Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Linux.Mirai.4943

Added to the Dr.Web virus database: 2020-10-02

Virus description added:

Technical Information

Malicious functions:
Removes itself
Launches itself as a daemon
Substitutes application name for:
  • ymbdcfviclbvhqscsypt
Network activity:
Awaits incoming connections on ports:
  • 19#.##8.215.50:3467
Establishes connection:
  • 8.#.8.8:53
  • 5.###.227.140:4321
  • 5.###.227.140:7685
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
  • 5.###.227.140:4321
  • 5.###.227.140:7685
  • 0.0.0.0:0
  • 19#.##.233.142:23
  • 21#.#5.66.64:23
  • 10#.#0.208.5:23
  • 24#.##4.5.110:23
  • 17#.#8.7.39:23
  • 17#.##1.133.15:23
  • 18#.##9.69.14:23
  • 10#.##3.17.154:23
  • 77.###.224.58:23
  • 19#.##.152.244:23
  • 14#.##6.143.240:23
  • 16#.##.129.253:23
  • 15.##.255.98:23
  • 16#.##9.125.82:23
  • 59.##5.65.96:23
  • 19.##5.79.34:23
  • 15#.##6.38.127:23
  • 18#.##0.228.72:23
  • 22#.##.127.207:23
  • 40.##.24.84:23
  • 25#.#2.58.61:23
  • 11.##9.46.96:23
  • 20#.##.180.140:23
  • 17.##.137.246:23
  • 21.##.223.125:23
  • 17#.##1.182.68:23
  • 90.###.139.205:23
  • 53.##.172.192:23
  • 73.##.94.101:23
  • 42.##9.69.23:23
  • 22#.##7.2.173:23
  • 43.##.193.153:23
  • 10#.##.18.226:23
  • 16#.##5.173.168:23
  • 44.###.117.71:23
  • 10#.##.221.112:23
  • 17#.##.74.154:23
  • 20#.##3.236.196:23
  • 22.###.45.203:23
  • 12.###.71.217:23
  • 69.###.222.177:23
  • 52.##.236.239:23
  • 13.###.61.144:23
  • 23#.#8.63.71:23
  • 21#.#9.149.1:23
  • 19#.##7.166.33:23
  • 45.###.106.238:23
  • 15#.#2.92.7:23
  • 10#.##.122.128:23
  • 35.##.170.249:23
  • 17#.##9.114.150:23
  • 15#.##.74.166:23
  • 29.###.115.89:23
  • 10#.##.126.154:23
  • 13#.##3.235.67:23
  • 81.##7.7.199:23
  • 10#.##2.209.102:23
  • 20#.##9.89.244:23
  • 13#.##8.134.180:23
  • 12#.##0.69.22:23
  • 11#.##2.182.118:23
  • 14#.##7.234.9:23
  • 88.##.178.92:23
  • 12#.##5.117.27:23
  • 10#.##6.185.33:23
  • 16.##.210.253:23
  • 65.###.234.120:23
  • 11#.##4.50.63:23
  • 12#.##6.248.170:23
  • 21#.##4.148.43:23
  • 14#.##9.117.189:23
  • 14#.##5.207.32:23
  • 17#.##5.52.213:23
  • 19#.##2.100.97:23
  • 81.##.170.152:23
  • 13#.##2.139.129:23
  • 22#.##.109.244:23
  • 22#.##2.83.66:23
  • 60.###.10.147:23
  • 19#.#8.7.21:23
  • 20#.##.128.128:23
  • 19#.##9.105.87:23
  • 18#.#2.8.166:23
  • 92.###.144.227:23
  • 19#.##2.94.239:23
  • 5.##.116.125:23
  • 19.##0.81.38:23
  • 5.###.186.216:23
  • 90.###.127.131:23
  • 21#.##4.168.118:23
  • 25#.##3.136.113:23
  • 18.##3.27.91:23
  • 63.###.237.82:23
  • 14#.#0.8.168:23
  • 21#.##.13.130:23
  • 13#.##8.212.90:23
  • 13#.#1.52.64:23
  • 3.##.60.241:23
  • 64.###.246.236:23
  • 35.###.201.94:23
  • 31.###.35.166:23
  • 20#.##.151.84:23
  • 11#.##4.73.233:23
  • 92.##.41.117:23
  • 18#.##.71.109:23
  • 94.###.101.230:23
  • 59.###.207.181:23
  • 20#.#6.73.51:23
  • 14#.##2.118.120:23
  • 24.###.157.44:23
  • 49.###.30.234:23
  • 56.###.30.106:23
  • 24#.##4.130.226:23
  • 14#.##7.219.66:23
  • 22#.##.179.156:23
  • 17#.##.228.254:23
  • 12#.##2.125.92:23
  • 14#.##.76.107:23
  • 77.###.136.64:23
  • 17.##.231.79:23
  • 10#.##.153.174:23
  • 95.###.226.107:23
  • 14#.##9.6.105:23
  • 11#.##5.33.175:23
  • 4.###.47.151:23
  • 21#.#.178.164:23
  • 22#.##.55.123:23
  • 21#.##1.91.230:23
  • 60.##.75.235:23
  • 23#.##6.127.68:23
  • 15#.##.115.57:23
  • 13#.##.87.102:23
  • 23#.##5.118.2:23
  • 31.###.100.54:23
  • 14.###.217.124:23
  • 69.###.190.117:23
  • 83.##.250.112:23
  • 75.###.54.200:23
  • 24#.##.25.241:23
  • 82.##.247.20:23
  • 18#.##1.241.99:23
  • 10#.##3.11.193:23
  • 2.###.110.97:23
  • 23#.#8.19.44:23
  • 23#.##.205.27:23
  • 19#.##9.88.218:23
  • 91.###.201.162:23
  • 46.##.45.104:23
  • 47.###.128.32:23
  • 25#.#.12.255:23
  • 74.###.158.220:23
  • 22.###.234.110:23
  • 23#.##.242.210:23
  • 60.###.213.160:23
  • 11#.##2.127.8:23
  • 93.##1.69.34:23
  • 12#.#7.65.99:23
  • 73.#.66.151:23
  • 17#.#5.86.4:23
  • 21#.##.171.208:23
  • 12#.##1.210.225:23
  • 61.##.130.49:23
  • 16#.##.203.107:23
  • 13#.##.140.144:23
Receives data from the following servers:
  • 5.###.227.140:7685
  • 5.###.227.140:4321

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number