Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.671

Added to the Dr.Web virus database: 2018-06-20

Virus description added:

Technical Information

Malicious functions:
Removes itself
Launches itself as a daemon
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:3902
Establishes connection:
  • <LOCAL_DNS_SERVER>
  • 95.###.62.169:5600
  • 23.#.182.186:80
HTTP GET requests:
  • http://###.#4.43.142/
Sends data to the following servers:
  • 23#.##4.158.29:80
  • 10#.##1.168.30:80
  • 14#.#.175.9:80
  • 23#.##5.75.122:80
  • 25#.##.166.206:80
  • 81.##7.13.65:80
  • 23#.##.248.181:80
  • 89.##7.1.43:80
  • 16.##1.27.64:80
  • 13#.##3.27.131:80
  • 11#.##0.228.161:80
  • 79.##.210.111:80
  • 4.##.111.20:80
  • 24.##0.24.58:80
  • 86.###.181.143:80
  • 18#.##.226.174:80
  • 98.##.233.0:80
  • 31.###.187.16:80
  • 23.###.236.246:80
  • 20#.##.46.179:80
  • 29.###.224.85:80
  • 18#.##.118.40:80
  • 15#.##9.17.225:80
  • 13#.##6.42.191:80
  • 34.##.61.105:80
  • 10#.##.224.160:80
  • 90.###.59.215:80
  • 14#.##3.8.103:80
  • 18#.##7.107.170:80
  • 16#.#8.36.97:80
  • 23.#.182.186:80
  • 11#.##0.156.185:80
  • 15#.##1.86.248:80
  • 15#.##.139.163:80
  • 13#.##8.95.199:80
  • 12#.##2.225.136:80
  • 10#.##.194.18:80
  • 5.###.9.121:80
  • 24#.##8.92.179:80
  • 22#.#52.1.82:80
  • 45.###.204.253:80
  • 23#.##.14.175:80
  • 55.###.184.94:80
  • 21#.##.239.192:80
  • 64.###.170.106:80
  • 18#.##0.189.11:80
  • 98.##.201.138:80
  • 11#.##3.238.169:80
  • 20#.##.139.121:80
  • 19#.##1.214.101:80
  • 17#.##9.182.18:80
  • 56.##.220.235:80
  • 94.##6.9.19:80
  • 19#.##.224.26:80
  • 86.##.141.223:80
  • 74.##.254.82:80
  • 19#.##8.124.179:80
  • 10#.##2.132.193:80
  • 24#.#6.91.81:80
  • 11#.##8.55.75:80
  • 75.##.140.127:80
  • 21#.##.106.167:80
  • 65.###.85.244:80
  • 24#.##.163.78:80
  • 15#.##8.61.253:80
  • 12#.##.153.49:80
  • 29.##1.143.8:80
  • 11.###.238.75:80
  • 82.##.227.131:80
  • 4.##.6.176:80
  • 42.###.55.131:80
  • 72.##5.52.95:80
  • 61.##.40.138:80
  • 68.###.166.66:80
  • 22#.##1.40.236:80
  • 16.##.157.179:80
  • 12#.##7.18.139:80
  • 19#.##2.83.76:80
  • 14#.##9.24.186:80
  • 22#.##8.8.135:80
  • 30.##.78.159:80
  • 12#.##3.158.10:80
  • 22#.##4.248.220:80
  • 19#.##0.170.181:80
  • 25#.##7.244.220:80
  • 24#.##5.136.101:80
  • 17#.##5.191.234:80
  • 95.###.15.156:80
  • 16.###.118.102:80
  • 24#.##3.51.112:80
  • 55.###.152.252:80
  • 14#.##3.72.19:80
  • 23#.##2.5.247:80
  • 77.###.186.23:80
  • 17#.#.4.202:80
  • 54.###.181.84:80
  • 24#.##.168.151:80
  • 14#.##4.249.225:80
  • 15#.##.218.122:80
  • 13#.##9.28.225:80
  • 20#.#5.27.62:80
  • 11#.##9.152.171:80
  • 11#.##2.87.107:80
  • 92.##.2.243:80
  • 18.###.226.31:80
  • 18#.##1.26.223:80
  • 19#.##3.209.39:80
  • 24#.##1.220.84:80
  • 15#.##7.179.177:80
  • 20#.##3.59.38:80
  • 24#.#9.244.5:80
  • 96.##3.22.10:80
  • 18#.##1.167.200:80
  • 15.###.69.169:80
  • 17#.##.226.61:80
  • 81.##.159.215:80
  • 13#.##7.195.78:80
  • 64.##7.32.56:80
  • 17#.#43.4.52:80
  • 31.###.208.28:80
  • 20#.##.105.133:80
  • 11#.##5.90.139:80
  • 21#.##.249.54:80
  • 10#.##0.132.232:80
  • 88.###.106.220:80
  • 20#.##.177.243:80
  • 12.##.67.231:80
  • 83.###.101.200:80
  • 17#.##2.54.204:80
  • 54.##.215.235:80
  • 25#.##5.186.15:80
  • 55.###.150.82:80
  • 16#.##.205.101:80
  • 69.##1.98.6:80
  • 39.##.157.73:80
  • 10#.##8.147.141:80
  • 13#.##1.100.88:80
  • 89.##.55.105:80
  • 19#.##0.194.115:80
  • 78.###.111.31:80
  • 11#.##.147.125:80
  • 14#.##2.166.219:80
  • 22#.##.23.237:80
  • 35.##9.96.90:80
  • 25#.##9.229.97:80
  • 13#.##4.207.251:80
  • 93.##.60.254:80
  • 37.###.213.208:80
  • 77.##.213.92:80
  • 18#.##.126.225:80
  • 11#.##.183.197:80
  • 29.##.164.75:80
  • 25#.##.192.70:80
  • 97.##.77.143:80
  • 82.###.153.148:80
  • 22#.##.140.252:80
  • 3.###.26.190:80
  • 21#.#0.11.11:80
  • 24#.##6.91.214:80

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number