Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Packed.1008

Added to the Dr.Web virus database: 2020-11-13

Virus description added:

Technical Information

Malicious functions:
Substitutes application name for:
  • /bin/busybox
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:51101
Establishes connection:
  • 8.#.8.8:53
  • 23.###.165.119:1024
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 23.###.165.119:1024
  • 16#.##7.191.182:23
  • 19#.##4.157.98:23
  • 13#.##5.88.156:23
  • 20#.##2.70.13:23
  • 27.#.142.127:23
  • 20#.##2.222.34:23
  • 17.###.122.11:23
  • 18#.##3.120.224:23
  • 27.#.243.224:23
  • 11#.##8.176.119:23
  • 21#.##3.212.159:23
  • 16#.##1.138.160:23
  • 11#.##7.23.211:23
  • 11#.##2.153.251:23
  • 13#.##7.126.251:23
  • 27.#.232.192:23
  • 27.#.73.242:23
  • 19#.##5.73.94:23
  • 20#.##2.66.104:23
  • 11#.#8.39.55:23
  • 11#.##.163.27:23
  • 67.##.245.61:23
  • 60.###.130.117:23
  • 20#.##2.180.133:23
  • 11#.#3.71.77:23
  • 11#.##8.208.85:23
  • 20#.##8.50.172:23
  • 11#.##7.18.175:23
  • 27.#.233.75:23
  • 22#.##2.200.70:23
  • 19#.##8.135.156:23
  • 13#.##7.233.229:23
  • 20#.##6.32.151:23
  • 11#.##8.209.115:23
  • 17#.##8.239.214:23
  • 27.#.140.62:23
  • 23#.##.98.153:23
  • 80.###.137.195:23
  • 60.###.207.42:23
  • 25#.##.125.74:23
  • 86.##.99.133:23
  • 11#.##.112.113:23
  • 60.###.157.40:23
  • 42.###.126.211:23
  • 60.##3.51.69:23
  • 60.###.221.204:23
  • 90.###.150.132:23
  • 13#.#7.24.31:23
  • 60.###.54.112:23
  • 17#.##2.190.201:23
  • 60.###.249.117:23
  • 36.###.68.175:23
  • 11#.##8.36.188:23
  • 11#.##2.171.216:23
  • 14.###.186.211:23
  • 14#.#00.8.86:23
  • 93.##.19.144:23
  • 22#.##2.35.18:23
  • 76.###.100.195:23
  • 11#.##.35.230:23
  • 16#.##7.41.147:23
  • 87.###.131.60:23
  • 71.###.245.79:23
  • 11#.##.69.130:23
  • 17.##.242.160:23
  • 9.###.75.97:23
  • 23#.##.221.200:23
  • 27.#.111.243:23
  • 20#.##2.80.197:23
Receives data from the following servers:
  • 23.###.165.119:1024

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number