Technical Information
Malicious functions:
Launches itself as a daemon
Kills system processes:
- sshd
Kills the following processes:
- systemd
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:8235
Establishes connection:
- 8.#.8.8:53
- 45.##.196.75:4859
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 45.##.196.75:4859
- 98.##5.75.95:23
- 40.##.225.231:23
- 17#.##4.223.92:23
- 67.###.45.193:23
- 13#.#0.6.31:23
- 61.##7.95.28:23
- 19#.##3.64.172:23
- 57.##.230.228:23
- 83.###.152.130:23
- 76.###.229.82:23
- 99.#.49.194:23
- 22.##.202.85:23
- 13#.##6.15.105:23
- 81.###.80.104:23
- 18.###.33.118:23
- 17#.##2.117.95:23
- 74.##.248.20:23
- 20#.#.19.240:23
- 75.###.210.219:23
- 82.##1.95.1:23
- 96.#.235.169:23
- 60.###.103.45:23
- 31.##.26.10:23
- 11#.##9.190.33:23
- 17.###.17.239:23
- 15#.#.221.83:23
- 92.##.102.244:23
- 21#.##8.236.149:23
- 16#.#9.8.53:23
- 36.###.146.59:23
- 14#.##4.178.139:23
- 54.###.53.156:23
- 15#.##.88.136:23
- 82.###.148.89:23
- 11#.##4.67.129:23
- 11#.##.166.161:23
- 19#.##.172.120:23
- 70.#.204.30:23
- 15#.##.145.178:23
- 13#.##8.133.73:23
- 12#.##.157.36:23
- 95.##1.13.11:23
- 15#.##.130.231:23
- 13#.##6.114.148:23
- 77.##.83.210:23
- 93.###.146.122:23
- 52.###.196.191:23
Receives data from the following servers:
- 45.##.196.75:4859