La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.Packed.616

Aggiunto al database dei virus Dr.Web: 2019-09-26

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Substitutes application name for:
  • sshd
Modifies firewall settings:
  • iptables -I INPUT -p tcp --dport 46108 -j ACCEPT
  • iptables -I OUTPUT -p tcp --sport 46108 -j ACCEPT
  • iptables -I PREROUTING -t nat -p tcp --dport 46108 -j ACCEPT
  • iptables -I POSTROUTING -t nat -p tcp --sport 46108 -j ACCEPT
  • iptables -I INPUT -p udp --dport 59559 -j ACCEPT
  • iptables -I OUTPUT -p udp --sport 59559 -j ACCEPT
  • iptables -I PREROUTING -t nat -p udp --dport 59559 -j ACCEPT
  • iptables -I POSTROUTING -t nat -p udp --sport 59559 -j ACCEPT
  • iptables -I INPUT -p tcp --dport 34338 -j ACCEPT
  • iptables -I OUTPUT -p tcp --sport 34338 -j ACCEPT
  • iptables -I PREROUTING -t nat -p tcp --dport 34338 -j ACCEPT
  • iptables -I POSTROUTING -t nat -p tcp --sport 34338 -j ACCEPT
  • iptables -I INPUT -p tcp --dport 22 -j DROP
  • iptables -I INPUT -p tcp --dport 23 -j DROP
  • iptables -I INPUT -p tcp --dport 2323 -j DROP
  • iptables -I OUTPUT -p tcp --sport 22 -j DROP
  • iptables -I OUTPUT -p tcp --sport 23 -j DROP
  • iptables -I OUTPUT -p tcp --sport 2323 -j DROP
  • iptables -I INPUT -p udp --dport 10551 -j ACCEPT
  • iptables -I OUTPUT -p udp --sport 10551 -j ACCEPT
  • iptables -I PREROUTING -t nat -p udp --dport 10551 -j ACCEPT
  • iptables -I POSTROUTING -t nat -p udp --sport 10551 -j ACCEPT
Launches processes:
  • sh -c echo 3 > /proc/sys/vm/drop_caches
  • sh -c iptables -I INPUT -p tcp --dport 46108 -j ACCEPT
  • sh -c iptables -I OUTPUT -p tcp --sport 46108 -j ACCEPT
  • sh -c iptables -I PREROUTING -t nat -p tcp --dport 46108 -j ACCEPT
  • sh -c iptables -I POSTROUTING -t nat -p tcp --sport 46108 -j ACCEPT
  • sh -c iptables -I INPUT -p udp --dport 59559 -j ACCEPT
  • sh -c iptables -I OUTPUT -p udp --sport 59559 -j ACCEPT
  • sh -c iptables -I PREROUTING -t nat -p udp --dport 59559 -j ACCEPT
  • sh -c iptables -I POSTROUTING -t nat -p udp --sport 59559 -j ACCEPT
  • sh -c iptables -I INPUT -p tcp --dport 34338 -j ACCEPT
  • sh -c iptables -I OUTPUT -p tcp --sport 34338 -j ACCEPT
  • sh -c iptables -I PREROUTING -t nat -p tcp --dport 34338 -j ACCEPT
  • sh -c iptables -I POSTROUTING -t nat -p tcp --sport 34338 -j ACCEPT
  • sh -c iptables -I INPUT -p tcp --dport 22 -j DROP
  • sh -c iptables -I INPUT -p tcp --dport 23 -j DROP
  • sh -c iptables -I INPUT -p tcp --dport 2323 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --sport 22 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --sport 23 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --sport 2323 -j DROP
  • sh -c iptables -I INPUT -p udp --dport 10551 -j ACCEPT
  • sh -c iptables -I OUTPUT -p udp --sport 10551 -j ACCEPT
  • sh -c iptables -I PREROUTING -t nat -p udp --dport 10551 -j ACCEPT
  • sh -c iptables -I POSTROUTING -t nat -p udp --sport 10551 -j ACCEPT
  • sh -c echo 1
Performs operations with the file system:
Creates or modifies files:
  • /proc/self/oom_score_adj
  • /proc/541/oom_score_adj
  • /proc/sys/vm/drop_caches
  • /root/config
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:14737
  • 0.0.0.0:46108
  • 0.0.0.0:59559
  • 0.0.0.0:10551
  • 0.0.0.0:34338
Establishes connection:
  • [:##]:59559
  • 127.0.0.1:59559
  • [:##]:10551
  • 127.0.0.1:10551
  • <LOCAL_DNS_SERVER>
  • 8.#.8.8:123
  • 19#.##8.1.1:8088
  • 19#.#68.3.1:123
  • 19#.##8.1.1:1234
  • 10#.#4.26.77:80
  • 21#.##1.77.73:80
  • 66.##.17.78:80
  • 90.##.74.38:37215
  • 12#.###.180.250:49152
  • 31.##.116.224:52869
  • 19#.###.209.92:49152
  • 91.##.143.99:52869
  • 15#.##0.154.137:80
  • 35.##.122.76:37215
  • 88.###.52.187:81
  • 41.###.221.209:80
  • 92.###.121.45:81
  • 43.###.121.161:8080
  • 17#.###.245.236:37215
  • 13#.##5.21.144:5555
  • 42.###.5.115:7574
  • 15#.###.246.173:8080
  • 17#.###.34.225:37215
  • 14#.###.239.239:52869
  • 89.###.134.181:37215
  • 3.###.218.84:81
  • 21#.###.136.212:7574
  • 17#.##.181.63:37215
  • 21#.##8.30.53:8080
  • 13#.###.173.224:5555
  • 13#.###.208.224:52869
  • 67.###.164.76:7574
  • 49.###.113.92:7574
  • 11#.##.100.171:7574
  • 86.##.80.81:8080
  • 22.###.24.23:8443
  • 10#.##6.53.92:80
  • 59.##.119.163:52869
  • 19#.##.154.117:8443
  • <LOCAL_GATE>08:49152
  • 2.##.54.41:7574
  • 78.###.226.60:7574
  • 29.###.34.146:80
  • 22#.###.163.25:52869
  • 45.###.239.105:80
  • 21#.##.243.60:8080
  • 20#.##.135.204:5555
  • 51.###.97.25:8080
  • 14#.##.227.197:80
  • 76.##.58.93:80
  • 19#.##8.212.36:5555
  • 10#.###.76.135:49152
  • 31.###.65.151:80
  • 84.##.242.254:8080
  • 18#.##.253.202:80
  • 11#.##.160.51:80
  • 16.##.183.69:37215
  • 15#.###.179.103:8080
  • 74.###.121.231:52869
  • 12#.##9.47.42:49152
  • 2.###.59.183:52869
  • 84.##.56.52:81
  • 17#.#.252.159:8080
  • 51.###.41.86:8443
  • 85.###.251.136:49152
  • 15#.###.212.174:52869
  • 14#.##6.18.66:37215
  • 29.##.245.90:80
  • 11#.###.67.122:49152
  • 13#.###.130.82:37215
  • 66.###.89.13:5555
  • 60.###.179.23:49152
  • 19#.##6.92.126:80
  • 13#.##.12.162:8443
  • 71.#.29.49:8080
  • 15#.##2.139.45:7574
  • 21#.##0.211.169:80
  • 16#.##.8.87:8080
  • 15.##.30.105:8443
  • 40.###.206.110:80
  • 86.###.51.85:49152
  • 18.###.239.20:80
  • 10#.##0.103.28:8443
  • 40.###.196.164:8080
  • 20#.##3.245.62:8443
  • 14#.##9.14.22:80
  • 17#.##3.75.212:8080
  • 13.##.205.100:49152
  • 20#.##.87.79:37215
  • 16.###.97.74:7574
  • <LOCAL_GATE>59:8080
  • 10#.##4.111.74:8080
  • 66.##.203.171:8080
  • 47.###.133.133:8443
  • 14#.###.154.163:49152
  • 13#.##.251.120:80
  • 4.###.55.10:81
  • 14#.##9.175.83:80
  • 59.##9.143.8:80
  • 31.##3.96.91:81
  • 16#.##.52.112:52869
  • 65.##.24.194:8080
  • 73.###.204.84:8443
  • 11#.##5.86.32:7574
  • 11#.##8.121.76:80
  • 17#.###.197.13:37215
  • 89.###.163.17:8443
  • 11#.##.59.236:5555
  • 12#.##8.245.22:7574
  • 19#.##8.212.208:80
  • 18#.##.193.149:7574
  • 16#.###.242.183:37215
  • 13#.#5.4.185:80
  • 15#.##.243.121:37215
  • 13#.##.111.23:37215
  • 19#.##.246.162:49152
  • 11#.##1.152.104:81
  • 13#.##.249.77:8080
  • 46.###.243.64:5555
  • 26.##2.79.19:81
  • 79.##.201.201:5555
  • 53.##.221.53:8080
  • 11.###.37.73:5555
  • 35.###.241.153:80
  • 28.###.112.21:37215
  • 36.###.88.126:80
  • 99.##.220.228:37215
  • 19#.##8.240.243:80
  • 17#.##2.53.0:52869
  • 17#.##.232.179:49152
  • 86.##.184.64:8080
  • 71.##.12.60:80
  • 15#.##.54.175:80
  • 20#.##3.231.145:80
  • 26.##.58.119:8080
  • 19#.###.48.150:49152
  • 1.##.93.118:80
  • 21#.###.44.165:52869
  • 17#.##8.189.73:8080
  • 12#.##0.160.177:81
  • 12#.##8.23.60:80
  • 19#.##0.212.156:80
  • 26.###.168.102:80
  • 12#.###.244.208:5555
  • 81.###.175.53:50023
  • 14#.##.189.53:23
  • 39.##.189.53:23
  • 19#.##9.26.164:23
  • 19#.##8.175.53:23
  • 18#.##9.53.160:23
  • 90.##.248.24:23
  • 41.##.155.183:23
  • 17#.##6.200.188:23
  • 16#.##1.186.100:23
  • 16#.##5.71.225:23
DNS ASK:
  • dh#.###nsmissionbt.com
  • ro####.bittorrent.com
  • ro####.utorrent.com
  • bt#####er.debian.org
Sends data to the following servers:
  • 21#.##9.33.59:6881
  • 87.##.162.88:6881
  • 67.###.246.10:6881
  • 82.###.103.244:6881
  • 13#.##9.18.159:6881
  • 17#.##.158.174:62348
  • 94.###.47.229:61689
  • 18#.##.195.183:28150
  • 21#.##6.79.205:7135
  • 89.##.227.199:6881
  • 87.###.42.62:6881
  • 19#.##.183.78:51413
  • 92.##.236.61:6881
  • 21#.##6.79.27:51471
  • 37.###.80.168:50568
  • 94.##.173.15:37597
  • 78.##.4.237:61731
  • 70.##.33.120:27365
  • 37.###.23.98:11335
  • 15#.#.116.137:54310
  • 12#.##1.74.23:8886
  • 16#.##2.94.121:6881
  • 21#.###.19.188:41711
  • 21#.###.19.188:33798
  • 19#.##4.179.2:53803
  • 19#.###.181.225:51137
  • 19#.###.172.169:23080
  • 19#.##4.179.2:53661
  • 93.###.141.166:29585
  • 19#.###.172.169:43610
  • 19#.###.181.225:46039
  • 21#.###.19.188:36808
  • 14#.###.159.201:24874
  • 17#.##9.4.73:20255
  • 96.###.212.234:14496
  • 18#.##.195.199:28042
  • 18#.##.216.198:60217
  • 17#.##.216.167:55555
  • 13#.###.39.108:51413
  • 93.###.238.33:51413
  • 80.##.140.129:6881
  • 19#.###.20.212:60613
  • 11#.###.28.242:15697
  • 21#.###.203.248:6881
  • 78.##.24.50:43611
  • 94.##.35.176:6881
  • 86.##.70.42:64025
  • 5.##.#20.143:6882
  • 11#.##8.229.3:19917
  • 5.###.84.19:6881
  • 90.###.149.187:6881
  • 1.##.#01.46:25618
  • 71.#.#37.51:12747
  • 11#.##.107.228:55555
  • 11#.##.11.52:8083
  • 72.##.225.197:8999
  • 21#.##.89.51:18134
  • 19#.##4.157.97:8629
  • 11#.##.238.12:8081
  • 2.##.#41.109:6881
  • 17#.##7.72.48:6881
  • 19#.###.181.225:44453
  • 5.###.183.129:46937
  • 19#.###.172.169:47982
  • 21#.###.19.188:51386
  • 19#.##4.179.2:50856
  • 95.###.217.163:54778
  • 11#.##3.3.50:8000

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number