マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Mirai.3087

Added to the Dr.Web virus database: 2019-07-21

Virus description added:

Technical Information

To ensure autorun and distribution:
Creates or modifies the following files:
  • /etc/init.d/.startup
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • /bin/busybox
Launches processes:
  • /bin/sh -c chmod 777 /etc/init.d/.startup
  • chmod 777 /etc/init.d/.startup
Kills system processes:
  • sshd
Kills the following processes:
  • <SAMPLE>
  • agetty
  • exim4
  • bash
  • run.sh
  • systemd
Performs operations with the file system:
Modifies file access rights:
  • /etc/init.d/.startup
Network activity:
Establishes connection:
  • 19#.##.97.85:9090
  • 15#.##.9.248:37215
  • 19#.##.9.248:37215
  • 15#.##.99.135:37215
  • 15#.##3.1.22:37215
  • 41.###.154.69:37215
  • 19#.###.76.224:37215
  • 41.###.7.117:37215
  • 19#.###.49.137:37215
  • 19#.###.169.69:37215
  • 41.##.198.102:37215
  • 15#.###.45.182:37215
  • 41.###.171.220:37215
  • 15#.###.220.75:37215
  • 15#.###.109.115:37215
  • 15#.##.225.27:37215
  • 41.###.85.13:37215
  • 41.###.215.155:37215
  • 15#.###.23.249:37215
  • 15#.###.121.66:37215
  • 41.##.32.138:37215
  • 41.###.175.110:37215
  • 41.##.194.95:37215
  • 41.###.27.252:37215
  • 41.###.167.132:37215
  • 15#.###.226.180:37215
  • 19#.##.87.105:37215
  • 41.###.156.136:37215
  • 19#.##.91.159:37215
  • 15#.##.154.199:37215
  • 41.###.120.151:37215
  • 15#.##.151.40:37215
  • 41.###.209.110:37215
  • 41.##.2.194:37215
  • 41.#.#13.68:37215
  • 41.###.80.158:37215
  • 19#.##.99.99:37215
  • 19#.###.162.62:37215
  • 41.###.170.119:37215
  • 15#.###.251.168:37215
  • 19#.###.180.163:37215
  • 19#.###.38.130:37215
  • 19#.###.147.208:37215
  • 41.###.215.129:37215
  • 15#.#.65.241:37215
  • 41.###.116.188:37215
  • 41.###.212.28:37215
  • 19#.###.87.193:37215
  • 19#.##.120.110:37215
  • 15#.###.108.188:37215
  • 19#.###.147.39:37215
  • 19#.###.143.251:37215
  • 41.###.252.99:37215
  • 15#.##.178.147:37215
  • 41.###.237.253:37215
  • 41.##.1.171:37215
  • 19#.###.232.70:37215
  • 19#.###.126.89:37215
  • 19#.###.115.207:37215
  • 19#.###.182.142:37215
  • 15#.###.43.238:37215
  • 15#.##.153.133:37215
  • 41.##.73.134:37215
  • 19#.###.209.236:37215
  • 15#.##.226.207:37215
  • 19#.###.179.112:37215
  • 41.###.103.123:37215
  • 19#.##.91.220:37215
  • 15#.###.143.122:37215
  • 41.##.103.62:37215
  • 15#.###.71.184:37215
  • 15#.##.138.187:37215
  • 41.###.214.13:37215
  • 15#.###.119.94:37215
  • 15#.##.106.181:37215
  • 15#.##.251.78:37215
  • 15#.##5.83.31:37215
  • 41.##.90.0:37215
  • 19#.###.195.81:37215
  • 15#.###.241.57:37215
  • 41.###.222.223:37215
  • 19#.###.149.49:37215
  • 41.###.144.6:37215
  • 19#.###.33.242:37215
  • 15#.##3.70.16:37215
  • 41.##.237.179:37215
  • 19#.##0.73.71:37215
  • 41.##.114.185:37215
  • 19#.###.106.212:37215
  • 41.###.201.244:37215
  • 19#.###.78.246:37215
  • 19#.###.224.101:37215
  • 19#.###.149.108:37215
  • 19#.##.251.118:37215
  • 15#.###.168.78:37215
  • 41.###.44.123:37215
  • 15#.##.242.131:37215
  • 41.###.43.24:37215
  • 19#.###.171.147:37215
  • 19#.###.173.196:37215
  • 15#.##.216.188:37215
  • 41.###.198.59:37215
  • 15#.##.118.108:37215
  • 41.###.47.67:37215
  • 41.##.208.28:37215
  • 19#.###.189.126:37215
  • 41.##.148.129:37215
  • 19#.##6.78.4:37215
  • 15#.##.218.41:37215
  • 41.##.49.94:37215
  • 41.#.#47.246:37215
  • 41.###.88.137:37215
  • 15#.##.38.31:37215
  • 19#.###.116.245:37215
  • 41.###.144.115:37215
  • 19#.#.99.117:37215
  • 15#.###.183.62:37215
  • 19#.#.48.77:37215
  • 15#.##.34.47:37215
  • 15#.##.213.191:37215
  • 15#.###.241.30:37215
  • 41.###.219.66:37215
  • 19#.##0.84.64:37215
  • 19#.###.101.184:37215
  • 15#.##.78.215:37215
  • 41.#.#.181:37215
  • 15#.###.126.101:37215
  • 15#.##.237.76:37215
  • 19#.##3.30.83:37215
  • 19#.##.120.97:37215
  • 19#.###.102.214:37215
  • 15#.##.149.35:37215
  • 15#.#.48.197:37215
  • 41.###.139.2:37215
  • 19#.##1.245.8:37215
  • 15#.##.21.136:37215
  • 15#.###.122.178:37215
  • 15#.###.202.238:37215
  • 15#.##.233.155:37215
  • 15#.##.156.112:37215
  • 41.###.154.107:37215
  • 41.##.91.125:37215
  • 19#.##.60.131:37215
  • 19#.##.199.169:37215
  • 19#.###.80.198:37215
  • 41.#.#27.217:37215
  • 41.###.246.82:37215
  • 15#.##.80.221:37215
  • 41.##.135.229:37215
  • 19#.###.84.155:37215
  • 19#.##.51.161:37215
  • 19#.##.242.109:37215
  • 19#.##6.163.3:37215
  • 41.###.122.177:37215
  • 15#.##5.4.34:37215
  • 19#.###.165.92:37215
  • 15#.##.76.88:37215
  • 15#.###.112.210:37215
  • 15#.##.234.85:37215
  • 19#.###.166.24:37215
  • 41.###.1.230:37215
  • 19#.###.229.223:37215
  • 19#.##.158.201:37215
  • 19#.#.22.9:37215
  • 19#.##.184.77:37215
  • 41.##.70.178:37215
  • 15#.##.68.82:37215
  • 19#.##.76.19:37215
  • 19#.##7.43.10:37215
  • 41.###.81.174:37215
  • 19#.###.217.194:37215
  • 15#.##.169.193:37215
  • 41.##.253.165:37215
  • 15#.###.171.202:37215
  • 19#.###.41.114:37215
  • 19#.###.235.143:37215
  • 15#.###.81.210:37215
  • 19#.###.138.216:37215
  • 19#.###.36.247:37215
  • 41.##.131.67:37215
  • 15#.##3.5.210:37215
  • 41.#.#39.137:37215
  • 41.##.178.23:37215
  • 41.##.100.177:37215
  • 41.##.166.221:37215
  • 41.###.212.185:37215
  • 41.##.105.133:37215
  • 19#.##8.5.180:37215
  • 19#.###.84.170:37215
  • 41.###.127.209:37215
  • 15#.###.184.84:37215
  • 15#.##.250.151:37215
  • 15#.###.218.160:37215
  • 15#.##.77.41:37215
  • 41.###.26.81:37215
  • 19#.##.139.254:37215
  • 19#.###.208.14:37215
  • 41.###.120.79:37215
  • 19#.###.252.25:37215
  • 15#.###.63.235:37215
  • 15#.###.198.89:37215
  • 41.###.25.204:37215
  • 15#.###.196.252:37215
  • 19#.##.186.131:37215
  • 19#.###.108.34:37215
  • 41.##.148.174:37215
  • 41.###.141.100:37215
  • 19#.###.245.73:37215
  • 15#.##6.4.33:37215
  • 19#.##.158.132:37215
  • 19#.###.246.97:37215
  • 41.##.98.181:37215
  • 41.##.213.57:37215
  • 15#.#.249.113:37215
  • 41.###.159.43:37215
  • 41.###.20.92:37215
  • 41.###.50.19:37215
  • 19#.##.206.243:37215
  • 19#.##.90.230:37215
  • 19#.###.144.125:37215
  • 15#.###.155.235:37215
  • 15#.##6.9.143:37215
  • 41.##.58.51:37215
  • 41.###.92.10:37215
  • 19#.###.176.198:37215
  • 19#.###.117.201:37215
  • 41.##.20.212:37215
  • 15#.###.133.122:37215
  • 19#.##.130.184:37215
  • 15#.##.5.183:37215
  • 19#.##5.173.4:37215
  • 19#.##.27.202:37215
  • 19#.###.253.169:37215
  • 41.###.151.58:37215
  • 19#.##1.21.73:37215
  • 41.##.61.10:37215
  • 15#.###.78.231:37215
  • 15#.##.22.254:37215
  • 19#.##.123.121:37215
  • 19#.###.200.149:37215
  • 41.###.212.196:37215
  • 41.###.235.192:37215
  • 41.###.121.60:37215
  • 15#.###.43.168:37215
  • 19#.###.223.127:37215
  • 19#.###.131.65:37215
  • 41.###.42.10:37215
  • 19#.##.173.127:37215
  • 15#.###.196.238:37215
  • 19#.##.252.95:37215
  • 15#.###.76.136:37215
  • 15#.##.240.168:37215
  • 19#.###.23.191:37215
  • 41.##.122.37:37215
  • 15#.##9.17.59:37215
  • 41.##.232.230:37215
  • 41.##.70.219:37215
  • 41.##.249.31:37215
  • 41.#.#10.46:37215
  • 19#.##.126.152:37215
  • 19#.###.196.44:37215
  • 15#.###.73.108:37215
  • 15#.###.236.199:37215
  • 41.###.248.167:37215
  • 19#.###.21.144:37215
  • 41.###.210.129:37215
  • 41.##.71.28:37215
  • 41.###.22.134:37215
  • 19#.##8.33.95:37215
  • 41.##.197.118:37215
  • 41.##.133.232:37215
  • 15#.###.243.121:37215
  • 19#.###.189.108:37215
  • 19#.##.103.43:37215
  • 41.##.127.201:37215
  • 19#.##.20.240:37215
  • 41.###.49.38:37215
  • 41.##.98.85:37215
  • 19#.###.56.196:37215
  • 41.###.216.51:37215
  • 15#.##.22.57:37215
  • 41.###.117.115:37215
  • 41.###.232.171:37215
  • 15#.##.196.50:37215
  • 19#.##1.8.235:37215
  • 19#.###.118.14:37215
  • 19#.###.250.159:37215
  • 41.###.161.51:37215
  • 15#.##.165.60:37215
  • 19#.##.75.125:37215
  • 15#.###.142.130:37215
  • 19#.###.154.229:37215
  • 41.##.158.248:37215
  • 19#.##.177.126:37215
  • 41.##.56.252:37215
  • 15#.##.137.117:37215
  • 41.###.81.203:37215
  • 41.###.48.179:37215
  • 41.###.28.92:37215
  • 41.##.230.214:37215
  • 15#.###.251.201:37215
  • 19#.###.124.222:37215
  • 15#.###.235.131:37215
  • 19#.##.163.105:37215
  • 15#.###.147.194:37215
  • 19#.###.250.17:37215
  • 15#.##.157.239:37215
  • 41.##.49.109:37215
  • 19#.##.198.135:37215
  • 41.##.64.239:37215
  • 15#.##4.62.24:37215
  • 41.##.19.134:37215
  • 15#.##.224.8:37215
  • 15#.#.112.11:37215
  • 41.##.138.124:37215
  • 19#.##1.16.37:37215
  • 19#.##1.61.36:37215
  • 19#.##1.169.2:37215
  • 19#.###.51.202:37215
  • 41.##.82.205:37215
  • 41.###.51.32:37215
  • 19#.##.114.59:37215
  • 41.###.134.175:37215
  • 15#.##0.52.79:37215
  • 19#.###.164.196:37215
  • 41.###.151.129:37215
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP POST requests:
  • http://##.##.###.210/ctrlt/DeviceUpgrade_1
Sends data to the following servers:
  • 19#.##.97.85:9090
Other:
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number