Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Linux.Mirai.3085
Aggiunto al database dei virus Dr.Web:
2019-07-21
La descrizione è stata aggiunta:
2019-07-21
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Launches processes:
/bin/sh -c cd /bin/; cat tftp > tftp-cpy; cat <SAMPLE_FULL_PATH> > tftp
cat tftp
cat <SAMPLE_FULL_PATH>
/bin/sh -c cd /bin/; cat rm > rm-cpy; cat <SAMPLE_FULL_PATH> > rm
cat rm
/bin/sh -c cd /bin/; cat kill > kill-cpy; cat <SAMPLE_FULL_PATH> > kill
cat kill
/bin/sh -c cd /bin/; cat cd > cd-cpy; cat <SAMPLE_FULL_PATH> > cd
cat cd
/bin/sh -c cd /sbin/; cat tftp > tftp-cpy; cat <SAMPLE_FULL_PATH> > tftp
/bin/sh -c cd /sbin/; cat rm > rm-cpy; cat <SAMPLE_FULL_PATH> > rm
/bin/sh -c cd /sbin/; cat kill > kill-cpy; cat <SAMPLE_FULL_PATH> > kill
/bin/sh -c cd /sbin/; cat cd > cd-cpy; cat <SAMPLE_FULL_PATH> > cd
/bin/sh -c export PATH=/root:$PATH
/bin/sh -c echo -ne 'export PATH=/root:$PATH' >> ~/.~/.bash_profile
/bin/sh -c echo -ne 'export PATH=/root:$PATH' >> ~/.~/.bashrc
/bin/sh -c echo -ne 'export PATH=/root:$PATH' >> ~/./root/.bash_profile
/bin/sh -c echo -ne 'export PATH=/root:$PATH' >> ~/./root/.bashrc
Kills the following processes:
Performs operations with the file system:
Creates or modifies files:
/bin/tftp-cpy
/bin/tftp
/bin/rm-cpy
/bin/rm
/bin/kill-cpy
/bin/kill
/bin/cd-cpy
/bin/cd
/sbin/tftp-cpy
/sbin/tftp
/sbin/rm-cpy
/sbin/rm
/sbin/kill-cpy
/sbin/kill
/sbin/cd-cpy
/sbin/cd
<SAMPLE_FULL_PATH>
/root/.~/.bash_profile
/root/.~/.bashrc
/root/./root/.bash_profile
/root/./root/.bashrc
Network activity:
Establishes connection:
19#.##.97.85:9090
25#.###.255.255:9090
15#.###.169.254:37215
19#.###.169.254:37215
15#.###.62.233:37215
15#.###.113.144:37215
41.###.90.223:37215
19#.#.202.48:37215
41.###.237.60:37215
19#.###.153.34:37215
19#.###.154.196:37215
41.##.188.243:37215
15#.##.76.235:37215
41.##.28.189:37215
15#.##.207.77:37215
15#.##.90.152:37215
15#.###.105.96:37215
41.##.9.189:37215
41.###.100.194:37215
15#.##.124.240:37215
15#.##.227.37:37215
41.###.24.109:37215
41.###.149.143:37215
41.###.220.174:37215
41.###.25.98:37215
41.##.242.128:37215
15#.#.100.92:37215
19#.###.87.227:37215
41.##.20.75:37215
19#.##4.79.83:37215
15#.##.55.190:37215
41.#.#78.213:37215
15#.###.209.153:37215
41.###.3.56:37215
41.###.69.165:37215
41.###.155.183:37215
41.###.2.224:37215
19#.###.244.26:37215
19#.##.75.126:37215
41.###.234.219:37215
15#.##.229.245:37215
19#.##.196.53:37215
19#.##1.1.179:37215
19#.###.50.245:37215
41.###.68.244:37215
15#.##4.5.62:37215
41.###.42.194:37215
41.##.199.125:37215
19#.##.20.99:37215
19#.##.187.107:37215
15#.###.200.116:37215
19#.##.219.225:37215
19#.##6.17.23:37215
41.##.88.48:37215
15#.###.135.165:37215
41.###.98.63:37215
41.###.99.149:37215
19#.##.171.26:37215
19#.##.152.49:37215
19#.###.196.71:37215
19#.##.52.237:37215
15#.###.230.15:37215
15#.##0.49.58:37215
41.#.#8.85:37215
19#.##.73.12:37215
15#.###.174.83:37215
19#.##1.89.49:37215
41.###.78.103:37215
19#.###.195.247:37215
15#.###.135.196:37215
41.###.193.45:37215
15#.##.255.241:37215
15#.###.140.250:37215
41.###.156.63:37215
15#.###.200.203:37215
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
Receives data from the following servers:
Other:
Collects information about network activity
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK