用户服务中心

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

打开分析仪

计算机病毒事件调查

病毒知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

Linux.Siggen.3017

Added to the Dr.Web virus database: 2020-05-19

Virus description added: 2020-05-19

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

/app/lib

Launches processes:

sh -c mkdir app && >app/lib && cd app/lib; mv <SAMPLE_FULL_PATH> app/lib; chmod 777 app/lib
mkdir app
mv <SAMPLE_FULL_PATH> app/lib
chmod 777 app/lib

Kills system processes:

sshd

Performs operations with the file system:

Modifies file access rights:

/root/app/lib

Creates folders:

/root/app

Creates or modifies files:

/root/app/lib
<SAMPLE_FULL_PATH>

Network activity:

Awaits incoming connections on ports:

127.0.0.1:6628

Establishes connection:

8.#.8.8:53
19#.##6.146.53:4708

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

Attacks using a special dictionary (brute-force technique) via an undefined protocol.

Sends data to the following servers:

24.##.194.19:26
11#.##0.182.116:26
18#.##9.199.232:26
14#.##4.189.62:26
19#.##.226.95:26
79.##0.93.50:26
15#.##8.37.208:26
19#.##6.146.53:4708

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number