Technical Information
Malicious functions:
Launches itself as a daemon
Kills system processes:
- sshd
Kills the following processes:
- systemd
- <SAMPLE>
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:8235
Establishes connection:
- 8.#.8.8:53
- 45.##.196.75:4859
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 45.##.196.75:4859
- 10#.##1.148.62:80
- 49.###.181.28:23
- 19.##.238.26:23
- 22#.##8.168.139:23
- 15#.##2.2.239:23
- 41.##.62.97:23
- 14#.#.29.35:23
- 23#.##0.136.95:23
- 46.##.95.134:23
- 20#.##7.57.167:23
- 21#.##3.151.195:23
- 2.###.25.75:23
- 15#.##0.38.198:23
- 35.##.19.15:23
- 20#.##9.116.53:23
- 84.###.220.153:23
- 20#.##7.227.239:23
- 18#.#41.96.3:23
- 20#.##7.158.138:23
- 58.##.72.41:23
- 17#.##8.69.114:23
- 12#.##.149.169:23
- 24#.##.78.112:23
- 23#.##9.123.166:23
- 69.##.62.9:23
- 52.###.242.197:23
- 14#.##.158.49:23
- 12#.##5.12.188:23
- 24#.##7.95.52:23
- 15#.##0.246.181:23
- 72.##.19.197:23
- 16#.##2.189.165:23
- 68.##.218.44:23
- 20#.##.149.19:23
- 5.###.94.112:23
- 11#.#19.11.5:23
- 10#.##1.113.111:23
- 14.###.239.13:23
- 19#.##8.40.249:23
- 67.##.102.178:23
- 12#.##.140.78:23
- 53.##.248.134:23
- 21#.#.95.132:23
- 21#.##.41.213:23
- 24#.##3.59.114:23
- 20#.##5.219.73:23
- 34.##.138.157:23
- 16#.##2.149.90:23
- 60.###.205.136:23
- 14#.#.87.9:23
- 18#.##5.211.164:23
- 18#.##.14.212:23
- 21#.#1.55.32:23
- 19#.##.108.213:23
- 67.###.94.196:23
- 68.###.49.234:23
- 16#.##1.162.166:23
- 19#.#8.10.77:23
- 15.##6.30.35:23
- 15.##.51.81:23
- 23#.##3.90.92:23
- 22#.##2.61.146:23
- 18#.##.137.18:23
- 77.###.136.24:23
- 5.##.30.80:23
- 11#.##4.126.115:23
- 20#.##3.143.148:23
- 59.###.19.156:23
- 21#.##9.251.101:23
- 63.###.195.42:23
- 49.##.126.251:23
- 91.###.110.127:23
- 41.###.45.196:23
- 74.###.100.249:23
- 14#.##.108.50:23
- 10.##.76.151:23
- 21#.##.112.123:23
- 12#.##.103.56:23
- 23#.##.50.139:23
- 11#.##1.210.157:23
- 52.##.25.64:23
- 54.##2.67.4:23
- 12#.#.180.153:23
- 15#.##2.20.147:23
- 58.#.122.66:23
- 22#.##.183.105:23
- 23#.##4.60.248:23
- 11#.##.195.222:23
- 99.##.163.181:23
- 24#.##.159.34:23
- 17#.##.142.162:23
- 19#.##4.29.77:23
- 21.##.13.206:23
- 13#.#.205.41:23
- 18#.##2.44.134:23
- 14#.##.171.238:23
- 21.##.103.159:23
- 14#.##1.221.130:23
- 14#.##7.231.117:23
- 15#.##9.132.223:23
- 22#.#9.202.5:23
- 18#.##3.225.86:23
- 21#.##0.119.27:23
- 10#.##.45.166:23
- 25.###.25.169:23
- 19.###.251.103:23
- 3.##.16.200:23
- 16#.#5.72.77:23
- 14#.##7.191.208:23
- 64.##.14.169:23
- 65.###.173.121:23
- 67.###.34.214:23
- 81.##.161.132:23
- 19#.##9.80.174:23
- 14#.##8.79.206:23
- 13#.#.84.172:23
- 18#.##5.34.254:23
- 14#.##4.234.160:23
- 22#.##7.86.116:23
- 11#.##9.94.33:23
- 10#.##4.55.85:23
- 16#.##2.34.144:23
- 71.##.60.58:23
- 85.###.230.236:23
- 22#.##9.195.165:23
- 14#.##.243.42:23
- 76.##7.32.46:23
- 47.###.194.152:23
- 23#.##4.124.158:23
- 13#.##8.223.2:23
- 10#.##7.158.62:23
- 79.###.90.128:23
- 17#.##.27.246:23
- 17#.##7.144.64:23
- 22#.##9.253.184:23
- 99.###.204.70:23
- 77.##.66.242:23
- 52.##.229.227:23
- 20.##.107.186:23
- 72.##.114.204:23
- 42.##7.6.116:23
- 21#.#37.70.2:23
- 22#.##9.161.120:23
- 12#.##3.171.153:23
- 10#.##6.157.182:23
- 21#.##0.247.128:23
- 29.###.115.182:23
- 17#.##4.151.132:23
- 25#.##6.227.222:23
- 18#.##.162.239:23
- 24#.##5.240.220:23
- 23#.##.191.165:23
- 76.##.100.147:23
- 23#.##3.219.237:23
- 15#.#.157.122:23
- 19#.#6.2.144:23
- 40.##.135.157:23
- 19#.##.251.30:23
- 12#.##5.161.163:23
- 13#.##5.46.106:23
- 67.##.21.57:23
- 14#.##6.172.197:23
- 18#.##.58.116:23
- 11#.##6.140.214:23
- 1.##.13.31:23
- 17#.##4.76.118:23
- 19#.##.200.219:23
- 25#.##3.183.248:23
- 25#.##8.42.164:23
- 45.###.63.172:23
- 6.###.230.143:23
- 17#.##2.101.94:23
- 22#.##.160.113:23
- 11#.##.132.29:23
- 16#.##3.221.104:23
- 54.##.232.111:23
- 11#.##.233.47:23
- 16#.##.59.156:23
- 0.###.46.240:23
- 41.##.29.3:23
- 17#.##.31.178:23
- 96.###.24.187:23
- 70.###.106.107:23
- 10#.##.203.59:23
- 17#.##.140.124:23
- 15#.##9.107.160:23
- 24#.##.106.64:23
- 15#.##0.134.237:23
- 80.###.79.241:23
- 15#.##.40.224:23
- 12#.##.101.127:23
- 10#.##3.38.37:23
- 72.###.191.163:23
- 19#.##2.86.176:23
- 24#.##.213.56:23
- 23#.#.12.146:23
- 27.##.69.193:23
- 11#.##4.93.246:23
- 21#.##.180.228:23
- 11#.#0.3.58:23
- 59.###.177.187:23
- 19#.##0.114.124:23
- 18#.##9.32.68:23
- 22#.##5.216.128:23
- 24.###.134.147:23
- 25#.#8.82.95:23
- 2.##.97.109:23
- 47.##.179.89:23
- 25#.#7.140.7:23
- 99.##.247.84:23
- 18#.##.96.151:23
- 20#.##2.222.33:23
- 22.##.144.38:23
- 11#.##.226.199:23
- 23#.##3.221.119:23
- 75.##.212.163:23
- 16#.##7.169.239:23
- 65.##2.249.7:23
- 23#.##9.132.193:23
- 2.#.#41.240:23
- 72.##.22.74:23
- 55.##.98.130:23
- 21#.##0.104.100:23
- 21#.##1.193.92:23
- 11.#.158.62:23
- 19#.##.133.142:23
- 21#.##4.212.244:23
- 70.##.251.114:23
- 10#.##3.104.205:23
- 14#.#.116.214:23
- 15#.##.253.231:23
- 15#.##8.32.217:23
- 13#.#77.91.7:23
- 9.###.149.119:23
- 68.###.152.206:23
- 24#.##2.135.75:23
- 60.##.158.133:23
- 10#.##1.60.185:23
- 22#.#.150.221:23
- 55.###.31.112:23
- 85.##.146.64:23
- 98.###.44.139:23
- 8.###.15.80:23
- 22.##.223.153:23
- 41.##.163.225:23
- 17#.##1.105.192:23
- 53.###.168.39:23
- 54.###.67.101:23
- 20#.##1.112.36:23
- 11#.#.4.47:23
- 52.##.183.206:23
- 24#.##4.76.102:23
- 42.###.250.140:23
- 92.###.175.163:23
- 20.###.146.205:23
- 16#.##2.216.198:23
- 19#.#1.41.54:23
- 21#.##1.177.236:23
- 3.###.56.15:23
- 22#.##6.142.68:23
- 14#.##.126.103:23
- 13#.##.97.180:23
- 70.###.207.209:23
- 14#.##2.136.18:23
- 50.###.83.252:23
- 10#.##1.208.48:23
- 66.##.165.41:23
- 24#.##1.119.23:23
- 12#.##.122.16:23
- 57.###.166.64:23
- 40.###.198.69:23
- 37.###.175.163:23
- 20#.##3.248.186:23
- 55.###.249.14:23
- 25#.#4.3.204:23
- 20#.##0.54.39:23
- 16#.##.108.237:23
- 24#.##.231.195:23
- 24#.#6.92.87:23
- 22#.##3.20.114:23
- 63.###.54.117:23
- 13#.##2.156.32:23
- 17#.##1.132.225:23
- 23#.##.234.229:23
- 22#.##.187.168:23
- 50.###.53.200:23
- 21#.##6.25.226:23
- 42.###.237.199:23
- 10#.##4.158.109:23
- 22#.##5.25.230:23
- 21#.##6.207.195:23
- 41.##.184.10:23
- 63.###.172.252:23
- 15#.##.94.146:23
- 23#.##.240.11:23
- 19#.##7.98.12:23
- 80.###.192.253:23
- 15#.#.146.16:23
- 19#.##8.24.83:23
- 24#.##4.194.198:23
- 72.##.229.157:23
- 12#.##2.164.184:23
- 24#.##5.10.87:23
- 11#.##7.141.123:23
- 0.###.213.59:23
- 24.###.66.174:23
- 23#.##9.71.192:23
- 15#.##4.250.135:23
- 18#.#1.172.0:23
- 83.##.173.154:23
- 17#.##7.113.172:23
- 64.#.81.236:23
- 24#.##6.221.167:23
- 15#.##.21.143:23
- 18#.#1.0.16:23
- 21#.##.248.50:23
- 24#.##.40.134:23
- 97.##.73.225:23
- 18#.##3.108.52:23
- 22#.##.60.141:23
- 14#.##.121.90:23
- 16#.##.252.149:23
- 11.##.224.72:23
- 15#.##.190.151:23
- 22#.##4.131.223:23
- 41.###.24.137:23
- 96.##9.80.31:23
- 24#.##0.194.247:23
- 22#.##1.125.116:23
- 21#.##3.101.43:23
- 17#.##8.75.242:23
- 5.###.19.2:23
- 18#.##4.108.28:23
- 40.###.89.115:23
- 78.##.20.224:23
- 13#.##.208.243:23
Receives data from the following servers:
- 45.##.196.75:4859
