Linux.Siggen.2329
Added to the Dr.Web virus database:
2019-11-17
Virus description added:
2019-11-17
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
Network activity:
Awaits incoming connections on ports:
Establishes connection:
- 8.#.8.8:53
- 5.###.227.65:61002
- 5.###.227.65:7685
- 15#.##4.225.241:26
- 16#.##.240.143:26
- 43.###.8.170:9001
- 70.###.251.122:9000
- 16#.##.26.183:9001
- 13#.###.246.167:9001
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Attacks using a special dictionary (brute-force technique) via an undefined protocol.
Sends data to the following servers:
- 5.###.227.65:7685
- 12#.##0.223.53:9001
- 11#.##.229.162:9000
- 70.##.233.79:26
- 5.###.227.65:61002
Receives data from the following servers:
- 5.###.227.65:7685
- 15#.##4.225.241:26
- 70.###.251.122:9000
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細