Linux.Siggen.7159

Technical Information

Malicious functions:

Launches itself as a daemon

Substitutes application name for:

e28081

Kills the following processes:

kthreadd
rcu_gp
rcu_par_gp
kworker/0:0
kworker/0:0H
kworker/u2:0
mm_percpu_wq
rcu_tasks_rude_
rcu_tasks_trace
ksoftirqd/0
rcu_sched
migration/0
cpuhp/0
kdevtmpfs
netns
kauditd
khungtaskd
oom_reaper
writeback
kcompactd0
ksmd
kintegrityd
kblockd
blkcg_punt_bio
ata_sff
devfreq_wq
kworker/0:1H
kswapd0
kthrotld
ipv6_addrconf
kworker/u2:2
kstrp
zswap-shrink
kworker/u3:0
scsi_eh_0
scsi_tmf_0
scsi_eh_1
scsi_tmf_1
kworker/0:2
kworker/0:3
jbd2/sda1-8
ext4-rsv-conver
kworker/u2:1
9bc2fd2a

Network activity:

Awaits incoming connections on ports:

127.0.0.1:33337

Establishes connection:

8.#.8.8:53
45.###.232.208:33335

Attacks using a special dictionary (brute-force technique) via the Telnet protocol.

DNS ASK:

ro##me.xyz

Sends data to the following servers:

45.###.232.208:33335
13#.##.239.192:23
51.##.35.57:23
13#.##6.161.159:23
17#.##.51.175:23
16#.##.23.173:23
57.###.120.154:23
11#.#9.0.72:23
20#.##8.34.148:23
19#.##.55.228:23
97.###.30.213:23
63.###.138.95:23
15#.##1.223.36:23
53.##.77.22:23
15#.#82.11.4:23
26.##.22.92:23
27.##2.88.83:23
18#.##2.47.24:23
24.###.115.41:23
24#.#8.61.91:23
20#.##.131.241:23
17#.##9.173.121:23
85.###.53.185:23
40.###.10.213:23
13#.##1.163.166:23
10#.##2.206.238:23
67.##6.27.13:23
20#.#6.34.37:23
5.###.62.169:23
20#.##5.208.2:23
35.##.195.40:23
23#.##6.112.153:23
15#.##.141.132:23
18#.##6.40.91:23
11#.##2.2.229:23
21#.##7.103.19:23
17#.#2.74.88:23
18#.##8.76.79:23
60.##8.84.3:23
14#.##.249.142:23
58.###.182.181:23
56.###.57.180:23
13#.##3.121.185:23
58.###.87.180:23
81.##.222.201:23
63.###.241.170:23
39.##2.19.84:23
10#.##.47.102:23
61.##.9.45:23
13#.##.80.227:23
94.###.52.238:23
69.##0.64.55:23
23#.##.163.53:23
22#.##4.184.232:23
12#.##7.40.203:23
62.###.116.233:23
24#.##6.145.68:23
11#.##.178.77:23
18.##.144.30:23
14#.##6.18.77:23
2.##.66.96:23
22#.##.159.12:23
56.###.141.235:23
18.###.205.195:23
17#.##.27.109:23
29.###.82.121:23
12#.#2.4.44:23
15.###.237.88:23
17#.##5.65.48:23
24#.##0.142.38:23
18#.##.154.71:23
69.##1.20.47:23
10#.##.18.138:23
10#.##5.121.11:23
91.##.148.138:23
12#.##4.27.175:23
58.##.78.105:23
25#.##7.110.139:23
14#.##3.60.16:23
57.##0.72.9:23
12#.##.87.116:23
21#.##.240.254:23
20#.##2.127.60:23
15#.##3.190.67:23
23#.##7.104.218:23
10#.#5.87.32:23
62.###.56.165:23
85.###.21.130:23
11#.##.238.73:23
22#.##0.115.226:23
13.###.231.77:23
13#.##6.54.21:23
16#.##1.241.159:23
59.###.83.190:23
65.##.153.50:23
25#.#41.52.0:23
17.##.228.116:23
25#.#57.85.6:23
12#.##.192.164:23
20#.##1.244.248:23
13#.##2.23.125:23
17#.##.197.81:23
18#.##2.178.4:23
19#.##6.250.252:23
68.##.153.22:23
73.##.29.110:23
61.###.53.216:23
12#.##2.26.90:23
21#.##6.118.110:23
18#.##5.205.169:23
22#.#11.1.93:23
11#.##.94.120:23
7.##.59.247:23
11#.##2.158.162:23
93.##.231.154:23
19#.##1.92.183:23
24#.##2.103.117:23
13#.##0.149.192:23
98.##.226.72:23
87.##2.40.22:23
25#.#34.4.23:23
17#.##5.113.168:23
11#.##0.158.58:23
20#.##0.23.163:23
13#.#.131.146:23
20#.##0.208.243:23
10#.##2.227.35:23
94.###.169.68:23
10#.##6.86.33:23
19#.#1.30.72:23
81.###.75.155:23
17#.##.118.94:23
3.###.192.72:23
24#.##1.108.57:23
93.##.208.14:23
62.##2.20.92:23
17#.##9.10.15:23
18#.##0.176.27:23
24#.##7.204.44:23
52.##.119.50:23
14#.##5.110.180:23
10#.##.14.252:23
3.##.192.84:23
14#.##.149.127:23
18#.#4.45.42:23
13#.##7.165.251:23
24#.##.126.74:23
18#.##5.189.43:23
75.##.143.57:23
16#.##.181.130:23
20#.##.77.115:23
21#.#.78.141:23
15#.##8.46.121:23
21.##.166.136:23
22#.##.84.210:23
20#.#8.5.67:23
10#.##8.167.201:23
68.##.109.17:23
51.##.159.104:23
23#.##4.181.75:23
13#.##4.98.52:23
23#.##.250.50:23
20#.##.129.214:23
15#.#0.22.16:23
24#.##6.73.15:23
24#.##.205.11:23
15#.##5.62.72:23
93.##.132.248:23
3.###.83.95:23
75.#.147.62:23
10#.##9.167.248:23
14#.##.73.218:23
63.##.233.15:23
15#.##.240.21:23
16#.##.185.145:23
60.###.181.40:23
21#.##6.101.133:23
25#.##3.11.149:23
86.##.246.54:23
67.###.103.102:23
12#.##.210.26:23
17#.##5.238.43:23
13#.#2.36.42:23
18#.##.35.205:23
56.###.130.218:23
60.###.157.250:23
10#.##5.61.38:23
22#.##.12.186:23
12#.##2.138.114:23
24#.##4.165.203:23
21#.##1.208.57:23
19#.##3.162.99:23
14#.##6.90.33:23
19#.##.17.127:23
12#.##9.105.71:23
11#.##.169.252:23
10#.##4.86.233:23
16#.##.183.157:23
28.###.233.209:23
57.##5.9.86:23
14#.##6.104.92:23
11#.##2.200.140:23
79.##7.6.61:23
25#.##9.6.251:23
5.##.138.69:23
11#.##.61.153:23
19#.##9.248.184:23
18#.#9.91.79:23
54.##.133.240:23
20#.##.131.176:23
18.###.200.27:23
19#.##3.67.140:23
18#.##6.83.37:23
34.###.59.104:23
23#.##.207.118:23
36.###.53.148:23
23#.##4.253.200:23
14#.##1.211.223:23
17#.##.228.173:23
86.###.250.189:23
12#.##7.104.234:23
21#.##.213.192:23
78.##.174.124:23
74.##.52.157:23
67.##.166.252:23
92.###.198.137:23
22#.##5.108.16:23
14.###.147.34:23
45.##.78.41:23
21#.##7.253.93:23
21#.##.103.144:23
13#.##2.115.87:23
15#.##9.114.178:23
13#.##.28.201:23
10#.#7.2.231:23
36.###.174.102:23
23#.##9.176.85:23
11#.##3.254.98:23
12#.##1.110.109:23
23#.##0.200.109:23
19#.#.85.184:23
16#.##9.79.87:23
72.##1.189.1:23
18#.#3.218.7:23
24#.##.222.78:23
18#.##5.52.187:23
23#.##.78.141:23
22#.##8.83.78:23
20#.##2.130.192:23
19#.##4.130.112:23
63.##.144.39:23
11#.#3.62.64:23
93.###.109.16:23
17#.##7.180.109:23
24#.##3.102.177:23
23#.##.148.62:23
23#.##.128.79:23
96.###.138.135:23
21#.##.135.107:23
25#.##.109.75:23
24#.##9.50.70:23
50.###.186.67:23
23.###.121.140:23
13#.##9.109.33:23
22#.##6.202.146:23

Receives data from the following servers:

45.###.232.208:33335

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement