Linux.Siggen.7178

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

e38387

Kills the following processes:

kthreadd
rcu_gp
rcu_par_gp
kworker/0:0
kworker/0:0H
kworker/u2:0
mm_percpu_wq
rcu_tasks_rude_
rcu_tasks_trace
ksoftirqd/0
rcu_sched
migration/0
cpuhp/0
kdevtmpfs
netns
kauditd
khungtaskd
oom_reaper
writeback
kcompactd0
ksmd
khugepaged
kintegrityd
kblockd
blkcg_punt_bio
edac-poller
devfreq_wq
kworker/0:1H
kworker/0:2
kswapd0
kthrotld
acpi_thermal_pm
ipv6_addrconf
kworker/u2:1
kstrp
zswap-shrink
kworker/u3:0
ata_sff
scsi_eh_0
scsi_tmf_0
scsi_eh_1
scsi_tmf_1
jbd2/sda1-8
ext4-rsv-conver
ttm_swap
kworker/u2:4
kworker/0:1
9bc2fd2a

Network activity:

Awaits incoming connections on ports:

127.0.0.1:33337

Establishes connection:

8.#.8.8:53
45.###.232.208:33335

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

DNS ASK:

ro##me.xyz

Sends data to the following servers:

45.###.232.208:33335
10#.##.250.229:23
11#.##1.158.106:23
19#.##.50.146:23
61.##.123.111:23
78.##6.9.56:23
13#.##3.106.49:23
20#.##4.143.186:23
21#.##5.151.43:23
21#.##8.171.198:23
17#.##2.211.81:23
57.##3.45.63:23
12#.##5.147.167:23
22#.##6.164.163:23
22#.##2.70.127:23
34.###.190.128:23
48.##.0.49:23
34.###.34.234:23
22#.##9.12.42:23
66.#.34.169:23
20#.##2.58.69:23
74.##.33.142:23
36.##.210.162:23
23#.##.28.144:23
15#.##8.252.177:23
19#.##3.191.163:23
95.##2.1.221:23
24#.#1.95.68:23
73.###.183.243:23
19#.##8.17.254:23
91.###.155.137:23
24#.##2.63.111:23
23#.##.111.45:23
76.##.57.74:23
41.##.48.88:23
24#.##3.5.233:23
17#.##5.161.248:23
12#.#.229.228:23
87.##.125.52:23
81.###.245.161:23
22#.##5.165.132:23
11#.##.238.25:23
10#.#.16.189:23
14#.#.232.98:23
19#.##5.67.188:23
22#.##6.96.169:23
5.##.230.37:23
10#.#9.10.17:23
15#.##2.236.160:23
13#.##7.165.209:23
13#.##7.173.133:23
19#.##7.152.29:23
14.###.10.242:23
7.###.164.171:23
28.###.100.179:23
17#.##4.59.247:23
11#.##.192.30:23
21.##.208.237:23
13#.#.190.184:23
84.##7.219.8:23
14#.##7.90.135:23
21#.##8.91.103:23
10#.##1.43.40:23
10#.##.12.189:23
23#.##8.64.216:23
17#.##8.57.253:23
15#.##1.31.26:23
23#.#.49.21:23
24#.##4.163.40:23
98.##.212.185:23
21.###.101.236:23
79.###.208.147:23
63.#.126.233:23
20#.##.82.171:23
38.###.243.166:23
14#.##.175.173:23
11#.#5.18.22:23
91.###.126.180:23
97.##.107.156:23
23#.#30.3.35:23
38.###.231.211:23
13#.##4.98.85:23
10#.##6.226.201:23
19#.##4.102.32:23
14#.##5.184.33:23
16#.##2.104.24:23
22#.##8.243.222:23
20#.##6.27.84:23
52.##.89.125:23
22.##7.91.27:23
16.##.150.227:23
21#.##7.126.124:23
12#.##.255.38:23
13#.##7.73.82:23
12#.##.206.41:23
24#.##5.109.84:23
31.###.100.81:23
79.###.224.124:23
13#.##4.134.150:23
11#.#8.84.80:23
6.##.39.79:23
21#.##1.24.222:23
10#.##0.47.179:23
12#.##3.28.80:23
27.###.165.215:23
19#.##3.251.81:23
48.###.173.150:23
99.##.92.179:23
12#.##1.136.162:23
40.##.90.29:23
11#.##1.129.157:23
20#.##.138.107:23
19.##0.26.80:23
57.##.84.110:23
11#.#2.37.99:23
24#.##6.248.40:23
23#.##8.206.136:23
13#.##4.248.34:23
20#.##1.128.90:23
82.###.71.164:23
71.###.50.189:23
55.###.30.158:23
35.##.20.132:23
13#.##2.43.16:23
16#.##.192.104:23
13#.##6.78.184:23
16#.##0.74.35:23
10#.##5.126.21:23
17#.##5.225.83:23
12#.##0.170.183:23
15#.##.215.130:23
13#.##8.208.190:23
90.##.64.18:23
16#.##.221.81:23
18#.#0.62.38:23
25#.##.237.153:23
13#.##4.98.223:23
12#.##9.217.51:23
10#.##9.48.168:23
17#.#.225.77:23
22#.##7.19.198:23
87.##1.82.98:23
28.###.185.149:23
25#.#3.10.14:23
21#.##7.165.74:23
11#.##5.239.74:23
21.##8.162.2:23
13#.##5.222.133:23
11#.##6.117.174:23
13#.##1.149.60:23
13#.##.90.218:23
17.###.57.244:23
18#.##0.111.119:23
34.###.100.228:23
15#.#2.35.22:23
19#.##.104.233:23
63.##.73.61:23
17#.##4.194.190:23
16#.##1.67.125:23
55.###.180.144:23
14#.##9.108.23:23
61.##.216.188:23
17#.##6.121.24:23
1.###.33.193:23
14#.#3.0.84:23
11#.##.129.86:23
18#.##1.159.60:23
28.###.197.161:23
5.##.49.254:23
19#.##2.80.244:23
56.###.237.248:23
68.###.54.139:23
19#.##0.211.99:23
13#.##2.32.235:23
72.##3.143.7:23
68.#.255.9:23
70.#.124.109:23
70.###.107.13:23
25#.##3.185.104:23
61.##.244.98:23
49.###.209.56:23
19#.##7.56.146:23
11#.##.253.106:23
96.###.221.124:23
2.##.229.78:23
66.##5.16.8:23
61.###.147.243:23
10#.##5.23.14:23
13#.##6.62.125:23
4.##.58.43:23
17#.#4.68.58:23
10#.##.146.146:23
1.###.3.113:23
23#.##.108.47:23
12#.##6.24.35:23
12#.##9.237.243:23
17#.##.124.128:23
23#.##.56.137:23
23#.##.168.145:23
12#.##1.123.110:23
34.###.105.241:23
23#.##6.49.123:23
23#.##.117.230:23
25#.##9.11.124:23
25#.##.253.164:23
41.###.100.160:23
22#.##.109.198:23
12#.##7.147.48:23
19#.##0.157.52:23
19.###.109.10:23
21#.##5.247.226:23
15#.##5.38.39:23
12#.##6.206.133:23
14#.##5.38.231:23
3.##.130.169:23
48.#.157.230:23
33.##1.160.9:23
24#.##.184.234:23
16#.#.153.176:23
94.##.119.135:23
33.###.17.236:23
23#.#67.5.43:23
14#.##7.157.169:23
79.###.141.12:23
20#.##8.116.184:23
16#.##.96.185:23
16#.##9.108.33:23
23#.##6.249.139:23
15#.##.250.97:23
1.###.154.229:23
19#.##6.183.140:23
15#.##5.137.238:23
14#.#35.96.6:23
18#.##.144.203:23
24#.##.154.91:23
14#.##8.234.102:23
99.##.50.90:23
22#.##.38.197:23
22#.##1.234.186:23
45.##.59.108:23
25#.##.187.200:23
85.##8.81.55:23
21#.#.9.249:23
57.##9.9.40:23
25#.##.139.120:23
16#.##5.117.241:23
11#.##8.117.99:23
10#.#.49.203:23
17#.##5.149.25:23
20#.##4.95.78:23
11#.##.61.149:23
16#.##.173.172:23
24.###.155.158:23
32.##2.234.7:23
34.#.93.19:23
23#.##8.162.45:23
20#.##5.64.124:23
24.###.82.242:23
43.##.61.215:23
80.###.158.200:23
78.##4.50.67:23
94.###.228.58:23
19#.#1.94.94:23
14#.##4.90.44:23
31.###.13.127:23
84.##.99.63:23
23#.##.232.88:23
20#.#.140.172:23
69.##.40.15:23
14#.##.190.11:23
68.###.221.20:23
12#.##3.191.190:23
13#.##3.208.150:23
66.#.18.16:23
25#.##5.92.53:23
21#.##4.80.188:23
21#.#.52.203:23
73.##.5.139:23
38.###.25.255:23
48.##.104.35:23
23#.##3.81.93:23
17#.##.244.222:23
29.##1.75.30:23
19.#.239.186:23
19#.##0.199.52:23
98.##.177.201:23
13#.##5.246.3:23
11#.##7.166.193:23
14#.#1.75.79:23
15#.##7.134.23:23
12#.##7.149.245:23
24#.##5.177.37:23
10#.##5.37.121:23
64.###.71.121:23
46.##.93.217:23
22#.##5.214.208:23
10#.#.117.24:23
16#.#0.4.75:23
22#.##9.113.225:23
18#.##1.242.44:23
32.###.183.120:23
21#.##2.33.58:23
69.###.231.111:23
12#.##9.114.63:23
14.##4.244.4:23
15#.##9.41.132:23
14#.##.177.152:23
19#.#8.223.1:23
10#.##8.45.102:23
22#.##.227.17:23
50.###.81.167:23
17#.##3.218.25:23
19.##.194.164:23
21#.##9.68.184:23
19#.##.51.139:23
26.##1.93.41:23
36.###.202.178:23
25#.##.190.170:23
18#.#.194.224:23
14#.#1.36.43:23
19#.##0.144.13:23
84.##.4.113:23
83.##.236.131:23
22#.##8.72.135:23
16#.#.255.131:23
65.##.225.37:23
12#.##.124.96:23
15#.##9.9.212:23
12#.##2.69.235:23
22#.##7.26.25:23
2.###.179.245:23
22#.##2.214.215:23
22#.#.119.33:23
54.##.140.146:23
24#.##1.180.4:23
19#.#9.82.53:23
22#.##2.149.82:23
12.###.252.63:23
12#.#.105.238:23
40.##.195.183:23
16#.##4.245.196:23
2.###.184.62:23
15#.##7.148.166:23
19#.##3.16.103:23
19#.##.11.162:23
21#.##2.111.158:23
23#.##5.125.118:23
17#.##3.13.100:23
15#.#.63.214:23
17#.##2.188.85:23
16#.##9.28.195:23
16#.##5.193.123:23
83.###.249.80:23
81.###.142.71:23
28.##.93.32:23

Receives data from the following servers:

45.###.232.208:33335

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

Technical Information

Curing recommendations