Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Soporte
Soporte 24 horas | Normas de contactar

Sus solicitudes

Perfil

Linux.Siggen.6730

Added to the Dr.Web virus database: 2024-03-13

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • /etc/init.d/knlib
  • /var/spool/cron/crontabs/root
  • /etc/cron.d/.lib-knlib4
  • /etc/cron.hourly/.lib-knlib4
  • /etc/cron.daily/.lib-knlib4
  • /etc/cron.weekly/.lib-knlib4
  • /etc/cron.monthly/.lib-knlib4
  • /etc/cron.d/pwnrig
  • /etc/cron.daily/pwnrig
  • /etc/cron.hourly/pwnrig
  • /etc/cron.monthly/pwnrig
  • /etc/cron.weekly/pwnrig
  • /etc/cron.d/sedabushp
  • /etc/cron.daily/sedC9qDsm
  • /etc/cron.hourly/sedl6ayvq
  • /etc/cron.monthly/sedK3DFVo
  • /etc/cron.weekly/sedrGIWNm
  • /etc/init.d/pwnrig
  • /etc/init.d/sedQ0WWmo
Creates or modifies the following symlinks:
  • /etc/rc2.d/S01pwnrig
  • /etc/rc3.d/S01pwnrig
  • /etc/rc4.d/S01pwnrig
  • /etc/rc5.d/S01pwnrig
Malicious functions:
Manages services:
  • ['systemctl', 'daemon-reload']
  • ['systemctl', 'enable', 'knlibe.service']
  • ['systemctl', '--quiet', 'enable', 'pwnrig']
  • ['systemctl', 'enable', 'pwnrige.service']
  • ['systemctl', 'enable', 'pwnrigl.service']
  • ['systemctl', 'reload-or-restart', 'pwnrige.service']
Launches processes:
  • head -n 1
  • sed -i 1 s/-e // /etc/init.d/pwnrig
  • chattr +i +a /etc/cron.d/pwnrig /etc/cron.daily/pwnrig /etc/cron.hourly/pwnrig /etc/cron.monthly/pwnrig /etc/cron.weekly/pwnrig /bin/crondr
  • /var/tmp/.klibsystem5-x
  • rm -rf /bin/bprofr
  • /usr/bin/mawk awk /[zZ]/ && !a[$2]++ {print $2}
  • bash -c ufw disable
  • rm -rf -- klibsystem5
  • chattr +ia /bin/knlib5
  • chattr +ia /etc/init.d/knlib
  • cp -f -r -- /tmp/service-agent /bin/initdr
  • grep -m 1 model name /proc/cpuinfo
  • rm -rf /bin/initdr
  • bash -c echo \x22* * * * * /tmp/.klibsystem5 >/dev/null 2>&1\x22 | crontab -
  • /usr/bin/perl /usr/sbin/update-rc.d pwnrig enable
  • /bin/sh /usr/bin/which systemctl
  • nohup ./klibsystem5
  • chattr +ia /etc/cron.monthly/.lib-knlib4
  • /bin/sh /usr/bin/which chkconfig
  • sed -i 1 s/-e // /etc/cron.d/pwnrig /etc/cron.daily/pwnrig /etc/cron.hourly/pwnrig /etc/cron.monthly/pwnrig /etc/cron.weekly/pwnrig
  • /bin/sh /usr/bin/which update-rc.d
  • cut -d: -f2
  • hostname
  • chattr +ia /etc/anacrontab
  • chmod +x /etc/init.d/pwnrig /bin/initdr
  • cp -f -r -- /bin/knlib5 /bin/klibsystem5
  • cp -f -r -- /tmp/service-agent /bin/bprofr
  • /usr/bin/mawk awk {print \x22-\x22$2}
  • tee /etc/init.d/pwnrig
  • ps -A -ostat,ppid 2>/dev/null | awk \x27/[zZ]/ && !a[$2]++ {print $2}\x27 2>/dev/null | while read procid; do kill -9 $procid 2>/dev/null; done;if `id -u 2>/dev/null` -eq \x270\x27 ; then ps x 2>/dev/null | grep /etc/cron 2>/dev/null | grep -v grep 2>/dev/null | while read procid; do kill -9 $procid 2>/dev/null; done fi
  • /tmp/sys-helper
  • chattr +ia /etc/cron.weekly/.lib-knlib4
  • cat /etc/ssh/sshd_config
  • grep -v grep
  • /usr/bin/mawk awk {print $1}
  • cp -f -r -- /tmp/service-agent /bin/crondr
  • chattr -i -a /etc/init.d/pwnrig /bin/initdr
  • /tmp/service-agent -c -p 80 -p 8080 -p 443 -tls -dp 80 -dp 8080 -dp 443 -tls -d -pwn
  • chattr +ia /etc/cron.hourly/.lib-knlib4
  • chattr +i +a /lib/systemd/system/pwnrigl.service /etc/systemd/system/pwnrige.service /bin/sysdr
  • /usr/bin/pgrep pkill -f .klibsystem4
  • whoami
  • id -u
  • sed -i /bprofr/d /root/.bash_profile
  • <0x2ab>
  • ps -A -ostat,ppid
  • /usr/bin/perl /usr/sbin/update-rc.d pwnrig defaults
  • cp -f -r -- /tmp/service-agent /bin/sysdr
  • chattr -i -a /lib/systemd/system/pwnrigl.service /etc/systemd/system/pwnrige.service /bin/sysdr
  • sed -e s/$//
  • chattr -i -a /bin/bprofr /root/.bash_profile
  • tee /etc/cron.d/pwnrig /etc/cron.daily/pwnrig /etc/cron.hourly/pwnrig /etc/cron.monthly/pwnrig /etc/cron.weekly/pwnrig
  • tee /lib/systemd/system/pwnrigl.service /etc/systemd/system/pwnrige.service
  • crontab -
  • /bin/bash /etc/init.d/knlib start
  • chattr +ia /etc/cron.d/.lib-knlib4
  • chattr +ia /etc/cron.daily/.lib-knlib4
  • mkdir -p /etc/cron.d /etc/cron.daily /etc/cron.hourly /etc/cron.monthly /etc/cron.weekly
  • grep -c ^processor /proc/cpuinfo
  • ps x
  • chattr +i +a /etc/init.d/pwnrig /bin/initdr
  • chattr +i +a /bin/bprofr /root/.bash_profile
  • /usr/bin/perl /usr/sbin/update-rc.d -f pwnrig remove
  • rm -rf /bin/sysdr
  • chmod +x /etc/cron.d/pwnrig /etc/cron.daily/pwnrig /etc/cron.hourly/pwnrig /etc/cron.monthly/pwnrig /etc/cron.weekly/pwnrig /bin/crondr
  • sed -i 1 s/-e // /lib/systemd/system/pwnrigl.service /etc/systemd/system/pwnrige.service
  • grep Port
  • pgrep -f klibsystem4
  • hostname -I
  • chattr +ia /var/spool/cron/.lib-knlib4
  • chattr +ia /etc/systemd/system/knlibe.service
  • rm -rf /bin/crondr
  • /usr/bin/pgrep pkill -f .klibsystem5
  • chattr -i -a /etc/cron.*/pwnrig /bin/crondr
  • sed -e s/^ *//
  • pgrep -f klibsystem5
  • crontab -r
  • <0x1db>
  • grep /etc/cron
  • /usr/bin/perl /usr/sbin/update-rc.d -f pwnrig disable
Performs operations with the file system:
Modifies file access rights:
  • /etc/init.d/knlib
  • /usr/bin/knlib5
  • /var/spool/cron/crontabs/tmp.M3mS6l
  • /var/tmp/.klibsystem5-x
  • /etc/cron.d/pwnrig
  • /etc/cron.daily/pwnrig
  • /etc/cron.hourly/pwnrig
  • /etc/cron.monthly/pwnrig
  • /etc/cron.weekly/pwnrig
  • /usr/bin/crondr
  • /etc/init.d/pwnrig
  • /usr/bin/initdr
Modifies file owner:
  • /etc/cron.d/sedabushp
  • /etc/cron.daily/sedC9qDsm
  • /etc/cron.hourly/sedl6ayvq
  • /etc/cron.monthly/sedK3DFVo
  • /etc/cron.weekly/sedrGIWNm
  • /etc/init.d/sedQ0WWmo
  • /usr/lib/systemd/system/sedMKn11D
  • /etc/systemd/system/sedGfuPuA
Creates or modifies files:
  • /etc/systemd/system/knlibe.service
  • /usr/bin/knlib5
  • /tmp/.klibsystem5
  • /var/spool/cron/crontabs/tmp.M3mS6l
  • /var/spool/cron/.lib-knlib4
  • /etc/anacrontab
  • /tmp/sys-helper
  • /tmp/.bashirc
  • /tmp/service-agent
  • /var/tmp/.klibsystem5-x
  • /usr/bin/bprofr
  • /root/.bash_profile
  • /usr/bin/crondr
  • /usr/bin/initdr
  • /usr/bin/sysdr
  • /usr/lib/systemd/system/pwnrigl.service
  • /etc/systemd/system/pwnrige.service
  • /usr/lib/systemd/system/sedMKn11D
  • /etc/systemd/system/sedGfuPuA
Locks files:
  • /tmp/.bashirc
Changes time of creation/access/modification of files:
  • /var/spool/cron/crontabs
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:59475
Establishes connection:
  • 8.#.8.8:53
  • 5.##.80.215:80
  • 18#.##2.128.146:443
  • 80.##.24.30:80
  • 80.##.24.30:443
  • 51.###.171.23:80
  • 51.###.171.23:443
DNS ASK:
  • ru#.#ck-dns.ws
  • c4####cd.pwndns.pw
  • pw#.###cleservice.top
Sends data to the following servers:
  • 18#.##2.128.146:443
  • 80.##.24.30:80
  • 51.###.171.23:80
Receives data from the following servers:
  • 18#.##2.128.146:443
  • 80.##.24.30:80
  • 51.###.171.23:80
Other:
Collects OS information
Collects CPU information
Collects RAM information

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number