Linux.Siggen.3394
Added to the Dr.Web virus database:
2020-11-14
Virus description added:
2020-11-14
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Kills the following processes:
Network activity:
Awaits incoming connections on ports:
Establishes connection:
- 19#.##0.239.183:335
- 8.#.8.8:53
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 19#.##0.239.183:335
- 84.###.99.157:23
- 21#.#6.27.97:23
- 20#.##.33.218:23
- 21#.##4.230.153:23
- 21#.##8.192.40:23
- 88.###.201.91:23
- 14#.##5.242.62:23
- 20.###.237.226:23
- 85.###.109.202:23
- 10#.##9.167.175:23
- 62.###.181.116:23
- 20#.##6.194.165:23
- 12.###.233.217:23
- 16#.##7.231.229:23
- 13#.##.47.143:23
- 21#.##2.173.114:23
- 10#.##3.17.227:23
- 14.###.167.108:23
- 51.###.37.100:23
- 62.##6.75.36:23
- 59.##.120.109:23
- 17#.##.49.245:23
- 21#.##.144.136:23
- 13#.##8.62.250:23
- 21#.##1.112.97:23
- 14#.##3.140.58:23
- 53.##4.15.1:23
- 64.###.198.156:23
- 15#.##2.8.226:23
- 17#.##6.36.99:23
- 5.##.212.39:23
- 13#.##.240.16:23
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細