Technical Information
To ensure autorun and distribution:
Creates or modifies the following files:
- /etc/rc.local
Malicious functions:
Gains root privileges
Substitutes application name for:
- 06S366i7cPzv
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:37215
Establishes connection:
- 12#.##9.100.170:1
- 1.#.1.1:53
Attacks using a special dictionary (brute-force technique) via the SSH protocol
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 12#.##9.100.170:1
- 21#.##9.247.184:23
- 54.###.223.91:23
- 19#.##5.236.239:23
- 11#.##4.225.116:23
- 45.###.150.232:23
- 12#.#1.49.5:23
- 12#.##8.161.116:23
- 44.###.212.234:23
- 48.##.115.21:23
- 17#.##4.48.199:23
- 15#.##6.66.233:23
- 13#.##1.211.61:23
- 11#.##.246.27:23
- 47.###.249.202:23
- 16#.##1.229.47:23
- 13.##.183.102:23
Receives data from the following servers:
- 12#.##9.100.170:1
Other:
Collects information about network activity