FOR CUSTOMERS

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

EN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Support services

Dr.Web vxCube

Sign in to Dr.Web vxCube

VCI investigations

Virus library

Knowledge base

Technologies

Terminology

Training and education

Myths

Myths about anti-viruses

Linux.Siggen.3620

Added to the Dr.Web virus database: 2021-02-16

Virus description added: 2021-02-16

Technical Information

To ensure autorun and distribution:

Creates or modifies the following files:

/etc/rc.local

Malicious functions:

Gains root privileges

Substitutes application name for:

d3hQrq9TCDth

Network activity:

Establishes connection:

21#.#.244.112:8052
87.###.215.248:9051
20.##.37.89:9200
15#.###.108.130:9119
14#.##.180.176:9004
10#.###.179.229:9051
18#.###.128.115:9191
10#.##.219.42:9151
13#.##2.4.130:9009
11#.###.210.124:9160
51.##.185.71:9095
66.##.34.110:8200
67.###.130.65:9200
45.##.226.8:8058

Sends data to the following servers:

21#.#.244.112:8052
87.###.215.248:9051
20.##.37.89:9200
15#.###.108.130:9119
14#.##.180.176:9004
10#.###.179.229:9051
18#.###.128.115:9191
10#.##.219.42:9151
13#.##2.4.130:9009
11#.###.210.124:9160
51.##.185.71:9095
66.##.34.110:8200
67.###.130.65:9200
45.##.226.8:8058

Receives data from the following servers:

21#.#.244.112:8052
87.###.215.248:9051
20.##.37.89:9200
15#.###.108.130:9119
14#.##.180.176:9004
10#.###.179.229:9051
18#.###.128.115:9191
10#.##.219.42:9151
13#.##2.4.130:9009
11#.###.210.124:9160
51.##.185.71:9095
66.##.34.110:8200
67.###.130.65:9200
45.##.226.8:8058

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number