Technical Information
Malicious functions:
Launches itself as a daemon
Substitutes application name for:
Kills system processes:
- sshd
Kills the following processes:
- systemd
Network activity:
Awaits incoming connections on ports:
- 0.0.0.0:8235
Establishes connection:
- 8.#.8.8:53
- 45.##.196.75:4860
Attacks using a special dictionary (brute-force technique) via the Telnet protocol.
Sends data to the following servers:
- 45.##.196.75:4860
- 22#.##2.251.144:23
- 12.##.95.29:23
- 96.##.107.132:23
- 16#.##.159.132:23
- 98.##.110.194:23
- 10#.##1.93.102:23
- 11#.##2.121.55:23
- 17#.##8.46.49:23
- 70.##7.68.61:23
- 15#.##9.138.235:23
- 18#.##.243.190:23
- 12#.##9.149.123:23
- 70.###.107.73:23
- 96.##0.91.48:23
- 64.##.103.253:23
- 22#.##7.197.113:23
- 17#.##.153.74:23
- 10#.##1.124.45:23
- 17#.##8.59.168:23
- 12#.##.26.111:23
- 19#.##4.173.250:23
- 15#.##4.149.160:23
- 6.###.191.87:23
- 19.##3.2.125:23
- 18#.##.91.172:23
- 12#.##0.74.244:23
- 13#.##9.10.219:23
- 31.###.206.25:23
- 17#.##2.238.53:23
- 21#.##9.199.34:23
- 12#.##8.237.224:23
- 69.##.141.103:23
- 16#.##9.118.74:23
- 70.###.37.195:23
- 65.#.178.200:23
- 22#.##6.166.173:23
- 14#.##5.166.154:23
- 20.##.185.255:23
- 14#.##9.242.124:23
- 20#.##.208.164:23
- 15#.##.193.214:23
- 11#.##4.220.47:23
- 10#.#.185.17:23
- 12#.##7.161.126:23
- 17#.##7.231.125:23
- 13#.#2.67.66:23
- 97.##.78.142:23
- 13#.##0.71.54:23
- 13#.##.154.146:23
- 65.###.123.15:23
- 66.###.137.202:23
- 36.##.73.35:23
- 16#.##9.112.108:23
- 57.###.30.211:23
- 17#.##9.192.60:23
- 20#.##2.77.99:23
- 16#.##6.19.197:23
- 36.##.27.95:23
- 17#.##5.238.29:23
- 2.###.219.60:23
- 12.###.184.52:23
- 2.##.189.167:23
- 13#.#5.15.54:23
- 20#.##0.29.212:23
- 14#.##4.33.140:23
- 19#.##.224.142:23
- 23.###.181.85:23
- 42.##.248.184:23
- 17#.##0.28.208:23
- 70.###.227.104:23
- 19.##.107.115:23
- 20#.##3.190.129:23
- 75.###.230.195:23
- 11#.##1.207.140:23
- 14#.##.193.113:23
- 12#.##7.31.102:23
- 11#.##1.247.55:23
- 19#.##.184.45:23
- 30.###.72.237:23
- 10#.#.240.174:23
- 18#.##4.64.88:23
- 22.###.84.141:23
- 14#.##.125.71:23
- 12#.##.109.239:23
- 15#.##.234.214:23
- 14#.##4.120.97:23
- 34.###.73.159:23
- 15#.##4.85.128:23
- 96.##.70.73:23
- 39.###.56.249:23
- 16#.##3.167.154:23
- 15#.##5.84.95:23
- 29.##0.9.241:23
- 14#.##.238.183:23
- 47.##.138.82:23
- 38.#.144.249:23
- 11#.##1.69.122:23
- 70.##.114.197:23
- 79.##.55.210:23
- 18#.##.140.163:23
- 35.##1.43.3:23
- 14#.##6.131.91:23
- 31.##.244.239:23
- 14#.##2.56.73:23
- 10#.##.244.14:23
- 18#.##0.72.79:23
- 16#.##8.63.73:23
- 55.###.220.248:23
- 47.###.54.173:23
- 20#.##.46.173:23
- 27.###.74.226:23
- 85.###.94.198:23
- 13#.##.229.187:23
- 10#.##0.187.186:23
- 10#.#62.37.3:23
- 47.##.66.5:23
- 20#.##.51.140:23
- 16#.##5.122.75:23
- 19#.##.28.130:23
- 16#.#4.5.100:23
- 14#.##3.121.209:23
- 13#.##.76.152:23
- 13#.##.186.26:23
- 22#.##.126.18:23
- 10#.##7.6.169:23
- 27.##.103.17:23
- 20#.##1.247.28:23
- 13#.##.47.196:23
- 63.##.188.190:23
- 22#.##.236.227:23
- 15#.##.179.111:23
- 11#.##.216.98:23
- 17#.##.212.24:23
- 97.##.150.213:23
- 98.##8.108.2:23
- 72.###.221.73:23
- 17#.##8.124.226:23
- 12#.##0.4.219:23
- 17#.##8.167.147:23
- 19.##5.177.4:23
- 12#.##8.194.11:23
- 11#.##3.66.235:23
- 59.##.91.63:23
- 86.###.243.125:23
- 77.###.22.124:23
- 13#.##2.29.222:23
- 16.##.174.234:23
- 82.###.214.71:23
- 41.##.231.246:23
- 11#.##.14.121:23
- 86.###.180.187:23
- 7.###.90.181:23
- 31.##.140.117:23
- 20#.##.158.49:23
- 17#.##.248.57:23
- 17#.##.25.156:23
- 21.##.85.121:23
- 46.###.105.44:23
- 20#.##.226.109:23
- 69.#.184.167:23
- 18#.##9.135.250:23
- 14#.##4.148.239:23
- 90.##.237.146:23
- 17#.##8.104.38:23
- 38.###.84.134:23
- 12#.##3.137.148:23
- 12#.##.10.221:23
- 36.###.118.157:23
- 11#.##3.201.94:23
- 13#.##0.81.222:23
- 10#.##2.234.246:23
- 14#.##0.84.153:23
- 82.###.79.202:23
- 16#.##7.201.50:23
- 14#.##1.242.124:23
- 16.##.153.35:23
- 88.##.134.43:23
- 11#.##4.109.28:23
- 20#.##0.205.92:23
- 86.###.156.72:23
- 19#.##.208.224:23
- 11#.##.192.123:23
- 20#.##.13.187:23
- 11#.##.239.188:23
- 12#.##3.93.151:23
- 16#.##7.185.242:23
- 89.##.66.153:23
- 30.###.108.170:23
- 12#.##.139.231:23
- 2.##.142.49:23
- 16#.##.162.124:23
- 19#.##.148.12:23
- 16#.##5.219.113:23
- 47.###.186.171:23
- 16#.##3.137.48:23
- 94.##.242.1:23
- 12#.#.247.143:23
- 19#.##.227.156:23
- 11#.##8.248.214:23
- 63.###.74.218:23
- 15#.##2.169.213:23
- 85.###.178.99:23
- 13.###.192.251:23
- 16#.##1.133.255:23
- 15#.##.253.56:23
- 13#.##.73.225:23
- 19#.##.237.211:23
- 11#.##1.48.153:23
- 15#.##8.120.252:23
- 16#.##0.204.7:23
- 48.##.185.157:23
- 19#.##7.207.3:23
- 13#.##.200.50:23
- 18#.##7.241.95:23
- 20.###.98.205:23
- 72.###.49.152:23
- 21#.##4.40.121:23
- 52.###.232.237:23
- 75.##.23.176:23
- 19#.##.120.118:23
- 10#.##1.216.93:23
- 83.###.236.123:23
- 6.###.89.238:23
- 71.##.23.221:23
- 13#.#.74.128:23
- 19#.##.52.152:23
- 85.##.50.194:23
- 14#.##.41.232:23
- 16#.##.214.173:23
- 44.###.197.236:23
- 12#.##5.101.179:23
- 13#.##.132.173:23
- 15#.##.77.145:23
- 20#.#54.30.4:23
- 18#.#8.53.77:23
- 32.##.17.134:23
- 21#.##1.63.102:23
- 55.##.103.98:23
- 96.##.50.255:23
- 97.##.55.61:23
- 24.##.219.166:23
- 74.###.255.201:23
- 14#.##.153.77:23
- 36.###.120.70:23
- 26.##.22.40:23
- 68.##.84.140:23
- 16#.##6.130.38:23
- 92.##.1.245:23
- 10#.##.116.230:23
- 19#.##.160.212:23
- 2.##.10.213:23
- 22#.##7.188.225:23
- 47.###.219.176:23
- 14#.##8.74.132:23
- 11#.##4.1.145:23
- 18#.##.228.66:23
- 12#.##.74.186:23
- 60.###.250.151:23
- 15#.##7.94.97:23
- 18#.##.46.218:23
- 16#.##6.111.37:23
- 22#.#.235.154:23
- 49.#.154.73:23
- 16#.##3.228.97:23
- 24.##.120.160:23
- 13#.##.233.250:23
- 50.##.58.30:23
- 13#.##8.170.156:23
- 14#.##0.171.120:23
- 14#.##3.60.140:23
- 10#.##1.134.182:23
- 22#.#6.86.39:23
- 28.##.243.91:23
- 19#.##.127.138:23
- 10#.##4.31.106:23
- 6.###.91.36:23
- 95.##4.29.84:23
- 90.###.191.217:23
- 10#.##.129.11:23
- 40.###.227.48:23
- 20#.##.250.76:23
- 65.##1.91.95:23
- 20#.##0.139.116:23
- 12#.##.129.121:23
- 10#.##6.89.206:23
- 11#.##.109.183:23
- 14#.##2.124.12:23
- 63.###.62.119:23
- 46.##.184.36:23
- 69.##.36.187:23
- 87.###.94.211:23
- 15#.##9.28.91:23
- 25.###.81.209:23
- 11#.##.176.91:23
- 17#.##.177.147:23
- 13#.##.169.101:23
- 21#.##.13.119:23
- 44.##.202.252:23
- 16.###.248.192:23
- 53.###.236.102:23
- 13#.##8.123.49:23
- 10#.##2.161.119:23
- 74.###.179.21:23
- 10#.##0.167.29:23
- 65.###.67.201:23
- 12#.##7.188.228:23
- 21#.##9.122.37:23
- 18#.##8.69.47:23
- 15#.##.78.173:23
- 16#.##2.177.106:23
- 38.##.77.98:23
- 61.###.95.183:23
- 16#.#8.5.97:23
- 61.###.206.120:23
- 11#.##5.222.181:23
- 10#.##.184.36:23
- 89.##.111.61:23
- 98.###.248.187:23
Receives data from the following servers:
- 45.##.196.75:4860
