Source article interesting, kind of
The attack of the 4-byte file
The entire attack on a target network starts with a tiny command line module that sends a TCP request to an external command / control server, the command consisting of only four bytes of text [!]. This command brings in a so-called “dropper”, which then places the subsequent trojan in disguise.
This is just sooooooooo bogus! They make it sound like it only takes four bytes to hack a server, and it's done with a request. What were they expecting, a treatise on nihilism?
The attack starts because somebody in their network has said compiled code on their computer. The code from Kaspersky looks like something done as a demo of the attack, not the attack code itself.
Many years ago, a programmer made the point that firewalls should be able to whitelist only connections to known services, not just any old thing out there. Since 13277 is off in the weeds, disallowing outbound requests on that port would stop the problem.