linux - What does this hacker code mean?

Question

Today I found that redis could not connect to a server. I found such an instruction {code...} on the server and downloaded and executed the z.TF file. When z.TF is opened, it is all bytecode. This program can be automatically re-executed. Currently, this program process is killed, but the redis service is still unavailable. I don’t know if it is still available...

巴扎黑 · Answer

z.TF is a Linux executable file in ELF format

Your server has a backdoor installed. Reinstall the system as soon as possible to fix the vulnerability.
Upgrade everything that needs to be upgraded.

It’s basically a backdoor + broiler

VirSCAN.org Scanned Report :
Scanned time   : 2017-06-06 20:53:39
Scanner results: 10%的杀软(4/39)报告发现病毒
File Name      : z.TF
File Size      : 649640 byte
File Type      : application/x-executable
MD5            : a6f42e73365ad56ce42985c5518d7e34
SHA1           : 564d6e2c2489a6d3a9d0634f76e065be7ad28072
Online report  : http://r.virscan.org/report/15f733f9dc3e27bbd06b92171710f0e4

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
AVAST!         170303-1       4.7.4             2017-03-03     46   ELF:Ddostf-A                  
SOPHOS         5.32           3.65.2            2016-10-10     8    Linux/DDoS-BE                 
奇虎360         1.0.1          1.0.1             1.0.1          4    Win32/Backdoor.34d            
江民杀毒         16.0.100       1.0.0.0           2017-06-05     2    Backdoor.Linux.wfg

某草草 · Answer

By the way, please send me the code of t.ZF

Didn’t you explain the code you posted clearly?