用户服务中心

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

打开分析仪

计算机病毒事件调查

病毒知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

Linux.Siggen.3022

Added to the Dr.Web virus database: 2020-05-19

Virus description added: 2020-05-19

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

/app/lib

Launches processes:

/bin/sh -c mkdir app && >app/lib && cd app/lib; mv <SAMPLE_FULL_PATH> app/lib; chmod 777 app/lib
mkdir app
mv <SAMPLE_FULL_PATH> app/lib
chmod 777 app/lib

Kills system processes:

sshd

Performs operations with the file system:

Modifies file access rights:

/root/app/lib

Creates folders:

/root/app

Creates or modifies files:

/root/app/lib
<SAMPLE_FULL_PATH>

Network activity:

Awaits incoming connections on ports:

127.0.0.1:6628

Establishes connection:

8.#.8.8:53
19#.##6.146.53:4708

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

Attacks using a special dictionary (brute-force technique) via an undefined protocol.

Sends data to the following servers:

21#.##.48.146:26
20#.##.51.134:26
39.###.29.230:26
13#.##.203.184:23
17#.##7.210.192:23
32.###.54.160:26
12#.##1.121.130:23
13#.##0.196.233:23
19#.##6.146.53:4708

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number