マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Mirai.4339

Added to the Dr.Web virus database: 2020-05-04

Virus description added:

Technical Information

Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
  • 4vblrijc07mbihmneedkhogggq3c
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:34842
  • 0.0.0.0:23
Establishes connection:
  • 8.#.8.8:53
  • 64.#.64.6:53
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
  • of###ore.us.to
Sends data to the following servers:
  • 88.###.8.38:60001
  • 1.###.205.109:8080
  • 18#.##.195.14:8080
  • 10#.###.214.110:8080
  • 68.##.71.50:8080
  • 14#.##5.232.109:80
  • 92.###.168.18:8080
  • 35.###.172.147:8080
  • 1.###.205.109:80
  • 70.##1.3.15:80
  • 17#.##.25.111:80
  • 12#.##3.134.51:80
  • 83.##.103.29:80
  • 22#.##1.98.226:80
  • 20#.##.114.229:8080
  • 76.###.97.24:8080
  • 65.###.47.90:8080
  • 22#.##6.109.37:23
  • 14#.##4.118.111:23
  • 18#.##9.241.38:23
  • 94.##4.44.22:23
  • 18#.##2.40.179:23
  • 12#.##7.247.192:23
  • 11#.##9.107.67:23
  • 19#.###.109.37:60001
  • 75.###.112.111:60001
  • 17#.##1.55.38:60001
  • 93.###.234.16:60001
  • 10#.###.238.131:60001
  • 14#.###.176.247:60001
  • 17#.##5.42.66:60001
  • 18#.###.127.247:8080
  • 14#.###.153.207:8080
  • 20#.##.28.149:8080
  • 54.###.171.238:8080
  • 27.###.91.164:8080
  • 12#.##6.174.13:8080
  • 95.##.141.2:8080
  • 76.##.62.153:80
  • 12#.#.232.64:80
  • 53.###.106.75:80
  • 10#.##0.255.222:80
  • 42.##3.47.7:80
  • 10#.##3.56.227:80
  • 11#.#2.238.2:80
  • 11#.#.218.76:80
  • 38.##.190.237:80
  • 59.###.239.53:80
  • 14#.##.24.111:60001
  • 21#.##.171.92:60001
  • 17#.###.182.205:60001
  • 20#.##.246.139:60001
  • 50.###.14.202:60001
  • 43.###.161.82:60001
  • 98.#.#51.174:60001
  • 18#.##0.105.241:80
  • 14#.##3.132.82:80
  • 38.##.160.3:80
  • 17#.##.195.236:80
  • 52.#.#31.186:8080
  • 14#.###.164.222:8080
  • 10#.##8.21.147:8080
  • 13#.##.171.195:8080
  • 74.###.12.97:8080
  • 14#.##.249.244:8080
  • 14#.##2.28.144:8080
  • 14#.##7.223.111:23
  • 11#.#3.38.87:23
  • 71.###.54.208:80
  • 13#.##.107.222:80
  • 34.##.242.45:80
  • 11#.##.135.22:80
  • 20#.##.126.163:80
  • 96.###.179.105:80
  • 16#.##.39.182:80
  • 12#.###.177.194:60001
  • 21#.###.207.172:60001
  • 36.###.154.96:60001
  • 16#.###.108.22:60001
  • 99.###.36.0:60001
  • 14#.##7.82.57:8080
  • 12#.###.117.118:8080
  • 17#.##3.59.87:8080
  • 17#.##.153.93:8080
  • 68.##.70.38:8080
  • 93.#.#25.234:8080
  • 89.##.199.28:8080
  • 80.###.213.225:8080
  • 12#.##.193.152:80
  • 18#.##4.132.151:80
  • 68.##.48.142:80
  • 38.##.238.149:80
  • 18#.##2.48.179:80
  • 22#.###.147.66:60001
  • 10#.##.39.246:60001
  • 5.###.177.128:60001
  • 91.###.190.226:60001
  • 14#.###.91.188:60001
  • 45.##.105.104:60001
  • 17#.#.94.157:60001
  • 21#.###.139.153:8080
  • 20.###.210.184:8080
  • 54.##.128.145:8080
  • 8.###.120.187:8080
  • 73.###.15.81:8080
  • 13#.##9.64.37:8080
  • 67.#.129.108:80
  • 15#.##.122.69:80
  • 74.##.32.150:80
  • 20#.##.231.55:80
  • 51.###.17.141:80
  • 14#.##.184.91:80
  • 49.##.166.184:80
  • 16#.##3.125.150:80
  • 14#.##0.21.40:60001
  • 20#.##.85.52:60001
  • 17#.###.228.106:60001
  • 15#.###.222.103:60001
  • 15#.##4.65.142:8080
  • 12#.##4.83.53:8080
  • 17#.##3.60.176:8080
  • 10#.###.108.206:8080
  • 16#.###.223.231:8080
  • 17#.##6.41.142:8080

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number