Bibliothèque
Ma bibliothèque

+ Ajouter à la bibliothèque

Contacter-nous !
Support 24/24 | Rules regarding submitting

Nous téléphoner

0 825 300 230

Forum

Vos requêtes

  • Toutes : -
  • Non clôturées : -
  • Dernière : le -

Nous téléphoner

0 825 300 230

Profil

Linux.Siggen.7810

Added to the Dr.Web virus database: 2024-07-19

Virus description added:

Technical Information

Malicious functions:
Manages services:
  • ['systemctl', 'daemon-reload']
  • ['systemctl', 'enable', 'supdate.service']
  • ['systemctl', 'start', 'supdate.service']
Launches processes:
  • touch /tmp/installed
  • chmod 700 /tmp/apt-key-gpghome.YNFsKhbSJv
  • cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
  • cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
  • cp -a /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.gpg /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.orig.gpg
  • apt update
  • /usr/bin/dpkg --print-foreign-architectures
  • whoami
  • /usr/lib/apt/methods/http
  • find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )
  • cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
  • cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
  • cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
  • gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
  • ls /tmp/installed
  • apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
  • gpgconf --kill all
  • mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
  • apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
  • cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
  • /bin/sh -c yum update -y && yum install epel-release -y && yum install screen hping3 -y
  • cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
  • apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
  • cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
  • cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
  • rm -rf /tmp/apt-key-gpghome.YNFsKhbSJv
  • /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.vTjy1Q /tmp/apt.data.e2rdpO
  • ps aux
  • cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
  • /usr/lib/apt/methods/https
  • gpgv --homedir /tmp/apt-key-gpghome.YNFsKhbSJv --keyring /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.3Apwlp /tmp/apt.data.ecmRro
  • /usr/lib/apt/methods/gpgv
  • sort
  • sed -e s#\x27#\x27\x22\x27\x22\x27#g
  • rm -f /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.gpg
  • /usr/lib/apt/methods/store
  • /bin/sh -c apt update && apt install screen hping3 -y
  • crontab -l
  • cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
  • cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
  • apt-config shell GPGV Apt::Key::gpgvcommand
  • readlink -f /etc/apt/trusted.gpg.d/
  • apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
  • cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
  • gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end
  • /bin/sh -c ls /tmp/installed
  • /bin/sh -c touch /tmp/installed
  • readlink -f /tmp/apt-key-gpghome.YNFsKhbSJv
  • cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
  • apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
  • apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
  • cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
  • cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
  • apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
  • cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
  • cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
  • gpg-connect-agent --no-autostart KILLAGENT
  • /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.3Apwlp /tmp/apt.data.ecmRro
  • touch /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.gpg
Kills the following processes:
  • http
  • gpgv
  • store
Performs operations with the file system:
Modifies file access rights:
  • /var/lib/apt/lists/partial
  • /var/lib/apt/lists/auxfiles
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
  • /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
  • /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
  • /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
  • /tmp/apt-key-gpghome.YNFsKhbSJv
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.KTMSsB
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.1FebqB
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.OI6Dwz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
Modifies file owner:
  • /var/lib/apt/lists/partial
  • /var/lib/apt/lists/auxfiles
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
  • /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
  • /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
  • /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
Creates folders:
  • /tmp/apt-key-gpghome.YNFsKhbSJv
Deletes folders:
  • /tmp/apt-key-gpghome.YNFsKhbSJv
Creates or modifies files:
  • /tmp/installed
  • /tmp/#130836 (deleted)
  • /root/.bashrc
  • /etc/systemd/system/supdate.service
  • /var/lib/apt/lists/lock
  • /var/lib/apt/lists/partial/.apt-acquire-privs-test.nmoYCy
  • /var/lib/apt/lists/partial/.apt-acquire-privs-test.4bwlkC
  • /var/lib/apt/lists/partial/.apt-acquire-privs-test.fkYgsB
  • /var/lib/apt/lists/partial/.apt-acquire-privs-test.2Tbxqy
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
  • /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
  • /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
  • /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
  • /tmp/apt.conf.1MSaTo
  • /tmp/apt.sig.3Apwlp
  • /tmp/apt.data.ecmRro
  • /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.gpg
  • /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.orig.gpg
  • /tmp/apt-key-gpghome.YNFsKhbSJv/gpg.1.sh
  • /tmp/#130829 (deleted)
  • /tmp/apt.conf.azsCuO
  • /tmp/apt.sig.vTjy1Q
  • /tmp/apt.data.e2rdpO
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.KTMSsB
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.1FebqB
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.OI6Dwz
Deletes files:
  • /var/lib/apt/lists/partial/.apt-acquire-privs-test.nmoYCy
  • /var/lib/apt/lists/partial/.apt-acquire-privs-test.4bwlkC
  • /var/lib/apt/lists/partial/.apt-acquire-privs-test.fkYgsB
  • /var/lib/apt/lists/partial/.apt-acquire-privs-test.2Tbxqy
  • /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.orig.gpg
  • /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.gpg
  • /tmp/apt-key-gpghome.YNFsKhbSJv/gpg.1.sh
  • /tmp/apt.conf.1MSaTo
  • /tmp/apt.sig.3Apwlp
  • /tmp/apt.data.ecmRro
Changes time of creation/access/modification of files:
  • /tmp/installed
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
  • /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
  • /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
  • /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
  • /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.gpg
  • /tmp/apt-key-gpghome.YNFsKhbSJv/pubring.orig.gpg
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
  • /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 10#.#0.3.235:9
  • 17#.#7.19.24:9
  • 10#.#0.4.235:9
  • [2######00:10::6814:4eb]:9
  • [2######00:10::ac43:1318]:9
  • [2######00:10::6814:3eb]:9
  • 10#.##.3.235:443
  • [2#######0:10::6814:4eb]:443
  • [2#######0:10::ac43:1318]:443
  • [2#######0:10::6814:3eb]:443
  • 18#.##4.99.34:4444
  • [2#####e42:3a::644]:80
  • (e##val)
  • 15#.##1.246.132:80
  • [2##########78f:3c00:3:db06:4200:93a1]:443
  • [2##########78f:a400:3:db06:4200:93a1]:443
  • [2##########78f:da00:3:db06:4200:93a1]:443
  • [2##########78f:6000:3:db06:4200:93a1]:443
  • [2##########78f:f800:3:db06:4200:93a1]:443
  • [2##########78f:4a00:3:db06:4200:93a1]:443
  • [2##########78f:3e00:3:db06:4200:93a1]:443
  • [2##########78f:9800:3:db06:4200:93a1]:443
  • 3.###.206.102:443
  • 3.###.206.5:443
  • 3.###.206.39:443
  • 3.###.206.93:443
DNS ASK:
  • _h###.###p.security.debian.org
  • _h####.##cp.download.docker.com
  • _h###.##cp.deb.debian.org
  • de####.#ap.fastlydns.net
  • do####ad.docker.com
Sends data to the following servers:
  • 8.#.8.8:53
  • 10#.##.3.235:443
  • 18#.##4.99.34:4444
  • 15#.##1.246.132:80
  • 3.###.206.102:443
Receives data from the following servers:
  • 8.#.8.8:53
  • 10#.##.3.235:443
  • 18#.##4.99.34:4444
  • 3.###.206.102:443
  • 15#.##1.246.132:80
Other:
Collects OS information
Collects CPU information
Collects RAM information
Collects information about network activity

Recommandations pour le traitement


Linux

Veuillez lancer le scan complet de toutes les partitions du disque à l'aide de Dr.Web Antivirus pour Linux.

Version démo gratuite

Pour 1 mois (sans enregistrement) ou 3 mois (avec enregistrement et remise pour le renouvellement)

Télécharger Dr.Web

Par le numéro de série