Linux.Lady.35

Technical Information

Malicious functions:

Launches itself as a daemon

Gets access to SSH keys

/root/.ssh/authorized_keys

Launches processes:

/usr/bin/getconf CLK_TCK
<SAMPLE_FULL_PATH>
/usr/bin/lsb_release

Kills the following processes:

/usr/bin/lsb_release

Performs operations with the file system:

Creates folders:

/tmp/.ddg
/root/.ssh

Creates or modifies files:

/tmp/.ddg/3016.lock

Network activity:

Establishes connection:

8.#.8.8:53
21#.#39.34.21:9
21#.#39.32.21:9
21#.#39.38.21:9
21#.#39.36.21:9
[2#######0:c000:1000::501]:9
95.##1.0.137:9
95.##1.0.145:9
52.##0.125.74:9
52.###.143.163:9
34.##3.102.38:9
66.###.248.178:9
18.##3.42.138:9
34.##6.82.108:9
52.###.139.131:9
95.###.190.198:7946
12#.##.217.178:7946
20#.###.249.211:7946
47.##.28.132:7946
13#.###.144.127:7946
42.##.46.43:7946
47.##.189.65:7946
10#.##1.31.44:7946
13#.##2.48.113:7946
47.##.181.195:7946
23.###.199.24:7946
12#.##6.75.191:7946
13#.###.132.121:7946
12#.##.241.156:7947
12#.##.40.245:7947

HTTP GET requests:

v4.##ent.me/
ip##.#canhazip.com/
ip###o.io/ip
ip####.net/plain
wh#####yip.akamai.com/
bo#.####ismyipaddress.com/
ch#####.amazonaws.com/

Sends data to the following servers:

8.#.8.8:53
13#.###.132.121:7946
[:#######18.24.122.209]:7947
[:######117.73.2.38]:7946
[:######47.94.210.15]:7946
[:######120.77.44.227]:7946
[:######182.61.26.73]:7946
[:######120.77.80.111]:7947
[:#######11.231.19.133]:7946
[:#######7.254.184.250]:7946
[:######115.29.77.254]:7947
[:#######32.232.44.124]:7947
[:######118.24.63.50]:7946
[:#######20.55.165.126]:7947
[:######60.172.95.184]:7947
[:#######40.143.237.108]:7947
[:######47.99.34.227]:7946
[:#######03.48.193.197]:7946
[:######113.73.67.57]:7947
[:######118.24.40.36]:7947
[:#######19.23.136.149]:7946
[:#######23.207.156.82]:7947
[:#######40.143.230.207]:7947
[:######222.222.19.35]:7946
[:#######19.29.110.193]:7946
[:######118.89.19.75]:7947
[:#######17.42.126.225]:7946
[:######123.56.91.156]:7946
[:######123.207.33.14]:7946
[:#######11.230.231.130]:7946
[:######120.78.166.6]:7946
[:#######06.14.176.142]:7946
[:#######40.143.19.204]:7947
[:#######92.144.187.66]:7947
[:######139.199.18.70]:7947
[:#######20.26.211.107]:7946
[:######77.81.230.65]:7946
[:#######19.28.107.100]:7947
[:######47.95.117.241]:7947
[:######103.72.164.86]:7946
[:######118.24.80.59]:7947
[:#######19.23.212.245]:7947
[:#######25.91.216.123]:7947
[:######120.79.180.10]:7947
[:#######20.76.216.235]:7947
[:######23.105.199.24]:7947
[:#######20.78.226.107]:7946
[:#######39.199.166.197]:7946
[:######47.104.158.13]:7947
[:#######7.106.164.215]:7947
[:#######93.112.245.221]:7947
[:#######11.231.137.44]:7947
[:######153.122.8.203]:7947
[:#######11.230.233.246]:7946
[:#######11.231.84.214]:7946
[:######120.79.37.61]:7947
[:######121.237.56.73]:7946
[:######123.206.22.54]:7946
[:#######23.207.164.134]:7946
[:#######19.27.162.127]:7947
[:#######03.18.245.171]:7946
[:######139.59.44.21]:7947
[:######106.14.60.25]:7946
[:######18.217.12.90]:7947
[:######97.64.111.94]:7946
[:#######02.120.126.77]:7947
[:######120.27.244.82]:7946
[:#######04.236.31.105]:7947
[:#######18.126.105.177]:7946
[:#######39.59.147.135]:7947
[:######180.76.53.164]:7947
[:######47.93.221.171]:7947
[:#######03.114.75.161]:7947
[:#######20.24.229.245]:7946
[:######139.196.127.3]:7946
[:######5.56.133.63]:7946
[:######119.29.245.52]:7947
[:######218.65.71.73]:7946
[:#######23.206.20.198]:7946
[:#######19.27.169.173]:7946
[:######221.228.72.45]:7946
[:#######19.59.103.115]:7947
[:######47.104.24.227]:7947
[:######182.61.13.176]:7947
[:######118.24.231.39]:7947
[:######47.105.110.61]:7946
[:#######20.76.241.156]:7947
[:######117.50.48.60]:7946
[:######211.54.40.81]:7947
[:#######7.106.125.116]:7946
[:######118.25.22.176]:7947
[:######106.15.52.71]:7946
[:######118.26.174.16]:7946
[:######112.220.73.44]:7946
[:######47.106.106.77]:7946
[:######193.112.97.60]:7947
[:#######80.178.40.165]:7946
[:######47.94.236.205]:7947
[:######118.24.50.246]:7946
[:######47.98.150.108]:7946
[:######111.230.11.56]:7947
[:#######23.207.149.160]:7946
[:#######18.182.77.182]:7947
[:######103.79.25.125]:7947
[:######47.93.224.195]:7947
[:#######18.248.40.228]:7947
[:#######18.31.102.190]:7947
[:######47.105.34.188]:7946
[:#######03.109.209.15]:7946
[:######118.25.50.190]:7947
[:#######7.106.122.175]:7947
[:######120.79.106.53]:7947
[:######118.25.46.78]:7946
[:#######14.215.116.224]:7946
[:######61.160.234.13]:7946
[:######120.78.13.20]:7947
[:######123.58.18.125]:7946
[:######106.12.33.31]:7947
[:######106.3.38.136]:7946
[:######118.31.39.66]:7947
[:######47.106.74.191]:7946
[:######121.41.43.218]:7946
[:######39.105.127.5]:7946
[:######120.24.7.6]:7947
[:######115.159.38.23]:7947
[:#######06.12.206.132]:7947
[:######211.101.18.89]:7946
[:#######20.78.240.211]:7947
[:#######39.199.164.147]:7946
[:######123.58.5.152]:7947
[:######120.92.40.245]:7947
[:#######11.231.62.201]:7946
[:######59.110.9.126]:7946
[:######119.90.34.185]:7947
[:######103.36.84.148]:7946
[:#######15.159.127.177]:7947
[:######47.98.193.238]:7947
[:#######40.143.156.219]:7947
[:######120.79.92.101]:7946
[:######116.62.228.6]:7947
[:######119.9.106.27]:7946
[:######47.94.137.77]:7946
[:######182.61.11.112]:7947
[:#######20.210.144.78]:7947
[:#######18.25.226.173]:7947
[:######115.159.52.39]:7946
[:#######23.207.237.195]:7946
[:######116.62.65.149]:7946
[:#######19.59.113.176]:7946
[:######118.24.154.82]:7947
[:#######18.25.235.118]:7946
[:######58.87.91.127]:7946
[:######120.26.212.55]:7946
[:#######04.131.60.196]:7946
[:######47.93.85.7]:7946
[:#######19.27.167.231]:7947
[:#######03.100.158.246]:7946
[:######103.39.77.236]:7947
[:######112.124.98.73]:7947
[:#######04.248.252.18]:7946
[:#######39.199.202.23]:7947
[:#######14.215.223.220]:7946
[:######139.199.67.77]:7947
[:#######23.207.159.117]:7947
[:#######39.199.229.198]:7947
[:######47.98.191.186]:7947
[:######120.78.131.57]:7947
[:#######32.232.234.14]:7946
[:######111.76.66.102]:7946
[:######123.56.219.68]:7946
[:#######06.14.104.197]:7947
[:#######04.131.121.148]:7947
[:#######01.200.120.211]:7947
[:######47.92.88.149]:7946
[:#######9.104.125.210]:7947
[:#######93.112.110.93]:7947
[:######218.197.16.64]:7947
[:#######32.232.33.120]:7947
[:#######03.213.250.114]:7947
[:#######72.104.157.131]:7946
[:######47.100.175.33]:7947
[:#######01.201.76.199]:7947
[:#######03.210.239.140]:7946
[:#######22.30.193.251]:7946
[:#######18.25.188.180]:7947
[:######118.89.17.225]:7946
[:######111.59.208.3]:7946
[:######120.26.212.48]:7946
[:######222.85.224.10]:7946
[:#######23.206.75.191]:7947
[:#######22.114.191.132]:7946
[:#######18.24.100.218]:7947
[:######121.41.24.198]:7947
[:#######11.230.202.215]:7946
[:######123.56.140.43]:7947
[:#######20.76.153.215]:7947
[:######219.138.49.8]:7946
[:######39.106.1.208]:7947
[:#######23.132.224.141]:7947
[:######39.105.123.86]:7947
[:######160.16.55.83]:7947
[:#######19.29.225.224]:7946
[:######59.2.77.151]:7947
[:#######18.89.113.164]:7946
[:#######40.143.59.146]:7947
[:#######11.231.218.63]:7946
[:######119.9.77.151]:7946
[:######118.24.62.249]:7947
[:######132.232.85.55]:7947
[:#######18.24.247.130]:7946
[:######106.13.45.5]:7946
[:######106.14.236.53]:7946
[:######119.28.61.145]:7946
[:#######03.112.208.30]:7946
[:#######22.114.192.71]:7946
[:#######7.100.174.105]:7946
[:######103.80.27.149]:7946
[:#######21.41.113.153]:7947
[:#######39.162.191.218]:7947
[:######182.61.55.247]:7946
[:######120.25.146.6]:7946
[:######47.75.43.112]:7947
[:######182.61.24.28]:7947
[:######47.98.215.118]:7947
[:#######39.129.208.155]:7947
[:######58.87.111.245]:7947
[:######117.73.3.113]:7946
[:#######39.224.233.233]:7947
[:#######1.131.207.177]:7947
[:#######83.207.181.92]:7947
[:#######14.215.190.247]:7947
[:#######40.143.228.134]:7946
[:######106.13.2.133]:7946
[:#######23.57.224.166]:7947
[:#######02.45.144.106]:7947
[:######114.112.93.58]:7947
[:######112.74.13.145]:7947
[:######182.61.35.94]:7947
[:######118.99.51.99]:7946
[:#######11.230.105.196]:7946
[:#######02.38.173.121]:7947
[:#######19.27.175.211]:7947
[:######123.57.85.212]:7946
[:#######21.239.122.124]:7947
[:######47.105.127.4]:7947
[:#######15.236.185.60]:7947
[:######47.97.24.115]:7946
[:#######40.143.204.126]:7947
[:######117.50.57.119]:7946
[:######118.25.52.169]:7946
[:######118.25.90.216]:7947
[:#######20.77.200.218]:7947
[:#######22.152.211.110]:7947
[:#######01.201.152.63]:7947
[:######45.119.53.58]:7946
[:######47.96.165.162]:7946
[:######118.25.42.105]:7946
[:#######9.108.208.110]:7946
[:######47.74.149.189]:7947
[:######116.62.6.201]:7947
[:#######03.195.195.24]:7947
[:######39.105.32.75]:7947
[:#######23.56.119.225]:7947
[:######47.93.113.84]:7946
[:#######18.24.147.194]:7946
[:######115.159.91.69]:7946
[:######47.93.188.110]:7946
[:######47.96.113.7]:7947
[:######47.88.60.88]:7947
[:######106.15.52.109]:7946

Receives data from the following servers:

8.#.8.8:53
13#.###.132.121:7946

Other:

Collects OS information

Collects CPU information

Collects information about network activity

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations