Technical Information
Malicious functions:
Launches itself as a daemon
Kills the following processes:
- exim4
- bash
- run.sh
Network activity:
Establishes connection:
- 8.#.8.8:53
- 80.###.134.53:666
- 80.###.134.53:374
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 80.###.134.53:666
- 20#.##8.67.234:23
- 74.###.22.127:23
- 74.##.162.213:23
- 82.#.216.171:23
- 10#.##2.53.95:23
- 10#.#.139.56:23
- 11#.##.14.192:23
- 15#.##.91.161:23
- 17#.##.150.110:23
- 10#.##.152.11:23
- 12#.##.77.211:23
- 21#.##.228.200:23
- 45.###.207.105:23
- 15#.#1.66.80:23
- 15#.##.167.239:23
- 18#.##.28.123:23
- 11#.##.147.236:23
- 21#.##0.227.210:23
- 9.###.77.235:23
- 18#.##.199.34:23
- 38.##1.88.69:23
- 14.##.127.88:23
- 14#.##0.46.199:23
- 16#.##3.139.38:23
- 18#.##4.123.98:23
- 84.##.213.218:23
- 14.###.241.239:23
- 14#.##0.238.118:23
- 68.##.148.120:23
- 20#.##4.248.138:23
- 40.##.137.94:23
- 17#.##5.215.213:23
- 85.###.95.150:23
- 72.##.239.115:23
- 17#.##8.156.178:23
- 8.###.238.46:23
- 18#.##7.105.239:23
- 74.###.191.200:23
- 11#.##.90.103:23
- 19#.##6.174.121:23
- 71.###.32.114:23
- 78.###.201.180:23
- 16#.##4.127.229:23
- 14#.##1.130.217:23
- 21#.##6.70.141:23
- 20#.##3.240.119:23
- 18#.##0.235.207:23
- 16#.#.191.159:23
- 20#.#.199.236:23
Receives data from the following servers:
- 80.###.134.53:666
