Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Linux.Mirai.3037

Added to the Dr.Web virus database: 2019-07-18

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • /bin/busybox
Kills system processes:
  • sshd
Kills the following processes:
  • <SAMPLE>
  • agetty
  • exim4
  • bash
  • run.sh
  • systemd
Network activity:
Establishes connection:
  • 19#.##.97.85:9090
  • 15#.###.231.220:37215
  • 19#.##.230.63:37215
  • 15#.###.231.220:37215
  • 15#.##0.7.190:37215
  • 41.##.232.219:37215
  • 19#.###.32.202:37215
  • 41.###.45.68:37215
  • 19#.###.105.40:37215
  • 19#.##6.83.44:37215
  • 41.##.115.84:37215
  • 15#.###.23.160:37215
  • 41.#.6.97:37215
  • 15#.##.14.58:37215
  • 15#.##.131.35:37215
  • 15#.##.83.129:37215
  • 41.###.199.51:37215
  • 41.#.#2.225:37215
  • 15#.###.110.107:37215
  • 15#.##7.3.146:37215
  • 41.###.220.30:37215
  • 41.###.59.152:37215
  • 41.##.254.141:37215
  • 41.###.174.95:37215
  • 41.##.21.221:37215
  • 15#.###.247.96:37215
  • 19#.##.174.86:37215
  • 41.###.65.147:37215
  • 19#.##.185.120:37215
  • 15#.###.49.216:37215
  • 41.##.132.39:37215
  • 15#.###.236.45:37215
  • 41.###.199.169:37215
  • 41.##.92.25:37215
  • 41.##.147.117:37215
  • 41.##.115.141:37215
  • 19#.###.163.121:37215
  • 19#.###.107.38:37215
  • 41.##.230.215:37215
  • 15#.###.40.255:37215
  • 19#.##.37.17:37215
  • 19#.###.104.222:37215
  • 19#.##.48.80:37215
  • 41.###.112.174:37215
  • 15#.###.254.55:37215
  • 41.##.11.244:37215
  • 41.###.48.212:37215
  • 19#.##.17.179:37215
  • 19#.###.159.127:37215
  • 15#.###.228.122:37215
  • 19#.###.56.200:37215
  • 19#.##.14.208:37215
  • 41.##.196.210:37215
  • 15#.##9.9.233:37215
  • 41.##.145.176:37215
  • 41.###.240.158:37215
  • 19#.###.254.24:37215
  • 19#.###.151.230:37215
  • 19#.#.143.157:37215
  • 19#.###.197.85:37215
  • 15#.##.79.175:37215
  • 15#.##1.60.12:37215
  • 41.###.5.247:37215
  • 19#.##.231.174:37215
  • 15#.##.71.222:37215
  • 19#.##.43.49:37215
  • 41.##.217.55:37215
  • 19#.##.63.77:37215
  • 15#.#.194.183:37215
  • 41.###.3.210:37215
  • 15#.###.82.118:37215
  • 15#.###.92.132:37215
  • 41.###.46.55:37215
  • 15#.##.248.237:37215
  • 15#.##7.45.46:37215
  • 15#.###.132.240:37215
  • 15#.###.130.96:37215
  • 41.###.10.211:37215
  • 19#.###.214.175:37215
  • 15#.##.210.159:37215
  • 41.###.22.167:37215
  • 19#.##.55.102:37215
  • 41.##.216.170:37215
  • 19#.##8.40.6:37215
  • 15#.##.186.73:37215
  • 41.###.43.202:37215
  • 19#.###.139.242:37215
  • 41.###.105.42:37215
  • 19#.###.234.49:37215
  • 41.##.41.13:37215
  • 19#.###.143.97:37215
  • 19#.###.249.165:37215
  • 19#.##1.37.50:37215
  • 19#.###.162.50:37215
  • 15#.###.147.138:37215
  • 41.###.148.141:37215
  • 15#.###.111.236:37215
  • 41.###.188.115:37215
  • 19#.###.159.68:37215
  • 19#.###.42.198:37215
  • 15#.###.173.98:37215
  • 41.##.65.239:37215
  • 15#.##5.67.43:37215
  • 41.###.25.178:37215
  • 41.##.255.100:37215
  • 19#.###.20.141:37215
  • 41.##.247.212:37215
  • 19#.##.225.20:37215
  • 15#.##3.184.7:37215
  • 41.##.31.225:37215
  • 41.###.147.187:37215
  • 41.###.36.239:37215
  • 15#.###.169.157:37215
  • 19#.###.193.225:37215
  • 41.##.73.247:37215
  • 19#.##5.43.73:37215
  • 15#.##.79.201:37215
  • 19#.##.215.56:37215
  • 15#.##.148.250:37215
  • 15#.###.205.185:37215
  • 15#.###.171.175:37215
  • 41.#.7.86:37215
  • 19#.###.134.54:37215
  • 19#.##.255.122:37215
  • 15#.##.54.84:37215
  • 41.###.146.126:37215
  • 15#.##.253.227:37215
  • 15#.###.148.76:37215
  • 19#.###.143.157:37215
  • 19#.##.221.190:37215
  • 19#.##.86.39:37215
  • 15#.##.76.120:37215
  • 15#.#.2.53:37215
  • 41.###.118.105:37215
  • 19#.##.168.43:37215
  • 15#.##7.72.66:37215
  • 15#.###.101.253:37215
  • 15#.###.227.249:37215
  • 15#.###.212.243:37215
  • 15#.##.143.92:37215
  • 41.###.248.191:37215
  • 41.##.21.29:37215
  • 19#.##.181.201:37215
  • 19#.###.255.27:37215
  • 19#.###.67.139:37215
  • 41.#.#0.234:37215
  • 41.##.163.38:37215
  • 15#.###.61.204:37215
  • 41.###.75.51:37215
  • 19#.##9.48.54:37215
  • 19#.#.85.143:37215
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 19#.##.97.85:9090
Other:
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number