La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.Packed.46

Aggiunto al database dei virus Dr.Web: 2018-01-18

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Launches itself as a daemon
Launches processes:
  • sh -c echo 3 > /proc/sys/vm/drop_caches
  • sh -c killall telnetd utelnetd scfgmgr
Attempts to kill the following processes:
  • killall telnetd utelnetd scfgmgr
Kills the following processes:
  • <SAMPLE>
Performs operations with the file system:
Deletes folders:
  • <SAMPLE_FULL_PATH>"
Creates or modifies files:
  • /proc/sys/vm/drop_caches
Deletes files:
  • <SAMPLE_FULL_PATH>"
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:12399
  • 0.0.0.0:23
Establishes connection:
  • 8.#.8.8:53
  • <LOCAL_DNS_SERVER>
  • 88.###.196.95:123
  • 91.###.91.157:123
  • 12#.##.108.11:123
  • 12#.#.15.27:123
  • 11#.##.122.198:123
  • 12#.#.15.28:123
  • 12#.#.15.29:123
  • 13#.##7.13.100:123
  • 51.###.32.51:123
  • 11#.##0.13.6:123
  • 19#.##8.143.23:123
  • 11#.##0.184.99:123
  • 12#.##8.200.124:123
  • 20#.##.114.202:123
  • 19#.##5.150.25:123
  • 10#.##6.40.40:123
  • 12#.##0.35.250:123
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
  • po##.ntp.org
  • nt#.#buntu.com
  • ti##.##ol.aliyun.com
  • ti##.nist.gov
  • ti###.aliyun.com
  • ti###.aliyun.com
  • ti###.aliyun.com
  • ti###a.nist.gov
  • ti###b.nist.gov
  • ti####w.nist.gov
  • ti##.#indows.com
  • bd.##ol.ntp.org
  • cn.##ol.ntp.org
  • hk.##ol.ntp.org
  • in.##ol.ntp.org
  • id.##ol.ntp.org
  • ir.##ol.ntp.org
  • il.##ol.ntp.org
  • jp.##ol.ntp.org
Sends data to the following servers:
  • 88.###.196.95:123
  • 91.###.91.157:123
  • 12#.##.108.11:123
  • 12#.#.15.27:123
  • 11#.##.122.198:123
  • 12#.#.15.28:123
  • 12#.#.15.29:123
  • 13#.##7.13.100:123
  • 51.###.32.51:123
  • 11#.##0.13.6:123
  • 19#.##8.143.23:123
  • 11#.##0.184.99:123
  • 12#.##8.200.124:123
  • 20#.##.114.202:123
  • 19#.##5.150.25:123
  • 10#.##6.40.40:123
  • 12#.##0.35.250:123

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number