JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.6746
Added to the Dr.Web virus database:
2024-03-15
Virus description added:
2024-03-15
Technical Information
Malicious functions:
Launches itself as a daemon
Launches processes:
iptables -A INPUT -p tcp --syn -s 192.0.0.0/8 -j ACCEPT
/var/tmp/MzxvzbtPR3HHkV3LYw1RTNz0k
/usr/sbin/xtables-nft-multi iptables -L OUTPUT -t raw --line-numbers
/usr/sbin/xtables-nft-multi iptables -D INPUT -p tcp --syn -s 127.0.0.0/8 -j ACCEPT
iptables -D INPUT -p tcp --syn -s 172.16.0.0/12 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -I INPUT -p tcp --syn -s 45.95.146.93 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -C INPUT -p tcp --syn -s 45.95.146.93 -j ACCEPT
iptables -D INPUT -p tcp --syn -j DROP
iptables -D INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -A INPUT -p tcp --syn -s 100.64.0.0/10 -j ACCEPT
iptables -L OUTPUT -t raw --line-numbers
/usr/sbin/xtables-nft-multi iptables -A INPUT -p tcp --syn -s 192.0.0.0/8 -j ACCEPT
iptables -t raw -I OUTPUT -p tcp --sport 46759 -j NOTRACK
/usr/sbin/xtables-nft-multi iptables -D INPUT -p tcp --syn -s 192.0.0.0/8 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p tcp --syn -s 10.0.0.0/8 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -D INPUT -p tcp --syn -j DROP
iptables -A INPUT -p tcp --syn -s 100.64.0.0/10 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -D INPUT -p tcp --syn -s 10.0.0.0/8 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -A INPUT -p tcp --syn -s 10.0.0.0/8 -j ACCEPT
iptables -D INPUT -p tcp --syn -s 10.0.0.0/8 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -A INPUT -p tcp --syn -s 172.16.0.0/12 -j ACCEPT
iptables -D INPUT -p tcp --syn -s 192.0.0.0/8 -j ACCEPT
iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -D INPUT -p tcp --syn -s 172.16.0.0/12 -j ACCEPT
iptables -A INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -I INPUT -p tcp --syn -s 45.95.146.93 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -A OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp --syn -s 172.16.0.0/12 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -D INPUT -p tcp --syn -s 100.64.0.0/10 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -D INPUT -p tcp -m state --state ESTABLISHED,RELATED -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -D OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -D OUTPUT -p tcp -m state --state NEW,ESTABLISHED -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -t raw -I OUTPUT -p tcp --sport 46759 -j NOTRACK
iptables -D INPUT -p tcp --syn -s 100.64.0.0/10 -j ACCEPT
iptables -A INPUT -p tcp --syn -s 127.0.0.0/8 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -A INPUT -p tcp --syn -j DROP
iptables -A INPUT -p tcp --syn -j DROP
iptables -L INPUT --line-numbers
iptables -D INPUT -p tcp --syn -s 127.0.0.0/8 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -A INPUT -p tcp --syn -s 127.0.0.0/8 -j ACCEPT
iptables -C INPUT -p tcp --syn -s 45.95.146.93 -j ACCEPT
/usr/sbin/xtables-nft-multi iptables -L INPUT --line-numbers
Performs operations with the file system:
Modifies file access rights:
/var/tmp/MzxvzbtPR3HHkV3LYw1RTNz0k
Creates or modifies files:
/var/tmp/MzxvzbtPR3HHkV3LYw1RTNz0k
/dev/watchdog
/proc/sys/net/netfilter/nf_conntrack_max
/proc/sys/net/ipv4/ip_forward
Deletes files:
/var/tmp/MzxvzbtPR3HHkV3LYw1RTNz0k
Mounts file systems:
Network activity:
Awaits incoming connections on ports:
127.0.0.1:65528
127.0.0.1:65531
Establishes connection:
45.##.146.93:82
8.#.8.8:53
45.##.146.93:81
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
DNS ASK:
0.#.#.#0.in-addr.arpa
0.#.##.100.in-addr.arpa
0.#.#.#27.in-addr.arpa
0.#.##.172.in-addr.arpa
0.#.#.#92.in-addr.arpa
Sends data to the following servers:
Receives data from the following servers:
45.##.146.93:82
45.##.146.93:81
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK