Linux.Siggen.1682
Added to the Dr.Web virus database:
2019-05-10
Virus description added:
2019-05-10
Technical Information
Malicious functions:
Launches itself as a daemon
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:19354
- 0.0.0.0:52869
- 0.0.0.0:9000
Establishes connection:
- 8.#.8.8:53
- 18#.##2.64.140:8010
- <LOCAL_DNS_SERVER>
- 18#.##4.25.84:8010
- 17#.##6.21.207:23
- 11#.#29.37.4:23
- 10#.#.224.189:23
- 81.##.24.198:23
- 10#.##7.10.136:23
- 18#.##3.79.10:23
- 19#.##0.119.213:23
- 12#.##.70.245:23
- 83.##.19.87:23
- 20#.##4.226.46:23
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
- pa######.com/raw/ByvbTFGe
DNS ASK:
Sends data to the following servers:
- 97.###.119.30:23
- 70.###.157.73:23
- 18#.##7.220.27:23
- 20#.##.179.218:23
- 12#.##3.16.118:23
- 72.###.100.191:23
- 9.###.145.168:23
- 20#.##.205.147:23
- 18#.##9.169.147:23
- 18#.##4.25.84:8010
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息