Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Linux.Siggen.4064
Aggiunto al database dei virus Dr.Web:
2021-07-26
La descrizione è stata aggiunta:
2021-07-26
Technical Information
Malicious functions:
Modifies firewall settings:
iptables -P INPUT DROP
iptables -t filter -N LOG_N_ACCEPT
iptables -t filter -A LOG_N_ACCEPT -j LOG --log-level warning --log-prefix ACTION=INPUT-ACCEPT
iptables -t filter -A LOG_N_ACCEPT -j ACCEPT
iptables -A INPUT -i eno1 -j LOG_N_ACCEPT
iptables -A INPUT -m conntrack --ctstate RELATE
iptables -A INPUT -p tcp -m tcp --dport 22 -j LOG_N_ACCEPT
iptables -A INPUT -p tcp -m tcp --dport http -j LOG_N_ACCEPT
iptables -A INPUT -p tcp -m tcp --dport https -j LOG_N_ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -j LOG
iptables -A INPUT -s 192.168.10.0/24 -j LOG
iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-level 4
iptables -A INPUT -s 192.168.10.0/24 -j LOG --log-prefix ** SUSPECT **
iptables -t mangle -A PREROUTING -m conntrack --ctstate INVALID -j DROP
iptables -t mangle -A PREROUTING -p tcp ! --syn -m conntrack --ctstate NEW -j DROP
iptables -t mangle -A PREROUTING -p tcp -m conntrack --ctstate NEW -m tcpmss ! --mss 536:65535 -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags FI
iptables -t mangle -A PREROUTING -p tcp --tcp-flags SY
iptables -t mangle -A PREROUTING -p tcp --tcp-flags AC
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL ALL -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL NONE -j DROP
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL FI
iptables -t mangle -A PREROUTING -p tcp --tcp-flags ALL SY
iptables -t mangle -A PREROUTING -s 224.0.0.0/3 -j DROP
iptables -t mangle -A PREROUTING -s 169.254.0.0/16 -j DROP
iptables -t mangle -A PREROUTING -s 172.16.0.0/12 -j DROP
iptables -t mangle -A PREROUTING -s 192.0.2.0/24 -j DROP
iptables -t mangle -A PREROUTING -s 192.168.0.0/16 -j DROP
iptables -t mangle -A PREROUTING -s 10.0.0.0/8 -j DROP
iptables -t mangle -A PREROUTING -s 0.0.0.0/8 -j DROP
iptables -t mangle -A PREROUTING -s 240.0.0.0/5 -j DROP
iptables -t mangle -A PREROUTING -s 127.0.0.0/8 ! -i lo -j DROP
iptables -t mangle -A PREROUTING -p icmp -j DROP
iptables -t mangle -A PREROUTING -f -j DROP
iptables -A INPUT -p tcp -m connlimit --connlimit-above 111 -j REJECT --reject-with tcp-reset
iptables -A INPUT -p tcp --tcp-flags RST RST -m limit --limit 2/s --limit-burst 2 -j LOG_N_ACCEPT
iptables -A INPUT -p tcp --tcp-flags RST RST -j DROP
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -m limit --limit 60/s --limit-burst 20 -j LOG_N_ACCEPT
iptables -A INPUT -p tcp -m conntrack --ctstate NEW -j DROP
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --set
iptables -A INPUT -p tcp --dport ssh -m conntrack --ctstate NEW -m recent --update --seconds 60 --hitcount 10 -j DROP
iptables -N port-scanning
iptables -A port-scanning -p tcp --tcp-flags SY
iptables -A port-scanning -j DROP
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j LOG_N_ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -m limit --limit 1/s -j ACCEPT
iptables -A INPUT -p tcp --tcp-flags ALL NONE -m limit --limit 1/h -j LOG_N_ACCEPT
iptables -A INPUT -p tcp --tcp-flags ALL ALL -m limit --limit 1/h -j LOG_N_ACCEPT
iptables -I OUTPUT -m state -p tcp --state NEW ! -s 127.0.0.1 ! -d 127.0.0.1 -j LOG --log-prefix ACTION=OUTPUT-TCP
iptables -I OUTPUT -m state -p udp -s 127.0.0.1 ! -d 127.0.0.1 -j LOG --log-prefix ACTION=OUTPUT-UDP
Launches processes:
/bin/bash <SAMPLE_FULL_PATH> -c exec '<SAMPLE_FULL_PATH>' \"$@\" <SAMPLE_FULL_PATH>
<SAMPLE_FULL_PATH>
/bin/bash <SAMPLE_FULL_PATH> -c
apt install dnsutils
/usr/bin/dpkg --print-foreign-architectures
/usr/lib/apt/methods/http
apt-get install net-tools
apt-get install tcpdump
apt-get install dsniff -y
Kills the following processes:
/usr/lib/apt/methods/http
Performs operations with the file system:
Modifies file access rights:
/var/cache/apt/pkgcache.bin.qm3h0o
Creates or modifies files:
/var/lib/dpkg/lock
/var/cache/apt/pkgcache.bin.qm3h0o
/var/cache/apt/archives/lock
Deletes files:
/var/cache/apt/pkgcache.bin
Network activity:
Establishes connection:
DNS ASK:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK