Technical Information
Malicious functions:
Launches itself as a daemon
Kills system processes:
- sshd
Kills the following processes:
- exim4
- bash
- run.sh
Network activity:
Establishes connection:
- 8.#.8.8:53
- 14#.##.75.253:4534
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 14#.##.75.253:4534
- 38.###.154.65:23
- 87.###.189.58:23
- 11#.##4.76.46:23
- 10#.##1.176.249:23
- 13#.##.189.93:23
- 94.##.69.91:23
- 87.###.10.188:23
- 18#.##.15.203:23
- 20.##8.83.28:23
- 71.##.251.84:23
- 35.#.211.36:23
- 21#.##5.75.33:23
- 21#.#.52.159:23
- 15#.##3.207.182:23
- 46.##.25.252:23
Receives data from the following servers:
- 14#.##.75.253:4534
Other:
Collects information about network activity