用户服务中心

Close

My library

+ Add to library

24/7 Tech support | Rules regarding submitting

Send a message

A query form

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

New ticket

Call us

+7 (495) 789-45-86

RU CN DE EN ES FR IT JP KZ UZ PL BY

Close

服务

扫描仪

Dr.Web vxCube

试用

打开分析仪

计算机病毒事件调查

病毒知识库

知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

新闻

Linux.Siggen.2975

Added to the Dr.Web virus database: 2020-05-18

Virus description added: 2020-05-17

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

/app/lib

Launches processes:

sh -c mkdir app && >app/lib && cd app/lib; mv <SAMPLE_FULL_PATH> app/lib; chmod 777 app/lib
mkdir app
mv <SAMPLE_FULL_PATH> app/lib
chmod 777 app/lib

Kills system processes:

sshd

Performs operations with the file system:

Modifies file access rights:

/root/app/lib

Creates folders:

/root/app

Creates or modifies files:

/var/spool/exim4/app/lib
<SAMPLE_FULL_PATH>

Network activity:

Awaits incoming connections on ports:

127.0.0.1:6628

Establishes connection:

8.#.8.8:53
19#.##6.146.53:4708

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

Sends data to the following servers:

19#.##3.249.157:23
40.##.3.19:23
16#.##4.87.134:23
12#.##8.163.94:23
16#.##0.160.249:23
96.##.82.111:23
11#.##9.187.154:23
19#.##6.146.53:4708

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number