マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Siggen.6810

Added to the Dr.Web virus database: 2024-03-20

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • nglaj80rsubpaco8
Launches processes:
  • /sbin/xtables-multi iptables -A INPUT -p tcp --dport 37215 -j DROP
  • /bin/sh -c ufw deny 59666/tcp
  • /sbin/xtables-multi iptables -A INPUT -p tcp --dport 59666 -j DROP
  • /bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_37215_TCP\x22 dir=in action=block protocol=TCP localport=37215
  • /bin/sh -c kill_port(htons(59666))
  • /bin/sh -c nft add rule ip filter input udp dport 37215 drop
  • /bin/sh -c ufw deny 37215/udp
  • /bin/sh -c ufw deny 37215/tcp
  • /bin/sh -c echo \x22block drop proto tcp from any to any port 59666\x22 | sudo pfctl -f -
  • /bin/sh -c echo \x22127.0.0.1 reachedfucktheccp.top\x22 >> /etc/hosts
  • /bin/sh -c firewall-cmd --zone=public --add-source=141.98.10.128 --permanent
  • /sbin/xtables-multi iptables -A INPUT -p udp --dport 37215 -j DROP
  • /bin/sh -c iptables -A INPUT -s 141.98.10.128 -j DROP
  • /bin/sh -c nft add rule ip filter input tcp dport 59666 drop
  • /bin/sh -c ufw deny from 141.98.10.128
  • /sbin/xtables-multi iptables -A INPUT -p udp --dport 59666 -j DROP
  • /bin/sh -c firewall-cmd --zone=public --add-port=59666/tcp --permanent
  • /bin/sh -c netsh advfirewall firewall add rule name=\x22Block_IP_141.98.10.128\x22 dir=in action=block remoteip=141.98.10.128
  • /bin/sh -c firewall-cmd --zone=public --add-port=59666/udp --permanent
  • /bin/sh -c echo \x22block drop proto tcp from any to any port 37215\x22 | sudo pfctl -f -
  • /bin/sh -c echo \x22block drop proto udp from any to any port 59666\x22 | sudo pfctl -f -
  • /bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_59666_UDP\x22 dir=in action=block protocol=UDP localport=59666
  • /bin/sh -c nft add rule ip filter input ip saddr 141.98.10.128 drop
  • /bin/sh -c ufw deny 59666/udp
  • /bin/sh -c iptables -A INPUT -p tcp --dport 59666 -j DROP
  • /sbin/xtables-multi iptables -A INPUT -s 141.98.10.128 -j DROP
  • /bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_59666_TCP\x22 dir=in action=block protocol=TCP localport=59666
  • /bin/kmod /sbin/modprobe ip_tables
  • /sbin/xtables-multi iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c /usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c echo \x22block drop proto udp from any to any port 37215\x22 | sudo pfctl -f -
  • /bin/sh -c kill_port(htons(37215))
  • sudo pfctl -f -
  • /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c iptables -A INPUT -p tcp --dport 37215 -j DROP
  • /bin/sh -c firewall-cmd --reload
  • /bin/sh -c iptables -A INPUT -p udp --dport 59666 -j DROP
  • /bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_37215_UDP\x22 dir=in action=block protocol=UDP localport=37215
  • /bin/sh -c busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c echo \x22127.0.0.1 fucktheccp.top\x22 >> /etc/hosts
  • /bin/sh -c nft add rule ip filter input udp dport 59666 drop
  • /bin/sh -c /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c firewall-cmd --zone=public --add-rich-rule=\x27rule family=\x22ipv4\x22 port protocol=\x22tcp\x22 port=\x2237215\x22 reject\x27
  • /bin/sh -c /bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
  • /bin/sh -c echo \x22block drop in quick on any from 141.98.10.128\x22 | sudo pfctl -f -
  • /bin/sh -c firewall-cmd --zone=public --add-rich-rule=\x27rule family=\x22ipv4\x22 port protocol=\x22udp\x22 port=\x2237215\x22 reject\x27
  • /bin/sh -c nft add rule ip filter input tcp dport 37215 drop
  • /bin/sh -c iptables -A INPUT -p udp --dport 37215 -j DROP
Performs operations with the file system:
Deletes folders:
  • /null
Creates or modifies files:
  • /etc/hosts
Deletes files:
  • /null
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:35342
  • 0.0.0.0:26721
Establishes connection:
  • 8.#.8.8:53
  • [:##]:37215
  • 127.0.0.1:37215
  • [:##]:59666
  • 127.0.0.1:59666
  • 17#.##4.22.166:53
  • 19#.###.175.20:52154
  • 91.###.137.37:53
  • 51.###.108.203:53
  • 94.##.114.254:53
DNS ASK:
  • re###thltd.com

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number