マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Packed.1004

Added to the Dr.Web virus database: 2020-11-13

Virus description added:

Technical Information

Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
  • (sd-pam)
Kills the following processes:
  • <SAMPLE>
Performs operations with the file system:
Creates or modifies files:
  • <SAMPLE_FULL_PATH>
Network activity:
Awaits incoming connections on ports:
  • 19#.##8.218.50:3467
Establishes connection:
  • 8.#.8.8:53
  • 18#.###.111.199:7685
  • 18#.###.111.199:4321
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 18#.###.111.199:7685
  • 18#.###.111.199:4321
  • 0.0.0.0:0
  • 20#.##8.17.214:23
  • 74.##.223.51:23
  • 23#.##.159.247:23
  • 14#.##2.61.234:23
  • 81.##.32.24:23
  • 10#.##.132.140:23
  • 3.###.66.56:23
  • 13#.#8.51.12:23
  • 24#.##7.1.230:23
  • 70.##.62.73:23
  • 78.###.201.90:23
  • 10#.##2.1.197:23
  • 19#.##1.14.203:23
  • 40.###.171.19:23
  • 24#.##.111.184:23
  • 22#.##.202.199:23
  • 19#.##.126.165:23
  • 24.###.26.114:23
  • 21#.##5.56.108:23
  • 61.###.166.113:23
  • 60.###.99.183:23
  • 22#.##2.28.239:23
  • 20#.##.162.237:23
  • 34.###.21.247:23
  • 51.###.141.121:23
  • 11#.##.238.161:23
  • 46.###.139.249:23
  • 23#.##0.23.177:23
  • 16#.#7.68.92:23
  • 14#.##0.227.168:23
  • 81.###.86.198:23
  • 61.##.0.191:23
  • 21#.##6.54.248:23
  • 11#.##9.198.198:23
  • 13#.##7.66.116:23
  • 37.##.189.51:23
  • 30.###.183.240:23
  • 91.##.154.147:23
  • 20#.##5.217.117:23
  • 93.##.86.113:23
  • 70.##2.53.92:23
  • 12#.##7.116.7:23
  • 19.###.225.52:23
  • 16#.##5.96.39:23
  • 16#.##7.181.186:23
  • 15#.##1.149.237:23
  • 19#.##0.148.180:23
  • 13#.##4.128.153:23
  • 18#.##2.111.2:23
  • 14#.##.253.181:23
  • 20#.##8.247.250:23
  • 15.###.233.164:23
  • 81.###.85.130:23
  • 49.###.168.77:23
  • 13#.##.147.27:23
  • 20#.##.23.150:23
  • 20#.##2.14.110:23
  • 90.##.66.229:23
  • 14#.##6.241.69:23
  • 95.#.106.221:23
  • 31.##3.218.9:23
  • 66.###.64.215:23
  • 10#.##7.193.128:23
  • 12#.##6.120.212:23
  • 34.###.255.108:23
  • 9.###.93.201:23
  • 22#.##1.67.91:23
  • 88.##3.72.8:23
  • 18#.##2.15.137:23
  • 22.###.100.133:23
  • 99.###.26.111:23
  • 39.###.197.39:23
  • 21#.##1.100.177:23
  • 12.###.136.81:23
  • 84.###.121.251:23
  • 12#.##.183.22:23
  • 73.##.113.96:23
  • 21#.#4.36.62:23
  • 11#.##4.108.138:23
  • 20#.##8.250.214:23
  • 27.###.195.250:23
  • 17.###.124.115:23
  • 15#.##4.76.170:23
  • 69.###.177.86:23
  • 11.##.129.128:23
  • 11#.##3.228.154:23
  • 17#.##0.114.6:23
  • 29.###.43.196:23
  • 25#.##1.227.219:23
  • 10#.##5.84.96:23
  • 21#.##.103.81:23
  • 21.##7.49.47:23
  • 38.###.169.106:23
  • 22#.##.212.86:23
  • 20#.##9.156.191:23
  • 23#.##2.215.193:23
  • 2.###.176.142:23
  • 17#.#8.8.127:23
  • 11#.##4.190.136:23
  • 21#.##3.22.12:23
  • 43.##.209.71:23
  • 21#.##8.101.35:23
  • 13.###.240.207:23
  • 25#.##9.153.11:23
  • 14#.##2.89.133:23
  • 50.##.136.225:23
  • 22#.##7.51.143:23
  • 13#.##0.79.253:23
  • 30.##.124.172:23
  • 10#.##.215.42:23
  • 17#.##4.96.21:23
  • 14#.##0.210.114:23
  • 42.##.112.70:23
  • 11#.##7.15.49:23
  • 43.###.99.103:23
  • 11#.##.172.19:23
  • 5.###.186.148:23
  • 7.##.231.185:23
  • 20#.##4.132.228:23
  • 16#.##4.188.157:23
  • 73.###.194.114:23
  • 13#.##.144.125:23
  • 27.#.252.58:23
  • 18#.#7.19.66:23
  • 24#.##.108.221:23
  • 18#.##6.101.184:23
  • 12#.##0.146.125:23
  • 4.#.#01.158:23
  • 10.##.139.221:23
  • 71.##.68.85:23
  • 13.###.242.156:23
  • 20#.##6.160.195:23
  • 13#.##.164.202:23
  • 17#.##1.15.67:23
  • 62.##.187.176:23
  • 17#.##4.222.181:23
  • 61.###.83.166:23
  • 17#.##6.12.191:23
  • 16#.##.154.150:23
  • 65.###.65.208:23
  • 17#.##.153.25:23
  • 18#.##7.249.120:23
  • 30.###.175.252:23
  • 13#.##.85.172:23
  • 78.###.141.15:23
  • 16#.##.38.101:23
  • 10.###.97.130:23
  • 22#.##.204.105:23
  • 17.##0.60.20:23
  • 18#.##2.240.5:23
  • 18#.##1.17.42:23
  • 24#.##4.120.88:23
  • 28.###.36.131:23
  • 67.##.189.170:23
  • 20#.##6.76.67:23
  • 22#.##1.206.231:23
Receives data from the following servers:
  • 18#.###.111.199:7685
  • 18#.###.111.199:4321

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number