Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- /etc/rc4.d/dirtest
- /etc/rc6.d/dirtest
- /etc/cron.monthly/dirtest
- /etc/profile.d/dirtest
- /etc/cron.weekly/dirtest
- /etc/rc1.d/dirtest
- /etc/cron.daily/dirtest
- /etc/rc2.d/dirtest
- /etc/init.d/dirtest
- /etc/cron.d/dirtest
- /etc/rc0.d/dirtest
- /etc/cron.hourly/dirtest
- /etc/rc5.d/dirtest
- /etc/rc3.d/dirtest
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
- /lib/systemd/systemd-udevd
Performs operations with the file system:
Creates or modifies files:
- /tmp/tmux-0/dirtest
- /tmp/systemd-private-f0fd406c1a484a80879a20681d9207ef-systemd-timesyncd.service-FRmAYg/dirtest
- /tmp/systemd-private-f0fd406c1a484a80879a20681d9207ef-logrotate.service-PObDDi/dirtest
- /tmp/systemd-private-f0fd406c1a484a80879a20681d9207ef-systemd-logind.service-6pffCf/dirtest
- /var/opt/dirtest
- /var/backups/dirtest
- /run/dirtest
- /var/tmp/dirtest
- /var/spool/dirtest
- /run/lock/dirtest
- /var/local/dirtest
- /var/lib/dirtest
- /var/mail/dirtest
- /var/log/dirtest
- /var/cache/dirtest
- /dev/dri/dirtest
- /dev/snd/dirtest
- /dev/vfio/dirtest
- /dev/mapper/dirtest
- /dev/net/dirtest
- /dev/mqueue/dirtest
- /dev/hugepages/dirtest
- /var/dirtest
- /tmp/dirtest
- /dev/fd/dirtest
- /dev/shm/dirtest
- /dev/disk/dirtest
- /dev/bsg/dirtest
- /dev/block/dirtest
- /dev/char/dirtest
- /dev/pts/dirtest
- /dev/input/dirtest
- /etc/X11/dirtest
- /etc/python3/dirtest
- /etc/python2.7/dirtest
- /etc/xdg/dirtest
- /etc/bash_completion.d/dirtest
- /etc/opt/dirtest
- /etc/vim/dirtest
- /etc/binfmt.d/dirtest
- /etc/perl/dirtest
- /etc/iproute2/dirtest
- /etc/containerd/dirtest
- /etc/dpkg/dirtest
- /etc/apparmor/dirtest
- /etc/systemd/dirtest
- /etc/qemu/dirtest
- /etc/python3.9/dirtest
- /etc/ldap/dirtest
- /etc/ufw/dirtest
- /etc/sv/dirtest
- /etc/network/dirtest
- /etc/dhcp/dirtest
- /etc/sudoers.d/dirtest
- /etc/security/dirtest
- /etc/ssh/dirtest
- /etc/dictionaries-common/dirtest
- /etc/apparmor.d/dirtest
- /etc/rsyslog.d/dirtest
- /etc/udev/dirtest
- /etc/rcS.d/dirtest
- /etc/selinux/dirtest
- /etc/fonts/dirtest
- /etc/modprobe.d/dirtest
- /etc/ld.so.conf.d/dirtest
- /etc/gss/dirtest
- /etc/terminfo/dirtest
- /etc/default/dirtest
- /etc/apt/dirtest
- /etc/ssl/dirtest
- /etc/docker/dirtest
- /etc/sysctl.d/dirtest
- /etc/tmpfiles.d/dirtest
- /etc/runit/dirtest
- /etc/discover.conf.d/dirtest
- /etc/emacs/dirtest
- /etc/logrotate.d/dirtest
- /etc/skel/dirtest
- /etc/logcheck/dirtest
- /etc/grub.d/dirtest
- /etc/alternatives/dirtest
- /etc/dbus-1/dirtest
- /etc/groff/dirtest
- /etc/modules-load.d/dirtest
- /etc/initramfs-tools/dirtest
- /etc/console-setup/dirtest
- /etc/ca-certificates/dirtest
- /etc/update-motd.d/dirtest
- /etc/kernel/dirtest
- /etc/pam.d/dirtest
- /boot/grub/dirtest
Deletes files:
- /tmp/tmux-0/dirtest
- /tmp/systemd-private-f0fd406c1a484a80879a20681d9207ef-systemd-timesyncd.service-FRmAYg/dirtest
- /tmp/systemd-private-f0fd406c1a484a80879a20681d9207ef-logrotate.service-PObDDi/dirtest
- /tmp/systemd-private-f0fd406c1a484a80879a20681d9207ef-systemd-logind.service-6pffCf/dirtest
- /var/opt/dirtest
- /var/backups/dirtest
- /dirtest
- /var/tmp/dirtest
- /var/spool/dirtest
- /var/local/dirtest
- /var/lib/dirtest
- /var/mail/dirtest
- /var/log/dirtest
- /var/cache/dirtest
- /dri/dirtest
- /snd/dirtest
- /vfio/dirtest
- /mapper/dirtest
- /net/dirtest
- /var/dirtest
- /tmp/dirtest
- /disk/dirtest
- /bsg/dirtest
- /block/dirtest
- /char/dirtest
- /input/dirtest
- /etc/X11/dirtest
- /etc/rc4.d/dirtest
- /etc/rc6.d/dirtest
- /etc/python3/dirtest
- /etc/cron.monthly/dirtest
- /etc/python2.7/dirtest
- /etc/profile.d/dirtest
- /etc/xdg/dirtest
- /etc/bash_completion.d/dirtest
- /etc/opt/dirtest
- /etc/vim/dirtest
- /etc/binfmt.d/dirtest
- /etc/perl/dirtest
- /etc/iproute2/dirtest
- /etc/containerd/dirtest
- /etc/dpkg/dirtest
- /etc/apparmor/dirtest
- /etc/systemd/dirtest
- /etc/qemu/dirtest
- /etc/python3.9/dirtest
- /etc/ldap/dirtest
- /etc/ufw/dirtest
- /etc/sv/dirtest
- /etc/network/dirtest
- /etc/dhcp/dirtest
- /etc/cron.weekly/dirtest
- /etc/sudoers.d/dirtest
- /etc/rc1.d/dirtest
- /etc/security/dirtest
- /etc/ssh/dirtest
- /etc/dictionaries-common/dirtest
- /etc/apparmor.d/dirtest
- /etc/rsyslog.d/dirtest
- /etc/udev/dirtest
- /etc/rcS.d/dirtest
- /etc/selinux/dirtest
- /etc/cron.daily/dirtest
- /etc/fonts/dirtest
- /etc/rc2.d/dirtest
- /etc/modprobe.d/dirtest
- /etc/ld.so.conf.d/dirtest
- /etc/gss/dirtest
- /etc/init.d/dirtest
- /etc/terminfo/dirtest
- /etc/cron.d/dirtest
- /etc/default/dirtest
- /etc/apt/dirtest
- /etc/ssl/dirtest
- /etc/docker/dirtest
- /etc/sysctl.d/dirtest
- /etc/rc0.d/dirtest
- /etc/tmpfiles.d/dirtest
- /etc/runit/dirtest
- /etc/discover.conf.d/dirtest
- /etc/cron.hourly/dirtest
- /etc/emacs/dirtest
- /etc/logrotate.d/dirtest
- /etc/skel/dirtest
- /etc/logcheck/dirtest
- /etc/grub.d/dirtest
- /etc/alternatives/dirtest
- /etc/dbus-1/dirtest
- /etc/groff/dirtest
- /etc/modules-load.d/dirtest
- /etc/initramfs-tools/dirtest
- /etc/console-setup/dirtest
- /etc/ca-certificates/dirtest
- /etc/update-motd.d/dirtest
- /etc/kernel/dirtest
- /etc/pam.d/dirtest
- /etc/rc5.d/dirtest
- /etc/rc3.d/dirtest
- /boot/grub/dirtest
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:23476
Establishes connection:
- 1.#.1.1:53
- 45.###.120.244:1235
Sends data to the following servers:
- 45.###.120.244:1235
Receives data from the following servers:
- 45.###.120.244:1235
