Technical Information
Malicious functions:
Launches itself as a daemon
Kills system processes:
- sshd
Kills the following processes:
- systemd
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:8235
Establishes connection:
- 8.#.8.8:53
- 45.##.196.75:4859
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 45.##.196.75:4859
- 24#.#.212.253:23
- 84.##.66.238:23
- 66.###.215.93:23
- 15#.##0.52.210:23
- 23#.##.207.217:23
- 13#.#5.28.35:23
- 23#.##7.43.34:23
- 12#.##5.26.31:23
- 24#.##7.89.114:23
- 16#.##.37.135:23
- 19#.##3.161.20:23
- 22.##.110.176:23
- 12#.##8.118.35:23
- 13#.##0.119.27:23
- 17#.##.34.134:23
- 13#.##.198.46:23
- 79.###.159.111:23
- 10#.#.158.89:23
- 88.##.208.205:23
- 15.##7.19.5:23
- 81.###.118.241:23
- 24#.##9.93.57:23
- 13#.##5.153.40:23
- 15#.##.120.187:23
- 17#.##.59.122:23
- 17#.#.175.63:23
- 24.##.188.141:23
- 11#.##8.121.80:23
- 31.##.190.183:23
- 17#.##2.18.169:23
- 12#.##0.162.181:23
- 13#.##5.210.176:23
- 22#.##9.174.152:23
- 45.###.211.165:23
- 11.##6.50.72:23
- 49.###.79.193:23
- 22#.##.243.254:23
- 19#.##5.81.144:23
- 11#.##5.246.29:23
- 20#.##1.13.29:23
- 23#.##.177.151:23
- 44.###.103.122:23
- 8.###.67.250:23
- 17#.##4.212.130:23
- 4.###.178.121:23
- 53.###.86.192:23
- 67.##.5.116:23
- 24#.##9.131.215:23
- 13#.##2.237.204:23
- 19#.##3.144.23:23
Receives data from the following servers:
- 45.##.196.75:4859
