Linux.Siggen.7079

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

e38387

Network activity:

Awaits incoming connections on ports:

127.0.0.1:33337

Establishes connection:

8.#.8.8:53
10#.#00.5.10:24

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

DNS ASK:

ro##y.shop

Sends data to the following servers:

10#.#00.5.10:24
56.###.158.130:23
79.###.224.118:23
15#.##.141.220:23
15#.##9.85.186:23
10#.##.207.227:23
20#.##7.64.254:23
13#.#5.6.112:23
14#.##.20.102:23
16#.##1.23.117:23
14#.##2.206.74:23
13#.##.72.174:23
10#.##2.211.211:23
15#.##3.165.23:23
10#.##.143.186:23
9.###.136.76:23
19#.##.253.62:23
13.##.220.130:23
19#.##.193.99:23
97.###.136.134:23
14#.#32.74.1:23
13#.##3.156.76:23
14#.#.245.101:23
31.##.113.105:23
21#.##5.215.207:23
12#.#14.5.41:23
5.###.173.183:23
64.##.46.165:23
18#.##.184.150:23
22.###.243.90:23
94.##.146.200:23
23#.##.169.229:23
27.###.140.45:23
11#.##0.61.134:23
66.##.236.57:23
18#.##6.178.32:23
21#.##.212.150:23
24#.##6.159.26:23
23#.##.231.62:23
49.##.172.182:23
14#.##9.223.111:23
49.###.120.222:23
13#.##.165.96:23
14#.##.178.247:23
42.###.166.160:23
17#.##.210.105:23
32.##.224.86:23
37.###.156.36:23
30.##.20.68:23
17#.##0.242.56:23
62.##.50.90:23
15.###.146.79:23
17#.##.56.234:23
78.##.254.218:23
20#.##7.221.22:23
5.###.14.233:23
86.###.183.229:23
41.##.156.58:23
11#.##.50.243:23
25#.##1.189.231:23
22#.##7.191.171:23
29.##8.201.5:23
84.###.152.245:23
66.###.16.239:23
91.##.173.120:23
24#.##5.138.153:23
16#.##0.122.190:23
86.###.194.66:23
18#.##.127.130:23
19#.##1.22.214:23
18#.##6.6.190:23
15#.##6.163.48:23
46.###.168.148:23
18#.##1.166.149:23
20#.##.169.149:23
16#.##6.222.126:23
12#.##.245.50:23
11#.##.232.203:23
16#.##0.78.184:23
17#.##.123.170:23
16#.##1.96.185:23
82.##6.227.3:23
61.###.147.212:23
10#.##.194.130:23
16#.##0.80.36:23
12.##.238.152:23
22#.##.162.102:23
30.###.156.185:23
13#.##4.121.108:23
13#.##.128.124:23
67.###.157.197:23
13.##2.1.253:23
23.#.131.143:23
25#.##.226.122:23
11#.##2.88.199:23
16#.#9.25.9:23
96.###.250.61:23
19#.##3.194.223:23
15#.##3.220.21:23
25#.##3.191.228:23
13#.#.207.34:23
21#.##6.127.19:23
14#.#9.48.80:23
1.##.200.86:23
43.###.154.159:23
12#.##2.203.177:23
23#.##.40.154:23
10#.##.85.230:23
19#.##.75.143:23
14#.##.189.64:23
45.###.134.205:23
45.##.191.165:23
15#.##.200.58:23
3.###.246.125:23
18#.##0.80.135:23
20#.##4.141.218:23
64.###.211.162:23
21#.##1.230.250:23
42.##9.2.230:23
39.##6.57.98:23
10#.##5.93.98:23
24#.##.123.42:23
21#.##5.232.90:23
20#.##4.241.34:23
99.##.189.141:23
19#.##.12.172:23
92.###.134.62:23
22.##6.113.1:23
11#.##8.232.67:23
84.##.245.203:23
16.###.99.207:23
60.##0.190.3:23
57.##.44.75:23
17#.#4.65.56:23
29.###.20.250:23
54.###.243.245:23
14#.##.193.119:23
18#.#6.95.61:23
14#.##3.150.178:23
13#.##.88.102:23
14#.##2.131.62:23
12#.##6.223.38:23
20#.#5.6.42:23
22#.##.249.111:23
22#.##3.79.155:23
46.###.158.187:23
12#.##4.177.136:23
3.###.56.205:23
24#.##8.24.160:23
10#.##.235.95:23
14#.##7.1.234:23
19#.##7.145.190:23
24#.##.134.66:23
19#.##.127.210:23
21#.##5.132.72:23
91.##6.95.68:23
21#.##1.89.161:23
13#.##5.70.14:23
19#.##.234.39:23
25#.##.121.173:23
15#.##2.250.209:23
13#.##3.14.77:23
24#.##6.38.215:23
15#.##.14.230:23
99.##1.50.79:23
14#.##2.249.211:23
13#.##3.206.114:23
20#.#6.166.9:23
18.##.241.195:23
12#.##.121.221:23
14#.##9.71.244:23
21#.##6.214.81:23
21#.##7.133.76:23
1.###.24.208:23
21#.##.119.90:23
14#.##.195.238:23
87.##6.4.88:23
45.#.48.139:23
23.##.43.29:23
52.##.38.251:23
11#.##1.218.226:23
21#.##.12.101:23
35.###.80.129:23
24#.##.207.249:23
16#.##3.132.228:23
14#.#6.18.16:23
4.###.89.97:23
11#.##.221.189:23
4.##.9.248:23

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations