Pour le fonctionnement correct du site, vous devez activer JavaScript dans votre navigateur.
Linux.Siggen.6795
Added to the Dr.Web virus database:
2024-03-18
Virus description added:
2024-03-18
Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Launches processes:
/bin/kmod /sbin/modprobe ip_tables
/sbin/xtables-multi iptables -A INPUT -s 141.98.10.128 -j DROP
/bin/sh -c echo \x22block drop proto udp from any to any port 59666\x22 | sudo pfctl -f -
/sbin/xtables-multi iptables -A INPUT -p tcp --dport 59666 -j DROP
/bin/sh -c ufw deny 59666/udp
/bin/sh -c netsh advfirewall firewall add rule name=\x22Block_IP_141.98.10.128\x22 dir=in action=block remoteip=141.98.10.128
/bin/sh -c nft add rule ip filter input udp dport 37215 drop
/sbin/xtables-multi iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c echo \x22127.0.0.1 reachedfucktheccp.top\x22 >> /etc/hosts
/bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c ufw deny 59666/tcp
/bin/sh -c echo \x22block drop proto tcp from any to any port 59666\x22 | sudo pfctl -f -
/bin/sh -c firewall-cmd --reload
/bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_59666_TCP\x22 dir=in action=block protocol=TCP localport=59666
/bin/sh -c iptables -A INPUT -s 141.98.10.128 -j DROP
/sbin/xtables-multi iptables -A INPUT -p udp --dport 59666 -j DROP
/bin/sh -c /bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c ufw deny from 141.98.10.128
/bin/sh -c kill_port(htons(37215))
/bin/sh -c firewall-cmd --zone=public --add-source=141.98.10.128 --permanent
/bin/sh -c firewall-cmd --zone=public --add-port=59666/udp --permanent
/bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_37215_TCP\x22 dir=in action=block protocol=TCP localport=37215
/bin/sh -c busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c kill_port(htons(59666))
/bin/sh -c echo \x22block drop proto tcp from any to any port 37215\x22 | sudo pfctl -f -
/bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_59666_UDP\x22 dir=in action=block protocol=UDP localport=59666
/bin/sh -c /usr/bin/iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c netsh advfirewall firewall add rule name=\x22Block_Port_37215_UDP\x22 dir=in action=block protocol=UDP localport=37215
/bin/sh -c iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c nft add rule ip filter input tcp dport 37215 drop
/sbin/xtables-multi iptables -A INPUT -p tcp --dport 37215 -j DROP
/bin/sh -c ufw deny 37215/udp
/bin/sh -c iptables -A INPUT -p tcp --dport 59666 -j DROP
/bin/sh -c echo \x22127.0.0.1 fucktheccp.top\x22 >> /etc/hosts
/bin/sh -c firewall-cmd --zone=public --add-rich-rule=\x27rule family=\x22ipv4\x22 port protocol=\x22udp\x22 port=\x2237215\x22 reject\x27
/sbin/xtables-multi iptables -A INPUT -p udp --dport 37215 -j DROP
/bin/sh -c firewall-cmd --zone=public --add-port=59666/tcp --permanent
/bin/sh -c echo \x22block drop in quick on any from 141.98.10.128\x22 | sudo pfctl -f -
/bin/sh -c nft add rule ip filter input udp dport 59666 drop
/bin/sh -c iptables -A INPUT -p udp --dport 37215 -j DROP
sudo pfctl -f -
/bin/sh -c iptables -A INPUT -p udp --dport 59666 -j DROP
/bin/sh -c firewall-cmd --zone=public --add-rich-rule=\x27rule family=\x22ipv4\x22 port protocol=\x22tcp\x22 port=\x2237215\x22 reject\x27
/bin/sh -c /bin/busybox iptables -A INPUT -p tcp --dport 26721 -j ACCEPT
/bin/sh -c echo \x22block drop proto udp from any to any port 37215\x22 | sudo pfctl -f -
/bin/sh -c iptables -A INPUT -p tcp --dport 37215 -j DROP
/bin/sh -c ufw deny 37215/tcp
/bin/sh -c nft add rule ip filter input ip saddr 141.98.10.128 drop
/bin/sh -c nft add rule ip filter input tcp dport 59666 drop
Kills the following processes:
Performs operations with the file system:
Deletes folders:
Creates or modifies files:
Deletes files:
Network activity:
Awaits incoming connections on ports:
127.0.0.1:8345
0.0.0.0:26721
Establishes connection:
[:##]:37215
127.0.0.1:37215
[:##]:59666
127.0.0.1:59666
8.#.8.8:53
51.##.149.139:53
19#.###.175.43:35342
19#.##.144.87:53
19#.##9.175.43:2222
51.###.108.203:53
81.###.136.222:53
91.###.137.37:53
DNS ASK:
Recommandations pour le traitement
Linux
Version démo gratuite
Pour 1 mois (sans enregistrement) ou 3 mois (avec enregistrement et remise pour le renouvellement)
Téléchargez Dr.Web pour Android
Gratuit pour 3 mois
Tous les composants de protection
Renouvellement de la démo via AppGallery/Google Pay
Nous utilisons des cookies sur notre site web à des fins uniques d’analyse de la fréquentation et de récolte de données statistiques. En naviguant sur notre site, vous pouvez accepter ou refuser l’utilisation de ces fichiers cookies.
En savoir plus : Politique de confidentialité
Accepter
Refuser