Technical Information
Malicious functions:
Kills system processes:
- sshd
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:21769
- 0.0.0.0:23
- 0.0.0.0:22
- 0.0.0.0:80
- 0.0.0.0:8088
- 0.0.0.0:8443
- 0.0.0.0:8083
Establishes connection:
- 8.#.8.8:53
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 18#.##.221.67:23
- 11#.##5.33.55:23
- 18.##4.37.32:23
- 12#.##.41.216:23
- 11#.#.203.120:23
- 22#.##.130.68:23
- 24#.#0.72.18:23
- 17#.##.210.104:23
- 17#.#2.15.98:23
- 40.###.235.55:23
- 17#.##1.209.200:23
- 91.#.154.227:23
- 24.###.157.147:23
- 72.###.144.149:23
- 66.##.45.230:23
- 35.###.28.228:23
- 19#.##.218.244:23
- 88.##.32.174:23
- 23#.##.148.185:23
- 17#.##9.230.21:23
- 18#.#4.86.37:23
- 20.###.187.171:23
- 44.###.203.83:23
- 19#.##2.44.134:23
- 24#.#.153.55:23
- 19#.##0.229.69:23
- 15#.##9.169.172:23
- 18#.##0.173.85:23
- 14#.##4.70.82:23
- 15#.#0.56.61:23
- 15#.##9.237.251:23
- 96.#.55.119:23
- 31.###.133.43:23
- 10#.##7.220.90:23
- 17#.##.160.145:23
- 15#.##2.112.63:23
- 23#.##.138.251:23
- 10#.##5.71.27:23
- 19#.##5.139.33:23
- 17#.##.204.111:23
- 23#.##0.23.52:23
- 19#.##9.99.207:23
- 9.##.203.244:23
- 18#.##.24.251:23
- 19#.##2.30.109:23
- 11#.##3.189.115:23
- 23#.##5.4.145:23
- 22#.##8.158.205:23
- 10#.##.201.208:23
- 24#.#3.32.57:23
- 20#.##2.183.103:23
- 60.###.189.196:23
- 10#.##1.11.77:23
- 35.###.211.205:23
- 38.##.108.192:23
- 88.###.110.146:23
- 20#.##2.197.48:23
- 20#.##.132.39:23
- 18#.##4.245.162:23
- 41.###.115.140:23
- 2.###.50.119:23
- 16#.##2.75.149:23
- 9.###.233.247:23
- 47.###.196.169:23
- 10#.##.70.189:23
- 18#.##1.225.77:23
- 44.###.186.81:23
- 16#.##2.41.46:23
- 22#.#24.3.14:23
- 16#.##0.241.67:23