Linux.Siggen.3379
Added to the Dr.Web virus database:
2020-11-10
Virus description added:
2020-11-10
Technical Information
Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
Network activity:
Awaits incoming connections on ports:
Establishes connection:
- 8.#.8.8:53
- 20#.###.251.223:25009
- 69.###.117.55:23
- 20#.##7.155.142:23
- 14#.##3.65.42:23
- 14#.##8.190.195:23
- 12#.##4.226.34:23
- 22#.##6.137.185:23
- 66.###.183.123:23
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Connects to the following servers over the IRC protocol:
- Server: 10#.#52.234.53; Command: USER1
- Server: 10#.#52.234.53; Command:
\n
- Server: 10#.#52.234.53; Command: 0937795500
- Server: 10#.#52.234.53; Command: enable
- Server: 10#.#52.234.53; Command: development
- Server: 10#.#52.234.53; Command: system
- Server: 10#.#52.234.53; Command: shell
- Server: 10#.#52.234.53; Command: sh
- Server: 10#.#52.234.53; Command: runshellcmd
- Server: 10#.#52.234.53; Command: linuxshell
- Server: 10#.#52.234.53; Command: start start-shell
- Server: 10#.#52.234.53; Command: start-shell
- Server: 10#.#52.234.53; Command: start-shell bash
- Server: 10#.#52.234.53; Command: ping ; sh
- Server: 10#.#52.234.53; Command: vshell
- Server: 10#.#52.234.53; Command: config terminal
- Server: 10#.#52.234.53; Command: busybox DNXFCOW
- Server: 10#.#52.234.53; Command: /bin/busybox DNXFCOW
DNS ASK:
Sends data to the following servers:
- 13#.##2.52.210:23
- 12#.##6.56.201:23
- 67.###.49.163:23
- 24#.##9.200.90:23
- 16#.##0.215.109:23
- 65.###.197.232:23
- 63.##.224.247:23
- 53.###.149.88:23
- 9.###.216.211:23
- 20#.###.251.223:25009
- 12#.##4.226.34:23
- 66.###.183.123:23
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息