Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.3873

Added to the Dr.Web virus database: 2021-05-03

Virus description added:

Technical Information

Malicious functions:
Substitutes application name for:
  • /bin/busybox
Network activity:
Establishes connection:
  • 8.#.8.8:53
  • 64.###.103.215:116
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 64.###.103.215:116
  • 14#.#.82.91:23
  • 71.###.234.241:23
  • 16#.##9.20.62:23
  • 83.###.173.157:23
  • 63.###.142.14:23
  • 19#.##6.104.145:23
  • 11#.##2.144.20:23
  • 13#.##.104.136:23
  • 10#.##1.88.238:23
  • 17#.##.60.103:23
  • 81.##.81.221:23
  • 19#.##.126.156:23
  • 79.###.246.164:23
  • 10#.##.232.114:23
  • 36.###.112.240:23
  • 42.###.113.144:23
  • 13#.##3.19.253:23
  • 2.##.136.95:23
  • 10#.##.56.162:23
  • 78.##.57.6:23
  • 17#.##1.137.187:23
  • 17#.##.240.103:23
  • 12#.##.168.116:23
  • 18#.#4.43.57:23
  • 95.###.236.254:23
  • 72.###.138.59:23
  • 82.###.116.252:23
  • 2.###.248.154:23
  • 15#.##3.91.35:23
  • 15#.##0.156.82:23
  • 11#.##1.216.136:23
  • 19#.##7.92.98:23
  • 14#.##1.243.98:23
  • 11#.#2.85.58:23
  • 21#.##3.88.23:23
  • 21#.##2.45.22:23
  • 48.##.155.97:23
  • 13#.##2.113.36:23
  • 32.###.53.200:23
  • 45.##.250.62:23
  • 14#.##2.21.254:23
  • 17#.##9.50.212:23
  • 24.###.27.183:23
  • 17#.##.166.117:23
  • 19#.#.64.62:23
  • 17#.##.58.188:23
  • 60.###.37.157:23
  • 11#.#7.30.38:23
  • 81.###.13.238:23
  • 18#.##4.255.80:23
  • 92.#.85.187:23
  • 11#.#3.12.69:23
  • 43.###.104.239:23
  • 12#.##4.75.103:23
  • 77.###.114.213:23
  • 98.###.118.18:23
  • 41.###.102.76:23
  • 17#.##8.231.183:23
  • 15#.##.195.232:23
  • 10#.##3.28.155:23
  • 10#.#4.97.23:23
  • 43.##.78.82:23
  • 19#.##.170.157:23
  • 16#.##8.160.36:23
  • 17#.##5.147.127:23
  • 35.##.154.105:23
  • 17#.##3.154.174:23
  • 17#.##1.178.121:23
  • 19#.##.105.235:23
  • 36.###.53.141:23
  • 11#.##5.120.139:23
  • 20#.##1.140.121:23
  • 75.###.56.255:23
  • 87.##.2.210:23
  • 57.###.157.170:23
  • 20.##.243.97:23
  • 94.##1.94.11:23
  • 15#.#19.56.9:23
  • 10#.##4.148.208:23
  • 17#.##2.83.113:23
  • 14#.##7.234.205:23
  • 17.##4.91.35:23
  • 14#.##9.216.19:23
  • 17#.##0.63.205:23
  • 20#.##6.140.165:23
  • 20#.##.73.239:23
  • 11#.##.226.143:23
  • 10#.##.206.95:23
  • 11#.##.39.217:23
  • 14#.##2.24.33:23
  • 20#.##.230.244:23
  • 20#.##.184.27:23
  • 15#.##1.156.237:23
  • 13#.##.164.171:23
  • 18#.##3.195.79:23
  • 15#.##8.207.10:23
  • 12#.##7.49.59:23
  • 15#.##.116.42:23
  • 67.##.129.189:23
  • 21#.##7.187.97:23
  • 20#.#.178.46:23
  • 10#.##1.238.41:23
  • 94.###.167.252:23
  • 16#.##9.4.144:23
  • 43.###.81.167:23
  • 19#.##6.106.71:23
  • 16#.##8.167.247:23
  • 10#.##2.228.57:23
  • 12#.##9.226.157:23
  • 10#.##.172.196:23
  • 17#.##7.9.129:23
  • 84.###.188.15:23
  • 77.##.184.249:23
  • 83.###.181.11:23
  • 17#.##.223.47:23
  • 16#.##.211.125:23
  • 72.###.127.163:23
  • 17#.##0.187.198:23
  • 15#.##2.50.150:23
  • 68.##.115.41:23
  • 14#.##.143.42:23
  • 18#.##8.212.154:23
  • 16#.##7.160.124:23
  • 17#.##0.108.44:23
  • 24.###.205.39:23
  • 11#.##9.233.240:23
  • 21#.##1.42.94:23
  • 18#.#1.41.9:23
  • 21#.##7.132.255:23
  • 18#.##9.22.176:23
  • 20#.##7.145.153:23
  • 11#.##9.116.150:23
  • 12#.##5.182.158:23
  • 17#.##8.11.235:23
  • 14#.##.227.35:23
  • 11#.##9.149.248:23
  • 15#.##8.141.228:23
  • 11#.##5.49.155:23
  • 19#.##.30.206:23
  • 20#.##6.109.66:23
  • 10#.##.120.221:23
  • 16#.##.244.177:23
  • 90.#.113.152:23
  • 15#.##.73.141:23
  • 18#.##.113.251:23
  • 8.###.105.40:23
  • 21#.##.241.164:23
  • 96.###.237.67:23
  • 19#.##.201.39:23
  • 85.##7.79.66:23
  • 23.###.87.175:23
  • 18#.##.107.62:23
  • 78.##.160.41:23
  • 98.###.184.71:23
  • 90.##.43.6:23
  • 10#.##9.123.238:23
  • 66.###.150.65:23
  • 17#.##3.53.25:23
  • 13#.##.253.225:23
  • 18#.##9.195.22:23
  • 12#.##.109.43:23
  • 16#.#3.7.96:23
  • 91.##.80.40:23
  • 13#.##5.161.8:23
  • 16#.##9.224.36:23
Receives data from the following servers:
  • 64.###.103.215:116

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number