La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.Packed.969

Aggiunto al database dei virus Dr.Web: 2020-10-21

La descrizione è stata aggiunta:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • sshd
Modifies firewall settings:
  • iptables -I INPUT -p tcp --destination-port 39004 -j ACCEPT
  • iptables -I OUTPUT -p tcp --source-port 39004 -j ACCEPT
  • iptables -I PREROUTING -t nat -p tcp --destination-port 39004 -j ACCEPT
  • iptables -I INPUT -p tcp --destination-port 22 -j DROP
  • iptables -I INPUT -p tcp --destination-port 23 -j DROP
  • iptables -I POSTROUTING -t nat -p tcp --source-port 39004 -j ACCEPT
  • iptables -I INPUT -p tcp --destination-port 2323 -j DROP
  • iptables -I INPUT -p tcp --dport 39004 -j ACCEPT
  • iptables -I OUTPUT -p tcp --source-port 22 -j DROP
  • iptables -I OUTPUT -p tcp --sport 39004 -j ACCEPT
  • iptables -I OUTPUT -p tcp --source-port 23 -j DROP
  • iptables -I PREROUTING -t nat -p tcp --dport 39004 -j ACCEPT
  • iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
  • iptables -I POSTROUTING -t nat -p tcp --sport 39004 -j ACCEPT
  • iptables -I INPUT -p tcp --dport 22 -j DROP
  • iptables -I INPUT -p tcp --dport 23 -j DROP
  • iptables -I INPUT -p tcp --dport 2323 -j DROP
  • iptables -I OUTPUT -p tcp --sport 22 -j DROP
  • iptables -I OUTPUT -p tcp --sport 23 -j DROP
  • iptables -I OUTPUT -p tcp --sport 2323 -j DROP
  • iptables -I INPUT -p udp --destination-port 8080 -j ACCEPT
  • iptables -I OUTPUT -p udp --source-port 8080 -j ACCEPT
Launches processes:
  • sh -c killall -9 telnetd utelnetd scfgmgr
  • sh -c iptables -I INPUT -p tcp --destination-port 39004 -j ACCEPT
  • sh -c iptables -I OUTPUT -p tcp --source-port 39004 -j ACCEPT
  • sh -c iptables -I PREROUTING -t nat -p tcp --destination-port 39004 -j ACCEPT
  • sh -c iptables -I INPUT -p tcp --destination-port 22 -j DROP
  • sh -c iptables -I INPUT -p tcp --destination-port 23 -j DROP
  • sh -c iptables -I POSTROUTING -t nat -p tcp --source-port 39004 -j ACCEPT
  • sh -c iptables -I INPUT -p tcp --destination-port 2323 -j DROP
  • sh -c iptables -I INPUT -p tcp --dport 39004 -j ACCEPT
  • sh -c iptables -I OUTPUT -p tcp --source-port 22 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --sport 39004 -j ACCEPT
  • sh -c iptables -I OUTPUT -p tcp --source-port 23 -j DROP
  • sh -c iptables -I PREROUTING -t nat -p tcp --dport 39004 -j ACCEPT
  • sh -c iptables -I OUTPUT -p tcp --source-port 2323 -j DROP
  • sh -c iptables -I POSTROUTING -t nat -p tcp --sport 39004 -j ACCEPT
  • sh -c iptables -I INPUT -p tcp --dport 22 -j DROP
  • sh -c iptables -I INPUT -p tcp --dport 23 -j DROP
  • sh -c iptables -I INPUT -p tcp --dport 2323 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --sport 22 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --sport 23 -j DROP
  • sh -c iptables -I OUTPUT -p tcp --sport 2323 -j DROP
  • sh -c iptables -I INPUT -p udp --destination-port 8080 -j ACCEPT
  • sh -c iptables -I OUTPUT -p udp --source-port 8080 -j ACCEPT
Attempts to kill the following processes:
  • killall -9 telnetd utelnetd scfgmgr
Performs operations with the file system:
Creates or modifies files:
  • /root/.ips
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:14737
  • 0.0.0.0:33445
  • 0.0.0.0:39004
  • 0.0.0.0:8080
Establishes connection:
  • 8.#.8.8:53
  • 21#.##5.248.121:81
  • 9.###.36.148:49152
  • 76.###.12.226:8080
  • 63.###.61.205:81
  • 21#.###.205.144:8080
  • 59.##.149.98:7574
  • 17#.##.83.207:7574
  • 15#.##.145.6:52869
  • 21#.##5.120.86:8081
  • 88.##.183.5:81
  • 11#.##5.132.98:8081
  • 92.###.122.130:81
  • 20#.##.139.55:80
  • 72.##.209.125:80
  • 19#.##8.65.40:8081
  • 14#.##.7.145:8443
  • 40.##.166.41:80
  • 88.##0.10.32:80
  • 46.##.139.254:80
  • 15#.##.138.162:8080
  • 15#.###.151.217:37215
  • 19#.##5.100.193:80
  • 19#.###.140.167:37215
  • 82.##.77.114:80
  • 94.###.127.172:80
  • 18#.##3.127.47:8080
  • 19#.##.223.58:5555
  • 13#.###.213.235:8080
  • 22#.##3.205.227:80
  • 7.##.85.209:81
  • 41.##.86.137:80
  • 3.###.248.194:5555
  • 92.##.87.41:49152
  • 20#.##9.9.49:49152
  • 60.###.40.231:7574
  • 36.##.90.170:8080
  • 64.###.216.188:8080
  • 20#.##0.130.173:80
  • 69.###.250.243:80
  • 18#.##3.37.100:80
  • 12#.##5.206.244:80
  • 83.###.248.124:7574
  • 96.###.223.60:8080
  • 93.#.#06.233:8080
  • 16#.##9.23.53:80
  • 19#.##7.21.120:80
  • 22.##.128.163:80
  • 11#.###.128.133:8080
  • 94.##.29.185:80
  • 75.###.73.58:8080
  • 82.###.146.250:80
  • 14#.##8.4.163:60001
  • 22#.##1.203.58:8080
  • 88.###.53.241:8080
  • 92.###.113.80:80
  • 82.##.209.68:8080
  • 21#.##5.119.129:80
  • 75.##.180.152:8081
  • 19#.##6.15.87:80
  • 80.###.107.20:80
  • 92.###.67.177:8081
  • 77.###.26.247:8080
  • 10#.##5.22.111:7574
  • 19#.###.149.171:60001
  • 18#.##1.86.67:80
  • 20#.##.238.107:8080
  • 25.##.191.35:80
  • 47.#.95.117:80
  • 16#.###.32.183:60001
  • 18#.##7.212.0:80
  • 20#.###.179.249:8443
  • 38.###.86.210:37215
  • 20#.###.163.154:8080
  • 10#.##.39.169:60001
  • 17.###.246.40:81
  • 20#.##0.205.239:81
  • 11#.#.45.203:8080
  • 37.##.61.142:80
  • 6.##.#82.77:8080
  • 38.##.234.168:8080
  • 15.###.83.69:8080
  • 16.##3.74.43:80
  • 14#.##.179.46:8081
  • 17#.##5.152.15:80
  • 15#.###.174.118:52869
  • 70.###.233.74:80
  • 21#.###.213.103:8080
  • 13#.##4.234.108:80
  • 16#.###.125.134:8081
  • 19#.###.217.239:8080
  • 46.###.218.161:5555
  • 12#.##4.227.254:80
  • 64.###.88.2:5555
  • 96.###.218.3:8081
  • 82.##.61.205:7574
  • 17#.##2.157.153:80
  • 31.##.115.140:8080
  • 67.##.248.209:5555
  • 71.##.157.137:80
  • 11.###.185.77:52869
  • 36.###.199.3:8080
  • 17#.##.10.196:8080
  • 19#.##.120.126:80
  • 15#.###.250.161:52869
  • 5.##.2.4:8080
  • 44.##.226.159:8080
  • 19#.##.220.135:60001
  • 18#.#.145.181:7574
  • 13#.#.19.108:8080
  • 48.###.102.172:8080
  • 24.##.71.34:5555
  • 56.###.100.75:80
  • 11#.##.226.214:8443
  • 19#.##.230.229:8080
  • 78.###.251.129:8081
  • 59.###.60.173:80
  • 21#.###.144.191:8080
  • 21.###.46.130:80
  • 92.###.230.205:80
  • 17#.##5.148.86:8080
  • 10#.#40.8.2:80
  • 18#.##9.109.58:8080
  • 2.###.28.105:5555
  • 19#.##.145.225:80
  • 14#.#.65.159:7574
  • 28.##.244.213:37215
  • 33.##6.68.71:80
  • 96.###.141.6:37215
  • 20#.##.99.5:37215
  • 12#.##8.21.226:8080
  • 15#.##9.19.64:52869
  • 14#.#9.7.52:80
  • 20#.##4.85.91:80
  • 62.##.171.68:80
  • 19.#.#5.103:8081
  • 77.###.129.235:7574
  • 24.##.137.43:60001
  • 51.##.99.145:8081
  • 41.###.164.192:8081
  • 72.##.134.194:8181
  • 76.###.27.194:80
  • 70.#.233.164:80
  • 21.###.94.10:5555
  • 4.##.#81.247:8081
  • 61.##9.72.3:80
  • 10#.##4.83.137:80
  • 17#.##0.178.254:80
  • 11#.##6.73.217:5555
  • 73.##.190.200:49152
  • 62.###.232.59:80
  • 14#.##.110.216:37215
  • 15#.##6.1.211:52869
  • 12#.##7.15.161:80
  • 49.###.136.138:52869
  • 14#.###.236.249:7574
  • 11#.##1.133.164:80
  • 24.###.210.71:52869
  • 98.##.221.160:80
  • 20#.###.93.140:49152
  • 20#.##.9.238:8080
  • 19#.##4.187.38:8080
  • 97.###.188.251:8080
  • 26.###.107.240:80
  • 14#.#0.87.69:81
  • 91.##.181.90:80
  • 21.###.80.213:8081
  • 13#.##.175.35:8080
  • 13#.##.116.203:8080
  • 16#.##5.145.94:8080
  • 24.##.204.145:80
  • 22#.##.10.73:8080
  • 11#.##1.92.86:81
  • 20#.###.226.148:8080
  • 13#.##6.70.230:8080
  • 71.###.239.33:80
  • 11#.##.58.69:8080
  • 17#.##1.50.63:8080
  • 20#.##1.55.183:8080
  • 21#.#9.58.31:80
  • 21#.###.222.64:37215
  • 16#.###.250.131:8081
  • 85.###.72.248:80
  • 69.###.135.116:80
  • 94.##.227.37:8080
  • 84.###.55.97:8080
  • 19#.##4.94.76:81
  • 21#.#.175.227:8081
  • 79.###.58.3:8080
  • 13#.###.224.113:8080
  • 28.##.111.203:8080
  • 21#.##5.151.23:80
  • 15#.#1.86.91:80
  • 11#.##.138.160:80
  • 12#.##.79.162:80
  • 26.##.204.209:80
  • 42.###.97.200:80
  • 24.###.252.115:81
  • 37.###.244.78:49152
  • 12#.##.123.86:80
  • 16.##3.7.175:81
  • 92.###.247.127:8080
  • 98.##.251.157:49152
  • 33.###.73.205:37215
  • 5.###.254.122:8081
  • 19#.##1.31.183:5555
  • 20#.##8.119.209:80
  • 10#.##0.48.177:8443
  • 14#.##.48.233:49152
  • 35.###.23.171:37215
  • 57.##.147.41:37215
  • 25.##.111.83:8181
  • 76.##.8.137:80
  • 57.###.85.136:8080
  • 66.##.149.0:8443
  • 20#.##7.248.184:80
  • 89.#.#5.218:37215
  • 59.###.101.141:8080
  • 19#.##.46.101:5555
  • 18#.###.151.239:8181
  • 20.##.141.151:80
  • 29.##.58.102:80
  • 15#.##3.67.206:8081
  • 10#.##2.18.119:8181
  • 29.###.50.219:8443
  • 20#.##.223.119:8081
  • 16#.##3.16.230:8081
  • 96.###.229.187:80
  • 67.###.236.204:81
  • 14#.###.167.171:8081
  • 66.###.187.67:5555
  • 17#.##9.173.21:8080
  • 16#.##.232.52:80
  • 20#.###.117.194:7574
  • 16#.##8.254.8:8080
  • 79.###.238.102:80
  • 79.###.101.129:80
  • 16.##.207.65:49152
  • 44.##.230.129:8080
  • 73.##.75.152:8081
  • 16#.#.98.74:49152
  • 19#.##.231.67:80
  • 21#.##.235.50:80
  • 17#.##4.251.214:80
  • 46.###.71.253:80
  • 22#.###.173.197:49152
  • 13#.##0.95.80:8080
  • 31.###.189.254:80
  • 18#.##2.3.67:8443
  • 12#.###.113.251:8080
  • 37.##.7.206:80
  • 59.#.#05.202:5555
  • 48.###.17.44:49152
  • 60.###.110.73:81
  • 13#.##4.30.40:80
  • 14.##.96.189:8181
  • 35.###.122.239:8081
  • 82.##1.49.78:80
  • 14#.##7.66.196:5555
  • 19#.##.213.16:8080
  • 2.###.56.125:8081
  • 13#.##.69.112:7574
  • 80.###.195.238:80
  • 13.##.77.198:8080
  • 87.###.102.205:49152
  • 10#.###.190.251:8081
  • 14#.##7.82.137:80
  • 19.##.9.91:5555
  • 35.##.238.204:5555
  • 13#.##.39.113:8443
  • 16#.##1.14.231:80
  • 16#.##.3.63:49152
  • 14#.##.11.88:8443
  • 79.###.179.152:8081
  • 51.###.101.19:8080
  • 12#.##.112.45:8080
  • 15#.##9.123.188:80
  • 15#.###.119.176:8181
  • 19#.##5.193.2:52869
  • 15#.#.177.119:80
  • 19.###.185.113:8080
  • 15#.##5.40.65:80
  • 1.###.208.103:8080
  • 19#.##3.162.69:8080
  • 14#.##5.187.43:80
  • 16#.#1.132.6:80
  • 12#.##3.130.104:80
  • 38.###.218.141:8080
  • 16#.##1.9.84:8081
  • 67.###.27.74:5555
  • 18#.##.175.159:8080
  • 16#.##.110.136:8081
  • 91.###.101.62:80
  • 21.##.30.81:80
  • 10#.##.94.117:8080
  • 79.###.185.73:8081
  • 11#.##1.46.226:8080
  • 20#.###.240.59:60001
  • 21#.##8.188.25:8080
  • 12#.##.114.57:80
  • 10#.##6.227.24:5555
  • 30.##.181.26:8081
  • 19#.##8.217.95:80
  • 21.###.54.31:8081
  • 83.###.248.179:60001
  • 1.##.#8.43:60001
  • 19#.#.249.176:8081
  • 15#.##.227.183:49152
  • 13#.##.48.232:80
  • 9.###.197.232:80
  • 95.##.252.249:8080
  • 18#.###.106.183:8080
  • 26.###.54.126:8181
  • 20#.##.109.105:5555
  • 14#.##.227.196:80
  • 62.##.79.245:8181
  • 3.##.188.200:80
  • 18#.##4.95.227:7574
  • 22#.##1.210.179:80
  • 17#.##2.69.20:8081
  • 73.###.169.138:80
  • 21#.##3.213.89:8181
  • 40.###.209.63:8443
  • 11#.##.89.52:52869
  • 52.###.225.102:80
  • 49.###.173.41:81
  • 10#.#.27.112:5555
  • 43.###.129.121:80
  • 12#.##9.246.40:81
  • 17#.##.104.170:8080
  • 12#.##9.19.111:80
  • 18#.##7.157.23:80
  • 20#.###.180.43:52869
  • 18#.##5.12.119:80
  • 89.###.204.45:80
  • 17#.##.249.215:80
  • 16#.#.145.143:8080
  • 17#.###.205.188:8080
  • 96.###.114.248:7574
  • 11#.##1.127.98:8081
  • 74.##.236.63:80
  • 21#.##3.246.10:8181
  • 36.#.#4.180:8081
  • 85.###.51.223:80
  • 96.###.198.53:8080
  • 17#.##.61.119:5555
  • 20#.##1.153.99:8080
  • 43.#.#6.73:60001
  • 13#.###.246.191:60001
  • 16#.##.81.161:80
  • 92.###.201.126:80
  • 18#.###.128.74:60001
  • 19#.##4.42.107:81
  • 13#.##2.143.48:5555
  • 26.##8.88.27:80
  • 14#.##.202.79:8080
  • 81.##.162.57:37215
  • 25.###.158.133:80
  • 10#.##4.46.250:8081
  • 24.###.37.236:80
  • 13.###.250.5:60001
  • 81.###.192.104:80
  • 21#.##9.40.237:8080
  • 15#.##.250.188:8081
  • 17#.##.177.222:80
  • 38.###.108.201:80
  • 11#.##7.5.15:8081
  • 73.###.38.125:8443
  • 48.###.25.109:80
  • 18#.#18.3.81:80
  • 12#.##6.21.138:81
  • 52.###.177.236:80
  • 49.#.#79.249:8181
  • 12#.##8.237.253:80
  • 53.###.105.69:49152
  • 16#.###.171.137:60001
  • 19#.##9.158.188:80
  • 17#.##6.213.60:8080
  • 21#.#.207.52:60001
  • 39.##.55.172:8080
  • 55.###.254.123:8080
  • 30.###.225.151:8080
  • 13#.##.91.188:80
  • 20#.##.129.101:8080
  • 15.##.201.79:8080
  • 19#.##8.217.82:80
  • 21#.###.57.215:52869
  • 10#.##.73.123:8080
  • 93.###.198.246:52869
  • 17#.##.21.222:49152
  • 49.##.185.21:80
  • 23.###.1.38:60001
  • 11#.###.210.92:49152
  • 14#.##3.125.231:80
  • 39.###.237.200:80
  • 12#.###.115.107:5555
  • 66.###.20.0:8443
  • 12#.##.100.16:60001
  • 17#.###.252.137:60001
  • 20#.##.37.6:8080
  • 13#.##6.87.196:8080
  • 10#.#8.91.61:80
  • 18#.##0.42.189:8081
  • 96.##.229.226:8081
  • 65.###.198.81:8080
  • 20#.##9.31.137:80
  • 13.###.126.199:81
  • 65.###.157.233:8080
  • 40.###.165.134:8080
  • 14#.##.100.74:5555
  • 29.##.21.194:60001
  • 15#.##6.201.144:81
  • 13#.##.121.93:52869
  • 16#.##6.226.31:8080
  • 18#.##7.35.60:80
  • 4.##.#28.102:37215
  • 16#.###.218.139:8080
  • 25.##.13.248:80
  • 20#.###.118.151:49152
  • 48.###.18.40:7574
  • 18#.##7.231.184:80
  • 6.###.119.60:80
  • 12.###.248.157:80
  • 53.###.109.195:8080
  • 18#.##.240.151:8080
  • 46.###.23.170:80
  • 20#.##7.157.137:80
  • 15#.###.124.27:49152
  • 14#.##6.129.190:80
  • 11#.##0.239.115:80
  • 43.##.7.102:8080
  • 1.###.197.189:8081
  • 64.##.238.198:8080
  • 90.###.177.45:8080
  • 21#.##6.80.210:8080
  • 50.#.105.44:80
  • 10#.##0.44.230:80
  • 29.##.181.41:80
  • 15#.##6.234.4:8443
  • 18#.##2.240.210:80
  • 12#.##3.175.119:80
  • 19#.##1.168.229:80
  • 20#.##4.8.60:7574
  • 66.###.236.14:8080
  • 18#.###.186.172:8181
  • 14#.##3.181.4:8080
  • 17#.##.206.200:49152
  • 78.###.146.195:8081
  • 27.##.52.22:37215
  • 21#.##4.177.115:80
  • 13#.##.227.79:80
  • 11#.##.77.16:8080
  • 26.##.191.54:8080
  • 26.###.83.36:8081
  • 10#.##.97.135:5555
  • 15#.##0.214.112:80
  • 96.###.202.121:80
  • 20#.##.43.252:8081
  • 12#.#.120.73:80
  • 2.###.83.230:8080
  • 18#.###.103.238:5555
  • 17#.##9.116.59:80
  • 17#.##.132.68:8443
  • 50.##.148.122:8080
  • 20#.##.50.151:8080
  • 73.##.64.79:80
  • 16#.##8.103.144:80
  • 21#.###.234.63:60001
  • 20#.##.28.103:81
  • 15.###.90.81:8081
  • 59.##.4.197:5555
  • 27.##.149.107:80
  • 93.###.38.97:52869
  • 89.##.217.70:8080
  • 12#.##2.200.88:80
  • 93.#.#46.190:8081
  • 19.##.0.232:37215
  • 31.###.232.223:80
  • 7.###.222.248:8080
  • 56.###.153.176:5555
  • 45.##.28.252:49152
  • 15#.##.178.55:8080
  • 15#.###.27.246:37215
  • 4.###.230.16:49152
  • 13#.###.232.150:8080
  • 12#.##.84.74:60001
  • 54.###.205.97:8080
  • 16#.##0.38.231:81
  • 16#.##0.23.122:81
  • 89.###.128.203:80
  • 98.###.31.225:8081
  • 49.##.90.88:49152
  • 65.###.74.91:52869
  • 18#.##.103.193:80
  • 21#.##.83.154:80
  • 37.##.22.21:80
  • 20#.##6.74.208:7574
  • 20#.##.188.165:80
  • 16.##.224.142:8080
  • 16#.###.241.65:37215
  • [:##]:8080
  • 12#.###.139.181:8080
  • 18#.#.254.24:8081
  • 17#.##0.98.50:8080
  • 127.0.0.1:8080
  • 15#.##9.94.24:80
  • 55.###.161.65:8181
  • 15#.##.42.68:8081
  • 18#.##.197.196:37215
  • 17#.##0.211.252:80
  • 17#.##4.49.38:80
  • 92.##.189.250:8181
  • 36.##.90.80:80
  • 13#.##4.77.83:8080
  • 52.###.53.197:8080
  • 15.###.171.166:8080
  • 19#.##9.89.37:8080
  • 17#.#.146.123:8080
  • 45.###.209.181:8080
  • 10#.##.249.49:80
  • 55.###.0.50:8080
  • 21#.###.115.166:52869
  • 18#.###.93.146:37215
  • 20#.##.155.243:8080
  • 16.##.126.71:8181
  • 57.###.213.224:8080
  • 12.#.#6.224:49152
  • 22#.#6.41.20:80
  • 10#.##.125.228:8080
  • 20#.##4.162.56:80
  • 14#.##4.171.253:81
  • 13#.##.236.54:80
  • 53.##.201.206:37215
  • 14#.##.110.172:7574
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
  • http://###.###.##.######aform/admin/formLogin?username=admin&psd=admin
Other HTTP requests:
  • http://###.###.95.231HTTP/1.0
Sends data to the following servers:
  • 23#.###.255.250:1900
  • 94.##.235.3:23
  • 34.##.141.177:23
  • 18#.##5.138.170:23
  • 16#.##3.225.118:23
  • 5.###.85.133:23
  • 11#.#7.164.1:23
  • 16#.##.176.34:23
  • 21#.##.173.123:23
  • 14#.##1.254.242:23

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number