JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.2017
Added to the Dr.Web virus database:
2019-07-22
Virus description added:
2019-07-22
Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
/var/spool/cron/crontabs/root
Malicious functions:
Launches itself as a daemon
Launches processes:
cat /proc/version
cat /proc/cpuinfo
uname -a
getconf LONG_BIT
<SAMPLE_FULL_PATH> [stealth]
/usr/bin/crontab /tmp/nip9iNeiph5chee
Performs operations with the file system:
Modifies file access rights:
/var/spool/cron/crontabs/tmp.TOZBvV
Creates or modifies files:
/root/.pid
/tmp/nip9iNeiph5chee
/var/spool/cron/crontabs/tmp.TOZBvV
/tmp/[stealth].pid
Deletes files:
Locks files:
Network activity:
HTTP GET requests:
54.##.###.79:8085/project/active
54.##.###.########bots/knock?worker=Universal&os=Linux&version=3.09
54.##.###.79:8085/gw?worker=synoB
54.##.###.79:8085/gw?worker=
Other:
Collects OS information
Collects CPU information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK