Linux.Siggen.3829
Added to the Dr.Web virus database:
2021-04-05
Virus description added:
2021-04-04
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Network activity:
Awaits incoming connections on ports:
Establishes connection:
- 8.#.8.8:53
- 20#.###.185.69:37215
- 76.###.32.146:37215
- 12#.###.11.213:52869
- 19.##.241.218:52869
- 23#.#.138.30:37215
- 19.##.241.218:37215
- 12#.###.11.213:37215
- 20#.###.185.69:52869
- 23#.#.138.30:52869
- 13#.#.120.247:52869
- 76.###.32.146:52869
- 21#.##5.24.38:52869
- 18#.###.106.223:52869
- 23#.#.138.30:8080
- 88.###.58.57:52869
- 17#.###.62.148:52869
- 12#.##3.11.213:8080
- 19.##.241.218:8080
- 23#.#.138.30:80
- 20#.##8.185.69:8080
- 76.###.32.146:8080
- 88.###.58.57:8080
- 13#.#.120.247:8080
- 17#.##3.62.148:8080
- 18#.###.106.223:8080
- 21#.##5.24.38:8080
- 12#.##3.11.213:7574
- 20#.##8.185.69:80
- 76.###.32.146:80
- 19.##.241.218:80
- 12#.##3.11.213:80
- 13#.#.120.247:80
- 88.##0.58.57:80
- 17#.##3.62.148:80
- 18#.##1.106.223:80
- 21#.##5.24.38:80
- 12#.##3.11.213:5555
- 21#.##.184.17:23
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
Sends data to the following servers:
- 15#.##.71.243:23
- 82.###.182.121:23
- 17#.#4.4.51:23
- 84.###.75.122:23
- 43.##.187.105:23
- 16#.##0.217.19:23
- 11#.##.224.209:23
- 80.##4.75.4:23
- 13#.##6.29.120:23
- 21#.##.184.17:23
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息