Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Mirai.3030

Added to the Dr.Web virus database: 2019-07-18

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • /bin/busybox
Kills system processes:
  • sshd
Kills the following processes:
  • <SAMPLE>
  • agetty
  • exim4
  • bash
  • run.sh
  • systemd
Network activity:
Establishes connection:
  • 19#.##.97.85:9090
  • 15#.###.220.35:37215
  • 19#.##.220.35:37215
  • 15#.##.223.227:37215
  • 15#.###.31.120:37215
  • 41.###.206.57:37215
  • 19#.###.76.226:37215
  • 41.##.219.142:37215
  • 19#.##.47.203:37215
  • 19#.###.147.17:37215
  • 41.###.233.190:37215
  • 15#.##9.8.88:37215
  • 41.##.195.103:37215
  • 15#.###.215.206:37215
  • 15#.##2.49.5:37215
  • 15#.##.28.143:37215
  • 41.##.189.34:37215
  • 41.###.154.71:37215
  • 15#.##5.75.32:37215
  • 15#.##.87.252:37215
  • 41.##.70.241:37215
  • 41.###.129.63:37215
  • 41.##.23.132:37215
  • 41.###.147.3:37215
  • 41.##.36.15:37215
  • 15#.###.48.152:37215
  • 19#.##.246.33:37215
  • 41.##.132.149:37215
  • 19#.#.60.221:37215
  • 15#.###.51.200:37215
  • 41.###.11.90:37215
  • 15#.###.11.177:37215
  • 41.###.41.13:37215
  • 41.###.199.73:37215
  • 41.###.252.15:37215
  • 41.##.56.108:37215
  • 19#.##.129.4:37215
  • 19#.##.20.188:37215
  • 41.###.249.184:37215
  • 15#.##.89.189:37215
  • 19#.###.203.251:37215
  • 19#.##2.1.46:37215
  • 19#.###.139.71:37215
  • 41.###.104.166:37215
  • 15#.###.64.230:37215
  • 41.###.199.225:37215
  • 41.##.180.98:37215
  • 19#.##0.43.47:37215
  • 19#.#.238.68:37215
  • 15#.###.198.226:37215
  • 19#.##.246.4:37215
  • 19#.##.235.145:37215
  • 41.###.86.50:37215
  • 15#.###.117.204:37215
  • 41.###.48.52:37215
  • 41.###.68.212:37215
  • 19#.###.216.61:37215
  • 19#.###.175.209:37215
  • 19#.##.8.253:37215
  • 19#.##.10.178:37215
  • 15#.##.242.7:37215
  • 15#.###.170.161:37215
  • 41.###.89.165:37215
  • 19#.###.113.35:37215
  • 15#.###.114.232:37215
  • 19#.###.94.249:37215
  • 41.##.230.82:37215
  • 19#.###.104.211:37215
  • 15#.###.241.86:37215
  • 41.###.155.200:37215
  • 15#.###.231.67:37215
  • 15#.###.101.162:37215
  • 41.##.91.57:37215
  • 15#.###.209.43:37215
  • 15#.###.73.251:37215
  • 15#.##.66.7:37215
  • 15#.##.57.192:37215
  • 41.##.166.155:37215
  • 19#.###.221.86:37215
  • 15#.##5.50.39:37215
  • 41.###.78.59:37215
  • 19#.###.253.185:37215
  • 41.#.#05.76:37215
  • 19#.##.48.138:37215
  • 15#.##.231.200:37215
  • 41.###.99.230:37215
  • 19#.###.106.217:37215
  • 41.#.#71.101:37215
  • 19#.##.243.100:37215
  • 41.##.91.165:37215
  • 19#.###.110.154:37215
  • 19#.##.175.174:37215
  • 19#.##.242.16:37215
  • 19#.##1.58.73:37215
  • 15#.###.178.106:37215
  • 41.##.7.61:37215
  • 15#.##6.18.69:37215
  • 41.###.241.67:37215
  • 19#.###.93.247:37215
  • 19#.###.58.227:37215
  • 15#.##.101.176:37215
  • 41.###.41.167:37215
  • 15#.###.103.30:37215
  • 41.###.184.144:37215
  • 41.###.37.207:37215
  • 19#.###.175.196:37215
  • 41.###.225.212:37215
  • 19#.###.223.240:37215
  • 15#.##.49.155:37215
  • 41.###.97.78:37215
  • 41.###.188.159:37215
  • 41.###.180.180:37215
  • 15#.###.219.15:37215
  • 19#.###.170.210:37215
  • 41.##.199.4:37215
  • 19#.###.86.118:37215
  • 15#.###.38.227:37215
  • 19#.###.101.97:37215
  • 15#.###.50.177:37215
  • 15#.##.166.1:37215
  • 15#.###.16.255:37215
  • 41.###.54.64:37215
  • 19#.###.134.23:37215
  • 19#.##.213.101:37215
  • 15#.##.172.251:37215
  • 41.###.125.120:37215
  • 15#.###.90.240:37215
  • 15#.##.145.227:37215
  • 19#.###.151.209:37215
  • 19#.###.250.70:37215
  • 19#.##6.26.32:37215
  • 15#.##.245.109:37215
  • 15#.##.24.53:37215
  • 41.##.88.124:37215
  • 19#.##.235.177:37215
  • 15#.##0.7.44:37215
  • 15#.###.240.187:37215
  • 15#.###.108.154:37215
  • 15#.###.129.208:37215
  • 15#.##.153.162:37215
  • 41.##.118.217:37215
  • 41.###.18.28:37215
  • 19#.###.151.83:37215
  • 19#.###.43.151:37215
  • 19#.###.189.228:37215
  • 41.###.122.109:37215
  • 41.##.126.235:37215
  • 15#.##.140.143:37215
  • 41.###.134.10:37215
  • 19#.###.251.250:37215
  • 19#.##.36.103:37215
  • 19#.###.201.98:37215
  • 15#.###.139.174:37215
  • 15#.##8.87.99:37215
  • 19#.##1.34.24:37215
  • 15#.###.23.186:37215
  • 41.##.238.2:37215
  • 19#.##.75.82:37215
  • 15#.###.14.119:37215
  • 15#.###.154.193:37215
  • 41.###.235.76:37215
  • 19#.###.202.142:37215
  • 19#.###.164.41:37215
  • 15#.###.222.111:37215
  • 15#.##.154.250:37215
  • 41.##.65.18:37215
  • 41.##.161.63:37215
  • 41.###.76.103:37215
  • 41.###.251.216:37215
  • 19#.##.128.110:37215
  • 19#.##.193.201:37215
  • 15#.###.93.231:37215
  • 41.###.230.95:37215
  • 41.###.113.118:37215
  • 19#.###.84.157:37215
  • 15#.###.179.124:37215
  • 19#.###.187.176:37215
  • 41.###.41.193:37215
  • 41.##.213.24:37215
  • 15#.###.194.174:37215
  • 41.###.220.61:37215
  • 19#.##9.82.76:37215
  • 41.#.#08.234:37215
  • 19#.##.9.235:37215
  • 19#.###.238.235:37215
  • 19#.##9.13.66:37215
  • 41.###.111.231:37215
  • 41.###.124.47:37215
  • 41.##.231.172:37215
  • 19#.###.53.130:37215
  • 41.###.191.17:37215
  • 15#.##2.55.35:37215
  • 19#.##.132.127:37215
  • 41.###.63.31:37215
  • 15#.###.158.75:37215
  • 15#.###.224.231:37215
  • 15#.###.191.89:37215
  • 41.###.208.239:37215
  • 19#.##.123.107:37215
  • 19#.##3.36.26:37215
  • 41.###.150.42:37215
  • 15#.###.191.81:37215
  • 15#.##0.24.57:37215
  • 41.##.3.79:37215
  • 19#.##.60.226:37215
  • 19#.###.113.67:37215
  • 41.##.93.63:37215
  • 41.###.169.18:37215
  • 19#.##.46.14:37215
  • 15#.###.31.135:37215
  • 41.###.215.92:37215
  • 41.##.95.235:37215
  • 41.##.48.121:37215
  • 19#.##1.48.45:37215
  • 19#.###.65.170:37215
  • 19#.###.145.136:37215
  • 15#.##.139.203:37215
  • 19#.###.105.136:37215
  • 19#.###.217.170:37215
  • 19#.##.118.198:37215
  • 15#.##3.43.18:37215
  • 19#.###.167.229:37215
  • 15#.##4.35.57:37215
  • 41.###.160.142:37215
  • 19#.##.198.216:37215
  • 15#.##.100.30:37215
  • 19#.###.177.77:37215
  • 19#.#.180.210:37215
  • 15#.##.128.168:37215
  • 41.##.1.218:37215
  • 19#.#.250.2:37215
  • 41.##.101.136:37215
  • 19#.##.48.85:37215
  • 15#.###.227.14:37215
  • 15#.##.217.230:37215
  • 15#.##.114.73:37215
  • 41.#.#9.139:37215
  • 41.#.#11.239:37215
  • 19#.###.234.214:37215
  • 41.##.162.74:37215
  • 41.##.207.149:37215
  • 41.###.110.170:37215
  • 41.###.49.162:37215
  • 19#.##3.14.67:37215
  • 15#.###.188.101:37215
  • 15#.###.152.74:37215
  • 19#.###.223.81:37215
  • 19#.###.233.161:37215
  • 41.###.58.124:37215
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 19#.##.97.85:9090
Other:
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number