Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.2335

Added to the Dr.Web virus database: 2019-11-23

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • sic1eec0sxas
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:3132
Establishes connection:
  • 8.#.8.8:53
  • 1.#.0.1:53
  • 87.###.37.65:1024
  • 87.###.37.65:7685
  • 43.###.36.208:26
  • 15#.##4.131.137:26
  • 11#.##7.113.124:26
  • 16#.##6.58.221:26
  • 19#.##5.197.9:26
  • 19#.##3.241.51:26
  • 15#.##7.190.211:26
  • 16#.##.120.138:9000
  • 10#.##.179.154:26
  • 14#.##1.66.148:26
  • 37.###.171.3:9001
  • 16#.##4.236.0:26
  • 17#.#5.64.20:26
  • 19#.##2.217.112:26
  • 21#.##8.95.52:26
  • 19#.##5.7.253:26
  • 45.##.80.99:9001
  • 18#.##0.17.224:26
  • 19#.##0.83.224:9001
  • 45.##.13.12:9001
  • 3.###.238.107:9000
  • 15#.##0.79.162:9001
  • 15#.##1.74.138:9001
  • 14#.##.187.187:9000
  • 16#.##.181.20:26
  • 70.##.246.120:26
  • 19#.#9.20.96:26
  • 11#.##8.41.113:26
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Attacks using a special dictionary (brute-force technique) via an undefined protocol.
DNS ASK:
  • oh####.#aiseyourdongers.pw
  • oh#####.raiseyourdongers.pw
Sends data to the following servers:
  • 87.###.37.65:1024
  • 87.###.37.65:7685
  • 43.###.36.208:26
  • 11#.##8.16.144:26
  • 14.##.127.164:26
  • 22#.###.122.121:9000
  • 23#.##5.39.109:26
  • 24#.##.149.172:26
  • 14#.#.30.52:26
  • 16#.##6.58.221:26
  • 19#.##2.217.112:26
  • 70.##.246.120:26
  • 19#.#9.20.96:26
Receives data from the following servers:
  • 87.###.37.65:7685
  • 16#.##6.58.221:26
  • 19#.##3.241.51:26
  • 14#.##1.66.148:26
  • 16#.##4.236.0:26
  • 19#.##2.217.112:26
  • 19#.##5.7.253:26
  • 87.###.37.65:1024
  • 15#.##1.74.138:9001
  • 70.##.246.120:26
  • 19#.#9.20.96:26
  • 11#.##8.41.113:26

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number