polska
- chattr +ia /etc/init.d/dpkg-deb-package
- /usr/bin/pgrep pkill -9 -f \x5c.rsyslogds
- /usr/bin/pgrep pkill -9 -f MCf8
- /usr/bin/pgrep pkill -9 -f agettyd
- /usr/bin/pgrep pkill -9 -f javae
- /usr/bin/pgrep pkill -9 -f kthreaddkk
- /usr/bin/pgrep pkill -9 -f bash -s kthreaddk
- ps -eo pid,ppid,comm,%cpu --sort=-%cpu
- bash -c pgrep -f \x27meshagent|kdevchecker|ipv6_addrconfd|kworkerr|cpuhelp|deamon|ksoftriqd|pastebin|solr.sh|solrd|kinsing|kdevtmpfsi|kthreaddk|linuxsys|rnv2ymcl|skid.x86|getpy.sh\x27 | xargs -r kill
- /usr/bin/pgrep pkill -9 -f excludefile
- /usr/bin/pgrep pkill -9 -f gitlabkill
- /usr/bin/pgrep pkill -9 -f juiceSSH
- /usr/bin/pgrep pkill -9 -f masscan
- cat /dev/null
- /usr/bin/pgrep pkill -9 -f \x5c.inis
- /usr/bin/pgrep pkill -9 -f /var/tmp
- bash -c iptables -P FORWARD ACCEPT
- /usr/bin/pgrep pkill -9 -f certutil
- /usr/bin/pgrep pkill -9 -f \x5c./python
- /usr/bin/pgrep pkill -9 -f pnscan
- /usr/bin/pgrep pkill -9 -f \x5c./httpd
- /usr/bin/pgrep pkill -9 -f kthreaddw
- /usr/bin/pgrep pkill -9 -f crond64
- chattr -ia /etc/ld.so.preload
- /usr/bin/pgrep pkill -9 -f 8005/cc5
- /usr/bin/pgrep pkill -9 -f 118/cf\x5c.sh
- xargs -r kill
- /usr/bin/pgrep pkill -9 -f confluence/install\x5c.sh
- /usr/sbin/xtables-nft-multi iptables -P OUTPUT ACCEPT
- /usr/sbin/xtables-nft-multi iptables -P INPUT ACCEPT
- /usr/bin/pgrep pkill -9 -f unls64\x5c.sh
- /usr/bin/pgrep pkill -9 -f sshexec
- /usr/bin/pgrep pkill -9 -f load\x5c.sh
- /usr/bin/pgrep pkill -9 -f mysqlserver
- /usr/bin/pgrep pkill -9 -f \x5c.6379
- /usr/bin/pgrep pkill -9 -f xmrig
- bash -c iptables -P INPUT ACCEPT
- /usr/bin/pgrep pkill -9 -f cnrig
- grep -Po \x5cd+
Kills the following processes:
Performs operations with the file system:
Modifies file access rights:
- /etc/init.d/dpkg-deb-package
Creates or modifies files:
- /etc/ld.so.preload
- /var/spool/cron/crontabs/tmp.Ut2Seo
Network activity:
Awaits incoming connections on ports:
Establishes connection:
Other:
Collects OS information
Collects CPU information
Collects RAM information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細