Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.1801

Added to the Dr.Web virus database: 2019-06-03

Virus description added:

Technical Information

Malicious functions:
Substitutes application name for:
  • SlRAfZIHfOIKqFoKoMfd5qk5
Kills system processes:
  • sshd
Kills the following processes:
  • exim4
  • bash
  • run.sh
  • kworker/u2:3
  • <SAMPLE>
Network activity:
Establishes connection:
  • 17#.###.245.93:37215
  • 22#.##.111.176:37215
  • 48.###.253.123:37215
  • 10#.##5.7.94:37215
  • 21#.###.225.185:37215
  • 92.##.76.248:37215
  • 12#.###.236.131:37215
  • 21#.##.166.36:37215
  • 96.##.45.60:37215
  • 22#.###.74.123:37215
  • 12#.###.20.133:37215
  • 12#.#.15.60:37215
  • 23#.##.229.226:37215
  • 18#.##.86.79:37215
  • 16#.###.207.180:37215
  • 96.###.208.113:37215
  • 31.##.29.79:37215
  • 9.###.24.86:37215
  • 24#.##0.2.15:37215
  • 15#.##.237.148:37215
  • 31.#.#52.32:37215
  • 16#.###.54.210:37215
  • 20#.###.181.241:37215
  • 18#.###.50.174:37215
  • 24.##.97.163:37215
  • 35.###.187.245:37215
  • 18#.###.199.251:37215
  • 23.###.226.173:37215
  • 18#.##.100.136:37215
  • 94.###.188.137:37215
  • 82.###.6.210:37215
  • 10#.###.80.152:37215
  • 65.###.108.23:37215
  • 21#.##.171.122:37215
  • 73.#.#3.160:37215
  • 12#.##2.35.55:37215
  • 17#.###.59.147:37215
  • 86.###.15.75:37215
  • 24#.##2.76.52:37215
  • 16.#.#74.138:37215
  • 22#.###.75.244:37215
  • 14#.###.31.148:37215
  • 23#.##.199.72:37215
  • 23#.#.173.245:37215
  • 24.###.228.128:37215
  • 81.#.#32.177:37215
  • 39.###.15.45:37215
  • 16#.##.106.188:37215
  • 20#.##1.211.7:37215
  • 81.##.198.215:37215
  • 65.##.15.211:37215
  • 16#.###.241.121:37215
  • 23#.###.138.89:37215
  • 8.###.186.177:37215
  • 13.###.57.102:37215
  • 17#.##5.1.145:37215
  • 25#.###.176.30:37215
  • 80.###.205.115:37215
  • 25#.##.101.210:37215
  • 93.#.#49.164:37215
  • 21#.##.212.82:37215
  • 18#.##.132.65:37215
  • 48.##.63.134:37215
  • 18#.###.34.187:37215
  • 20#.##.234.244:37215
  • 14#.###.202.33:37215
  • 69.###.42.208:37215
  • 73.###.91.7:37215
  • 71.###.49.230:37215
  • 13#.##7.19.37:37215
  • 60.##.70.82:37215
  • 14#.##.235.251:37215
  • 17#.###.102.129:37215
  • 10#.###.162.60:37215
  • 96.###.232.38:37215
  • 23.##.112.185:37215
  • 22#.###.197.207:37215
  • 16.###.19.2:37215
  • 12#.###.120.203:37215
  • 82.###.98.69:37215
  • 12#.##.236.142:37215
  • 19#.###.176.190:37215
  • 20#.###.76.101:37215
  • 15#.###.108.231:37215
  • 21#.###.188.50:37215
  • 19#.###.131.69:37215
  • 20#.###.232.192:37215
  • 18#.##.223.101:37215
  • 12.#.#6.35:37215
  • 10#.###.175.130:37215
  • 24#.###.224.34:37215
  • 63.###.202.90:37215
  • 24#.##0.78.96:37215
  • 17#.##.210.45:37215
  • 17#.###.165.194:37215
  • 44.###.213.116:37215
  • 65.##.0.52:37215
  • 72.##.206.169:37215
  • 23#.###.242.132:37215
  • 20#.###.180.102:37215
  • 24#.###.66.158:37215
  • 80.##.99.36:37215
  • 15#.###.112.190:37215
  • 18#.##.123.156:37215
  • 65.###.226.240:37215
  • 10#.##.61.25:37215
  • 10#.###.61.226:37215
  • 45.###.132.123:37215
  • 10#.###.102.229:37215
  • 92.##.101.243:37215
  • 11#.##8.3.111:37215
  • 20#.###.178.195:37215
  • 10#.##1.70.26:37215
  • 21#.###.180.19:37215
  • 77.###.17.227:37215
  • 47.###.245.130:37215
  • 16#.#.215.184:37215
  • 23#.###.66.112:37215
  • 25#.##.223.180:37215
  • 63.###.43.86:37215
  • 17#.##.98.185:37215
  • 61.#.#51.56:37215
  • 74.###.237.155:37215
  • 18#.###.52.219:37215
  • 18#.##0.6.86:37215
  • 18#.###.45.202:37215
  • 95.##.197.109:37215
  • 10#.##.253.168:37215
  • 70.##.116.174:37215
  • 46.###.149.26:37215
  • 22#.##.207.254:37215
  • 20#.##.203.214:37215
  • 11#.##.114.141:37215
  • 12#.###.15.195:37215
  • 13#.###.221.168:37215
  • 10#.###.14.153:37215
  • 22#.##.68.140:37215
  • 20#.##3.76.4:37215
  • 12#.###.206.34:37215
  • 44.##.25.195:37215
  • 11#.##.108.125:37215
  • 15#.###.140.195:37215
  • 86.###.194.24:37215
  • 10#.##.67.87:37215
  • 2.###.126.56:37215
  • 14#.##.164.244:37215
  • 73.#.#3.39:37215
  • 14#.###.47.135:37215
  • 22#.##.19.130:37215
  • 16#.###.199.26:37215
  • 41.###.202.174:37215
  • 24#.###.105.153:37215
  • 82.###.161.109:37215
  • 19.##.162.45:37215
  • 1.###.209.111:37215
  • 11#.##.66.170:37215
  • 16#.##.14.150:37215
  • 57.###.38.76:37215
  • 22#.###.235.27:37215
  • 24#.##.9.244:37215
  • 11#.###.159.221:37215
  • 24#.##.162.216:37215
  • 19#.###.203.38:37215
  • 23#.##0.99.81:37215
  • 19#.###.211.61:37215
  • 19#.##.153.242:37215
  • 17#.###.215.195:37215
  • 14#.###.179.237:37215
  • 27.###.42.160:37215
  • 19#.##.177.137:37215
  • 16#.##.209.43:37215
  • 2.###.189.80:37215
  • 31.###.244.18:37215
  • 5.###.252.162:37215
  • 23.###.14.201:37215
  • 15#.###.235.152:37215
  • 15#.###.182.73:37215
  • 12#.###.87.167:37215
  • 17#.#.151.175:37215
  • 20#.##.202.241:37215
  • 10#.###.51.191:37215
  • 98.#.#2.247:37215
  • 25#.##9.40.88:37215
  • 18#.##.129.134:37215
  • 61.###.74.36:37215
  • 23#.###.65.205:37215
  • 20#.##.62.17:37215
  • 15#.###.239.46:37215
  • 19#.###.117.12:37215
  • 21#.###.66.169:37215
  • 18#.###.29.106:37215
  • 18#.##.136.30:37215
  • 11#.##.38.88:37215
  • 16#.##.54.147:37215
  • 11#.###.50.152:37215
  • 65.##.106.83:37215
  • 24#.##3.48.33:37215
  • 14.##.177.15:37215
  • 47.##.160.155:37215
  • 21#.##5.50.92:37215
  • 17#.###.207.185:37215
  • 96.###.131.200:37215
  • 24#.###.118.223:37215
  • 32.###.150.108:37215
  • 16.###.122.20:37215
  • 12#.##4.86.55:37215
  • 36.###.29.32:37215
  • 15#.##.106.22:37215
  • 21#.###.107.55:37215
  • 20#.###.156.244:37215
  • 21#.##.213.5:37215
  • 12#.###.96.116:37215
  • 43.##.126.162:37215
  • 66.###.249.196:37215
  • 13#.###.141.156:37215
  • 13#.##.163.98:37215
  • 10#.##9.39.75:37215
  • 8.###.98.43:37215
  • 70.##.18.34:37215
  • 22#.###.34.200:37215
  • 12#.##.253.165:37215
  • 74.##.184.102:37215
  • 18#.##.192.211:37215
  • 13#.###.240.109:37215
  • 75.##.66.46:37215
  • 14#.##3.128.8:37215
  • 24#.##.89.233:37215
  • 58.###.215.5:37215
  • 20#.##.168.110:37215
  • 18#.##.12.94:37215
  • 23#.###.209.14:37215
  • 20#.##.53.211:37215
  • 14#.##.169.17:37215
  • 18#.##.65.192:37215
  • 24#.##.83.23:37215
  • 53.###.198.152:37215
  • 19#.###.76.241:37215
  • 62.##.98.195:37215
  • 22#.#.226.35:37215
  • 17#.###.186.143:37215
  • 17#.##.217.211:37215
  • 68.###.201.152:37215
  • 23#.###.245.204:37215
  • 51.##.167.161:37215
  • 62.##.8.81:37215
  • 12#.###.194.66:37215
  • 22#.#.211.243:37215
  • 96.###.60.136:37215
  • 14.##.96.106:37215
  • 15#.##.37.93:37215
  • 24#.##.177.155:37215
  • 14#.##5.86.93:37215
  • 14#.##3.0.42:37215
  • 15#.##.173.105:37215
  • 61.###.143.101:37215
  • 19#.###.217.100:37215
  • 23#.###.195.170:37215
  • 93.###.98.39:37215
  • 22#.###.170.37:37215
  • 16#.###.143.105:37215
  • 12#.##.191.73:37215
  • 25#.###.20.183:37215
  • 32.###.204.25:37215
  • 73.##.150.148:37215
  • 20#.###.208.138:37215
  • 15#.##.85.136:37215
  • 12#.###.135.133:37215
  • 10#.###.195.162:37215
  • 70.##.183.228:37215
  • 12#.##.181.167:37215
  • 35.###.100.61:37215
  • 18#.###.153.208:37215
  • 78.##.58.16:37215
  • 12#.##0.95.80:37215
  • 15#.##.106.103:37215
  • 24#.###.223.182:37215
  • 14#.##.235.156:37215
  • 24.##.54.169:37215
  • 90.###.8.84:37215
  • 71.##.172.119:37215
  • 22#.##9.94.95:37215
  • 36.##.221.122:37215
  • 75.##.20.108:37215
  • 10#.###.51.252:37215
  • 16#.##.106.200:37215
  • 8.##.#1.15:37215
  • 77.###.38.246:37215
  • 36.##.249.123:37215
  • 11#.##.2.88:37215
  • 15#.##1.6.6:37215
  • 17#.##.81.129:37215
  • 22#.##4.96.11:37215
  • 23#.###.225.114:37215
  • 17#.##.182.28:37215
  • 16#.##.63.48:37215
  • 89.###.209.68:37215
  • 42.##.64.236:37215
  • 18#.###.198.205:37215
  • 37.##.23.94:37215
  • 11#.###.108.238:37215
  • 65.###.23.163:37215
  • 18#.##.100.216:37215
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Connects to the following servers over the IRC protocol:
  • Server: 37.##.225.230; Command: NICK [KTN|MIPSEL]DIQX\nUSER ktn localhost localhost :BJEIYCMT\n
  • Server: 37.##.225.230; Command: PONG :BCAF3771\n
  • Server: 37.##.225.230; Command: MODE DIQX -xi\n
  • Server: 37.##.225.230; Command: JOIN #ktx :\n
  • Server: 37.##.225.230; Command: WHO DIQX\n

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number