Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.1767

Added to the Dr.Web virus database: 2019-05-31

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Kills system processes:
  • sshd
Kills the following processes:
  • exim4
  • bash
  • run.sh
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:3521
Establishes connection:
  • 8.#.8.8:53
  • 18#.##4.25.178:4534
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 18#.##4.25.178:4534
  • 12#.##4.196.178:23
  • 12#.##8.35.144:23
  • 10#.##7.72.130:23
  • 12#.#9.97.43:23
  • 98.##.2.24:23
  • 13#.#3.42.7:23
  • 64.###.80.207:23
  • 11#.##1.81.246:23
  • 21#.##5.78.224:23
  • 51.##.245.52:23
  • 63.###.81.116:23
  • 10#.##7.195.16:23
  • 42.##.203.35:23
  • 82.##.174.174:23
  • 19#.##9.92.233:23
  • 12#.##.111.150:23
  • 22#.##.79.252:23
  • 14#.##.179.27:23
  • 34.###.179.110:23
  • 64.##.93.211:23
  • 17#.##2.23.54:23
  • 36.##.229.30:23
  • 20#.##.143.228:23
  • 12#.##1.62.44:23
  • 11#.##9.91.235:23
  • 10#.##.148.81:23
  • 21#.##7.113.152:23
  • 89.##1.15.32:23
  • 17#.##.50.247:23
  • 38.##.178.249:23
  • 15#.##5.80.167:23
  • 17#.##.71.175:23
  • 11#.##5.16.99:23
  • 13#.##1.24.124:23
  • 11#.##6.11.112:23
  • 18#.##6.44.48:23
  • 14#.##0.4.165:23
  • 10#.##2.221.112:23
  • 60.###.167.96:23
  • 99.##.90.202:23
  • 69.##.51.228:23
  • 83.##2.86.40:23
  • 20#.##.231.111:23
  • 18#.##3.30.132:23
  • 1.###.136.69:23
  • 49.###.237.19:23
  • 11#.##6.241.228:23
  • 16#.##7.91.155:23
  • 39.###.218.196:23
  • 14#.#0.74.96:23
  • 20#.##2.147.63:23
  • 18#.##4.182.44:23
  • 20#.##.231.203:23
  • 12#.##3.194.220:23
  • 15#.##6.228.239:23
  • 14#.##8.205.145:23
  • 14#.##5.50.111:23
  • 13#.##.150.21:23
  • 54.###.26.147:23
  • 22#.##.212.204:23
  • 17#.##5.236.165:23
  • 13#.##2.40.171:23
  • 14#.##.124.91:23
  • 19.##3.76.3:23
  • 59.##1.39.82:23
  • 18#.#1.89.33:23
  • 12#.#.183.106:23
  • 16#.##9.77.130:23
  • 67.##2.154.3:23
  • 13#.##4.181.146:23
  • 50.##2.6.50:23
  • 91.###.214.59:23
  • 10#.##.238.168:23
  • 70.#.173.107:23
  • 18#.##.179.99:23
  • 16#.##4.3.203:23
  • 20#.##0.26.52:23
  • 10#.##.228.170:23
  • 18.##.104.68:23
  • 18#.##.146.136:23
  • 68.#.241.138:23
  • 21#.#1.6.168:23
  • 19#.##2.69.205:23
  • 18#.##.94.149:23
  • 12#.##3.35.238:23
  • 16#.##4.15.157:23
  • 11#.##.169.237:23
  • 22#.##.177.169:23
  • 19#.##2.101.54:23
  • 17.###.241.146:23
  • 13#.##.175.135:23
  • 13#.##6.167.19:23
  • 17#.##.21.220:23
  • 64.###.88.202:23
  • 96.###.43.105:23
  • 13#.##7.236.0:23
  • 15#.##.107.205:23
  • 86.##.248.55:23
  • 16#.##0.137.99:23
  • 15#.##9.253.239:23
  • 59.###.89.252:23
  • 16#.#48.3.55:23
  • 13#.##5.82.18:23
Receives data from the following servers:
  • 18#.##4.25.178:4534
Other:
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number