Linux.Siggen.7154

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

e28081

Kills the following processes:

systemd
kthreadd
ksoftirqd/0
kworker/0:0
kworker/0:0H
watchdog/0
khelper
kdevtmpfs
netns
khungtaskd
writeback
ksmd
crypto
kintegrityd
bioset
kblockd
kswapd0
fsnotify_mark
kthrotld
ipv6_addrconf
deferwq
kworker/u2:1
kpsmoused
scsi_eh_0
scsi_tmf_0
kworker/0:1H
kworker/u2:2
jbd2/sda1-8
ext4-rsv-conver
kauditd
kworker/0:3
systemd-journal
systemd-udevd
rpciod
nfsiod
systemd-logind
kworker/0:1
dhclient
kworker/0:2
9bc2fd2a
systemd-cgroups

Network activity:

Awaits incoming connections on ports:

127.0.0.1:33337

Establishes connection:

8.#.8.8:53
45.###.232.208:33335

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

DNS ASK:

ro##me.xyz

Sends data to the following servers:

45.###.232.208:33335
1.##.28.131:23
24#.##6.49.155:23
44.###.89.116:23
18.###.51.198:23
68.###.184.174:23
17#.##5.229.54:23
30.###.103.197:23
23#.##.139.124:23
79.##.65.187:23
24#.##2.200.42:23
17#.##1.160.180:23
14#.##2.19.135:23
23#.##.30.230:23
20#.##.21.155:23
25.##.187.95:23
27.###.167.48:23
16#.##2.215.74:23
73.##.157.127:23
12#.##6.158.18:23
23#.##.213.188:23
17#.##9.220.229:23
10#.##.149.119:23
38.###.68.240:23
77.###.150.83:23
23#.##8.59.221:23
12#.##3.218.9:23
76.##.189.91:23
18#.##9.168.180:23
18#.##.188.96:23
10#.##4.231.225:23
15#.#1.5.167:23
71.##.5.195:23
10#.#.79.30:23
15#.#0.17.3:23
19#.##4.176.54:23
19#.##1.211.40:23
13#.##7.89.67:23
84.###.72.140:23
11#.##7.219.236:23
25#.##4.178.235:23
11#.#.15.9:23
21.###.56.143:23
18#.##2.209.181:23
73.##.247.6:23
29.##.245.218:23
11#.##7.155.11:23
17#.##4.240.75:23
24#.##0.11.103:23
78.##.26.38:23
13#.#86.5.68:23
51.##.233.208:23
14#.##9.83.199:23
20.##.88.5:23
1.##.61.175:23
18#.##7.90.162:23
18#.##7.37.88:23
13#.##9.57.122:23
89.###.110.33:23
12#.##.91.204:23
38.###.148.197:23
12#.##.28.210:23
18#.##2.30.155:23
66.##.111.154:23
85.##.135.17:23
98.##.246.154:23
86.##2.55.78:23
24#.##5.180.208:23
18#.##5.75.137:23
21#.##.151.219:23
11#.##5.204.23:23
41.##8.108.1:23
77.###.116.241:23
18#.##.216.69:23
21#.##.209.13:23
15#.##7.235.51:23
17#.##6.52.33:23
13#.##0.177.161:23
46.###.167.248:23
14.###.230.74:23
10#.##.124.85:23
27.##.190.133:23
20#.#.23.238:23
25#.##9.118.154:23
76.###.249.188:23
17#.##9.200.222:23
20#.##6.69.51:23
34.##.126.171:23
13#.##0.81.211:23
93.##.227.175:23
17#.##.200.78:23
23#.##1.17.127:23
17#.##.104.116:23
10#.##3.185.118:23
16#.##.170.176:23
72.###.166.172:23
22.##.249.197:23
13#.##3.147.173:23
25#.##2.10.97:23
52.##.93.27:23
22#.##4.43.185:23
23#.##9.215.112:23
21#.##.127.129:23
12#.##4.63.137:23
15#.##1.72.51:23
10#.##.228.196:23
18#.##1.65.163:23
23#.##6.103.29:23
16#.##.125.72:23
21#.##5.69.114:23
43.###.143.80:23
23#.#4.10.64:23
23#.##.195.102:23
18#.#43.61.5:23
24#.#1.86.48:23
10#.##8.10.72:23
16#.##7.234.57:23
19#.##6.60.152:23
17#.##.156.91:23
12#.##3.183.236:23
22#.#.87.193:23
16#.#22.82.0:23
23#.##4.187.252:23
21#.##.152.244:23
16#.#9.1.70:23
72.##2.4.90:23
44.###.88.156:23
12#.##8.219.234:23
31.##.60.48:23
23#.#.85.0:23
32.###.163.17:23
95.##.245.222:23
24.###.93.254:23
10#.##3.253.196:23
21#.##9.195.115:23
16#.##8.230.154:23
50.###.86.173:23
62.##.11.224:23
24#.##5.169.133:23
25#.##.34.215:23
1.##.180.40:23
1.###.139.95:23
69.##.246.214:23
11#.##3.225.80:23
13#.##3.24.41:23
39.#.167.86:23
26.###.100.106:23
6.##.244.153:23
58.###.197.191:23
13#.##3.33.148:23
24#.##0.127.116:23
53.##.114.123:23
40.##.116.233:23
62.##.226.75:23
67.##.98.223:23
26.##.169.112:23
5.###.11.18:23
21#.##2.143.153:23
3.###.157.121:23
44.###.218.65:23
18#.##5.218.239:23
39.##.27.104:23
12.###.158.242:23
16#.##9.30.158:23
75.##.215.196:23
3.###.185.61:23
19#.##0.223.247:23
38.###.186.104:23
10#.##0.214.204:23
25.###.175.106:23
12#.##5.54.240:23
75.##.57.178:23
3.###.62.190:23
63.###.202.236:23
16#.##1.181.243:23
4.###.26.17:23
71.###.23.230:23
14#.##0.104.90:23
24#.##.149.48:23
11.##9.50.3:23
23#.##8.93.166:23
94.###.129.179:23
20.#.226.54:23
13#.##.155.218:23
86.###.251.132:23
13#.##.107.85:23
21#.##0.28.17:23
62.###.64.187:23
20#.##.142.17:23
94.#.124.74:23
58.##7.54.92:23
10#.##3.192.44:23
62.###.243.15:23
10#.##.218.65:23
20#.##2.209.138:23
21#.##5.184.191:23
24#.##6.91.244:23
19#.##2.48.241:23
22#.##.121.97:23
19#.##.208.243:23
20#.##9.205.117:23
19#.#.66.144:23
25#.##.170.196:23
18#.#1.28.0:23
15#.##4.148.219:23
22#.##1.21.249:23
10#.##0.82.96:23
14#.#46.89.2:23
83.##.185.150:23
19#.#4.86.59:23
3.###.138.111:23
20#.##.10.167:23
12#.##2.165.0:23
17.##.12.217:23
66.###.186.114:23
24#.##7.174.22:23
23#.##.75.111:23
21.###.109.246:23
41.###.171.33:23
14#.##0.131.88:23
13.###.105.186:23
24#.##7.110.102:23
63.###.168.231:23
14#.##9.227.55:23
24#.##.106.255:23
90.##.42.108:23
11#.#7.5.95:23
11#.##2.48.92:23
23#.##2.30.170:23
24#.##9.54.114:23
5.###.68.88:23
25#.#9.6.195:23
47.###.167.43:23
93.###.40.153:23
18#.##.137.240:23
60.##2.44.71:23
10#.#31.13.5:23
21#.##6.31.106:23
24#.##.66.184:23
20#.##7.6.233:23
24#.##.204.10:23
70.###.118.22:23
58.##5.1.199:23
11#.#4.58.40:23
12#.#15.5.64:23
22#.#5.125.1:23
16#.##3.18.234:23
93.##.64.140:23
24#.##8.152.78:23
10#.##.65.120:23
20#.#64.1.27:23
89.###.158.234:23
18#.##0.200.196:23
44.#.156.169:23
12#.##7.126.48:23
1.###.223.131:23
22#.#2.31.86:23
14#.##6.7.186:23

Receives data from the following servers:

45.###.232.208:33335

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Technical Information

Curing recommendations