Linux.Siggen.7145

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

e28081

Kills system processes:

sshd

Kills the following processes:

systemd
kthreadd
ksoftirqd/0
kworker/0:0
kworker/0:0H
watchdog/0
khelper
kdevtmpfs
netns
khungtaskd
writeback
ksmd
crypto
kintegrityd
bioset
kblockd
kswapd0
fsnotify_mark
kthrotld
ipv6_addrconf
deferwq
kworker/u2:1
kpsmoused
scsi_eh_0
scsi_tmf_0
kworker/0:1H
kworker/u2:2
jbd2/sda1-8
ext4-rsv-conver
kauditd
kworker/0:3
systemd-journal
systemd-udevd
rpciod
nfsiod
systemd-logind
kworker/0:1
dhclient
kworker/0:2
9bc2fd2a

Network activity:

Awaits incoming connections on ports:

127.0.0.1:33337

Establishes connection:

8.#.8.8:53
45.###.232.208:33335

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

DNS ASK:

ro##me.xyz

Sends data to the following servers:

45.###.232.208:33335
62.##9.19.72:23
72.###.153.26:23
5.##.101.240:23
14#.##6.54.39:23
26.##.77.216:23
19#.##.54.253:23
1.###.223.129:23
23.##4.198.0:23
19.###.179.150:23
14.###.104.37:23
87.##.240.72:23
11#.##7.88.113:23
76.###.63.181:23
14#.##.201.29:23
21#.##9.207.74:23
24#.##8.87.200:23
45.##8.60.58:23
99.##.74.231:23
15#.##3.236.252:23
12#.#9.1.160:23
55.##.179.126:23
7.###.133.104:23
94.###.157.163:23
25.##0.81.16:23
67.##6.85.81:23
17#.##4.88.99:23
81.##.30.149:23
23#.##7.4.245:23
55.#.7.72:23
22#.##3.184.52:23
14#.##.233.214:23
15#.#20.4.85:23
18#.##7.228.145:23
17#.##4.189.86:23
59.###.254.68:23
23#.#.128.171:23
21.###.253.255:23
12#.##8.66.209:23
77.##.189.212:23
42.##3.25.27:23
20#.##4.233.169:23
56.###.71.215:23
31.###.193.63:23
38.##.249.204:23
17#.##9.88.66:23
32.##.125.157:23
12#.##4.174.1:23
15#.##9.109.167:23
22#.##9.78.180:23
84.##.70.71:23
15#.##.218.214:23
21#.##9.189.82:23
68.##.155.168:23
55.##.68.70:23
11#.##.141.201:23
19#.##3.179.21:23
22#.##0.28.96:23
12#.##7.219.155:23
12#.#.20.13:23
37.###.228.59:23
57.##.204.221:23
39.##3.87.37:23
15#.##.154.31:23
18#.##5.248.17:23
70.##.35.52:23
12#.##.205.174:23
18#.##0.148.111:23
38.##.188.187:23
24#.#5.38.39:23
10#.##9.182.181:23
65.###.200.48:23
94.##.195.155:23
17#.##.172.109:23
63.##.213.23:23
31.##.220.168:23
49.##.30.176:23
14#.##.104.76:23
12.##.153.61:23
91.###.206.28:23
17#.##.250.181:23
18#.##8.54.44:23
11#.##.69.120:23
35.##.69.249:23
13#.##2.30.25:23
19#.##3.16.66:23
48.###.29.231:23
17#.##2.132.153:23
14#.##9.3.246:23
16#.##6.224.244:23
23#.##.68.216:23
19#.##1.47.141:23
81.###.76.202:23
17#.#1.94.25:23
92.###.161.243:23
71.##.122.144:23
6.###.92.57:23
19#.##4.180.3:23
20#.##4.45.153:23
90.##.223.146:23
80.##.187.212:23
20#.##4.13.81:23
17#.##3.179.75:23
67.##.136.17:23
15#.##1.26.190:23
6.###.155.60:23
92.###.54.171:23
18.###.155.34:23
2.##.77.52:23
33.##.148.9:23
91.###.75.176:23
21#.#9.66.49:23
20#.##6.138.173:23
21#.##0.130.105:23
29.##6.48.52:23
54.###.255.244:23
90.##.118.164:23
13#.##9.142.8:23
12#.##8.81.135:23
19#.##2.114.161:23
13#.#.187.62:23
10#.##2.11.55:23
10#.##9.55.118:23
83.###.215.112:23
96.##.203.91:23
14#.##.145.62:23
19#.##2.245.209:23
62.##.109.203:23
22#.#8.121.7:23
73.##.100.107:23
3.###.221.126:23
17#.##4.203.238:23
11#.##.228.24:23
18.##5.30.40:23
11#.##3.67.89:23
14#.##8.69.140:23
12#.##.203.130:23
23#.##5.216.52:23
11#.##2.234.3:23
53.#.227.176:23
24#.##.241.174:23
12#.##5.125.245:23
17.###.132.194:23
23#.##0.61.248:23
21#.#.19.80:23
27.##.75.0:23
14#.##3.5.187:23
11#.##1.4.208:23
12#.##.164.180:23
12#.##9.116.35:23
64.###.236.66:23
14#.##.220.109:23
31.##.76.36:23
10#.##7.116.124:23
13#.##.148.167:23
16#.##8.199.146:23
13#.##2.155.128:23
15#.##2.112.216:23
11#.##3.119.155:23
15#.##.124.26:23
25#.##8.169.52:23
17#.#5.32.55:23
22#.##9.1.114:23
97.##.235.84:23
15#.##1.94.10:23
61.##2.45.96:23
18#.##3.254.129:23
13#.##2.76.250:23
12#.##4.197.253:23
15#.##4.57.245:23
19#.##3.166.176:23
19#.##1.138.36:23
78.###.29.115:23
13#.##.33.123:23
66.##9.25.19:23
22#.##.73.212:23
21#.##.183.25:23
16#.##.100.215:23
25#.##7.206.224:23
14#.##.42.107:23
50.##7.65.88:23
51.###.75.149:23
23#.##.85.145:23
17#.##7.83.30:23
17#.##1.230.185:23
19#.##6.248.99:23
19#.#5.46.75:23
17#.##1.21.180:23
90.###.159.141:23
19#.##.76.231:23
23#.##5.90.16:23
71.###.176.136:23
18#.##8.124.166:23
81.##.195.140:23
22#.#3.2.221:23
17#.##9.150.32:23
21#.#3.33.63:23
21#.##1.190.206:23
26.###.234.14:23
18#.##.26.123:23
20#.##0.50.128:23
19#.##.206.121:23
21#.##5.183.123:23
79.##.118.100:23
44.###.215.239:23
15#.##.237.124:23
74.###.203.74:23
13#.##1.99.137:23
14#.##.61.252:23
10#.##6.187.146:23
13#.##.185.171:23
26.##.43.118:23
20#.##.143.79:23
12#.##0.39.44:23
27.##.187.110:23
79.###.115.253:23
20#.##3.92.249:23
52.##.91.121:23
53.###.217.103:23
17.###.110.215:23
32.###.163.183:23
21#.##5.136.196:23
62.##.79.175:23
25#.##3.37.152:23
12#.##.212.176:23
12#.##3.15.11:23
20.##.11.197:23
14#.##0.236.156:23
70.##8.96.62:23
18.##.41.122:23
12#.##.120.129:23
51.###.210.252:23
1.###.78.150:23
21#.##3.163.33:23
21#.##.197.119:23
86.###.197.159:23
15#.##3.91.78:23
12#.##4.182.245:23
63.##.85.2:23
10#.##4.211.14:23
22.##.6.57:23
21#.##.122.215:23
14#.##7.57.157:23
11#.##8.54.18:23
68.##.104.162:23
13#.##0.249.253:23
31.###.125.138:23
90.###.36.176:23
17.##.11.149:23
59.#.239.13:23
23#.##8.248.190:23
16#.##6.208.204:23
11#.##.148.227:23
12#.##3.172.206:23
79.##4.0.132:23
22.##8.29.40:23
38.##1.88.1:23

Receives data from the following servers:

45.###.232.208:33335

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Technical Information

Curing recommendations