Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Mirai.3074

Added to the Dr.Web virus database: 2019-07-19

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • /bin/busybox
Kills system processes:
  • sshd
Kills the following processes:
  • <SAMPLE>
  • agetty
  • exim4
  • bash
  • run.sh
  • systemd
Network activity:
Establishes connection:
  • 19#.##.97.85:9090
  • 15#.##.69.205:37215
  • 19#.##.69.205:37215
  • 15#.###.54.231:37215
  • 15#.##.176.183:37215
  • 41.##.154.35:37215
  • 19#.###.96.112:37215
  • 41.###.209.169:37215
  • 19#.###.229.215:37215
  • 19#.##.96.204:37215
  • 41.###.145.26:37215
  • 15#.##5.10.97:37215
  • 41.#.#83.142:37215
  • 15#.##.67.77:37215
  • 15#.##.31.2:37215
  • 15#.###.234.166:37215
  • 41.###.28.222:37215
  • 41.##.238.27:37215
  • 15#.##6.1.141:37215
  • 15#.##.209.213:37215
  • 41.##.65.235:37215
  • 41.##.103.64:37215
  • 41.###.201.197:37215
  • 41.##.132.56:37215
  • 41.##.50.21:37215
  • 15#.###.222.255:37215
  • 19#.##0.4.186:37215
  • 41.###.16.131:37215
  • 19#.##.227.178:37215
  • 15#.##.153.8:37215
  • 41.##.191.48:37215
  • 15#.###.157.205:37215
  • 41.###.91.226:37215
  • 41.##.16.212:37215
  • 41.###.145.221:37215
  • 41.###.137.66:37215
  • 19#.###.244.60:37215
  • 19#.###.168.126:37215
  • 41.###.178.142:37215
  • 15#.##.25.212:37215
  • 19#.###.174.69:37215
  • 19#.###.199.167:37215
  • 19#.##.224.57:37215
  • 41.###.172.115:37215
  • 15#.##.209.81:37215
  • 41.###.10.83:37215
  • 41.###.230.228:37215
  • 19#.##.212.243:37215
  • 19#.##.242.231:37215
  • 15#.##.188.169:37215
  • 19#.##.105.80:37215
  • 19#.##.127.159:37215
  • 41.###.42.27:37215
  • 15#.##.226.231:37215
  • 41.###.245.187:37215
  • 41.##.231.67:37215
  • 19#.##.113.34:37215
  • 19#.##.137.180:37215
  • 19#.##6.3.76:37215
  • 19#.###.31.146:37215
  • 15#.##.111.147:37215
  • 15#.##.237.184:37215
  • 41.###.41.74:37215
  • 19#.###.109.35:37215
  • 15#.##.162.10:37215
  • 19#.###.203.168:37215
  • 41.###.80.139:37215
  • 19#.##8.85.64:37215
  • 15#.###.38.253:37215
  • 41.###.31.13:37215
  • 15#.###.217.152:37215
  • 15#.###.225.24:37215
  • 41.###.108.209:37215
  • 15#.##.214.245:37215
  • 15#.##.131.199:37215
  • 15#.###.70.171:37215
  • 15#.##.123.200:37215
  • 41.###.172.50:37215
  • 19#.###.107.52:37215
  • 15#.###.159.190:37215
  • 41.###.230.198:37215
  • 19#.#.192.65:37215
  • 41.##.14.44:37215
  • 19#.##2.0.15:37215
  • 15#.###.219.180:37215
  • 41.##.184.15:37215
  • 19#.###.15.244:37215
  • 41.#.#1.121:37215
  • 19#.###.97.184:37215
  • 41.###.111.154:37215
  • 19#.###.241.161:37215
  • 19#.###.103.235:37215
  • 19#.##1.73.44:37215
  • 19#.##6.10.95:37215
  • 15#.##.13.173:37215
  • 41.###.64.47:37215
  • 15#.###.224.67:37215
  • 41.##.161.143:37215
  • 19#.###.142.72:37215
  • 19#.##.152.7:37215
  • 15#.##.181.171:37215
  • 41.##.83.205:37215
  • 15#.###.114.227:37215
  • 41.##.249.16:37215
  • 41.###.139.236:37215
  • 19#.###.47.205:37215
  • 41.###.252.41:37215
  • 19#.##.49.220:37215
  • 15#.##.132.75:37215
  • 41.###.163.70:37215
  • 41.##.184.181:37215
  • 41.###.65.50:37215
  • 15#.##.181.211:37215
  • 19#.##.48.22:37215
  • 41.###.117.27:37215
  • 19#.##1.32.41:37215
  • 15#.##1.16.60:37215
  • 19#.###.51.119:37215
  • 15#.##8.3.22:37215
  • 15#.###.40.238:37215
  • 15#.###.17.195:37215
  • 41.##.2.148:37215
  • 19#.#.119.191:37215
  • 19#.##.137.99:37215
  • 15#.###.148.13:37215
  • 41.##.162.255:37215
  • 15#.##.0.201:37215
  • 15#.###.148.233:37215
  • 19#.###.87.205:37215
  • 19#.###.136.103:37215
  • 19#.##.24.121:37215
  • 15#.##.185.226:37215
  • 15#.###.224.112:37215
  • 41.###.165.60:37215
  • 19#.##.242.177:37215
  • 15#.###.177.15:37215
  • 15#.###.170.204:37215
  • 15#.###.226.70:37215
  • 15#.##.196.181:37215
  • 15#.###.161.120:37215
  • 41.##.210.168:37215
  • 41.###.216.53:37215
  • 19#.###.160.98:37215
  • 19#.##.199.85:37215
  • 19#.#.118.14:37215
  • 41.##.225.131:37215
  • 41.###.138.111:37215
  • 15#.##.176.69:37215
  • 41.##.84.153:37215
  • 19#.##.108.178:37215
  • 19#.##.119.202:37215
  • 19#.##6.49.37:37215
  • 15#.##4.7.7:37215
  • 41.###.234.124:37215
  • 15#.###.251.101:37215
  • 15#.###.11.244:37215
  • 41.##.174.230:37215
  • 41.###.121.189:37215
  • 41.###.101.63:37215
  • 15#.##.11.141:37215
  • 41.###.128.13:37215
  • 19#.##.111.59:37215
  • 41.##.28.55:37215
  • 15#.###.153.248:37215
  • 15#.##.143.79:37215
  • 41.##.84.119:37215
  • 19#.##.109.240:37215
  • 41.##.41.59:37215
  • 15#.###.246.143:37215
  • 15#.##.220.100:37215
  • 19#.###.175.201:37215
  • 41.##.137.193:37215
  • 15#.##.185.82:37215
  • 15#.##.29.155:37215
  • 15#.##3.93.72:37215
  • 41.###.134.131:37215
  • 19#.##7.84.13:37215
  • 41.#.#36.150:37215
  • 41.###.186.255:37215
  • 19#.##4.57.59:37215
  • 19#.##.13.209:37215
  • 41.##.108.255:37215
  • 15#.##.220.96:37215
  • 19#.###.165.135:37215
  • 15#.###.63.157:37215
  • 15#.###.133.23:37215
  • 41.###.102.100:37215
  • 41.###.185.159:37215
  • 41.###.163.133:37215
  • 41.###.10.82:37215
  • 15#.###.106.41:37215
  • 41.###.80.145:37215
  • 19#.###.64.178:37215
  • 19#.##.174.82:37215
  • 41.##.191.57:37215
  • 41.###.82.153:37215
  • 19#.###.252.13:37215
  • 41.##.227.74:37215
  • 41.###.73.154:37215
  • 41.###.235.78:37215
  • 41.###.235.222:37215
  • 15#.###.17.198:37215
  • 15#.##.159.152:37215
  • 41.###.60.5:37215
  • 41.###.147.97:37215
  • 15#.##9.30.93:37215
  • 41.###.205.97:37215
  • 41.###.176.177:37215
  • 15#.##.219.223:37215
  • 15#.###.132.206:37215
  • 41.###.10.204:37215
  • 41.###.61.7:37215
  • 15#.##.252.61:37215
  • 19#.##7.8.193:37215
  • 41.###.4.36:37215
  • 19#.##0.45.28:37215
  • 15#.##.124.71:37215
  • 19#.###.232.188:37215
  • 41.###.97.134:37215
  • 19#.###.75.185:37215
  • 41.###.219.215:37215
  • 15#.###.131.28:37215
  • 15#.##.14.182:37215
  • 15#.###.228.254:37215
  • 41.##.179.91:37215
  • 15#.##.130.159:37215
  • 41.##.44.227:37215
  • 19#.###.186.130:37215
  • 41.###.174.109:37215
  • 15#.##.73.196:37215
  • 19#.###.159.137:37215
  • 19#.#.148.145:37215
  • 15#.###.229.55:37215
  • 19#.##.140.221:37215
  • 15#.##.181.7:37215
  • 15#.##.240.177:37215
  • 19#.##0.23.65:37215
  • 15#.##.134.168:37215
  • 19#.##7.62.54:37215
  • 15#.###.120.153:37215
  • 41.###.45.52:37215
  • 19#.###.168.181:37215
  • 15#.##.119.3:37215
  • 19#.###.116.38:37215
  • 15#.###.99.242:37215
  • 19#.###.103.80:37215
  • 41.#.#01.11:37215
  • 41.##.46.209:37215
  • 41.###.240.39:37215
  • 19#.###.183.90:37215
  • 19#.##.208.97:37215
  • 41.##.180.75:37215
  • 15#.###.137.137:37215
  • 19#.###.130.70:37215
  • 19#.##.26.136:37215
  • 19#.###.31.141:37215
  • 41.###.67.219:37215
  • 41.###.5.146:37215
  • 15#.##.232.24:37215
  • 19#.##.255.155:37215
  • 15#.##.157.77:37215
  • 15#.##.39.204:37215
  • 15#.##.177.49:37215
  • 41.###.203.101:37215
  • 19#.##9.235.5:37215
  • 19#.###.65.229:37215
  • 15#.##.56.105:37215
  • 19#.###.220.136:37215
  • 19#.##0.16.51:37215
  • 19#.###.173.131:37215
  • 41.###.94.255:37215
  • 15#.##9.34.31:37215
  • 19#.##.253.173:37215
  • 41.###.158.179:37215
  • 19#.###.149.91:37215
  • 15#.###.171.226:37215
  • 19#.##.240.171:37215
  • 15#.#.236.182:37215
  • 19#.##.231.90:37215
  • 19#.###.94.178:37215
  • 41.###.232.90:37215
  • 19#.##.208.162:37215
  • 19#.##.66.239:37215
  • 41.###.123.97:37215
  • 41.##.25.58:37215
  • 19#.#.147.243:37215
  • 19#.#.192.120:37215
  • 41.##.63.54:37215
  • 19#.###.235.163:37215
  • 41.##.84.153:37215
  • 15#.###.119.169:37215
  • 41.###.121.68:37215
  • 19#.###.250.10:37215
  • 15#.#.248.225:37215
  • 15#.###.80.212:37215
  • 15#.###.115.160:37215
  • 15#.##.243.121:37215
  • 15#.##.131.135:37215
  • 15#.##.3.106:37215
  • 19#.###.147.109:37215
  • 19#.##4.234.9:37215
  • 41.##.221.48:37215
  • 15#.###.139.228:37215
  • 15#.#.53.129:37215
  • 15#.#.147.39:37215
  • 15#.##2.72.65:37215
  • 41.##.48.31:37215
  • 15#.##.162.47:37215
  • 15#.###.41.204:37215
  • 19#.###.15.176:37215
  • 19#.###.233.124:37215
  • 41.###.154.203:37215
  • 15#.###.148.177:37215
  • 19#.###.23.241:37215
  • 15#.###.197.216:37215
  • 41.###.183.42:37215
  • 19#.##.198.31:37215
  • 15#.##.10.14:37215
  • 19#.##5.13.54:37215
  • 41.##.206.220:37215
  • 15#.##.158.250:37215
  • 15#.##.155.94:37215
  • 15#.##.178.171:37215
  • 19#.##.171.236:37215
  • 41.#.#17.217:37215
  • 15#.##.198.240:37215
  • 19#.###.245.76:37215
  • 41.##.32.179:37215
  • 19#.##.44.121:37215
  • 15#.###.166.238:37215
  • 19#.###.194.212:37215
  • 15#.##.108.215:37215
  • 19#.##.99.127:37215
  • 19#.###.100.195:37215
  • 19#.###.59.143:37215
  • 19#.##2.76.68:37215
  • 41.###.33.217:37215
  • 41.##.45.241:37215
  • 19#.###.143.161:37215
  • 41.###.8.96:37215
  • 41.##.46.59:37215
  • 41.###.221.173:37215
  • 19#.##6.20.14:37215
  • 15#.###.116.71:37215
  • 19#.###.187.247:37215
  • 19#.#.217.163:37215
  • 19#.##2.15.95:37215
  • 41.###.52.192:37215
  • 41.###.242.236:37215
  • 19#.###.229.163:37215
  • 41.###.177.70:37215
  • 15#.##.36.165:37215
  • 19#.###.250.131:37215
  • 41.###.73.44:37215
  • 19#.##8.9.21:37215
  • 15#.##.68.118:37215
  • 15#.##.76.149:37215
  • 15#.###.153.254:37215
  • 19#.###.84.105:37215
  • 15#.##.35.69:37215
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 19#.##.97.85:9090
Other:
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040