Linux.Siggen.7142

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

e28081

Kills the following processes:

kthreadd
rcu_gp
rcu_par_gp
kworker/0:0
kworker/0:0H
kworker/u2:0
mm_percpu_wq
ksoftirqd/0
rcu_sched
rcu_bh
migration/0
cpuhp/0
kdevtmpfs
netns
kauditd
khungtaskd
oom_reaper
writeback
kcompactd0
ksmd
crypto
kintegrityd
kblockd
ata_sff
devfreq_wq
watchdogd
kworker/0:1H
kswapd0
kthrotld
ipv6_addrconf
kworker/u2:2
kstrp
scsi_eh_0
scsi_tmf_0
scsi_eh_1
scsi_tmf_1
kworker/0:2
kworker/u3:0
jbd2/sda1-8
ext4-rsv-conver
kworker/0:1
9bc2fd2a

Network activity:

Awaits incoming connections on ports:

127.0.0.1:33337

Establishes connection:

8.#.8.8:53
45.###.232.208:33335

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

DNS ASK:

ro##me.xyz

Sends data to the following servers:

45.###.232.208:33335
58.##.59.252:23
11#.##.29.135:23
16#.##0.85.207:23
30.###.76.188:23
18#.##5.68.195:23
25#.##6.110.196:23
19#.##.250.161:23
20#.##5.95.100:23
20#.##.218.183:23
61.##.243.107:23
24#.##6.96.67:23
17#.##.110.27:23
90.###.149.119:23
23#.##4.115.100:23
62.###.49.102:23
24#.#02.9.24:23
20#.##4.105.172:23
6.###.157.67:23
58.##7.89.72:23
21#.##6.161.3:23
11#.##.175.117:23
19#.##2.36.29:23
11#.##.43.127:23
93.##8.36.89:23
24.###.229.251:23
25#.##5.224.143:23
70.###.50.197:23
79.##.43.41:23
21#.##8.215.79:23
82.###.86.150:23
11#.##9.8.200:23
15.##.146.237:23
20#.##.113.45:23
23#.##7.199.103:23
43.###.74.233:23
23#.#7.48.54:23
34.##.237.242:23
25#.##.58.214:23
36.###.77.107:23
12#.##3.219.130:23
7.###.233.134:23
12#.##5.178.30:23
23#.#2.4.31:23
53.##.189.131:23
24#.##4.141.154:23
56.##6.68.96:23
19#.##.231.172:23
5.###.19.54:23
11.###.228.119:23
23#.##2.102.5:23
15#.##1.13.14:23
23#.##9.55.65:23
15#.##2.36.180:23
81.###.124.24:23
23.##2.38.2:23
96.###.193.120:23
53.##1.99.32:23
24#.##9.213.86:23
24#.##.126.153:23
24#.##.54.252:23
17#.##4.19.60:23
18#.#6.42.90:23
19#.##.235.219:23
19#.##8.78.166:23
72.###.186.88:23
14#.##9.133.179:23
11#.##4.113.120:23
18#.##8.246.78:23
7.###.59.21:23
11.###.249.160:23
12#.#0.6.194:23
52.##.188.191:23
24#.##8.239.1:23
23#.##3.27.191:23
11#.##.153.230:23
25#.##4.162.42:23
31.##.222.119:23
21#.##6.175.148:23
18#.##0.205.6:23
13#.##.83.156:23
15#.#.251.182:23
24#.##4.155.6:23
23#.##3.105.164:23
24#.#4.51.60:23
26.##.232.240:23
14#.##.219.144:23
16#.##.235.12:23
11#.##.222.176:23
41.###.178.59:23
11#.##6.61.23:23
14#.##3.148.104:23
10#.##.202.244:23
23#.##1.133.255:23
21#.##8.240.183:23
20#.##2.234.194:23
37.###.152.198:23
41.###.105.226:23
18#.##1.184.246:23
11#.##.13.174:23
12#.##3.43.104:23
12#.#9.73.76:23
19#.##2.183.74:23
89.###.14.199:23
24#.##0.65.109:23
19#.##.186.114:23
40.###.98.188:23
23#.#.110.109:23
15#.##9.165.168:23
14#.##9.72.51:23
21#.##4.83.123:23
11#.##0.120.6:23
9.###.28.225:23
34.###.111.208:23
24#.##7.70.104:23
15#.##0.235.211:23
80.###.167.42:23
13#.##5.85.69:23
59.###.54.254:23
23#.##8.166.183:23
25#.##1.81.48:23
79.###.66.205:23
61.##.163.87:23
35.##.157.204:23
14#.##7.85.114:23
24#.##7.23.58:23
23.##.162.139:23
22#.##.194.172:23
13#.##5.159.188:23
47.###.43.181:23
15#.##3.1.214:23
21.##5.52.23:23
82.##.125.202:23
35.###.54.104:23
97.###.103.153:23
13#.##3.94.92:23
25#.##3.3.216:23
22#.##.152.212:23
95.###.230.112:23
99.###.159.22:23
24#.##5.209.138:23
2.###.32.12:23
22#.##7.215.243:23
75.###.37.117:23
17#.##.10.142:23
24#.##1.152.12:23
22#.##5.141.66:23
74.###.206.145:23
23#.##1.125.82:23
19#.##5.244.107:23
13.##.230.176:23
23#.##4.13.24:23
18#.##.219.86:23
11#.##7.122.23:23
18#.#3.10.36:23
21#.##0.95.191:23
15#.##1.149.254:23
21#.##2.80.180:23
19#.##6.230.202:23
24#.##2.203.71:23
44.###.23.206:23
25#.#8.34.94:23
18#.##.76.221:23
24#.##.131.229:23
12#.##.149.137:23
66.###.162.23:23
59.###.179.78:23
21#.##3.191.242:23
19#.#11.3.28:23
20#.##5.244.184:23
21#.##2.194.176:23
19#.##8.55.201:23
25#.#5.56.31:23
21#.##.246.61:23
6.###.60.8:23
55.###.104.218:23
70.###.184.68:23
14#.##2.228.179:23
15#.##4.144.154:23
76.###.242.40:23
13#.##.239.197:23
13#.##.82.246:23
25#.##8.188.172:23
21.###.233.251:23
64.###.125.53:23
15#.##.133.21:23
55.##.143.204:23
21#.##7.249.207:23
16#.##8.61.248:23
41.###.217.96:23
19#.##3.44.27:23
13#.##3.33.52:23
20#.##.225.214:23
22#.##1.135.91:23
14#.##0.130.119:23
44.###.128.225:23
19#.##.112.61:23
71.##4.6.168:23
48.###.234.63:23
21#.##9.82.126:23
11#.##2.36.34:23
22#.##5.157.124:23
37.###.101.148:23
13#.##6.243.206:23
37.###.161.87:23
86.###.247.197:23
37.###.254.155:23
16#.##5.2.110:23
69.##.230.118:23
85.###.85.246:23
1.##.176.33:23
20#.##2.228.126:23
19#.##1.29.224:23
6.###.228.72:23
13#.##.81.236:23
86.###.98.103:23
17#.#.34.9:23
19#.##7.44.97:23
19#.##4.231.88:23
30.###.140.113:23
7.###.36.159:23
12#.##8.152.170:23
43.###.94.222:23
17#.##.125.191:23
91.##.36.121:23
54.##9.227.4:23
21#.##3.65.120:23
20.###.222.28:23
56.##.223.246:23
13#.##2.127.120:23
25#.##7.212.221:23
22#.##7.212.11:23
18#.#.160.202:23
34.###.36.165:23
17#.##.212.248:23
14#.##8.131.133:23
29.###.27.144:23
1.##.217.181:23
12#.##3.147.179:23
1.###.59.211:23
19#.#.255.100:23
48.###.51.168:23
20.##.71.171:23
15#.##6.223.187:23
10#.##.177.200:23
18#.##.164.132:23
17#.#0.50.98:23
20.###.148.68:23
23.###.207.95:23
19#.##9.233.148:23
13#.##4.180.221:23
50.##.90.83:23
21#.##2.173.204:23
13#.##4.79.105:23
11#.##3.133.222:23
13.###.167.210:23
65.###.114.173:23
12#.##2.168.112:23
57.##.28.45:23
15#.##.121.166:23
16#.##0.252.161:23
10#.##8.205.114:23
21#.##3.144.252:23
14#.##.29.151:23
19#.##.173.168:23
9.##.199.173:23
24#.##3.220.125:23
63.###.122.229:23
14#.##9.105.127:23
39.##7.61.50:23
6.###.92.106:23
20#.#.112.22:23
48.###.208.155:23
24#.##7.28.152:23
31.##.179.87:23
41.###.254.193:23
24#.##.147.34:23
11#.##8.85.33:23
90.###.185.130:23
22#.##.163.58:23
57.##.213.121:23
11#.##.221.47:23
97.#.175.198:23
3.###.132.76:23
13#.##8.153.102:23
88.##.57.162:23
19.##.250.8:23
21#.##6.32.18:23
25.##.21.27:23
20#.#.2.185:23
1.###.50.61:23
20#.##.210.53:23
10#.##3.148.245:23
19#.##1.67.246:23
1.###.31.62:23
76.###.114.212:23
99.##.28.236:23
12#.#55.10.6:23
90.##.87.83:23
76.##.101.82:23
24#.##.136.137:23
13#.##2.14.224:23
75.##.250.39:23
17#.##.218.248:23
67.##0.35.17:23
22#.##.39.118:23
19#.##.75.242:23
75.##.69.173:23
25.##1.59.79:23
73.##.9.183:23
42.###.113.163:23
51.##.238.180:23
24#.##7.33.186:23
14#.##2.202.180:23
13#.##.218.232:23
89.###.173.120:23
26.###.155.177:23
21#.##4.83.63:23
31.##.211.103:23
18#.##.187.230:23
92.##.251.135:23
13#.##1.107.9:23
18#.##0.247.31:23
10#.#.85.96:23
15.##.80.12:23
48.###.31.201:23
23#.##.105.191:23
44.#.62.70:23
93.###.251.239:23
2.##.4.126:23
79.###.203.197:23
18#.##6.142.59:23
23#.##9.78.204:23
60.###.77.146:23
17#.##3.222.201:23
14#.##.226.178:23
22#.##0.221.68:23
12.###.57.254:23
22#.##.44.170:23
36.###.18.185:23
21#.##1.22.29:23
24#.##1.32.38:23
21#.##1.197.100:23
12#.##7.175.164:23
19#.##.194.188:23
26.##8.73.78:23
14#.##3.240.150:23
18#.##2.23.49:23
18#.##4.82.195:23
53.###.191.156:23
10#.##6.16.226:23
97.##.172.134:23
17#.##.181.213:23
12#.##4.175.135:23
33.##.113.66:23
42.###.221.255:23
15#.##.63.169:23
20#.##3.207.106:23
40.###.199.187:23
21#.##9.116.152:23
63.###.100.147:23
25#.##.12.160:23
19#.##0.239.96:23
92.###.114.122:23
20#.##.186.29:23
25#.##2.158.147:23
17#.##8.130.51:23
14#.##6.241.35:23
5.###.157.228:23
11#.##.172.97:23
15#.##0.204.92:23
23#.##8.8.167:23

Receives data from the following servers:

45.###.232.208:33335

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement