Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.3445

Added to the Dr.Web virus database: 2020-11-27

Virus description added:

Technical Information

Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
  • /lib/systemd/systemd-logind
Kills the following processes:
  • <SAMPLE>
Performs operations with the file system:
Creates or modifies files:
  • <SAMPLE_FULL_PATH>
Network activity:
Awaits incoming connections on ports:
  • 19#.##8.212.50:3467
Establishes connection:
  • 8.#.8.8:53
  • 19#.##9.147.16:4321
  • 37.##.150.53:7685
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 19#.##9.147.16:4321
  • 37.##.150.53:7685
  • 0.0.0.0:0
  • 21#.##1.168.28:23
  • 55.##.124.147:23
  • 4.###.19.63:23
  • 92.###.239.29:23
  • 56.###.228.143:23
  • 23#.##0.38.164:23
  • 16#.##.95.175:23
  • 20#.##.153.126:23
  • 21#.##2.141.68:23
  • 99.###.127.146:23
  • 19#.##8.222.110:23
  • 11#.##9.208.225:23
  • 35.#.5.250:23
  • 77.###.194.114:23
  • 22#.#3.40.82:23
  • 17#.##9.52.116:23
  • 18#.#3.98.96:23
  • 33.#.65.208:23
  • 99.##0.9.86:23
  • 24#.##5.91.92:23
  • 25.###.94.162:23
  • 25#.##.152.30:23
  • 18.#.121.72:23
  • 25#.#.9.229:23
  • 15#.##5.10.183:23
  • 11#.##8.12.235:23
  • 24#.##.180.157:23
  • 5.###.47.215:23
  • 17#.##.154.211:23
  • 10#.#.254.112:23
  • 11#.#7.32.46:23
  • 17#.##3.123.248:23
  • 16#.##5.93.171:23
  • 18#.##4.53.43:23
  • 35.###.230.254:23
  • 54.##1.61.52:23
  • 11#.##2.166.40:23
  • 15#.##3.51.77:23
  • 66.##3.23.23:23
  • 13#.##0.233.203:23
  • 16#.##.95.101:23
  • 15#.##4.50.53:23
  • 24#.##4.124.5:23
  • 10#.#.249.72:23
  • 16#.##6.21.82:23
  • 21#.##.115.14:23
  • 15#.##0.141.165:23
  • 10#.##.157.190:23
  • 57.###.43.155:23
  • 15#.##6.120.214:23
  • 11#.##0.177.185:23
  • 20.##.205.81:23
  • 24#.##.194.234:23
  • 18#.##3.231.83:23
  • 16#.##8.153.221:23
  • 19#.##.206.135:23
  • 16.##.162.2:23
  • 9.###.176.48:23
  • 22#.##4.125.246:23
  • 16#.##.223.211:23
  • 15#.##9.190.177:23
  • 10#.##9.241.75:23
  • 18#.##7.17.35:23
  • 17#.##7.65.115:23
  • 7.##.245.172:23
  • 65.##.154.176:23
  • 23#.##.24.129:23
  • 25#.##2.103.235:23
  • 1.###.28.23:23
  • 37.##.162.117:23
  • 10#.##.109.217:23
  • 94.###.181.168:23
  • 30.##.167.133:23
  • 13#.##7.133.179:23
  • 17#.#01.1.82:23
  • 22#.##6.78.242:23
  • 6.##.229.56:23
  • 16#.##5.10.130:23
  • 10.##.157.112:23
  • 18.##.71.95:23
  • 17#.##6.184.25:23
  • 21#.##6.114.150:23
  • 33.##.71.47:23
  • 24#.##.170.224:23
  • 14.##.46.21:23
  • 10#.##.241.141:23
  • 29.###.148.211:23
  • 25#.##7.188.34:23
  • 79.##.45.65:23
  • 8.###.188.68:23
  • 74.###.176.173:23
  • 24#.#4.69.62:23
  • 18#.##5.185.81:23
  • 51.##.212.229:23
  • 10#.##.111.69:23
  • 24#.##1.97.133:23
  • 24#.##.158.121:23
  • 23#.##8.122.98:23
  • 39.##.214.94:23
  • 79.###.230.185:23
  • 16#.##7.109.103:23
  • 19#.##8.59.139:23
  • 13#.##4.78.147:23
  • 15.###.234.102:23
  • 23#.##6.238.240:23
  • 6.###.152.199:23
  • 16#.#3.30.83:23
  • 14#.##7.155.253:23
  • 17#.##.224.122:23
  • 15#.##3.224.122:23
  • 76.##.203.15:23
  • 15#.##7.189.232:23
  • 96.##.202.55:23
  • 81.###.58.151:23
  • 25#.##2.124.184:23
  • 20#.##.122.228:23
  • 25#.##.107.31:23
  • 16#.#.131.85:23
  • 16.###.55.204:23
  • 10#.##0.53.214:23
  • 12.###.83.221:23
  • 14.###.199.61:23
  • 17#.##.177.137:23
  • 36.##.26.73:23
  • 19#.##.60.115:23
  • 15#.##8.137.67:23
  • 13#.##1.45.193:23
  • 69.##5.1.131:23
  • 48.##.54.178:23
  • 98.###.176.45:23
  • 47.###.119.113:23
  • 12.##.71.106:23
  • 13#.##9.192.151:23
  • 56.###.49.104:23
  • 22#.##1.211.54:23
  • 11#.##9.123.226:23
  • 12#.##7.172.110:23
  • 89.###.234.86:23
  • 70.##3.34.81:23
  • 10#.##2.180.71:23
  • 41.##.96.58:23
  • 19#.##.126.90:23
  • 12#.#.80.241:23
  • 18#.##3.51.143:23
  • 14#.##4.110.108:23
  • 15#.##3.113.154:23
  • 17#.##.219.108:23
  • 8.###.213.165:23
  • 25#.##9.211.65:23
  • 44.##.67.151:23
  • 19#.##.49.137:23
  • 17#.##7.151.173:23
  • 25#.##.98.234:23
  • 22#.##.151.159:23
  • 23#.##4.108.239:23
  • 21#.##0.102.217:23
  • 14#.##8.186.113:23
  • 11#.##9.57.174:23
  • 95.##.148.139:23
  • 40.###.177.172:23
Receives data from the following servers:
  • 37.##.150.53:7685
  • 19#.##9.147.16:4321

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number