La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.Siggen.2294

Aggiunto al database dei virus Dr.Web: 2019-10-31

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Substitutes application name for:
  • sshd
Modifies firewall settings:
  • iptables -I INPUT -p tcp --destination-port 22 -j DROP
  • iptables -I INPUT -p tcp --destination-port 23 -j DROP
  • iptables -I INPUT -p tcp --destination-port 2323 -j DROP
  • iptables -I OUTPUT -p tcp --source-port 22 -j DROP
  • iptables -I OUTPUT -p tcp --source-port 23 -j DROP
  • iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
  • iptables -I INPUT -p udp --destination-port 63812 -j ACCEPT
  • iptables -I OUTPUT -p udp --source-port 63812 -j ACCEPT
  • iptables -I PREROUTING -t nat -p udp --destination-port 63812 -j ACCEPT
  • iptables -I POSTROUTING -t nat -p udp --source-port 63812 -j ACCEPT
  • iptables -I INPUT -p tcp --destination-port 54455 -j ACCEPT
  • iptables -I PREROUTING -t nat -p tcp --destination-port 54455 -j ACCEPT
  • iptables -I POSTROUTING -t nat -p tcp --source-port 54455 -j ACCEPT
Launches processes:
  • sh -c echo 3 > /proc/sys/vm/drop_caches
  • sh -c iptables -I INPUT -p tcp --destination-port 22 -j DROP
  • sh -c iptables -I INPUT -p tcp --destination-port 23 -j DROP
  • sh -c iptables -I INPUT -p tcp --destination-port 2323 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --source-port 22 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --source-port 23 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
  • sh -c iptables -I INPUT -p udp --destination-port 63812 -j ACCEPT
  • sh -c iptables -I OUTPUT -p udp --source-port 63812 -j ACCEPT
  • sh -c iptables -I PREROUTING -t nat -p udp --destination-port 63812 -j ACCEPT
  • sh -c iptables -I POSTROUTING -t nat -p udp --source-port 63812 -j ACCEPT
  • sh -c iptables -I INPUT -p tcp --destination-port 54455 -j ACCEPT
  • sh -c iptables -I OUTPUT -p tcp --source-port 54455 -j ACCEPT
  • sh -c iptables -I PREROUTING -t nat -p tcp --destination-port 54455 -j ACCEPT
  • sh -c iptables -I POSTROUTING -t nat -p tcp --source-port 54455 -j ACCEPT
Performs operations with the file system:
Creates or modifies files:
  • /proc/self/oom_score_adj
  • /proc/705/oom_score_adj
  • /proc/sys/vm/drop_caches
  • /root/config
  • /config
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:14737
  • 0.0.0.0:63812
  • 0.0.0.0:54455
Establishes connection:
  • [:##]:63812
  • 127.0.0.1:63812
  • <LOCAL_DNS_SERVER>
  • 8.#.8.8:123
  • 19#.##8.1.1:8088
  • 19#.#68.3.1:123
  • 19#.##8.1.1:1234
  • 20#.##2.186.8:8443
  • 13#.##.224.167:81
  • 16#.###.217.207:49152
  • 38.###.240.189:80
  • 13#.###.252.111:8080
  • 12#.##3.127.1:80
  • 36.###.112.93:8080
  • 97.##7.93.29:80
  • 64.###.183.125:7574
  • 17#.#.13.217:8080
  • 48.##.50.151:80
  • 18#.##0.35.55:8443
  • 10#.##.133.243:80
  • 45.#.133.40:80
  • 10#.##.46.150:7574
  • 13#.##.213.134:80
  • 59.##.67.215:8080
  • 30.###.43.30:7574
  • 52.##.157.190:80
  • 47.###.245.153:80
  • 19#.##0.117.14:81
  • 8.###.129.223:52869
  • 11#.###.215.223:8080
  • 11#.###.156.154:8080
  • 21#.##5.44.44:7574
  • 22.##0.72.74:80
  • 11#.##2.249.36:8080
  • 76.##.169.92:8080
  • 28.##.103.59:8080
  • 13#.##0.70.7:8080
  • 12#.###.126.159:8080
  • 84.##.167.96:49152
  • 18#.##5.98.17:52869
  • 89.###.144.228:5555
  • 21#.##1.40.204:8080
  • 59.###.162.208:5555
  • 4.###.169.251:8080
  • 16#.##.32.9:8080
  • 10#.##.114.147:5555
  • 24.###.51.252:49152
  • 5.###.52.218:8080
  • 84.###.50.89:8080
  • 64.##.62.27:8443
  • 65.##.207.135:49152
  • 21#.##2.44.95:37215
  • 16.##.121.91:37215
  • 60.##.143.204:7574
  • 20.###.26.143:8080
  • 41.###.224.231:5555
  • 17#.##4.168.143:80
  • 22.##.246.178:80
  • 86.###.224.92:8443
  • 55.##.40.119:8080
  • 15#.##3.56.147:8080
  • 20.##.153.87:49152
  • 11#.##3.141.3:80
  • 90.###.123.246:7574
  • 6.##.#11.38:37215
  • 40.##.237.196:8080
  • 56.###.183.112:7574
  • 18.###.189.254:8080
  • 11#.#.48.114:80
  • 15#.##1.134.47:81
  • 89.##.220.191:8080
  • 18#.##.188.25:5555
  • 10#.##.7.181:8443
  • 14#.##7.248.54:8080
  • 85.###.110.40:49152
  • 14#.##.184.157:80
  • 85.###.112.15:80
  • 11#.##9.208.176:81
  • 62.###.150.158:7574
  • 96.##.117.129:8443
  • 13#.##5.68.72:80
  • 16#.##9.69.97:7574
  • 31.##.80.90:8080
  • 18#.###.194.104:37215
  • 19#.###.201.132:8443
  • 23.###.4.61:52869
  • 20#.###.139.87:52869
  • 62.###.173.118:8080
  • 25.###.2.192:5555
  • 27.#.#7.190:5555
  • 14#.#.190.200:80
  • 90.###.65.114:80
  • 20#.##.129.40:8080
  • 21#.###.208.47:52869
  • 13#.###.211.26:52869
  • 11#.##0.104.87:8080
  • 56.###.3.96:8443
  • 18#.##.132.253:81
  • 15.###.148.15:8080
  • 48.###.154.46:49152
  • 18#.##.89.121:80
  • 13#.##0.87.169:80
  • 76.##.44.176:81
  • 37.###.221.26:5555
  • 39.###.207.216:8080
  • 19#.###.206.247:8080
  • 60.###.161.251:8080
  • 21#.#53.30.7:80
  • 15#.###.106.38:37215
  • 39.###.191.237:80
  • 26.###.216.229:81
  • 86.##.143.46:80
  • 43.###.151.136:8080
  • 21#.###.180.102:8080
  • 82.###.142.246:80
  • 21#.##0.178.33:80
  • 21#.##4.57.40:8080
  • 25.##.52.90:7574
  • 16#.##7.94.213:80
  • 15#.##6.58.33:80
  • 16#.##8.167.12:8080
  • 12#.##8.134.106:80
  • 85.###.183.103:8080
  • 41.###.225.234:8080
  • 22.###.139.225:49152
  • 16#.##4.33.175:80
  • 71.###.90.197:80
  • 49.##.191.39:5555
  • 17#.##2.61.87:80
  • 66.###.153.189:49152
  • 13#.##.164.145:52869
  • 15#.##.81.28:5555
  • 16#.##.56.7:7574
  • 46.###.173.114:49152
  • 53.#.44.174:80
  • 13#.##0.159.133:81
  • 10#.#.183.121:8080
  • 20#.##6.140.28:8080
  • 77.##.20.54:52869
  • 55.###.241.187:37215
  • 15#.###.236.61:52869
  • 17#.##0.59.0:8080
  • 40.##.77.182:80
  • 11#.###.106.224:5555
  • 40.###.56.189:80
  • 81.###.216.98:37215
  • 23.##.13.81:5555
  • 16#.##.191.126:7574
  • 53.##.153.41:8080
  • 27.###.119.231:8080
  • 79.###.249.88:8080
  • 14#.##.220.131:80
  • 20#.##.178.183:8080
  • 21#.##9.110.122:80
  • 17#.##.5.51:37215
  • 60.##.76.132:1023
  • 65.###.90.132:23
  • 20#.##.90.132:23
  • 18#.##.76.132:23
  • 16#.##1.199.98:23
  • 19#.#3.72.53:23
  • 15#.#5.67.98:23
  • 15#.##.76.132:23
  • 23.##.184.218:23
  • 48.###.237.214:23
  • 96.##3.91.40:23
DNS ASK:
  • dh#.###nsmissionbt.com
  • ro####.bittorrent.com
  • ro####.utorrent.com
  • bt#####er.debian.org
Sends data to the following servers:
  • 87.##.162.88:6881
  • 21#.##9.33.59:6881
  • 67.###.246.10:6881
  • 82.###.103.244:6881
  • 13#.##9.18.159:6881
  • 50.#.#7.12:51413
  • 19#.###.249.218:13131
  • 21#.##6.79.205:7135
  • 20#.#.114.116:59840
  • 17#.##4.189.96:6881
  • 10#.###.177.69:50321
  • 83.###.191.131:6881
  • 81.##.116.110:6881
  • 94.###.87.187:38321
  • 5.###.108.149:6881
  • 62.###.139.196:55111
  • 11#.###.61.172:16001
  • 96.##.219.131:1434
  • 10#.##3.181.1:40945
  • 78.###.51.42:61143
  • 77.##.2.36:7425
  • 82.##.80.165:6882
  • 17#.##3.48.84:62298
  • 76.###.27.227:21275
  • 10#.##.133.113:57609
  • 46.##.179.97:4459
  • 91.###.156.19:63055
  • 91.###.221.187:51413
  • 17#.##2.205.4:6908
  • 98.###.172.176:51413
  • 18#.###.108.62:24874
  • 73.###.116.248:35650
  • 15#.##.216.209:1235
  • 95.###.174.73:63141
  • 46.###.13.230:1274
  • 14#.###.158.56:51413
  • 11#.##.223.223:6889
  • 5.##.#26.241:49197
  • 10#.##.183.149:4676
  • 12#.##.239.143:6881
  • 93.###.200.200:51413
  • 37.##.41.6:51413
  • 77.##.180.163:51413
  • 62.###.62.182:555
  • 1.###.148.100:7480
  • 91.###.121.216:6881
  • 18#.##.190.131:27049
  • 92.###.219.26:53001
  • 14#.##7.79.86:16043
  • 71.###.81.140:52411
  • 16#.##2.89.234:6881
  • 21#.###.19.188:28577
  • 90.###.173.240:64692
  • 17#.###.128.58:51413
  • 5.###.183.129:46942
  • 2.###.8.37:61259
  • 94.##.46.53:27862
  • 95.##.51.237:43768
  • 10#.##3.91.93:47800
  • 11#.##7.76.162:6889
  • 79.###.73.100:44434
  • 94.###.121.144:39916

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number