FOR CUSTOMERS

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Support services

Dr.Web vxCube

Sign in to Dr.Web vxCube

VCI investigations

Virus library

Knowledge base

Technologies

Terminology

Training and education

Myths

Myths about anti-viruses

Linux.Siggen.1986

Added to the Dr.Web virus database: 2019-07-11

Virus description added: 2019-07-11

Technical Information

Malicious functions:

Substitutes application name for:

kore-scheduler
bitcoin-http
bitcoin-httpworker
kore-tor

Performs operations with the file system:

Creates folders:

/root/.kore
/root/.kore/backups
/root/.kore/database
/root/.kore/tor
/root/.kore/tor/keys
/root/.kore/onion
/root/.kore/blocks
/root/.kore/blocks/index
/root/.kore/chainstate

Creates or modifies files:

/root/.kore/kore.conf
/root/.kore/debug.log
/root/.kore/.lock
/root/.kore/kored.pid
/root/.kore/.cookie
/root/.kore/db.log
/root/.kore/tor.log
/root/.kore/tor/lock
/root/.kore/tor/state.tmp
/root/.kore/tor/control_auth_cookie.tmp
/root/.kore/onion/private_key.tmp
/root/.kore/onion/hostname.tmp
/root/.kore/blocks/index/LOG
/root/.kore/blocks/index/LOCK
/root/.kore/blocks/index/MANIFEST-000001
/root/.kore/blocks/index/000001.dbtmp
/root/.kore/blocks/index/000003.log
/root/.kore/blocks/index/MANIFEST-000002
/root/.kore/blocks/index/000002.dbtmp
/root/.kore/chainstate/LOG
/root/.kore/chainstate/LOCK
/root/.kore/chainstate/MANIFEST-000001
/root/.kore/chainstate/000001.dbtmp
/root/.kore/chainstate/000003.log
/root/.kore/chainstate/MANIFEST-000002
/root/.kore/chainstate/000002.dbtmp
/root/.kore/blocks/blk00000.dat
/root/.kore/blocks/rev00000.dat
/root/.kore/database/log.0000000001
/root/.kore/__db.80000001.6dcf792f
/root/.kore/wallet.dat
/root/.kore/tor/unverified-microdesc-consensus.tmp

Deletes files:

/root/.kore/blocks/index/MANIFEST-000001
/root/.kore/chainstate/MANIFEST-000001
/root/.kore/tor/key-pinning-entries

Locks files:

/root/.kore/tor/lock

Network activity:

Awaits incoming connections on ports:

127.0.0.1:15742
0.0.0.0:15743
127.0.0.1:9979
127.0.0.1:9978

Establishes connection:

17#.##.174.14:9001
14#.##.141.138:9001

Sends data to the following servers:

17#.##.174.14:9001
14#.##.141.138:9001

Receives data from the following servers:

17#.##.174.14:9001
14#.##.141.138:9001

Other:

Collects CPU information

Collects RAM information

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number