Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Support

Ihre Anfragen

Rufen Sie uns an

+7 (495) 789-45-86

Profil

Linux.Siggen.3365

Added to the Dr.Web virus database: 2020-11-10

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • sshd
Modifies firewall settings:
  • iptables -I INPUT -p tcp --destination-port 55227 -j ACCEPT
Launches processes:
  • sh -c killall -9 telnetd utelnetd scfgmgr
  • sh -c iptables -I INPUT -p tcp --destination-port 55227 -j ACCEPT
Attempts to kill the following processes:
  • killall -9 telnetd utelnetd scfgmgr
Performs operations with the file system:
Creates or modifies files:
  • /proc/self/oom_score_adj
  • /proc/535/oom_score_adj
  • /root/.ips
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:14737
  • 0.0.0.0:33445
  • 0.0.0.0:55227
Establishes connection:
  • 8.#.8.8:53
  • 21#.##2.140.79:80
  • 88.###.172.71:80
  • 13#.##9.218.34:8080
  • 18#.###.130.197:8081
  • 19#.###.205.208:8080
  • 82.###.7.111:8081
  • 12#.##3.71.245:8080
  • 26.##.8.83:80
  • 17#.##.123.148:80
  • 11#.##4.208.70:8080
  • 18#.##.63.177:80
  • 53.###.159.38:8080
  • 72.###.175.218:8443
  • 30.###.73.213:8080
  • 18#.##.74.34:7574
  • 20#.#2.55.41:80
  • 78.##.47.206:8080
  • 18#.###.212.253:8080
  • 10#.##2.45.199:8080
  • 16#.##.184.104:8080
  • 26.###.244.175:80
  • 20#.###.159.46:52869
  • 18.##5.72.9:80
  • 78.###.211.45:7574
  • 15#.##6.183.92:8080
  • 75.###.155.19:60001
  • 66.###.233.15:8080
  • 22#.###.83.225:49152
  • 18.##2.5.150:80
  • 47.###.100.108:80
  • 11.###.171.125:80
  • 43.###.74.210:8080
  • 96.###.248.94:8080
  • 21#.##7.236.80:8080
  • 14#.##.222.153:8080
  • 13#.##.202.17:8080
  • 19#.##.105.23:8080
  • 17#.###.174.23:52869
  • 18#.##.19.118:8081
  • 86.###.28.232:80
  • 60.##.147.56:8080
  • 29.###.207.69:8443
  • 27.###.165.178:8080
  • 11#.##.141.68:8080
  • 17#.##8.148.29:8080
  • 33.##.234.24:37215
  • 12#.##7.21.37:8080
  • 13#.#.214.128:5555
  • 10#.##2.110.1:8081
  • 79.##.134.12:80
  • 39.###.231.195:8080
  • 8.##.132.114:80
  • 44.###.10.111:8080
  • 41.###.169.251:80
  • 15#.##0.5.55:8081
  • 47.##.33.95:80
  • 93.##.198.44:7574
  • 87.###.103.186:81
  • 11#.#7.86.37:80
  • 15#.##2.179.129:80
  • 18#.##.122.242:7574
  • 11#.##.127.67:49152
  • 28.###.222.211:8443
  • 64.##.68.78:81
  • 7.##.#6.139:8080
  • 22#.##.147.112:8080
  • 1.##.#8.190:8080
  • 20#.##.108.192:80
  • 15#.##.85.16:8081
  • 14.##4.2.106:80
  • 20#.##.127.124:8080
  • 22#.##6.50.43:80
  • 67.##.83.8:60001
  • 12#.##.127.127:8443
  • 17#.##.25.175:8080
  • 69.###.25.7:7574
  • 32.#.#7.211:8080
  • 43.###.98.180:49152
  • 18#.#.196.161:49152
  • 93.##.158.27:80
  • 11#.##8.65.145:8443
  • 15#.#3.74.6:80
  • 21#.##.75.192:8080
  • 77.##.34.52:52869
  • 63.###.81.190:80
  • 23.##9.19.58:80
  • 15.###.11.72:8080
  • 16#.##7.46.16:81
  • 14#.##.189.83:80
  • 21#.##.181.70:8080
  • 14#.#9.95.8:81
  • 11#.##.125.145:8080
  • 16.###.219.44:80
  • 68.##.7.14:80
  • 60.##.168.60:80
  • 12#.##0.98.41:80
  • 11#.##2.8.106:49152
  • 12#.#.0.132:8080
  • 15#.#.13.69:52869
  • 6.###.103.118:80
  • 19#.##.58.224:8181
  • 18#.##.26.222:8080
  • 78.###.162.64:80
  • 15#.##4.209.122:80
  • 63.##.245.161:8443
  • 18.##.225.178:80
  • 15#.##7.87.115:80
  • 19.##1.56.53:80
  • 19#.##.135.88:80
  • 16#.##0.107.47:8443
  • 65.##6.8.88:80
  • 19#.##8.60.87:80
  • 17#.##4.71.131:8080
  • 16#.###.129.139:8081
  • 17#.##4.90.74:81
  • 47.###.167.77:8080
  • 11#.##.171.127:80
  • 22#.##6.3.168:80
  • 30.###.221.23:80
  • 63.##.42.130:8443
  • 17#.##6.6.215:37215
  • 12#.##3.0.232:8081
  • 12#.##7.208.244:80
  • 12#.##0.155.7:8181
  • 19#.###.159.166:8080
  • 63.##.197.114:8081
  • 35.###.15.144:81
  • 15.###.160.198:7574
  • 25.###.158.168:8080
  • 20#.##7.15.3:8080
  • 13#.#.81.152:8080
  • 87.#.#10.97:8081
  • 10#.##.162.14:80
  • 17#.##.79.247:8080
  • 97.###.136.122:8080
  • 15#.##2.158.101:81
  • 47.##.21.151:5555
  • 17#.###.179.105:8080
  • 16#.##0.99.67:8080
  • 46.###.85.229:80
  • 24.###.5.161:8080
  • 46.###.11.200:80
  • 18#.##2.149.37:5555
  • 74.##.5.14:81
  • 55.###.167.78:52869
  • 21#.##0.64.22:5555
  • 67.###.252.128:8081
  • 56.##.116.47:80
  • 15.##.122.211:52869
  • 7.###.91.220:80
  • 13#.##0.232.6:8080
  • 31.##.111.253:8080
  • 16#.###.172.135:8080
  • 6.###.79.62:8080
  • 87.##.176.149:80
  • 73.###.183.30:8080
  • 13#.##7.242.223:80
  • 18#.##6.188.97:81
  • 91.###.206.217:8080
  • 30.###.140.15:80
  • 12#.##1.126.114:80
  • 99.##.68.63:8080
  • 65.###.154.134:8443
  • 24.###.86.243:8080
  • 10#.##.13.211:8443
  • 13#.##8.221.118:81
  • 17#.##.144.27:8080
  • 67.##.169.218:80
  • 37.#.70.71:80
  • 16#.##.0.168:8081
  • 21#.##2.239.96:80
  • 36.##.74.111:8443
  • 15#.##2.58.28:80
  • 95.###.38.148:60001
  • 40.###.229.73:80
  • 59.###.11.20:5555
  • 49.###.234.84:7574
  • 25.###.152.235:80
  • 17#.##5.46.175:8080
  • 19#.##2.95.55:80
  • 13#.##3.126.63:80
  • 20#.###.192.58:60001
  • 64.###.177.179:80
  • 93.###.27.140:8080
  • 19#.###.197.227:8080
  • 14#.###.113.207:8080
  • 19#.##1.243.0:80
  • 20#.##.92.178:8080
  • 64.###.153.246:8080
  • 13#.##.232.172:80
  • 11#.##.72.61:52869
  • 20#.##5.138.62:80
  • 21#.##3.187.162:81
  • 93.###.26.136:5555
  • 11#.###.233.208:7574
  • 16#.##.124.115:8080
  • 12#.##9.105.58:80
  • 28.##.183.92:8081
  • 21#.###.68.137:49152
  • 12.###.138.151:80
  • 21#.##.128.176:80
  • 16#.##2.43.241:80
  • 15#.###.126.118:37215
  • 17#.###.245.192:8080
  • 25.##.87.69:80
  • 21#.##4.110.13:8080
  • 13#.##3.71.47:80
  • 19#.##.101.74:8080
  • 18#.##0.75.195:80
  • 53.###.225.14:37215
  • 40.###.138.9:8080
  • 17#.###.209.147:8080
  • 81.###.68.253:80
  • 15#.##3.225.106:80
  • 86.###.55.75:8080
  • 59.##.93.49:80
  • 34.###.46.236:8080
  • 15.##.48.219:8080
  • 14#.##0.222.19:80
  • 56.###.152.120:80
  • 63.###.62.89:8080
  • 13.###.219.202:80
  • 10#.##3.134.196:80
  • 67.###.227.132:37215
  • 11#.##.31.189:37215
  • 35.###.130.153:60001
  • 77.###.10.92:7574
  • 16#.#.30.71:80
  • 53.###.51.81:8080
  • 49.###.96.125:37215
  • 21#.##7.61.124:80
  • 48.###.102.190:8080
  • 32.###.214.164:80
  • 11.##.138.167:8080
  • 12#.##.20.49:52869
  • 12#.##4.154.127:80
  • 15#.##6.50.42:8080
  • 91.##.67.213:8081
  • 96.###.142.254:5555
  • 17#.##.71.143:80
  • 18#.##0.82.20:80
  • 31.#.7.172:5555
  • 19#.##8.200.97:80
  • 11#.##.202.242:8080
  • 80.###.14.253:7574
  • 16#.##.240.139:80
  • 36.###.137.50:8080
  • 39.##.185.129:80
  • 61.##.54.8:8081
  • 13#.##4.200.93:80
  • 94.##.223.235:8443
  • 12#.##0.52.248:7574
  • 96.###.143.245:8080
  • <LOCAL_GATE>:80
  • 17#.##.93.253:80
  • 21#.###.113.101:8080
  • 6.###.237.76:52869
  • 21#.##7.74.127:81
  • 34.###.170.62:8080
  • 25.###.180.48:60001
  • 14#.##9.27.178:8081
  • 11#.##9.104.90:8081
  • 10#.##.133.96:8081
  • 15#.##0.14.41:60001
  • 25.###.36.63:8080
  • 15.###.206.123:80
  • 11#.###.144.149:37215
  • 50.###.200.14:80
  • 21#.##3.142.65:8080
  • 53.###.40.46:8080
  • 12#.###.181.120:8443
  • 17#.##.86.15:49152
  • 33.###.46.65:8443
  • 15#.##.218.120:80
  • 20#.##4.226.82:7574
  • 13#.##.213.85:8081
  • 45.##.76.250:8080
  • 5.##.#63.96:8443
  • 21#.##7.82.65:8080
  • 28.###.65.253:8443
  • 21#.##.65.128:52869
  • 16#.##.91.198:80
  • 17#.##.138.31:37215
  • 16.#.#58.19:49152
  • 17#.##4.56.26:37215
  • 97.###.194.71:8080
  • 95.#.#88.48:52869
  • 19#.###.133.114:49152
  • 13#.##8.168.175:80
  • 14#.##.79.253:37215
  • 88.##.58.237:8080
  • 19#.##8.203.88:8080
  • 20#.##4.225.38:80
  • 10#.##5.114.242:80
  • 26.###.195.50:80
  • 12.#.38.27:8443
  • 19#.###.113.172:8080
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP POST requests:
  • 127.0.0.1:5555/UD/act?1
Sends data to the following servers:
  • 23#.###.255.250:1900
  • 23.##9.19.58:80
  • 16#.##3.123.236:23
  • 10#.##2.238.67:23
  • 19#.##8.185.119:23
  • 18#.##2.77.168:23
  • 19#.##7.83.14:23
  • 91.##.232.105:23
  • 79.###.148.11:23
  • 12#.##5.190.231:23
  • 22#.##9.33.152:23
Receives data from the following servers:
  • 23.##9.19.58:80

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number