Linux.Siggen.2165
Added to the Dr.Web virus database:
2019-09-21
Virus description added:
2019-09-21
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
- ieuRWzG2epxD0ZIWeYIGzpRiYpn4Z2BiMxInVGnxnimIB2n20W0Dex2Y0YYYM2
Kills the following processes:
- <SAMPLE>
- Unknown process with PID: 4294966757
Network activity:
Establishes connection:
- 8.#.8.8:53
- 19#.###.194.242:63042
DNS ASK:
Sends data to the following servers:
- 10#.#2.0.108:23
- 12#.##5.45.109:23
- 64.##2.87.98:23
- 84.##.103.108:23
- 15#.##4.69.118:23
- 16#.##7.116.114:23
- 10#.##1.139.58:23
- 16#.#9.18.84:23
- 65.##.148.211:23
- 9.###.95.8:23
- 18#.##.247.239:23
- 89.###.184.99:23
- 12#.##3.144.237:23
- 75.##.190.113:23
- 77.##.123.209:23
- 51.##6.228.2:23
- 20#.##.144.135:23
- 81.###.166.72:23
- 16#.##3.25.133:23
- 18#.##6.12.13:23
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細