Technical Information
Malicious functions:
Launches itself as a daemon
Kills system processes:
- sshd
Kills the following processes:
- systemd
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:8235
Establishes connection:
- 8.#.8.8:53
- 45.##.196.75:4859
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 45.##.196.75:4859
- 24#.##.96.115:23
- 22#.##.17.115:23
- 11#.##.38.173:23
- 76.##.31.84:23
- 24#.##.231.175:23
- 15.##.121.124:23
- 65.###.149.163:23
- 20#.##.178.102:23
- 24#.#28.18.2:23
- 11#.##7.101.52:23
- 20#.##2.209.227:23
- 18#.##7.223.33:23
- 21#.#74.23.1:23
- 27.##.232.140:23
- 15#.##9.4.251:23
- 22#.##2.149.166:23
- 18#.##7.243.28:23
- 17.##.175.107:23
- 21#.##.169.118:23
- 14#.##6.246.182:23
- 10#.#5.61.92:23
- 97.###.47.251:23
- 66.###.202.166:23
- 23#.##.251.251:23
- 22#.##3.190.194:23
- 60.##.179.246:23
- 23#.##1.173.217:23
- 22#.##9.30.142:23
- 24#.##7.193.218:23
- 16#.##4.15.197:23
- 13#.##.190.100:23
- 18#.##.66.174:23
- 25#.##2.110.59:23
- 14#.##3.94.54:23
- 18#.##.151.178:23
- 17#.##.92.176:23
- 18.###.205.211:23
- 25#.#9.67.36:23
- 9.##.243.11:23
- 21#.##3.26.143:23
- 47.##.64.96:23
- 15#.##.129.215:23
- 15#.##7.113.249:23
- 20#.##0.102.195:23
- 74.##.21.12:23
- 21#.##9.140.191:23
- 12#.##0.12.94:23
- 19#.##.106.200:23
- 10#.##.242.61:23
- 10#.##.88.114:23
- 89.###.28.187:23
- 74.##7.22.35:23
- 23#.##.56.202:23
- 11#.##1.95.87:23
- 22#.##4.226.109:23
- 27.##5.63.80:23
- 15#.##7.225.42:23
- 17#.##7.221.174:23
- 8.###.160.238:23
- 14.###.159.134:23
- 25.###.178.43:23
- 21#.##.148.49:23
- 12#.##7.184.75:23
- 75.###.160.191:23
- 20#.##0.117.3:23
- 18#.##2.165.104:23
- 20#.##6.230.95:23
- 95.##0.6.135:23
- 88.###.157.228:23
- 25#.##0.210.31:23
- 12#.##0.80.228:23
- 22#.##6.119.74:23
- 15#.##0.137.149:23
- 13#.##7.206.35:23
- 5.###.61.241:23
- 21#.##0.236.148:23
- 20#.##2.214.5:23
- 18#.##7.154.49:23
- 40.##6.46.83:23
- 25#.##2.65.22:23
- 58.###.48.144:23
- 11#.##4.234.36:23
- 22#.##8.28.200:23
- 23#.##4.251.31:23
- 88.###.159.68:23
- 82.###.226.25:23
- 27.#.52.217:23
- 72.#.91.178:23
- 14#.##7.87.58:23
- 11#.##.216.205:23
- 19#.##5.187.223:23
- 17#.##.243.161:23
- 59.##.114.167:23
- 12#.##.183.96:23
- 15#.##.72.196:23
- 13#.##8.65.94:23
- 17#.##5.235.166:23
- 21#.##0.236.175:23
- 24#.##2.66.235:23
- 12#.##6.120.115:23
- 74.###.182.230:23
- 12#.##8.186.27:23
- 24#.##1.72.44:23
- 10#.##5.15.26:23
- 19#.##8.68.125:23
- 15#.##.21.116:23
- 95.##1.4.208:23
- 21#.##2.239.127:23
- 45.##.69.104:23
- 10#.##.162.184:23
- 46.##8.9.224:23
- 95.###.172.126:23
- 17#.##0.251.236:23
- 16#.##3.105.156:23
- 18.##.6.65:23
- 26.##.144.48:23
- 59.##.127.253:23
- 90.##.102.21:23
- 10#.#2.55.52:23
- 21#.##.150.168:23
- 15.###.107.218:23
- 21#.##1.232.178:23
- 19#.##6.53.55:23
- 15#.##6.57.229:23
- 17.###.34.246:23
- 60.##.27.241:23
- 21#.#8.219.2:23
- 20#.##.250.48:23
- 50.###.170.250:23
- 57.###.180.189:23
- 20#.##.53.121:23
- 25.###.45.116:23
- 14#.##.186.190:23
- 12#.##0.254.84:23
- 15#.##.107.118:23
- 13#.##1.171.39:23
- 18#.##6.255.114:23
- 93.###.245.67:23
- 82.##9.39.49:23
- 15#.#4.40.14:23
- 23#.#2.92.4:23
- 98.##3.27.61:23
- 13#.#6.20.18:23
- 74.###.134.13:23
- 23#.##6.223.99:23
- 20#.##6.225.232:23
- 10#.##9.108.48:23
- 32.###.213.214:23
- 63.##.80.53:23
- 64.###.175.19:23
- 15#.##7.180.214:23
- 14#.##4.74.134:23
- 21#.##.215.246:23
- 23#.##1.152.160:23
- 20#.#91.1.26:23
- 18#.##.129.132:23
- 30.##5.54.79:23
- 15#.##.160.119:23
- 14#.##9.86.213:23
- 18#.##.238.118:23
- 47.###.200.187:23
- 25#.##5.151.138:23
- 94.###.166.146:23
- 24#.##2.127.209:23
- 22.###.211.159:23
- 73.##5.92.69:23
- 10#.##9.156.117:23
- 6.###.85.54:23
- 15#.##6.150.8:23
- 13#.##6.159.69:23
- 26.##.58.205:23
- 61.##5.23.50:23
- 25#.##1.185.224:23
- 22#.##6.40.106:23
- 20#.##4.29.28:23
- 14#.##.158.103:23
- 15#.#3.73.95:23
- 19#.##6.44.57:23
- 16#.##6.2.238:23
- 65.##.197.70:23
- 87.###.167.173:23
- 17#.##6.80.127:23
- 12#.##1.124.235:23
- 11#.##.173.99:23
- 6.###.158.231:23
- 25.###.128.245:23
- 21#.##0.250.23:23
- 10#.##8.145.11:23
- 21#.##.61.204:23
- 47.###.204.243:23
- 19#.##2.185.246:23
- 11#.#3.24.93:23
- 34.#.246.237:23
- 14#.##.160.55:23
- 13#.##.105.163:23
- 25.###.90.196:23
- 92.###.226.246:23
- 31.###.91.222:23
- 69.##6.9.127:23
- 96.###.56.109:23
- 25#.##1.192.223:23
- 18#.##8.36.224:23
- 16#.##4.85.143:23
- 22.###.69.241:23
- 23.##.128.207:23
- 16#.##5.177.96:23
- 17#.##6.171.196:23
- 14#.##0.162.82:23
- 89.###.185.103:23
- 46.###.23.101:23
- 25#.##.177.69:23
- 30.###.90.189:23
- 10#.##.44.111:23
- 20#.##.55.121:23
- 53.##1.95.86:23
- 10#.##8.226.7:23
- 98.###.225.172:23
- 16#.##7.92.58:23
- 24#.##1.209.255:23
- 16#.##.250.119:23
- 10#.##0.180.62:23
- 18.###.222.218:23
- 15#.##.46.230:23
- 32.##.196.118:23
- 20.##.116.56:23
- 16#.##6.255.167:23
- 1.###.186.186:23
- 24#.##2.37.44:23
- 99.##.143.193:23
- 10#.##5.202.93:23
- 1.##.247.187:23
- 25#.##2.122.185:23
- 52.###.120.29:23
- 24.###.215.53:23
- 46.##4.8.150:23
- 14#.#7.123.3:23
- 16#.##.106.233:23
- 21#.##9.141.230:23
- 12.###.216.210:23
- 25#.#7.55.60:23
- 59.###.104.206:23
- 13#.##.111.208:23
- 11#.##7.44.47:23
- 19.###.188.55:23
- 17.###.221.255:23
- 45.##.87.45:23
- 13#.##4.236.191:23
- 23#.##.219.43:23
- 19#.##0.3.119:23
- 42.##.236.95:23
- 24#.#0.100.3:23
- 20#.##3.104.234:23
- 96.###.43.105:23
- 10#.##6.29.35:23
- 22#.##4.191.65:23
- 14#.#8.69.91:23
- 10#.##.212.198:23
- 32.##.208.94:23
- 3.###.227.88:23
- 34.##.173.5:23
- 95.##.21.36:23
- 29.###.177.225:23
- 22#.##1.92.180:23
- 14#.##.184.226:23
- 16#.##8.171.134:23
- 20#.##.205.246:23
- 54.##.121.201:23
- 93.###.172.14:23
- 18#.##8.143.150:23
- 15#.##.117.86:23
- 38.###.109.208:23
- 41.##.35.117:23
- 20#.##0.100.69:23
- 91.##.216.134:23
- 15#.##1.28.44:23
- 62.###.125.178:23
- 6.##.22.115:23
- 18.##.191.52:23
- 78.###.185.177:23
- 17#.##9.228.131:23
- 14#.##.80.174:23
- 16#.##7.148.160:23
- 17#.##6.115.70:23
- 26.##.178.216:23
- 19#.#9.9.248:23
- 76.###.98.175:23
- 11#.##3.70.193:23
- 18.##9.90.37:23
- 24#.##4.43.105:23
- 66.#.242.115:23
- 12#.#2.128.5:23
- 86.###.79.183:23
- 11#.##9.64.186:23
- 17#.#5.206.8:23
- 21#.##3.197.125:23
- 96.###.231.82:23
- 65.##.228.64:23
Receives data from the following servers:
- 45.##.196.75:4859