JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.2979
Added to the Dr.Web virus database:
2020-05-18
Virus description added:
2020-05-17
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Launches processes:
/bin/sh -c mkdir app && >app/lib && cd app/lib; mv <SAMPLE_FULL_PATH> app/lib; chmod 777 app/lib
mkdir app
mv <SAMPLE_FULL_PATH> app/lib
chmod 777 app/lib
Kills system processes:
Performs operations with the file system:
Modifies file access rights:
Creates folders:
Creates or modifies files:
/root/app/lib
<SAMPLE_FULL_PATH>
Network activity:
Awaits incoming connections on ports:
Establishes connection:
8.#.8.8:53
19#.##6.146.53:4708
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
10#.###.197.181:2323
14#.##2.8.142:2323
23#.##4.96.167:2323
51.##.221.92:2323
17#.##.126.97:2323
53.##.67.143:2323
10#.###.173.178:2323
19#.##6.146.53:4708
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK