マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.DDoS.383

Added to the Dr.Web virus database: 2020-02-23

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Kills system processes:
  • sshd
Kills the following processes:
  • systemd
Network activity:
Awaits incoming connections on ports:
  • 0.0.0.0:8236
Establishes connection:
  • 8.#.8.8:53
  • 45.##.196.75:4862
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 45.##.196.75:4862
  • 1.###.9.229:23
  • 91.##.8.71:23
  • 16#.##5.234.156:23
  • 21#.#6.8.128:23
  • 13#.##2.99.50:23
  • 16#.##.15.168:23
  • 14#.##5.150.211:23
  • 14.##.186.60:23
  • 22#.##0.188.102:23
  • 19#.#4.39.16:23
  • 11#.#6.44.93:23
  • 33.###.22.183:23
  • 76.##.78.31:23
  • 17#.#3.83.13:23
  • 11#.##.60.158:23
  • 18#.##9.10.246:23
  • 13.##.84.106:23
  • 55.##.166.178:23
  • 6.###.183.10:23
  • 19#.##9.177.63:23
  • 56.##1.54.67:23
  • 16#.##3.51.254:23
  • 11#.##5.30.154:23
  • 11#.##3.140.46:23
  • 17#.##1.6.102:23
  • 15#.##1.148.80:23
  • 16#.##1.207.92:23
  • 52.##.33.210:23
  • 22#.##2.146.110:23
  • 10#.##2.96.110:23
  • 22#.##1.167.244:23
  • 32.#.213.240:23
  • 20#.##.157.110:23
  • 13#.##0.2.151:23
  • 46.##.233.15:23
  • 11#.##5.107.31:23
  • 19#.#.205.159:23
  • 30.##.195.188:23
  • 14#.##5.242.19:23
  • 11#.##3.199.216:23
  • 54.###.62.163:23
  • 18#.##3.15.231:23
  • 42.###.245.86:23
  • 72.###.108.242:23
  • 57.###.226.14:23
  • 75.##.243.234:23
  • 9.##.81.152:23
  • 99.###.196.217:23
  • 10#.#4.17.76:23
  • 17#.##.73.139:23
  • 12#.##.231.210:23
  • 16#.##2.74.145:23
  • 21#.##2.188.131:23
  • 17#.#60.7.60:23
  • 14.###.195.215:23
  • 18#.##.142.35:23
  • 71.##.107.18:23
  • 17#.##3.127.231:23
  • 16.##.213.151:23
  • 18#.##4.92.250:23
  • 46.#.38.189:23
  • 17#.##9.52.26:23
  • 23.###.135.237:23
  • 47.###.99.140:23
  • 13.##.180.179:23
  • 20#.#.205.131:23
  • 96.###.123.188:23
  • 24.##6.48.32:23
  • 14#.##7.216.114:23
  • 16#.##2.218.87:23
  • 51.##.52.129:23
  • 20#.##5.78.203:23
  • 88.###.38.137:23
  • 20#.##2.189.14:23
  • 25.###.120.205:23
  • 29.###.186.108:23
  • 26.##.108.66:23
  • 75.##.3.234:23
  • 16#.##3.171.146:23
  • 21#.##7.85.211:23
  • 54.##.205.190:23
  • 16#.##.155.155:23
  • 15#.##.160.165:23
  • 80.###.241.120:23
  • 76.##.168.82:23
  • 84.##2.80.35:23
  • 14#.#1.89.48:23
  • 10#.##.164.137:23
  • 15#.##6.57.144:23
  • 11#.##4.104.159:23
Receives data from the following servers:
  • 45.##.196.75:4862

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number