La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.Siggen.2295

Aggiunto al database dei virus Dr.Web: 2019-11-01

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Substitutes application name for:
  • sshd
Modifies firewall settings:
  • iptables -I INPUT -p tcp --destination-port 22 -j DROP
  • iptables -I INPUT -p tcp --destination-port 23 -j DROP
  • iptables -I INPUT -p tcp --destination-port 2323 -j DROP
  • iptables -I OUTPUT -p tcp --source-port 22 -j DROP
  • iptables -I OUTPUT -p tcp --source-port 23 -j DROP
  • iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
  • iptables -I INPUT -p tcp --destination-port 44196 -j ACCEPT
  • iptables -I INPUT -p udp --destination-port 8080 -j ACCEPT
  • iptables -I OUTPUT -p tcp --source-port 44196 -j ACCEPT
  • iptables -I OUTPUT -p udp --source-port 8080 -j ACCEPT
  • iptables -I PREROUTING -t nat -p tcp --destination-port 44196 -j ACCEPT
  • iptables -I PREROUTING -t nat -p udp --destination-port 8080 -j ACCEPT
Launches processes:
  • sh -c echo 3 > /proc/sys/vm/drop_caches
  • sh -c iptables -I INPUT -p tcp --destination-port 22 -j DROP
  • sh -c iptables -I INPUT -p tcp --destination-port 23 -j DROP
  • sh -c iptables -I INPUT -p tcp --destination-port 2323 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --source-port 22 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --source-port 23 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
  • sh -c iptables -I INPUT -p tcp --destination-port 44196 -j ACCEPT
  • sh -c iptables -I INPUT -p udp --destination-port 8080 -j ACCEPT
  • sh -c iptables -I OUTPUT -p tcp --source-port 44196 -j ACCEPT
  • sh -c iptables -I OUTPUT -p udp --source-port 8080 -j ACCEPT
  • sh -c iptables -I PREROUTING -t nat -p tcp --destination-port 44196 -j ACCEPT
  • sh -c iptables -I PREROUTING -t nat -p udp --destination-port 8080 -j ACCEPT
Performs operations with the file system:
Creates or modifies files:
  • /proc/self/oom_score_adj
  • /proc/684/oom_score_adj
  • /proc/sys/vm/drop_caches
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:14737
  • 0.0.0.0:44196
  • 0.0.0.0:8080
Establishes connection:
  • [:##]:8080
  • 127.0.0.1:8080
  • 8.#.8.8:123
  • 78.##.203.51:80
  • 16#.##.105.157:80
  • 11#.###.202.116:8443
  • 15#.###.227.228:8080
  • 81.##.100.126:81
  • 22#.##2.57.183:8443
  • 45.###.249.106:5555
  • 2.##.#30.4:49152
  • 19#.##5.27.93:80
  • 20#.#.154.4:80
  • 89.###.20.104:7574
  • 16#.###.168.160:8443
  • 18#.##2.148.191:80
  • 7.###.23.252:7574
  • 12#.##.67.240:8080
  • 50.###.180.58:8080
  • 17#.##4.2.8:8443
  • 71.###.94.101:80
  • 17#.#.245.79:80
  • 54.###.224.82:7574
  • 13.###.34.204:37215
  • 16#.##.8.43:5555
  • 57.###.146.157:49152
  • 10#.###.187.192:8443
  • 17#.###.23.189:52869
  • 41.##.81.137:80
  • 87.##2.5.147:81
  • 31.##.123.212:8080
  • 38.###.198.197:8080
  • 12#.##.249.26:80
  • 71.##.247.204:81
  • 56.###.80.77:8080
  • 40.##.230.223:52869
  • 21#.##.65.235:5555
  • 48.###.68.254:37215
  • 16#.##3.8.163:52869
  • 58.###.81.4:8080
  • 21#.##5.141.38:80
  • 47.##9.65.22:80
  • 16#.###.141.238:7574
  • 4.##.14.167:80
  • 34.###.107.223:5555
  • 10#.##3.14.188:80
  • 87.###.120.159:5555
  • 29.###.101.210:8080
  • 70.##.1.113:37215
  • 14.###.194.181:49152
  • 17#.##.126.141:8080
  • 73.###.28.183:49152
  • 5.##.228.73:80
  • 53.###.84.104:8080
  • 17#.###.68.178:49152
  • 17#.##.176.177:37215
  • 36.#.163.240:80
  • 21#.##.120.2:49152
  • 54.##.153.99:80
  • 61.###.75.108:8080
  • 80.###.180.65:52869
  • 48.###.118.223:81
  • 46.###.73.194:7574
  • 94.##.251.52:80
  • 16#.##.85.76:7574
  • 93.###.183.129:7574
  • 11#.##9.133.237:80
  • 12#.##.40.102:37215
  • 19#.##.248.16:80
  • 34.##0.71.22:80
  • 15#.###.165.122:5555
  • 47.###.207.115:37215
  • 18#.##0.66.163:80
  • 17#.#.159.102:52869
  • 18#.##6.0.58:8080
  • 17#.##.71.205:8080
  • 45.###.212.186:8080
  • 87.###.209.96:37215
  • 14#.###.204.226:8080
  • 34.###.62.241:37215
  • 66.##.95.117:52869
  • 18#.###.167.29:37215
  • 21#.##5.65.179:7574
  • 1.###.10.69:81
  • 19#.##.128.232:8080
  • 19#.#.6.245:7574
  • 44.##.59.41:7574
  • 23.###.238.159:8080
  • 86.###.195.25:81
  • 9.###.20.165:8080
  • 19#.##.232.218:7574
  • 37.###.31.192:8443
  • 19#.##.56.181:80
  • 83.###.148.177:8443
  • 23.###.160.249:52869
  • 21#.##2.63.201:8080
  • 19#.##.96.72:8443
  • 38.##.179.250:8443
  • 16#.##.53.58:8443
  • 56.###.157.159:49152
  • 21#.##.75.67:52869
  • 20#.##.135.50:81
  • 12#.##.146.192:80
  • 53.##.63.35:80
  • 14#.#2.35.23:81
  • 17.###.66.108:5555
  • 16.###.254.89:37215
  • 10#.##3.56.85:8080
  • 63.##.205.6:80
  • 12#.##.123.102:80
  • 71.###.109.42:8443
  • 15#.##.60.116:81
  • 96.###.207.38:80
  • 60.###.93.101:37215
  • 18#.##2.24.70:8080
  • 85.##.157.102:80
  • 21.###.111.142:5555
  • 14#.###.243.132:1023
  • 36.##.230.132:23
  • 18#.##.230.132:23
  • 38.###.189.102:49152
  • 11#.##2.217.150:80
  • 14#.##7.125.85:80
  • 11#.###.183.141:37215
  • 13.###.243.132:23
  • 92.##.62.158:23
  • 19#.##.183.40:23
  • 27.###.67.107:8080
  • 19#.##3.26.198:80
  • 13#.##9.243.132:23
  • 13.###.58.120:23
  • 20#.##9.160.55:23
  • 84.##.197.45:23
  • 18#.##5.219.189:81
  • 9.#.#7.45:49152
  • 18#.##.152.127:80
  • 12#.##6.120.28:23

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number