JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.6810
Added to the Dr.Web virus database:
2024-03-20
Virus description added:
2024-03-20
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Launches processes:
/sbin/xtables-multi iptables -A INPUT -p tcp --dport 37215 -j DROP
/bin/sh -c ufw deny 59666/tcp
/sbin/xtables-multi iptables -A INPUT -p tcp --dport 59666 -j DROP
/bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_37215_TCP\x22 dir=in action=block protocol=TCP localport=37215
/bin/sh -c kill_port(htons(59666))
/bin/sh -c nft add rule ip filter input udp dport 37215 drop
/bin/sh -c ufw deny 37215/udp
/bin/sh -c ufw deny 37215/tcp
/bin/sh -c echo \x22block drop proto tcp from any to any port 59666\x22 | sudo pfctl -f -
/bin/sh -c echo \x22127.0.0.1 reachedfucktheccp.top\x22 >> /etc/hosts
/bin/sh -c firewall-cmd --zone=public --add-source=141.98.10.128 --permanent
/sbin/xtables-multi iptables -A INPUT -p udp --dport 37215 -j DROP
/bin/sh -c iptables -A INPUT -s 141.98.10.128 -j DROP
/bin/sh -c nft add rule ip filter input tcp dport 59666 drop
/bin/sh -c ufw deny from 141.98.10.128
/sbin/xtables-multi iptables -A INPUT -p udp --dport 59666 -j DROP
/bin/sh -c firewall-cmd --zone=public --add-port=59666/tcp --permanent
/bin/sh -c netsh advfirewall firewall add rule name=\x22Block_IP_141.98.10.128\x22 dir=in action=block remoteip=141.98.10.128
/bin/sh -c firewall-cmd --zone=public --add-port=59666/udp --permanent
/bin/sh -c echo \x22block drop proto tcp from any to any port 37215\x22 | sudo pfctl -f -
/bin/sh -c echo \x22block drop proto udp from any to any port 59666\x22 | sudo pfctl -f -
/bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_59666_UDP\x22 dir=in action=block protocol=UDP localport=59666
/bin/sh -c nft add rule ip filter input ip saddr 141.98.10.128 drop
/bin/sh -c ufw deny 59666/udp
/bin/sh -c iptables -A INPUT -p tcp --dport 59666 -j DROP
/sbin/xtables-multi iptables -A INPUT -s 141.98.10.128 -j DROP
/bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_59666_TCP\x22 dir=in action=block protocol=TCP localport=59666
/bin/kmod /sbin/modprobe ip_tables
/sbin/xtables-multi iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c /usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c echo \x22block drop proto udp from any to any port 37215\x22 | sudo pfctl -f -
/bin/sh -c kill_port(htons(37215))
sudo pfctl -f -
/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c iptables -A INPUT -p tcp --dport 37215 -j DROP
/bin/sh -c firewall-cmd --reload
/bin/sh -c iptables -A INPUT -p udp --dport 59666 -j DROP
/bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_37215_UDP\x22 dir=in action=block protocol=UDP localport=37215
/bin/sh -c busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c echo \x22127.0.0.1 fucktheccp.top\x22 >> /etc/hosts
/bin/sh -c nft add rule ip filter input udp dport 59666 drop
/bin/sh -c /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c firewall-cmd --zone=public --add-rich-rule=\x27rule family=\x22ipv4\x22 port protocol=\x22tcp\x22 port=\x2237215\x22 reject\x27
/bin/sh -c /bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c echo \x22block drop in quick on any from 141.98.10.128\x22 | sudo pfctl -f -
/bin/sh -c firewall-cmd --zone=public --add-rich-rule=\x27rule family=\x22ipv4\x22 port protocol=\x22udp\x22 port=\x2237215\x22 reject\x27
/bin/sh -c nft add rule ip filter input tcp dport 37215 drop
/bin/sh -c iptables -A INPUT -p udp --dport 37215 -j DROP
Performs operations with the file system:
Deletes folders:
Creates or modifies files:
Deletes files:
Network activity:
Awaits incoming connections on ports:
127.0.0.1:35342
0.0.0.0:26721
Establishes connection:
8.#.8.8:53
[:##]:37215
127.0.0.1:37215
[:##]:59666
127.0.0.1:59666
17#.##4.22.166:53
19#.###.175.20:52154
91.###.137.37:53
51.###.108.203:53
94.##.114.254:53
DNS ASK:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK