Per il corretto funzionamento del sito, è necessario attivare il supporto di JavaScript nel browser.
Linux.Siggen.6730
Aggiunto al database dei virus Dr.Web:
2024-03-13
La descrizione è stata aggiunta:
2024-03-13
Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
/etc/init.d/knlib
/var/spool/cron/crontabs/root
/etc/cron.d/.lib-knlib4
/etc/cron.hourly/.lib-knlib4
/etc/cron.daily/.lib-knlib4
/etc/cron.weekly/.lib-knlib4
/etc/cron.monthly/.lib-knlib4
/etc/cron.d/pwnrig
/etc/cron.daily/pwnrig
/etc/cron.hourly/pwnrig
/etc/cron.monthly/pwnrig
/etc/cron.weekly/pwnrig
/etc/cron.d/sedabushp
/etc/cron.daily/sedC9qDsm
/etc/cron.hourly/sedl6ayvq
/etc/cron.monthly/sedK3DFVo
/etc/cron.weekly/sedrGIWNm
/etc/init.d/pwnrig
/etc/init.d/sedQ0WWmo
Creates or modifies the following symlinks:
/etc/rc2.d/S01pwnrig
/etc/rc3.d/S01pwnrig
/etc/rc4.d/S01pwnrig
/etc/rc5.d/S01pwnrig
Malicious functions:
Manages services:
['systemctl', 'daemon-reload']
['systemctl', 'enable', 'knlibe.service']
['systemctl', '--quiet', 'enable', 'pwnrig']
['systemctl', 'enable', 'pwnrige.service']
['systemctl', 'enable', 'pwnrigl.service']
['systemctl', 'reload-or-restart', 'pwnrige.service']
Launches processes:
head -n 1
sed -i 1 s/-e // /etc/init.d/pwnrig
chattr +i +a /etc/cron.d/pwnrig /etc/cron.daily/pwnrig /etc/cron.hourly/pwnrig /etc/cron.monthly/pwnrig /etc/cron.weekly/pwnrig /bin/crondr
/var/tmp/.klibsystem5-x
rm -rf /bin/bprofr
/usr/bin/mawk awk /[zZ]/ && !a[$2]++ {print $2}
bash -c ufw disable
rm -rf -- klibsystem5
chattr +ia /bin/knlib5
chattr +ia /etc/init.d/knlib
cp -f -r -- /tmp/service-agent /bin/initdr
grep -m 1 model name /proc/cpuinfo
rm -rf /bin/initdr
bash -c echo \x22* * * * * /tmp/.klibsystem5 >/dev/null 2>&1\x22 | crontab -
/usr/bin/perl /usr/sbin/update-rc.d pwnrig enable
/bin/sh /usr/bin/which systemctl
nohup ./klibsystem5
chattr +ia /etc/cron.monthly/.lib-knlib4
/bin/sh /usr/bin/which chkconfig
sed -i 1 s/-e // /etc/cron.d/pwnrig /etc/cron.daily/pwnrig /etc/cron.hourly/pwnrig /etc/cron.monthly/pwnrig /etc/cron.weekly/pwnrig
/bin/sh /usr/bin/which update-rc.d
cut -d: -f2
hostname
chattr +ia /etc/anacrontab
chmod +x /etc/init.d/pwnrig /bin/initdr
cp -f -r -- /bin/knlib5 /bin/klibsystem5
cp -f -r -- /tmp/service-agent /bin/bprofr
/usr/bin/mawk awk {print \x22-\x22$2}
tee /etc/init.d/pwnrig
ps -A -ostat,ppid 2>/dev/null | awk \x27/[zZ]/ && !a[$2]++ {print $2}\x27 2>/dev/null | while read procid; do kill -9 $procid 2>/dev/null; done;if `id -u 2>/dev/null` -eq \x270\x27 ; then ps x 2>/dev/null | grep /etc/cron 2>/dev/null | grep -v grep 2>/dev/null | while read procid; do kill -9 $procid 2>/dev/null; done fi
/tmp/sys-helper
chattr +ia /etc/cron.weekly/.lib-knlib4
cat /etc/ssh/sshd_config
grep -v grep
/usr/bin/mawk awk {print $1}
cp -f -r -- /tmp/service-agent /bin/crondr
chattr -i -a /etc/init.d/pwnrig /bin/initdr
/tmp/service-agent -c -p 80 -p 8080 -p 443 -tls -dp 80 -dp 8080 -dp 443 -tls -d -pwn
chattr +ia /etc/cron.hourly/.lib-knlib4
chattr +i +a /lib/systemd/system/pwnrigl.service /etc/systemd/system/pwnrige.service /bin/sysdr
/usr/bin/pgrep pkill -f .klibsystem4
whoami
id -u
sed -i /bprofr/d /root/.bash_profile
<0x2ab>
ps -A -ostat,ppid
/usr/bin/perl /usr/sbin/update-rc.d pwnrig defaults
cp -f -r -- /tmp/service-agent /bin/sysdr
chattr -i -a /lib/systemd/system/pwnrigl.service /etc/systemd/system/pwnrige.service /bin/sysdr
sed -e s/$//
chattr -i -a /bin/bprofr /root/.bash_profile
tee /etc/cron.d/pwnrig /etc/cron.daily/pwnrig /etc/cron.hourly/pwnrig /etc/cron.monthly/pwnrig /etc/cron.weekly/pwnrig
tee /lib/systemd/system/pwnrigl.service /etc/systemd/system/pwnrige.service
crontab -
/bin/bash /etc/init.d/knlib start
chattr +ia /etc/cron.d/.lib-knlib4
chattr +ia /etc/cron.daily/.lib-knlib4
mkdir -p /etc/cron.d /etc/cron.daily /etc/cron.hourly /etc/cron.monthly /etc/cron.weekly
grep -c ^processor /proc/cpuinfo
ps x
chattr +i +a /etc/init.d/pwnrig /bin/initdr
chattr +i +a /bin/bprofr /root/.bash_profile
/usr/bin/perl /usr/sbin/update-rc.d -f pwnrig remove
rm -rf /bin/sysdr
chmod +x /etc/cron.d/pwnrig /etc/cron.daily/pwnrig /etc/cron.hourly/pwnrig /etc/cron.monthly/pwnrig /etc/cron.weekly/pwnrig /bin/crondr
sed -i 1 s/-e // /lib/systemd/system/pwnrigl.service /etc/systemd/system/pwnrige.service
grep Port
pgrep -f klibsystem4
hostname -I
chattr +ia /var/spool/cron/.lib-knlib4
chattr +ia /etc/systemd/system/knlibe.service
rm -rf /bin/crondr
/usr/bin/pgrep pkill -f .klibsystem5
chattr -i -a /etc/cron.*/pwnrig /bin/crondr
sed -e s/^ *//
pgrep -f klibsystem5
crontab -r
<0x1db>
grep /etc/cron
/usr/bin/perl /usr/sbin/update-rc.d -f pwnrig disable
Performs operations with the file system:
Modifies file access rights:
/etc/init.d/knlib
/usr/bin/knlib5
/var/spool/cron/crontabs/tmp.M3mS6l
/var/tmp/.klibsystem5-x
/etc/cron.d/pwnrig
/etc/cron.daily/pwnrig
/etc/cron.hourly/pwnrig
/etc/cron.monthly/pwnrig
/etc/cron.weekly/pwnrig
/usr/bin/crondr
/etc/init.d/pwnrig
/usr/bin/initdr
Modifies file owner:
/etc/cron.d/sedabushp
/etc/cron.daily/sedC9qDsm
/etc/cron.hourly/sedl6ayvq
/etc/cron.monthly/sedK3DFVo
/etc/cron.weekly/sedrGIWNm
/etc/init.d/sedQ0WWmo
/usr/lib/systemd/system/sedMKn11D
/etc/systemd/system/sedGfuPuA
Creates or modifies files:
/etc/systemd/system/knlibe.service
/usr/bin/knlib5
/tmp/.klibsystem5
/var/spool/cron/crontabs/tmp.M3mS6l
/var/spool/cron/.lib-knlib4
/etc/anacrontab
/tmp/sys-helper
/tmp/.bashirc
/tmp/service-agent
/var/tmp/.klibsystem5-x
/usr/bin/bprofr
/root/.bash_profile
/usr/bin/crondr
/usr/bin/initdr
/usr/bin/sysdr
/usr/lib/systemd/system/pwnrigl.service
/etc/systemd/system/pwnrige.service
/usr/lib/systemd/system/sedMKn11D
/etc/systemd/system/sedGfuPuA
Locks files:
Changes time of creation/access/modification of files:
Network activity:
Awaits incoming connections on ports:
Establishes connection:
8.#.8.8:53
5.##.80.215:80
18#.##2.128.146:443
80.##.24.30:80
80.##.24.30:443
51.###.171.23:80
51.###.171.23:443
DNS ASK:
ru#.#ck-dns.ws
c4####cd.pwndns.pw
pw#.###cleservice.top
Sends data to the following servers:
18#.##2.128.146:443
80.##.24.30:80
51.###.171.23:80
Receives data from the following servers:
18#.##2.128.146:443
80.##.24.30:80
51.###.171.23:80
Other:
Collects OS information
Collects CPU information
Collects RAM information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Scaricate Dr.Web per Android
Gratis per 3 mesi
Tutti i componenti di protezione
Rinnovo versione di prova tramite AppGallery/Google Pay
Continuando a utilizzare questo sito, l'utente acconsente al nostro utilizzo di file Cookie e di altre tecnologie per la raccolta di informazioni statistiche sui visitatori. Per maggiori informazioni
OK