JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.7025
Added to the Dr.Web virus database:
2024-04-16
Virus description added:
2024-04-15
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
Performs process tracing:
Kills system processes:
Kills the following processes:
systemd-timesyn
run.sh
dash
bash
ss3hri7241a6
apt-helper
systemd
Network activity:
Awaits incoming connections on ports:
Establishes connection:
8.#.8.8:53
91.###.137.37:53
87.###.7.66:35342
DNS ASK:
kz.###lfhitler.su
se######.rebirth-network.su
Sends data to the following servers:
41.###.131.118:37215
16#.###.142.138:37215
19#.###.207.118:37215
19#.###.141.234:37215
19#.##.106.112:37215
19#.##.64.211:37215
69.##.248.112:37215
16#.##9.43.55:37215
41.###.99.213:37215
12.###.139.30:37215
19#.###.52.132:37215
21#.###.246.55:37215
15#.###.119.212:37215
19#.##.132.6:37215
41.###.34.68:37215
15#.###.203.173:37215
21#.###.150.70:37215
15#.##.116.203:37215
41.###.234.90:37215
19#.###.180.94:37215
15#.##.121.75:37215
19#.###.188.206:37215
60.###.24.231:37215
15#.###.159.99:37215
19#.###.130.239:37215
19#.###.243.203:37215
19#.###.97.208:37215
15#.##9.8.52:37215
41.###.25.175:37215
19#.###.32.175:37215
19#.##.80.176:37215
15#.##7.83.29:37215
15#.###.251.37:37215
19#.##.94.181:37215
15#.##.68.204:37215
41.###.108.199:37215
19#.##.109.215:37215
16#.###.32.207:37215
19#.###.252.201:37215
15#.###.21.129:37215
19#.###.40.236:37215
19#.###.23.131:37215
15#.##9.49.84:37215
10#.###.66.126:37215
19#.##.105.117:37215
15#.##6.61.78:37215
15#.###.165.209:37215
22#.##.62.79:37215
10#.###.236.63:37215
21#.###.217.254:37215
41.###.192.175:37215
44.###.175.208:37215
41.##.154.156:37215
16#.###.250.172:37215
41.###.114.4:37215
15#.##.202.11:37215
18#.###.44.174:37215
19#.###.135.38:37215
65.###.34.114:37215
19#.###.127.234:37215
41.##.155.206:37215
41.###.29.152:37215
15#.###.174.189:37215
15#.##.76.93:37215
15#.##.106.181:37215
19#.##.149.255:37215
15#.###.174.20:37215
15#.###.182.220:37215
41.###.23.242:37215
16#.###.101.100:37215
41.###.80.230:37215
41.##.210.91:37215
19#.###.133.211:37215
41.##.1.70:37215
19#.##.190.60:37215
13#.##.157.193:37215
15#.###.15.234:37215
19#.###.142.70:37215
20#.##.254.6:37215
41.###.69.164:37215
87.###.7.66:35342
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
Download Dr.Web for Android
Free three-month trial
All protection features available
Renew your trial license in AppGallery/on Google Pay
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK