La mia libreria
La mia libreria

+ Aggiungi alla libreria

Supporto
Supporto 24/7 | Regole per contattare

Richieste

Profile

Linux.Siggen.3988

Aggiunto al database dei virus Dr.Web: 2021-06-22

La descrizione è stata aggiunta:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • /etc/rc.local
Malicious functions:
Gains root privileges
Launches itself as a daemon
Substitutes application name for:
  • khVZhMGhGSWa
Kills system processes:
  • sshd
Network activity:
Awaits incoming connections on ports:
  • 0.0.0.0:1
Establishes connection:
  • 1.#.1.1:53
  • 13#.##4.41.164:1
  • 12#.##0.211.21:5555
  • 16#.##6.69.111:5555
  • 22#.##.10.114:5555
  • 8.###.201.13:5555
  • 81.##.167.95:5555
  • 21#.##7.98.2:5555
  • 22#.##3.199.35:5555
  • 57.###.236.37:5555
  • 20#.#.54.90:5555
  • 21#.##3.104.79:5555
  • 17#.##6.128.0:5555
  • 16#.##0.51.76:5555
  • 24#.##.226.60:5555
  • 22#.##.82.84:5555
  • 14#.##6.193.44:5555
  • 54.##.79.19:5555
  • 20#.##1.15.120:5555
  • 22#.##.218.26:5555
  • 16#.##3.34.127:5555
  • 69.###.98.52:5555
  • 22#.##.253.19:5555
  • 17#.##7.57.63:5555
  • 19#.##1.140.74:5555
  • 34.###.24.34:5555
  • 15#.###.141.103:5555
  • 11#.##0.184.24:5555
  • 17#.###.185.111:5555
  • 11#.##.9.109:5555
  • 23#.##.207.76:5555
  • 18#.##.123.98:5555
  • 14.###.7.60:5555
  • 11#.##3.200.46:5555
  • 19#.##.97.49:5555
  • 17#.##9.142.15:5555
  • 25#.##5.30.62:5555
  • 14#.##3.219.87:5555
  • 11#.##7.3.57:5555
  • 22#.###.142.111:5555
  • 18#.##.241.46:5555
  • 39.##.62.26:5555
  • 96.###.252.62:5555
  • 16#.###.241.109:5555
  • 32.#.#30.89:5555
  • 23#.##.192.84:5555
  • 20#.##7.26.3:5555
  • 22#.##3.90.71:5555
  • 66.##.178.96:5555
  • 40.###.22.87:5555
  • 17.###.47.15:5555
  • 74.###.252.10:5555
  • 24#.##.196.33:5555
  • 71.###.233.110:5555
  • 15#.##.10.118:5555
  • 23#.###.100.126:5555
  • 23#.##.151.35:5555
  • 13#.##4.155.75:5555
  • 76.##.203.112:5555
  • 74.##.244.16:5555
  • 11#.##4.1.23:5555
  • 23#.#.139.24:5555
  • 20#.##1.155.92:5555
  • 21#.##6.60.56:5555
  • 22#.##7.52.63:5555
  • 18#.##3.110.44:5555
  • 12.###.18.21:5555
  • 16#.##.151.74:5555
  • 22#.##.60.81:5555
  • 16#.##.59.68:5555
  • 71.##.109.107:5555
  • 63.##.253.43:5555
  • 23#.##6.65.88:5555
  • 20#.##7.176.82:5555
  • 20#.###.110.101:5555
  • 97.##.76.65:5555
  • 24.###.73.76:5555
  • 27.#.#53.101:5555
  • 11#.##.21.96:5555
  • 2.##.#0.103:5555
  • 23#.#.189.43:5555
  • 68.###.108.121:5555
  • 46.###.32.64:5555
  • 85.##.237.49:5555
  • 13#.##5.97.26:5555
  • 16#.##.53.11:5555
  • 93.##.193.67:5555
  • 11#.##.149.45:5555
  • 20#.##.232.118:5555
  • 19#.##.23.65:5555
  • 21#.##0.92.36:5555
  • 25#.##4.128.33:5555
  • 18#.##.57.25:5555
  • 38.##.173.59:5555
  • 91.#.0.75:5555
  • 23.##.60.91:5555
  • 12#.##.176.27:5555
  • 22#.#.144.70:5555
  • 25#.##0.155.77:5555
  • 17#.##5.201.66:5555
  • 10#.##.45.23:5555
  • 23#.##2.151.2:5555
  • 13#.##3.153.81:5555
  • 34.###.55.78:5555
  • 11#.###.100.124:5555
  • 25#.##7.141.71:5555
  • 11#.##.100.3:5555
  • 15#.###.233.110:5555
  • 15#.##.162.29:5555
  • 95.###.69.23:5555
  • 18#.##1.86.0:5555
  • 23#.##.96.119:5555
  • 12#.##.227.14:5555
  • 99.###.191.29:5555
  • 81.###.168.27:5555
  • 15#.##0.96.114:5555
  • 17#.##.167.42:5555
  • 63.###.34.32:5555
  • 2.##.41.28:5555
  • 12#.##1.182.34:5555
  • 24#.##7.41.5:5555
  • 25#.##.175.106:5555
  • 17#.##3.226.11:5555
  • 66.##.25.105:5555
  • 12#.##.201.65:5555
  • 42.##.121.24:5555
  • 23#.##.192.15:5555
  • 24#.##.206.40:5555
  • 32.###.22.125:5555
  • 65.##.190.99:5555
  • 42.##6.2.1:5555
  • 15#.##.50.49:5555
  • 21#.##9.145.16:5555
  • 14.##.166.105:5555
  • 16.###.13.28:5555
  • 22#.##6.226.73:5555
  • 93.###.183.118:5555
  • 15#.##.176.47:5555
  • 15#.###.196.102:5555
  • 17#.##6.78.101:5555
  • 24#.##.23.46:5555
  • 80.##.88.74:5555
  • 15#.##.75.122:5555
  • 12.###.122.57:5555
  • 96.###.248.44:5555
  • 10#.##.202.11:5555
  • 22#.###.167.124:5555
  • 13#.##.37.21:5555
  • 47.##.147.91:5555
  • 19#.##.165.94:5555
  • 72.###.6.93:5555
  • 72.##.200.121:5555
  • 58.##.160.119:5555
  • 12#.##7.226.64:5555
  • 18.##.183.47:5555
  • 13#.##5.78.121:5555
  • 25#.##.50.48:5555
  • 17#.##3.251.52:5555
  • 16#.#.151.20:5555
  • 42.###.86.105:5555
  • 21#.##6.190.26:5555
  • 24#.###.113.108:5555
  • 15#.##2.167.35:5555
  • 12#.###.131.126:5555
  • 54.##.11.92:5555
  • 16.###.10.82:5555
  • 22#.##8.155.52:5555
  • 24#.##2.95.80:5555
  • 12#.##1.119.85:5555
  • 17#.##6.117.4:5555
  • 18#.##9.71.71:5555
  • 24#.##.40.113:5555
  • 82.###.192.54:5555
  • 23#.##.114.73:5555
  • 53.###.222.116:5555
  • 22#.##2.204.22:5555
  • 11#.##7.103.97:5555
  • 77.###.156.78:5555
  • 72.###.225.24:5555
  • 13#.##.177.45:5555
  • 43.###.99.113:5555
  • 24#.##4.209.89:5555
Attacks using a special dictionary (brute-force technique) via the SSH protocol
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 13#.##4.41.164:1
  • 14#.##4.69.130:23
  • 24.#.31.36:23
  • 62.###.127.249:23
  • 20#.##6.10.30:23
  • 10#.##.138.56:23
  • 47.##.181.17:23
  • 20#.##0.199.203:23
  • 10#.##6.253.54:23
  • 10#.##4.19.195:23
  • 42.###.42.160:23
  • 19#.##.180.214:23
  • 17#.##2.213.23:23
  • 10#.#56.32.2:23
  • 39.###.183.165:23
  • 20#.##8.166.230:23
  • 11#.##6.95.223:23
  • 18#.##.141.215:23
  • 15#.##7.66.144:23
  • 19#.#4.97.49:0
  • 0.0.0.0:0
  • 11#.#8.9.109:0
  • 27.#.153.101:0
  • 74.##.244.16:5555
  • 12.###.18.21:5555
  • 20#.##.232.118:0
  • 12#.#8.201.65:0
  • 16.###.13.28:5555
  • 15#.#8.50.49:0
  • 15#.##2.167.35:5555
  • 16#.#.151.20:5555
Receives data from the following servers:
  • 13#.##4.41.164:1

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number