Only one of the binaries is for arm (tfti). Others are for x86 and mips.
All symbols are stripped off the binaries. I only see two quick clues : an irc server url, and two japanese strings that also appear in this article :
http://www.edison-newworld.com/2017/09/linuxtsunami-malware-...
Perl scripts join an IRC chan, wait for commands and google for vulnerable sites to exploit and/or exploit them. They also contain a nice list of proxies.
Thanks for looking into this! Yes I had open the port 22 and my password was not safe enough I guess. Or alternatively this hack was due a web app I was running in Flask with some vulnerabilities. Stranger thing: the hack happened back in March 2017 but got activated exactly on Jan 1 2018.
Perl scripts join an IRC chan, wait for commands and google for vulnerable sites to exploit and/or exploit them. They also contain a nice list of proxies.
Do you know how you got hacked ?