マイライブラリ
マイライブラリ

+ マイライブラリに追加

電話

お問い合わせ履歴

電話(英語)

+7 (495) 789-45-86

Profile

Linux.Siggen.2372

Added to the Dr.Web virus database: 2020-02-10

Virus description added:

Technical Information

Malicious functions:
Launches itself as a daemon
Modifies firewall settings:
  • iptables -F
Launches processes:
  • sh -c iptables -F
Performs operations with the file system:
Modifies file access rights:
  • /bin/systemctl
Creates or modifies files:
  • /root/hoho.arm
  • /root/hoho.arm7
  • /root/hoho.arm6
  • /root/hoho.arm5
  • /root/hoho.mips
  • /root/hoho.mpsl
  • /root/hoho.arc
  • /root/hoho.ppc
Network activity:
Awaits incoming connections on ports:
  • 0.0.0.0:5501
Establishes connection:
  • 8.#.8.8:53
  • 1.#.1.1:53
  • 19#.##5.18.28:30047
HTTP GET requests:
  • bo#.####ismyipaddress.com/
  • 19#.###.18.28/hoho.arm
  • 19#.###.18.28/hoho.arm7
  • 19#.###.18.28/hoho.arm6
  • 19#.###.18.28/hoho.arm5
  • 19#.###.18.28/hoho.mips
  • 19#.###.18.28/hoho.mpsl
  • 19#.###.18.28/hoho.arc
  • 19#.###.18.28/hoho.ppc
DNS ASK:
  • bo#.####ismyipaddress.com
  • sw###hnets.net
Sends data to the following servers:
  • 58.##.235.24:23
  • 9.##.160.223:23
  • 21#.##7.64.19:23
  • 11#.##3.223.152:23
  • 17#.##0.244.95:23
  • 31.###.161.177:23
  • 11#.##.66.253:23
  • 17#.##6.21.35:23
  • 16#.##.123.139:23
  • 97.###.238.19:23
  • 12#.#.17.234:23
  • 46.###.234.234:23
  • 87.##.40.11:23
  • 18#.##8.240.101:23
  • 8.###.24.1:23
  • 47.###.83.155:23
  • 12#.##.155.28:23
  • 9.###.81.33:23
  • 10#.##.115.56:23
  • 14#.##8.150.24:23
  • 19#.##4.111.4:23
  • 54.###.178.152:23
  • 82.###.171.253:23
  • 60.##.39.51:23
  • 27.##.142.244:23
  • 9.###.218.255:23
  • 16#.##.182.135:23
  • 22#.#2.42.54:23
  • 15#.##2.68.39:23
  • 15#.##3.162.2:23
  • 57.###.90.106:23
  • 21#.##1.10.35:23
  • 16#.##.129.41:23
  • 19#.##.200.213:23
  • 74.##1.16.72:23
  • 88.###.231.12:23
  • 17#.##0.16.112:23
  • 62.###.192.236:23
  • 20#.##5.104.109:23
  • 69.##.49.106:23
  • 12#.##2.69.80:23
  • 25.###.185.203:23
  • 44.##.42.72:23
  • 11#.##9.131.166:23
  • 93.##.220.234:23
  • 18#.#2.189.0:23
  • 20#.#.120.249:23
  • 88.###.244.246:23
  • 15#.##9.6.123:23
  • 17#.##5.19.232:23
  • 76.##.6.82:23
  • 93.###.118.244:23
  • 54.##.224.145:23
  • 22#.##8.192.224:23
  • 22#.##3.195.45:23
  • 19.##.15.141:23
  • 91.##2.88.69:23
  • 88.###.102.47:23
  • 46.##.40.215:23
  • 17#.##8.206.228:23
  • 80.#.6.48:23
  • 67.##0.66.20:23
  • 10#.##2.255.251:23
  • 13#.##1.201.15:23
  • 21#.##1.167.178:23
  • 16#.##7.42.24:23
  • 82.##.5.105:23
  • 16#.##4.65.83:23
  • 13#.##1.104.38:23
  • 17.##.172.221:23
  • 15#.#8.109.7:23
  • 14#.##9.44.185:23
  • 19#.#.124.98:23
  • 4.###.114.92:23
  • 11#.##.189.19:23
  • 16#.##8.1.161:23
  • 14#.#.93.250:23
  • 17#.##7.180.62:23
  • 88.###.249.58:23
  • 11#.##2.223.102:23
  • 20#.##4.88.233:23
  • 14#.##7.122.180:23
  • 84.###.220.35:23
  • 27.###.98.146:23
  • 58.###.209.45:23
  • 14#.##.231.67:23
  • 20#.##8.213.118:23
  • 66.##6.3.37:23
  • 16#.##4.2.213:23
  • 12.##.36.70:23
  • 16#.##4.99.116:23
  • 19#.##9.68.59:23
  • 11#.##6.155.249:23
  • 15#.#8.84.34:23
  • 17#.##4.255.93:23
  • 18.##.167.33:23
  • 97.###.65.153:23
  • 74.##0.8.248:23
  • 15#.##2.23.27:23
  • 21#.##0.167.208:23
  • 91.#.130.59:23
  • 15#.##.131.180:23
  • 92.##.169.168:23
  • 20#.##.200.204:23
  • 20#.##1.208.220:23
  • 57.##1.15.42:23
  • 67.###.252.216:23
  • 77.##8.126.9:23
  • 80.##.102.238:23
  • 10#.##.205.176:23
  • 13#.##5.196.95:23
  • 37.###.74.186:23
  • 12#.##2.77.226:23
  • 12#.#.169.1:23
  • 19#.##4.123.242:23
  • 57.##.239.48:23
  • 20.###.224.13:23
  • 19#.##2.127.99:23
  • 22#.##0.15.202:23
  • 16#.##.162.246:23
  • 22#.##.15.205:23
  • 10#.##8.140.59:23
  • 18#.##0.206.232:23
  • 20.###.156.173:23
  • 17#.##8.103.75:23
  • 12#.#0.62.61:23
  • 16#.##3.205.17:23
  • 12#.##5.82.137:23
  • 64.##.48.206:23
  • 11#.##7.119.18:23
  • 2.###.222.58:23
  • 4.##.55.26:23
  • 93.##.12.122:23
  • 13#.##.39.216:23
  • 18#.##.191.80:23
  • 99.###.237.213:23
  • 19.##2.90.55:23
  • 16#.##1.199.52:23
  • 46.##.23.243:23
  • 11#.##9.11.213:23
  • 15#.##2.77.186:23
  • 14#.##7.11.142:23
  • 16#.##9.250.9:23
  • 20#.##0.159.72:23
  • 18.###.95.116:23
  • 16#.#4.92.13:23
  • 50.#.237.13:23
  • 99.###.112.206:23
  • 75.##.15.180:23
  • 20#.##7.46.244:23
  • 22#.##7.187.29:23
  • 75.###.123.198:23
  • 74.##.21.82:23
  • 10#.##3.109.255:23
  • 22#.##3.183.158:23
  • 50.##.255.105:23
  • 24.##.123.144:23
  • 16#.##5.23.213:23
  • 14.###.208.12:23
  • 20#.##7.199.72:23
  • 13#.#.59.223:23
  • 23.###.96.193:23
  • 44.##.175.59:23
  • 53.###.178.114:23
  • 17#.##9.76.182:23
  • 11#.##2.119.30:23
  • 12#.#5.38.39:23
  • 37.##.29.169:23
  • 70.###.160.242:23
  • 16#.##.73.226:23
  • 11#.##.185.40:23
  • 71.##.91.22:23
  • 16#.##3.16.128:23
  • 44.##.166.126:23
  • 1.#.#72.211:23
  • 19#.##.143.195:23
  • 27.###.107.230:23
  • 16#.##2.97.152:23
  • 19#.##.177.214:23
  • 11#.##.209.139:23
  • 17#.##1.67.239:23
  • 12#.##4.159.79:23
  • 41.###.255.62:23
  • 17#.##8.99.218:23
  • 36.###.14.114:23
  • 62.###.54.194:23
  • 19#.##7.41.186:23
  • 19#.##4.198.151:23
  • 43.##9.34.84:23
  • 54.###.212.186:23
  • 74.##.111.232:23
  • 64.###.202.63:23
  • 16#.##8.207.233:23
  • 18.#.213.173:23
  • 2.###.204.89:23
  • 13#.##.147.36:23
  • 82.###.168.95:23
  • 15#.##4.243.89:23
  • 47.##.62.34:23
  • 19#.##6.208.83:23
  • 13#.##.178.227:23
  • 14#.##3.81.10:23
  • 17#.##8.214.90:23
  • 10#.##.244.11:23

Curing recommendations


Linux

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

One month (no registration) or three months (registration and renewal discount)

Download Dr.Web

Download by serial number