マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Siggen.2206

Added to the Dr.Web virus database: 2019-10-08

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • tCZBGGj28tTRC5AhFbk6
Kills system processes:
  • sshd
Kills the following processes:
  • exim4
  • bash
  • run.sh
Network activity:
Awaits incoming connections on ports:
  • 0.0.0.0:23
Establishes connection:
  • 8.#.8.8:53
  • 18#.###.105.160:37008
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 18#.###.105.160:37008
  • 11#.##.87.133:23
  • 96.##.2.193:23
  • 40.##.17.25:23
  • 11#.##7.152.131:23
  • 14#.##.25.226:23
  • 11#.##.123.80:23
  • 13#.##0.151.98:23
  • 15#.##.88.138:23
  • 17#.#.17.101:23
  • 13#.##.158.14:23
  • 20#.##.161.96:23
  • 14#.##6.136.146:23
  • 43.###.42.112:23
  • 17#.##.143.173:23
  • 13#.##8.40.18:23
  • 14#.##1.99.178:23
  • 9.##.149.35:23
  • 15#.##1.159.70:23
  • 10#.#3.47.65:23
  • 17#.##4.249.53:23
  • 34.###.48.254:23
  • 10#.#8.16.92:23
  • 16#.##5.98.205:23
  • 15#.##8.115.51:23
  • 14.###.179.85:23
  • 43.###.191.226:23
  • 19#.##2.196.144:23
  • 15#.##3.12.114:23
  • 16#.#7.49.48:23
  • 8.##.212.238:23
  • 10#.##6.109.116:23
  • 81.###.80.110:23
  • 12.###.251.99:23
  • 78.##.109.175:23
  • 16#.##9.169.145:23
  • 19#.##0.187.110:23
  • 17#.##8.84.16:23
  • 22#.##.179.180:23
  • 75.###.76.142:23
  • 94.##.120.204:23
  • 21#.##.174.75:23
  • 17#.##4.158.107:23
  • 12#.##.217.218:23
  • 18#.#.55.50:23
  • 21#.#6.45.89:23
  • 17#.##4.173.236:23
  • 62.##.253.168:23
  • 62.###.252.36:23
  • 20#.##1.71.70:23
  • 19#.##4.187.3:23
  • 45.##.79.197:23
  • 18#.##.154.33:23
  • 14#.#7.55.1:23
  • 20#.##0.157.135:23
  • 13.##.209.52:23
  • 14.###.35.167:23
  • 74.##.200.82:23
  • 13.##.30.169:23
  • 79.##.39.144:23
  • 14#.##.252.16:23
  • 19#.##0.239.231:23
  • 72.###.90.107:23
  • 27.###.222.146:23
  • 27.###.45.240:23
  • 11#.#.87.250:23
  • 2.###.49.136:23
  • 20#.##8.166.218:23
  • 17#.#6.6.91:23
  • 17#.##9.247.133:23
  • 5.###.193.186:23
  • 47.##.105.13:23
  • 86.###.193.36:23
  • 8.#.#67.112:23
  • 80.###.192.109:23
  • 21#.##9.166.44:23
  • 10#.##.234.212:23
  • 23.###.251.10:23
  • 14#.##6.252.72:23
  • 13#.##.105.212:23
  • 44.##.217.210:23
  • 12#.##3.246.164:23
  • 19#.##.127.249:23
  • 75.###.220.38:23
  • 43.###.55.213:23
  • 19#.#6.32.4:23
  • 11#.##8.7.128:23
  • 12#.##4.222.181:23
  • 60.###.54.167:23
  • 10#.##1.162.69:23
Receives data from the following servers:
  • 18#.###.105.160:37008

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number