Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Packed.288

Added to the Dr.Web virus database: 2019-01-27

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Gets access to SSH keys
  • /root/.ssh/authorized_keys
Launches processes:
  • /usr/bin/getconf CLK_TCK
  • <SAMPLE_FULL_PATH>
  • /usr/bin/lsb_release
Kills the following processes:
  • /usr/bin/lsb_release
Performs operations with the file system:
Creates folders:
  • /tmp/.ddg
  • /root/.ssh
Creates or modifies files:
  • /tmp/.ddg/3020.db
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 21#.#39.38.21:9
  • 23.##.99.40:9
  • 21#.#39.32.21:9
  • 21#.#39.34.21:9
  • 23.##.99.33:9
  • 14#.#5.92.157:9
  • 21#.#39.36.21:9
  • 14#.#5.96.57:9
  • 14#.#5.89.25:9
  • 52.#.208.170:9
  • [2#######0:c000:1000::501]:9
  • 66.###.248.178:9
  • 18.##3.42.138:9
  • 52.###.139.131:9
  • 34.##3.102.38:9
  • 52.##0.125.74:9
  • 34.##6.82.108:9
  • 95.###.190.198:7946
  • 10#.##.23.174:7946
  • 12#.###.112.119:7946
  • 11#.##.89.17:7946
  • 11#.##0.18.117:7946
HTTP GET requests:
  • v4.##ent.me/
  • wh#####yip.akamai.com/
  • ip####.net/plain
  • ip###o.io/ip
  • ch#####.amazonaws.com/
  • ip##.#canhazip.com/
  • bo#.####ismyipaddress.com/
Sends data to the following servers:
  • 8.#.8.8:53
  • 10#.##.23.174:7946
  • [:######47.97.63.6]:7947
  • [:######47.92.79.140]:7946
  • [:#######03.255.203.197]:7946
  • [:#######39.199.132.121]:7946
  • [:#######18.24.171.136]:7946
  • [:######125.132.18.66]:7946
  • [:######139.162.57.76]:7946
  • [:######120.79.106.57]:7946
  • [:#######40.143.233.154]:7946
  • [:#######23.207.242.78]:7946
  • [:######118.27.15.137]:7946
  • [:#######39.162.219.43]:7946
  • [:######123.57.189.22]:7946
  • [:######39.107.227.80]:7946
  • [:#######01.200.147.156]:7946
  • [:######180.182.53.66]:7946
  • [:######139.199.94.55]:7946
  • [:#######18.24.147.194]:7946
  • [:######58.211.69.249]:7946
  • [:######218.17.84.166]:7946
  • [:#######02.125.145.106]:7946
  • [:######210.73.207.46]:7946
  • [:######104.131.45.9]:7946
  • [:#######39.199.129.197]:7946
  • [:#######11.159.155.111]:7946
  • [:######120.78.75.192]:7946
  • [:######118.89.17.225]:7946
  • [:######118.25.22.176]:7946
  • [:#######7.100.100.106]:7947
  • [:#######93.112.106.126]:7946
  • [:#######22.186.150.221]:7946
  • [:#######39.59.147.135]:7946
  • [:######118.25.36.247]:7946
  • [:######123.56.92.115]:7946
  • [:#######01.200.188.172]:7946
  • [:######101.200.122.8]:7946
  • [:#######04.238.148.120]:7946
  • [:#######22.114.112.119]:7946
  • [:######116.7.21.252]:7946
  • [:######47.92.31.45]:7947
  • [:######47.107.210.17]:7946
  • [:#######23.207.124.127]:7946
  • [:######106.12.15.214]:7946
  • [:#######18.25.127.243]:7946
  • [:######118.24.80.59]:7946
  • [:#######18.246.177.56]:7946
  • [:#######04.248.252.18]:7946
  • [:######124.113.176.5]:7946
  • [:######123.59.26.191]:7946
  • [:#######03.219.112.63]:7946
  • [:#######18.25.191.125]:7946
  • [:######111.230.17.74]:7946
  • [:######120.77.182.1]:7946
  • [:#######40.143.163.97]:7946
  • [:#######03.210.237.84]:7946
  • [:#######11.151.70.242]:7946
  • [:######58.87.127.24]:7946
  • [:#######11.230.202.215]:7946
  • [:######117.73.3.93]:7946
  • [:######118.24.154.82]:7946
  • [:######120.92.210.53]:7946
  • [:######140.143.20.58]:7946
  • [:######120.78.166.6]:7946
  • [:#######39.224.208.108]:7947
  • [:######118.25.12.36]:7946
  • [:######58.87.91.127]:7946
  • [:######47.110.88.24]:7946
  • [:#######9.105.215.252]:7946
  • [:######47.110.41.208]:7946
  • [:######117.50.48.60]:7946
  • [:#######20.24.181.196]:7946
  • [:#######82.16.103.114]:7946
  • [:#######04.237.130.248]:7946
  • [:#######18.248.40.228]:7947
  • [:#######39.162.144.127]:7946
  • [:######117.73.2.123]:7947
  • [:######58.144.150.24]:7946
  • [:######58.218.66.5]:7946
  • [:#######03.195.237.191]:7946
  • [:######118.31.5.177]:7947
  • [:#######11.230.28.175]:7946
  • [:######154.8.170.73]:7946
  • [:######119.9.77.151]:7946
  • [:######139.196.164.3]:7946
  • [:#######14.80.246.140]:7946
  • [:######39.105.20.26]:7946
  • [:#######18.24.204.222]:7946
  • [:######47.96.117.194]:7946
  • [:#######80.188.197.45]:7946
  • [:#######32.232.164.215]:7946
  • [:######120.79.37.61]:7946
  • [:#######20.171.11.196]:7946
  • [:######120.79.13.73]:7947
  • [:######120.92.40.245]:7946
  • [:######114.55.4.202]:7946
  • [:######58.83.224.86]:7946
  • [:######118.24.89.17]:7946
  • [:######123.127.87.37]:7946
  • [:######39.106.30.51]:7946
  • [:#######32.148.131.22]:7946
  • [:#######11.17.215.107]:7946
  • [:######118.24.138.39]:7946
  • [:######123.207.20.65]:7946
  • [:#######40.143.229.64]:7946
  • [:#######9.109.122.126]:7946
  • [:#######21.41.113.153]:7946
  • [:#######19.27.169.173]:7946
  • [:######47.95.214.15]:7946
  • [:######140.143.98.20]:7946
  • [:######59.2.77.152]:7946
  • [:######218.85.23.177]:7946
  • [:#######23.206.57.139]:7946
  • [:#######03.251.112.26]:7946
  • [:#######34.175.116.60]:7946
  • [:######58.216.8.186]:7946
  • [:######47.96.128.28]:7946
  • [:#######40.143.139.64]:7946
  • [:######39.105.79.80]:7946
  • [:#######82.247.229.77]:7946
  • [:#######11.230.240.153]:7946
  • [:######68.168.138.63]:7946
  • [:######172.104.123.6]:7946
  • [:######118.26.174.16]:7946
  • [:#######18.24.100.218]:7946
  • [:######47.98.223.33]:7947
  • [:#######24.192.161.178]:7946
  • 11#.##.89.17:7946
  • [:######47.107.154.7]:7946
  • [:######47.89.185.60]:7947
  • [:######211.159.164.8]:7946
  • [:######58.87.72.229]:7946
  • [:######58.218.66.3]:7946
  • [:######59.2.77.151]:7946
  • [:######101.49.147.37]:7946
  • [:######140.143.26.75]:7946
  • [:######60.235.183.70]:7946
  • [:######115.28.135.49]:7946
  • [:#######4.215.128.155]:7946
  • [:#######18.190.41.235]:7946
  • [:######47.88.60.88]:7946
  • [:######119.23.68.13]:7946
  • [:######47.94.4.179]:7946
  • [:######119.27.163.94]:7946
  • [:#######32.232.121.103]:7946
  • [:#######39.199.174.250]:7946
  • [:#######11.231.146.238]:7946
  • [:#######15.159.127.168]:7946
  • [:#######02.155.226.221]:7946
  • [:#######11.231.84.214]:7946
  • [:#######40.143.204.66]:7946
  • [:######118.24.38.254]:7946
  • [:######123.56.132.90]:7946
  • [:######106.12.83.187]:7946
  • [:#######11.231.218.36]:7946
  • [:######118.89.16.187]:7946
  • [:#######50.109.77.251]:7946
  • [:######180.76.111.66]:7946
  • [:######118.25.50.190]:7946
  • [:#######40.143.72.152]:7946
  • [:######106.13.39.214]:7946
  • [:######112.35.27.86]:7946
  • [:######106.75.92.156]:7946
  • [:#######93.112.110.93]:7946
  • [:######180.76.244.78]:7946
  • [:#######18.190.169.61]:7946
  • [:######140.143.6.5]:7946
  • [:######120.26.73.36]:7946
  • [:#######40.143.228.224]:7946
  • [:######47.107.97.53]:7946
  • [:######119.23.64.192]:7946
  • [:#######22.114.236.154]:7946
  • [:#######20.79.187.211]:7946
  • [:#######23.233.246.108]:7946
  • [:######39.106.144.39]:7946
  • [:#######32.232.54.187]:7946
  • [:#######32.232.242.147]:7946
  • [:#######16.62.135.237]:7946
  • [:#######20.25.164.145]:7946
  • [:######106.75.8.64]:7946
  • [:######103.37.45.212]:7946
  • [:######132.232.47.41]:7946
  • [:######111.62.41.188]:7946
  • [:######103.85.24.216]:7946
  • [:#######18.126.105.116]:7946
  • [:#######40.143.27.168]:7946
  • [:#######04.101.206.238]:7946
  • [:######47.94.236.205]:7946
  • [:######120.76.155.15]:7946
  • [:######140.143.90.57]:7946
  • [:#######21.229.173.31]:7946
  • [:#######11.231.248.70]:7946
  • [:#######39.196.210.223]:7946
  • [:#######11.230.18.117]:7946
  • [:######47.98.172.198]:7946
  • [:#######7.107.137.244]:7946
  • [:######58.82.208.225]:7946
  • [:#######32.232.38.108]:7946
  • [:#######23.207.35.236]:7946
  • [:#######21.42.247.166]:7946
  • [:######106.14.98.163]:7946
  • [:#######18.244.206.57]:7946
  • [:######120.79.167.73]:7946
  • [:######116.62.6.104]:7946
  • [:#######15.29.214.141]:7946
  • [:######47.98.247.242]:7946
  • [:#######21.14.146.220]:7946
  • [:#######23.113.82.250]:7946
  • [:#######19.23.136.149]:7947
  • [:######123.56.155.51]:7946
  • [:######150.109.77.76]:7946
  • [:######106.14.26.215]:7946
  • [:#######18.31.102.190]:7946
  • [:#######11.94.132.129]:7946
  • [:######111.72.63.34]:7946
  • [:#######19.29.231.208]:7946
  • [:#######39.224.249.83]:7946
  • [:######106.12.197.4]:7946
  • [:######120.26.221.2]:7946
  • [:######120.76.61.135]:7947
  • [:#######11.230.229.127]:7946
  • [:######118.31.106.4]:7946
  • [:######118.25.5.143]:7946
  • [:######65.49.198.104]:7946
  • 11#.##0.18.117:7946
  • [:######106.12.107.29]:7946
  • [:#######03.126.226.19]:7946
  • [:#######11.186.113.22]:7946
Receives data from the following servers:
  • 8.#.8.8:53
  • 10#.##.23.174:7946
  • 11#.##.89.17:7946
  • 11#.##0.18.117:7946
Other:
Collects OS information
Collects CPU information
Collects RAM information
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number