JavaScript support is required for our site to be fully operational in your browser.
Linux.Siggen.3293
Added to the Dr.Web virus database:
2020-08-14
Virus description added:
2020-08-13
Technical Information
Malicious functions:
Launches itself as a daemon
Launches processes:
bash -c ./.nttpd
./.nttpd
bash -c exit 77
bash -c ps | grep .nttpd > .nttpd.ps
ps
grep .nttpd
bash -c #
Performs operations with the file system:
Modifies file access rights:
Creates or modifies files:
/root/.nttpd
/root/.nttpd.ps
/root/.nttpd.pid
Deletes files:
/root/.nttpd
/root/.nttpd.ps
Network activity:
Establishes connection:
18#.###.128.181:15204
18#.###.128.181:16204
19#.#.144.185:15204
19#.#.144.185:16204
91.###.158.118:15204
91.###.158.118:16204
Sends data to the following servers:
12#.#.15.29:123
12#.#.15.28:123
19#.##.252.5:123
82.##.206.125:123
20#.##.232.182:123
Other:
Collects CPU information
Collects RAM information
Curing recommendations
Linux
Free trial
One month (no registration) or three months (registration and renewal discount)
By continuing to use this website, you are consenting to Doctor Web’s use of cookies and other technologies related to the collection of visitor statistics. Learn more
OK