Once executed, Miori starts Telnet to brute force other IP addresses. The malware was also observed listening on port 42352 (TCP/UDP) for commands from its command and control (C&C) server and sending the command “/bin/busybox MIORI” to verify infection of targeted system.

Read full news article on Infosec Island