Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Linux.Siggen.2369

Added to the Dr.Web virus database: 2020-02-07

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Modifies firewall settings:
  • iptables -F
Launches processes:
  • sh -c iptables -F
Performs operations with the file system:
Modifies file access rights:
  • /bin/systemctl
Creates or modifies files:
  • /root/hoho.arm
  • /root/hoho.arm7
  • /root/hoho.arm6
  • /root/hoho.arm5
  • /root/hoho.mips
  • /root/hoho.mpsl
  • /root/hoho.arc
  • /root/hoho.ppc
  • /root/hoho.i586
  • /root/hoho.i686
  • /root/hoho.m68k
  • /root/hoho.sh4
  • /root/hoho.spc
Network activity:
Awaits incoming connections on ports:
  • 0.0.0.0:5495
  • 0.0.0.0:10424
Establishes connection:
  • 8.#.8.8:53
  • 1.#.1.1:53
  • 19#.##5.18.28:30047
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
HTTP GET requests:
  • bo#.####ismyipaddress.com/
  • 19#.###.18.28/hoho.arm
  • 19#.###.18.28/hoho.arm7
  • 19#.###.18.28/hoho.arm6
  • 19#.###.18.28/hoho.arm5
  • 19#.###.18.28/hoho.mips
  • 19#.###.18.28/hoho.mpsl
  • 19#.###.18.28/hoho.arc
  • 19#.###.18.28/hoho.ppc
  • 19#.###.18.28/hoho.i586
  • 19#.###.18.28/hoho.i686
  • 19#.###.18.28/hoho.m68k
  • 19#.###.18.28/hoho.sh4
  • 19#.###.18.28/hoho.spc
DNS ASK:
  • bo#.####ismyipaddress.com
  • sw###hnets.net
Sends data to the following servers:
  • 19#.##5.18.28:30047
  • 18.##1.47.81:23
  • 11#.##.145.255:23
  • 20#.##.120.57:23
  • 87.###.118.180:23
  • 20#.##1.129.216:23
  • 11#.##9.44.13:23
  • 11#.##.186.22:23
  • 68.###.62.143:23
  • 13#.##.210.13:23
  • 97.##.74.33:23
  • 62.##.226.126:23
  • 5.###.173.4:23
  • 21#.##4.209.205:23
  • 13#.##8.52.236:23
  • 19#.##5.128.104:23
  • 49.###.165.224:23
  • 11#.##.220.27:23
  • 17#.##7.220.138:23
  • 61.##.135.254:23
  • 19#.##.73.254:23
  • 71.##8.77.37:23
  • 91.###.243.49:23
  • 53.##2.1.102:23
  • 45.###.236.104:23
  • 11#.##5.45.89:23
  • 61.##.71.242:23
  • 12#.##0.45.236:23
  • 4.###.236.154:23
  • 13#.##.160.100:23
  • 46.###.179.95:23
  • 15#.#.45.57:23
  • 23.##.245.110:23
  • 13#.##.169.252:23
  • 74.###.25.227:23
  • 16#.#3.74.69:23
  • 9.#.#6.213:23
  • 84.###.24.235:23
  • 16#.##5.56.158:23
  • 13#.##.99.156:23
  • 16#.##.161.226:23
  • 11#.##1.119.33:23
  • 16#.##5.127.156:23
  • 81.##.74.16:23
  • 77.##.142.201:23
  • 18#.##.161.102:23
  • 69.##8.38.3:23
  • 5.###.113.102:23
  • 37.##.50.159:23
  • 89.##.92.81:23
  • 18#.##.67.142:23
  • 2.###.161.198:23
  • 63.###.47.237:23
  • 17#.##0.219.183:23
  • 18#.##6.153.175:23
  • 41.###.252.190:23
  • 12#.##8.84.166:23
  • 16#.#.231.220:23
  • 53.##1.34.13:23
  • 22#.##7.219.56:23
  • 12#.##1.144.17:23
  • 86.##.204.3:23
  • 8.##.249.8:23
  • 76.##.156.70:23
  • 71.###.231.207:23
  • 10#.##2.116.241:23
  • 10#.##0.130.187:23
  • 22#.##.117.83:23
  • 58.###.11.132:23
  • 17#.##.129.198:23
  • 49.#.31.119:23
  • 67.###.203.146:23
  • 14#.##.35.149:23
  • 72.###.145.20:23
  • 16#.##.173.150:23
  • 75.##.13.229:23
  • 60.###.151.183:23
  • 36.##.135.138:23
  • 49.##5.144.6:23
  • 21#.##.61.215:23
  • 16#.#0.77.50:23
  • 20#.##3.189.118:23
  • 14#.##1.18.180:23
  • 13#.##.131.35:23
  • 37.##.112.104:23
  • 19.###.56.162:23
  • 19#.##5.226.242:23
  • 13#.##3.238.231:23
  • 10#.##.240.142:23
  • 16#.##5.116.4:23
  • 51.##.214.152:23
  • 14#.##5.178.49:23
  • 15#.##6.242.192:23
  • 10#.##.233.148:23
  • 80.##5.68.81:23
  • 13#.##.235.169:23
  • 15#.##6.201.191:23
  • 31.###.239.90:23
  • 19#.##.44.141:23
  • 10#.##7.166.137:23
  • 51.###.190.220:23
  • 76.##.80.78:23
  • 13#.##.143.203:23
  • 13.###.30.149:23
  • 44.###.43.170:23
  • 11#.##9.216.130:23
  • 62.###.216.252:23
  • 13#.##7.77.11:23
  • 11#.#5.4.107:23
  • 44.##3.21.70:23
  • 90.##.221.16:23
  • 15#.##3.12.178:23
  • 13#.##6.145.201:23
  • 9.###.161.150:23
  • 21#.##6.83.171:23
  • 19.###.194.212:23
  • 47.##7.0.35:23
  • 46.###.181.224:23
  • 17#.##.37.106:23
  • 18#.##.217.82:23
  • 21#.##5.116.25:23
  • 12#.##1.34.204:23
  • 77.##.164.125:23
  • 46.##.49.85:23
  • 16#.##7.175.251:23
  • 79.##7.43.29:23
  • 15#.##.217.15:23
  • 17#.##6.53.165:23
  • 17#.##9.185.141:23
  • 15#.##7.133.247:23
  • 22#.##.229.44:23
  • 43.##.89.130:23
  • 20#.##.134.172:23
  • 49.###.27.122:23
  • 10#.##2.137.107:23
  • 49.###.153.159:23
  • 17#.##6.37.244:23
  • 46.##.104.197:23
  • 11#.##6.132.128:23
  • 17#.##1.210.109:23
  • 11#.##1.234.24:23
  • 10#.##3.66.65:23
  • 14#.##0.24.65:23
  • 13#.##1.106.26:23
  • 18#.##9.122.43:23
  • 21#.##.207.137:23
  • 92.###.218.73:23
  • 57.###.141.73:23
  • 60.##.233.102:23
  • 21#.##1.237.187:23
  • 5.###.117.62:23
  • 17#.#.70.54:23
  • 14#.#.23.156:23
  • 10#.##1.144.64:23
  • 16#.#9.5.150:23
  • 73.##1.86.93:23
  • 17#.##0.189.151:23
  • 14#.##5.95.183:23
  • 17#.##0.171.160:23
  • 61.###.180.123:23
  • 22#.##.179.166:23
  • 21#.##4.209.236:23
  • 62.##.215.117:23
  • 20#.##6.86.255:23
  • 11#.##.119.57:23
  • 5.###.32.153:23
  • 18#.#5.54.81:23
  • 19#.##3.118.91:23
  • 73.###.140.160:23
  • 10#.##8.149.176:23
  • 13#.##.139.190:23
  • 35.###.248.44:23
  • 53.##.15.220:23
  • 50.###.178.169:23
  • 50.##1.247.4:23
  • 12#.##.233.241:23
  • 85.###.35.254:23
  • 53.#.20.230:23
  • 18#.##2.225.106:23
  • 15#.##0.156.15:23
  • 13#.##8.68.253:23
  • 89.##.87.117:23
  • 15#.##5.116.186:23
  • 11#.##5.120.208:23
  • 60.###.109.218:23
  • 17#.##.195.237:23
  • 79.###.25.232:23
  • 47.##.49.76:23
  • 18#.##4.167.126:23
  • 17#.##6.244.86:23
  • 11#.#8.91.64:23
  • 1.###.18.172:23
  • 19#.##.84.143:23
  • 13#.##2.18.167:23
  • 15#.##9.26.19:23
  • 19#.##1.172.216:23
  • 14#.##1.248.211:23
  • 96.#.155.8:23
  • 19#.##0.186.34:23
  • 17#.#6.69.75:23
  • 15#.##9.224.103:23
  • 95.##9.111.9:23
  • 18#.##8.223.41:23
  • 11#.##.174.80:23
  • 79.##.195.168:23
  • 93.###.226.46:23
  • 20#.##5.249.127:23
  • 13#.#.197.137:23
  • 38.##.118.164:23
  • 53.###.180.162:23
  • 85.###.188.34:23
  • 77.###.91.237:23
  • 11#.##8.176.255:23
  • 47.###.192.195:23
  • 74.###.108.36:23
  • 15#.##.168.31:23
  • 52.###.114.110:23
  • 91.###.52.194:23
  • 19#.##7.249.58:23
  • 10#.##8.50.60:23
  • 14#.##4.167.145:23
  • 19#.##.28.217:23
  • 16#.##9.201.171:23
  • 12.###.224.233:23
  • 16#.##1.164.11:23
  • 19#.#.0.239:23
  • 15#.##1.25.145:23
  • 99.#.140.143:23
  • 84.###.246.15:23
  • 18#.##.174.168:23
  • 95.###.215.45:23
  • 31.##.190.140:23
  • 34.###.99.155:23
Receives data from the following servers:
  • 19#.##5.18.28:30047

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number