用户服务中心

My library

+ Add to library

Search

24/7 Tech support | Rules regarding submitting

Send a message

Call us

+7 (495) 789-45-86

Forum

Your tickets

Total: -
Active: -
Latest: -

Call us

+7 (495) 789-45-86

CN

RU CN DE EN ES FR IT JP KZ UZ PL BY

Dr.Web vxCube

打开分析仪

计算机病毒事件调查

病毒知识库

技术

术语

教育培训

误区

有关反病毒软件的误区

Linux.Siggen.3393

Added to the Dr.Web virus database: 2020-11-14

Virus description added: 2020-11-14

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

[md]

Kills the following processes:

atd
cron
rpc.idmapd

Network activity:

Awaits incoming connections on ports:

0.0.0.0:55321

Establishes connection:

19#.###.239.183:3000
19#.##0.239.183:335
8.#.8.8:53

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

Sends data to the following servers:

19#.##0.239.183:0
19#.##0.239.183:335
53.###.68.207:23
31.###.222.91:23
17#.##.103.87:23
14#.##5.63.182:23
14#.##3.38.78:23
17#.##.206.229:23
18#.##.218.229:23
21#.##0.91.192:23
44.###.48.178:23
14#.#45.6.68:23
13#.##1.148.184:23
68.#.221.16:23
98.##.131.116:23
47.###.243.29:23
15#.##.122.65:23
12#.##9.153.99:23

Receives data from the following servers:

19#.##0.239.183:335

Curing recommendations

Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number