Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Soporte
Soporte 24 horas | Normas de contactar

Sus solicitudes

Perfil

Linux.Siggen.3206

Added to the Dr.Web virus database: 2020-07-13

Virus description added:

Technical Information

Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
  • GNU
Launches processes:
  • sh -c setenforce 0
  • sh -c mount -o bind /tmp /proc/531 > /dev/null
  • mount -o bind /tmp /proc/531
  • sh -c mount -o bind /tmp /proc/537 > /dev/null
  • sh -c mount -o bind /tmp /proc/535 > /dev/null
  • mount -o bind /tmp /proc/535
  • mount -o bind /tmp /proc/537
  • sh -c mount -o bind /tmp /proc/536 > /dev/null
  • mount -o bind /tmp /proc/536
Performs operations with the file system:
Mounts file systems:
  • /tmp
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:13219
Establishes connection:
  • 8.#.8.8:53
  • 35.###.142.40:19
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
  • ev##ve.cf
Sends data to the following servers:
  • 35.###.142.40:19
Receives data from the following servers:
  • 35.###.142.40:19

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number