Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.2046

Added to the Dr.Web virus database: 2019-07-31

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • /bin/busybox
Kills system processes:
  • sshd
Kills the following processes:
  • <SAMPLE>
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 10#.#.186.118:6949
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 72.###.94.86:60001
  • 31.###.28.86:60001
  • 48.###.147.103:60001
  • 20#.###.38.253:60001
  • 66.##.92.63:60001
  • 15#.##.67.33:60001
  • 12#.##.216.132:60001
  • 71.##.34.254:60001
  • 15#.###.86.163:60001
  • 74.###.220.4:60001
  • 12#.###.38.165:60001
  • 69.###.15.238:60001
  • 20#.##.23.100:60001
  • 45.###.70.177:60001
  • 20#.#.1.163:60001
  • 12#.##.251.202:60001
  • 94.###.123.179:60001
  • 17#.##8.1.249:60001
  • 17#.###.103.85:60001
  • 10#.###.55.198:60001
  • 22#.###.31.168:60001
  • 90.##.121.15:60001
  • 8.###.168.132:60001
  • 17#.##.45.220:60001
  • 15#.###.224.160:60001
  • 21#.##.93.122:60001
  • 20#.##.124.230:60001
  • 10#.###.161.22:60001
  • 15#.##.250.42:60001
  • 10#.###.141.143:60001
  • 82.##.45.175:60001
  • 75.###.8.251:60001
  • 21#.##9.4.46:60001
  • 17#.#.42.100:60001
  • 19.##.50.162:60001
  • 34.###.7.175:60001
  • 18#.###.220.163:60001
  • 48.##.17.66:60001
  • 83.###.18.17:60001
  • 27.###.201.154:60001
  • 12#.###.222.247:60001
  • 20#.##.203.237:60001
  • 81.###.69.70:60001
  • 14#.###.198.171:60001
  • 18#.###.121.183:60001
  • 97.###.199.251:60001
  • 11#.##.37.159:60001
  • 19#.##.166.94:60001
  • 21#.##8.75.9:60001
  • 14#.##.64.132:60001
  • 13#.###.215.78:60001
  • 20#.###.230.29:60001
  • 87.#.#53.141:60001
  • 11#.#.151.189:60001
  • 21#.##9.28.56:60001
  • 1.###.86.50:60001
  • 10#.###.172.171:60001
  • 14#.###.115.121:60001
  • 44.###.246.216:60001
  • 83.###.53.195:60001
  • 88.##.30.97:60001
  • 76.##.253.193:60001
  • 97.###.19.172:60001
  • 63.###.2.96:60001
  • 96.###.158.153:60001
  • 20#.###.39.167:60001
  • 14#.##7.16.72:60001
  • 76.##.72.176:60001
  • 16#.###.148.87:60001
  • 27.###.86.72:60001
  • 67.###.233.28:60001
  • 15#.##2.66.94:60001
  • 60.##.19.73:60001
  • 14#.##.74.220:60001
  • 19#.##.17.216:60001
  • 17#.##.127.111:60001
  • 20#.##.58.156:60001
  • 40.###.171.74:60001
  • 22#.###.179.39:60001
  • 57.##.127.207:60001
  • 80.###.72.71:60001
  • 61.###.141.240:60001
  • 11#.###.38.131:60001
  • 19#.###.98.254:60001
  • 21#.###.185.255:60001
  • 11#.##.201.24:60001
  • 76.##.4.102:60001
  • 16#.###.83.114:60001
  • 72.###.33.102:60001
  • 53.###.30.244:60001
  • 73.###.7.125:60001
  • 70.##.44.135:60001
  • 18#.##.115.93:60001
  • 5.###.190.114:60001
  • 19#.#.148.52:60001
  • 13#.##.220.185:60001
  • 17#.##.254.236:60001
  • 17#.###.73.139:60001
  • 17#.##6.0.85:60001
  • 39.###.29.113:60001
  • 10#.###.12.236:60001
  • 12#.##.98.94:60001
  • 68.###.183.55:60001
  • 17#.##0.74.45:60001
  • 19#.##.238.15:60001
  • 92.##.204.46:60001
  • 11#.##.175.25:60001
  • 44.###.184.84:60001
  • 17#.###.228.26:60001
  • 23.###.94.65:60001
  • 99.###.37.111:60001
  • 11#.##.52.164:60001
  • 69.##.172.116:60001
  • 12#.###.118.228:60001
  • 61.###.154.52:60001
  • 18#.###.182.246:60001
  • 94.###.218.243:60001
  • 20#.###.211.210:60001
  • 23.###.14.191:60001
  • 10#.##.146.101:60001
  • 22#.##4.46.3:60001
  • 17#.##.186.9:60001
  • 11#.###.134.253:60001
  • 13#.###.191.121:60001
  • 15#.##.27.14:60001
  • 19#.###.174.17:60001
  • 13#.###.64.150:60001
  • 20#.##.58.65:60001
  • 34.###.214.171:60001
  • 95.##.232.53:60001
  • 10#.##.14.146:60001
  • 14#.##4.86.13:60001
  • 44.#.#40.86:60001
  • 15#.###.232.209:60001
  • 14#.##.8.130:60001
  • 46.###.237.115:60001
  • 98.##.254.25:60001
  • 18#.##.198.90:60001
  • 20#.#.144.59:60001
  • 21#.##.75.177:60001
  • 17#.###.174.185:60001
  • 19.###.44.211:60001
  • 39.##.114.61:60001
  • 16#.##.136.122:60001
  • 31.###.242.85:60001
  • 79.###.11.167:60001
  • 97.##.75.40:60001
  • 16#.###.88.248:60001
  • 16#.##4.40.17:60001
  • 18#.###.252.233:60001
  • 19#.##.173.156:60001
  • 91.###.117.176:60001
  • 94.###.175.177:60001
  • 98.##.194.153:60001
  • 13#.###.197.90:60001
  • 75.###.4.79:60001
  • 1.##.#94.165:60001
  • 11#.###.229.116:60001
  • 12#.###.151.179:60001
  • 11#.###.141.124:60001
  • 67.###.183.37:60001
  • 15#.##0.8.180:60001
  • 63.###.158.240:60001
  • 19#.###.201.40:60001
  • 12#.###.34.111:60001
  • 74.###.57.246:60001
  • 10#.##2.52.50:60001
  • 18#.###.132.28:60001
  • 91.##.197.131:60001
  • 13#.###.137.180:60001
  • 13#.##3.2.206:60001
  • 17#.#.65.201:60001
  • 84.#.#70.70:60001
  • 21#.##.54.162:60001
  • 17#.##1.4.92:60001
  • 21#.###.185.122:60001
  • 19#.##.68.164:60001
  • 90.##.168.124:60001
  • 11#.##.246.76:60001
  • 12#.###.161.45:60001
  • 24.###.81.15:60001
  • 14#.##2.62.54:60001
  • 17#.#.108.154:60001
  • 15#.##4.71.10:60001
  • 18#.##.20.152:60001
  • 16#.###.166.12:60001
  • 12#.###.185.107:60001
  • 17#.##.185.251:60001
  • 88.##.53.135:60001
  • 17#.###.77.189:60001
  • 43.###.107.38:60001
  • 31.###.59.20:60001
  • 10#.###.98.194:60001
  • 11#.##.77.176:60001
  • 19#.#.32.183:60001
  • 76.###.57.176:60001
  • 22#.##.160.184:60001
  • 79.###.135.199:60001
  • 22#.###.232.245:60001
  • 73.###.12.185:60001
  • 13#.###.218.141:60001
  • 89.###.166.191:60001
  • 48.###.247.57:60001
  • 12#.###.151.99:60001
  • 23.###.92.69:60001
  • 45.##.237.149:60001
  • 15#.##8.204.5:60001
  • 16#.##.209.121:60001
  • 16#.##.6.203:60001
  • 21#.###.176.211:60001
  • 5.#.#74.3:60001
  • 60.##.74.170:60001
  • 18.###.173.2:60001
  • 21#.###.111.22:60001
  • 27.###.39.241:60001
  • 10#.##5.88.36:60001
  • 12#.###.69.186:60001
  • 10#.##.103.219:60001
  • 73.###.144.202:60001
  • 67.###.239.170:60001
  • 21#.##.228.64:60001
  • 77.###.66.231:60001
  • 20#.###.226.133:60001
  • 15#.##.76.252:60001
  • 13#.###.110.118:60001
  • 19#.##.113.108:60001
  • 12#.##4.49.31:60001
  • 96.##.29.205:60001
  • 73.##.247.3:60001
  • 16#.###.64.240:60001
  • 66.###.111.253:60001
  • 34.##.61.93:60001
  • 12#.##8.46.62:60001
  • 16#.###.132.203:60001
  • 20#.###.63.218:60001
  • 47.###.214.17:60001
  • 19#.##.251.226:60001
  • 13#.###.199.83:60001
  • 12#.##.162.170:60001
  • 20#.##.104.177:60001
  • 13#.##.255.177:60001
  • 38.##.215.243:60001
  • 79.###.48.75:60001
  • 13.###.83.128:60001
  • 11#.##.35.221:60001
  • 16#.###.244.174:60001
  • 11#.###.103.198:60001
  • 22#.###.61.189:60001
  • 19#.##.31.206:60001
  • 79.##.213.147:60001
  • 88.##.30.119:60001
  • 22#.###.242.199:60001
  • 13#.##1.56.4:60001
  • 19#.###.41.135:60001
  • 16#.###.106.53:60001
  • 81.###.146.158:60001
  • 19#.###.112.207:60001
  • 20#.##.103.218:60001
  • 14.###.192.104:60001
  • 20#.##.170.200:60001
  • 2.###.0.30:60001
  • 93.#.#12.207:60001
  • 14#.##8.4.216:60001
  • 19#.##.115.175:60001
  • 43.###.231.103:60001
  • 13#.###.214.155:60001
  • 75.###.142.69:60001
  • 4.###.120.74:60001
  • 10#.##.203.230:60001
  • 14#.##.63.159:60001
  • 12#.###.207.81:60001
  • 19#.###.83.246:60001
  • 17#.###.99.156:60001
  • 27.##.68.8:60001
  • 72.###.157.72:60001
  • 15#.#.247.79:60001
  • 57.###.235.123:60001
  • 1.##.#00.225:60001
  • 65.###.11.204:60001
  • 13#.#.255.29:60001
  • 70.###.44.228:60001
  • 90.##.196.11:60001
  • 82.##.155.35:60001
  • 18#.##9.46.71:60001
  • 21#.##.89.36:60001
  • 20.##.86.95:60001
Receives data from the following servers:
  • 10#.#.186.118:6949

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number

The Russian developer of Dr.Web anti-viruses

Doctor Web has been developing anti-virus software since 1992

Dr.Web is trusted by users around the world in 200+ countries

The company has delivered an anti-virus as a service since 2007

24/7 tech support

© Doctor Web
2003 — 2019

Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040