Linux.Siggen.7022
Added to the Dr.Web virus database:
2024-04-15
Virus description added:
2024-04-15
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
Performs process tracing:
Kills system processes:
Kills the following processes:
- systemd-timesyn
- run.sh
- dash
- bash
- m24owhf70a5q
- apt-helper
- systemd
Network activity:
Awaits incoming connections on ports:
Establishes connection:
- 8.#.8.8:53
- 91.###.137.37:53
- 87.###.7.66:35342
DNS ASK:
- si####il.hiter.su
- kz.###lfhitler.su
Sends data to the following servers:
- 41.###.114.109:37215
- 41.##.117.117:37215
- 20#.###.51.139:37215
- 89.###.96.27:37215
- 15#.##.101.143:37215
- 15#.###.239.246:37215
- 15#.###.148.224:37215
- 19#.##.64.83:37215
- 41.###.162.84:37215
- 41.##.7.83:37215
- 15#.###.235.68:37215
- 19#.###.161.59:37215
- 19#.###.219.223:37215
- 41.###.144.36:37215
- 41.###.109.149:37215
- 15#.###.11.197:37215
- 19#.##.48.226:37215
- 41.##.186.207:37215
- 20#.###.161.193:37215
- 37.###.159.104:37215
- 19#.###.30.104:37215
- 19#.###.226.189:37215
- 41.##.138.207:37215
- 19#.###.68.209:37215
- 13.###.54.29:37215
- 41.###.188.119:37215
- 19#.##.185.11:37215
- 15#.##.58.240:37215
- 19#.##.36.118:37215
- 15#.##.30.20:37215
- 15#.##.52.214:37215
- 41.###.28.205:37215
- 41.###.207.184:37215
- 64.###.221.210:37215
- 19#.##.97.232:37215
- 14#.###.238.34:37215
- 47.###.97.171:37215
- 19#.###.46.142:37215
- 14#.###.213.219:37215
- 19#.##.60.255:37215
- 15#.###.137.54:37215
- 87.###.83.113:37215
- 41.##.255.20:37215
- 41.###.74.101:37215
- 20#.##.170.29:37215
- 15#.###.163.67:37215
- 41.##.42.127:37215
- 15#.###.245.203:37215
- 17#.##.41.80:37215
- 15#.##.21.207:37215
- 11#.##.240.143:37215
- 15#.##2.82.38:37215
- 41.###.64.199:37215
- 41.##.158.83:37215
- 15#.###.65.203:37215
- 10#.###.86.181:37215
- 15#.###.122.159:37215
- 19#.##.40.67:37215
- 41.###.231.224:37215
- 19#.##.134.182:37215
- 19#.###.38.198:37215
- 41.##.172.70:37215
- 15#.###.75.132:37215
- 41.##.28.181:37215
- 19#.##3.89.65:37215
- 19#.###.56.192:37215
- 19#.###.187.94:37215
- 19#.##.132.27:37215
- 41.##.126.70:37215
- 10#.###.243.182:37215
- 15#.###.38.237:37215
- 19#.###.129.54:37215
- 20#.###.47.167:37215
- 63.###.246.129:37215
- 19#.###.144.219:37215
- 19#.##.54.61:37215
- 41.###.114.187:37215
- 19#.###.152.53:37215
- 41.###.72.135:37215
- 15#.##8.58.39:37215
- 93.##.240.95:37215
- 15#.##.40.252:37215
- 70.###.172.51:37215
- 98.###.112.246:37215
- 32.##.64.226:37215
- 19#.###.199.67:37215
- 41.###.220.109:37215
- 19#.##.246.108:37215
- 12#.##.229.206:37215
- 87.###.7.66:35342
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
このウェブサイトを継続して訪問する場合、訪問者に関する統計データを収集するためのCookieファイルおよび他のテクノロジーを弊社が利用することに同意したものとします。詳細