Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Packed.897

Added to the Dr.Web virus database: 2020-08-27

Virus description added:

Technical Information

Malicious functions:
Kills system processes:
  • sshd
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:21769
  • 0.0.0.0:23
  • 0.0.0.0:22
  • 0.0.0.0:80
  • 0.0.0.0:8088
  • 0.0.0.0:8443
  • 0.0.0.0:8083
Establishes connection:
  • 8.#.8.8:53
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 18#.##.221.67:23
  • 11#.##5.33.55:23
  • 18.##4.37.32:23
  • 12#.##.41.216:23
  • 11#.#.203.120:23
  • 22#.##.130.68:23
  • 24#.#0.72.18:23
  • 17#.##.210.104:23
  • 17#.#2.15.98:23
  • 40.###.235.55:23
  • 17#.##1.209.200:23
  • 91.#.154.227:23
  • 24.###.157.147:23
  • 72.###.144.149:23
  • 66.##.45.230:23
  • 35.###.28.228:23
  • 19#.##.218.244:23
  • 88.##.32.174:23
  • 23#.##.148.185:23
  • 17#.##9.230.21:23
  • 18#.#4.86.37:23
  • 20.###.187.171:23
  • 44.###.203.83:23
  • 19#.##2.44.134:23
  • 24#.#.153.55:23
  • 19#.##0.229.69:23
  • 15#.##9.169.172:23
  • 18#.##0.173.85:23
  • 14#.##4.70.82:23
  • 15#.#0.56.61:23
  • 15#.##9.237.251:23
  • 96.#.55.119:23
  • 31.###.133.43:23
  • 10#.##7.220.90:23
  • 17#.##.160.145:23
  • 15#.##2.112.63:23
  • 23#.##.138.251:23
  • 10#.##5.71.27:23
  • 19#.##5.139.33:23
  • 17#.##.204.111:23
  • 23#.##0.23.52:23
  • 19#.##9.99.207:23
  • 9.##.203.244:23
  • 18#.##.24.251:23
  • 19#.##2.30.109:23
  • 11#.##3.189.115:23
  • 23#.##5.4.145:23
  • 22#.##8.158.205:23
  • 10#.##.201.208:23
  • 24#.#3.32.57:23
  • 20#.##2.183.103:23
  • 60.###.189.196:23
  • 10#.##1.11.77:23
  • 35.###.211.205:23
  • 38.##.108.192:23
  • 88.###.110.146:23
  • 20#.##2.197.48:23
  • 20#.##.132.39:23
  • 18#.##4.245.162:23
  • 41.###.115.140:23
  • 2.###.50.119:23
  • 16#.##2.75.149:23
  • 9.###.233.247:23
  • 47.###.196.169:23
  • 10#.##.70.189:23
  • 18#.##1.225.77:23
  • 44.###.186.81:23
  • 16#.##2.41.46:23
  • 22#.#24.3.14:23
  • 16#.##0.241.67:23

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number