JavaScript support is required for our site to be fully operational in your browser.
Linux.Mirai.860
Added to the Dr.Web virus database:
2017-10-26
Virus description added:
2017-10-26
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
Launches processes:
sh -c rm -r /var/log
rm -r /var/log
Performs operations with the file system:
Deletes files:
/kern.log
/syslog
/auth.log
/btmp
/mainlog
/fontconfig.log
/wtmp
/faillog
/messages
/history.log
/term.log
/checkroot
/checkfs
/lastlog
/dpkg.log
/daemon.log
/debug
/partman
/lsb-release
/templates.dat
/questions.dat
/hardware-summary
/status
/dmesg
/alternatives.log
Network activity:
Awaits incoming connections on ports:
127.0.0.1:48099
0.0.0.0:23
Establishes connection:
8.#.8.8:53
<LOCAL_DNS_SERVER>
27.###.101.121:80
36.##.177.3:8080
36.##.177.3:81
36.##.177.3:8001
36.##.177.3:1080
36.##.177.3:88
36.##.177.3:82
36.##.177.3:10000
36.##.177.3:8081
36.##.177.3:8443
36.##.177.3:83
36.##.177.3:8880
36.##.177.3:84
36.##.177.3:3000
36.##.177.3:8090
36.##.177.3:8060
36.##.177.3:3749
HTTP GET requests:
36.##.177.3:80/
36.##.###.##80/system.ini?loginuse&loginpas
36.##.###.#############handle.php?cmd=writeuploaddir&uploaddir=%27;echo+nuuo+123456;%27
36.##.###.###0/board.cgi?cmd=cat%20/etc/passwd
36.##.###.##########.########_file=netgear.cfg&todo=syscmd&curpath=/¤tsetting.htm=1&cmd=echo+dgn+123456
36.##.###.##########in/user/Config.cgi?.cab&action=get&category=Account.*
36.##.###.#####shell?echo+jaws+123456;cat+/proc/cpuinfo
HTTP POST requests:
36.##.##7.3:80/command.php
36.##.##7.3:80/hedwig.cgi
36.##.##7.3:80/apply.cgi
DNS ASK:
we####qweiur.com
e.##852.com
Sends data to the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK