Linux.Siggen.7164
Added to the Dr.Web virus database:
2024-04-18
Virus description added:
2024-04-18
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Kills the following processes:
- systemd
- kthreadd
- ksoftirqd/0
- kworker/0:0
- kworker/0:0H
- watchdog/0
- khelper
- kdevtmpfs
- netns
- khungtaskd
- writeback
- ksmd
- crypto
- kintegrityd
- bioset
- kblockd
- kswapd0
- fsnotify_mark
- kthrotld
- ipv6_addrconf
- deferwq
- kworker/u2:1
- kpsmoused
- scsi_eh_0
- scsi_tmf_0
- kworker/0:1H
- kworker/u2:2
- jbd2/sda1-8
- ext4-rsv-conver
- kauditd
- kworker/0:3
- systemd-journal
- systemd-udevd
- rpciod
- nfsiod
- systemd-logind
- kworker/0:1
- dhclient
- kworker/0:2
- 9bc2fd2a
Network activity:
Awaits incoming connections on ports:
Establishes connection:
- 8.#.8.8:53
- 45.###.232.208:33335
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
Sends data to the following servers:
- 45.###.232.208:33335
- 18#.#1.8.64:23
- 11#.##4.70.164:23
- 13#.##7.220.192:23
- 20#.##1.161.50:23
- 23#.##.194.110:23
- 23#.##9.176.210:23
- 17#.##3.2.150:23
- 20#.##6.23.190:23
- 41.##.85.173:23
- 99.##.224.170:23
- 89.###.237.108:23
- 18#.##2.30.38:23
- 10#.##4.12.121:23
- 13#.##6.157.144:23
- 19#.##4.218.89:23
- 72.##.7.115:23
- 12#.##.107.198:23
- 17#.##2.219.4:23
- 15#.##.174.53:23
- 75.##.255.84:23
- 18#.#6.64.13:23
- 20#.##.128.229:23
- 20#.#3.18.50:23
- 24#.##8.172.88:23
- 98.##.69.40:23
- 16#.##7.209.42:23
- 10#.##9.118.204:23
- 52.###.19.230:23
- 81.###.199.14:23
- 17#.##.165.246:23
- 38.###.122.42:23
- 17#.##1.221.67:23
- 44.###.200.74:23
- 25#.##8.243.230:23
- 44.###.155.170:23
- 10#.##.178.144:23
- 52.###.240.186:23
- 24#.##8.209.51:23
- 9.#.#41.172:23
- 18#.##.42.194:23
- 20#.##.250.51:23
- 63.###.167.252:23
- 10#.##7.81.202:23
- 52.###.145.11:23
- 20.##4.42.89:23
- 24.##.8.221:23
- 16#.##.92.229:23
- 15#.##9.0.215:23
- 18#.##.172.99:23
- 10#.##3.73.130:23
- 22#.##.33.200:23
- 90.#.163.7:23
- 24#.##5.132.143:23
- 19#.##.241.39:23
- 7.###.126.232:23
- 10#.##6.32.182:23
- 39.##4.83.25:23
- 76.###.164.190:23
- 25#.##0.56.99:23
- 11#.##0.134.160:23
- 18.#.121.226:23
- 17#.##0.31.54:23
- 23#.##.119.138:23
- 23#.##.240.227:23
Receives data from the following servers:
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
欢迎下载
Dr.Web for Android
-
免费3个月
-
可使用所有保护组件
-
可在AppGallery/Google Pay延期
继续使用此网站意味着您同意我们使用Cookie文件和其他用于收集网站访问统计信息的技术手段。详细信息