HackTool.Linux.Enum.VSNW18H22
HackTool:SH/LinuxEnum.A (MICROSOFT)
Linux
Threat Type: Hacking Tool
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
TECHNICAL DETAILS
46,631 bytes
Other
No
24 Aug 2022
Arrival Details
This Hacking Tool arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Other Details
This Hacking Tool does the following:
- It displays the following information on the console:
- Kernel information
- Specific release information
- Hostname
- Current user/group information
- Users that have previously logged onto the system
- Logged on users
- Group memberships
- Admin users
- Contents of /etc/passwd
- Super user accounts
- Accounts that have recently used sudo
- Permissions on /home directories
- Environment information
- Path information
- Available shells
- Current umask value
- umask value as specified in /etc/login.defs
- Password and storage information
- Cron jobs
- Crontab contents
- Systemd timers
- Network and IP information
- ARP history
- Nameservers
- Default route
- Listening TCP
- Listening UDP
- Running processes
- Process binaries and associated permissions
- /etc/init.d/ binary permissions
- /etc/init/ config file permissions
- /lib/systemd/* config file permissions
- Sudo version
- Postgres version
- Unusual file locations
- Installed compilers
- Permissions on sensitive files
- SUID files
- SGID files
- Files with POSIX capabilities set
- All *.conf files in /etc
- Current user's history files
- Location and contents of .bash_history files
- Location and permissions of .bak files
- Any interesting mail in /var/mail
SOLUTION
9.800
17.771.00
24 Aug 2022
17.771.00
25 Aug 2022
Step 1
Before doing any scans, Windows 7, Windows 8, Windows 8.1, and Windows 10 users must disable System Restore to allow full scanning of their computers.
Step 2
Scan your computer with your Trend Micro product to delete files detected as HackTool.Linux.Enum.VSNW18H22. If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check the following Trend Micro Support pages for more information:
Did this description help? Tell us how we did.