Search
Keyword: usojan.sh.mirai.mkf
Description Name: Possible MIRAI - TCP (Request) .
This backdoor may arrive in the affected system via ThinkPHP Remote Code Execution exploit. This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan may be downloaded by other malware/grayware from remote sites. It executes commands from a remote malicious user, effectively compromising the affected system. It connects to a website to
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be downloaded by other malware/grayware from
This Coinminer arrives as a component bundled with malware/grayware packages. Arrival Details This Coinminer arrives as a component bundled with malware/grayware packages. Other Details This
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes commands from a remote malicious user,
This backdoor is seen propagating via CVE-2018-18636, a cross-site scripting vulnerability affecting the wireless router D-Link DSL-2640T. This malware is capable of receiving commands to flood other
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Backdoor arrives on a system as a
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
persistence: Path: /var/spool/cron/crontabs/ Schedule: Every 30 minutes Command: */30 * * * * sh /etc/newsvc.sh >/dev/null 2>&1 Disables Firewall Deletes the following user accounts: akay vfinder Stops
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It executes then deletes itself afterward. It executes
This spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. However, as of this writing, the said sites are
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It modifies files, disabling programs and applications
/usr/bin/crontab /var/spool/cron/{user} crontab content: */10 * * * * sh (/etc/update.sh or /tmp/update.sh) >/dev/null 2>&1 disables SELINUX Clear PageCaches Renames the following files: /usr/bin/wgen to
/tmp/.vd/sslm.tgz min* {Current Directory}/min* /tmp/min* Process Termination This Trojan terminates the following processes if found running in the affected system's memory: rand rx rd tsm tsm2 haiduc a sparky sh
Modifications This Trojan modifies the following file(s): /etc/rc.local - adds "sh /usr/local/bin/npt" to run downloaded file on boot /var/spool/mail/{user} - contents replaced with "0" string /var/log/wtmp -
}/config.json It creates the following cron job to enable automatic execution of update.sh: Path: '/var/spool/cron/crontabs/'"$USER" Schedule: Every 30 minutes Command: */30 * * * * sh {directory}/update.sh