Malware Analysis Report

2024-12-01 00:52

Sample ID 220121-25r75acda6
Target c8d9e57e13b04eb96d7c431681c0be6ff2a8f6d7ead8e22d7a3cb9b4c6bd29a6
SHA256 c8d9e57e13b04eb96d7c431681c0be6ff2a8f6d7ead8e22d7a3cb9b4c6bd29a6
Tags
kaiten mirai mirai_x86corona
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

c8d9e57e13b04eb96d7c431681c0be6ff2a8f6d7ead8e22d7a3cb9b4c6bd29a6

Threat Level: Known bad

The file c8d9e57e13b04eb96d7c431681c0be6ff2a8f6d7ead8e22d7a3cb9b4c6bd29a6 was found to be: Known bad.

Malicious Activity Summary

kaiten mirai mirai_x86corona

Detect Mirai Payload

Detected x86corona Mirai Variant

Identified Kaiten Bot

Kaiten family

Mirai family

Mirai_x86corona family

Reads CPU attributes

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-01-21 23:10

Signatures

Detect Mirai Payload

Description Indicator Process Target
N/A N/A N/A N/A

Detected x86corona Mirai Variant

Description Indicator Process Target
N/A N/A N/A N/A

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Mirai family

mirai

Mirai_x86corona family

mirai_x86corona

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-21 23:10

Reported

2022-01-21 23:54

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

0s

Max time network

157s

Command Line

[./c8d9e57e13b04eb96d7c431681c0be6ff2a8f6d7ead8e22d7a3cb9b4c6bd29a6]

Signatures

Reads CPU attributes

Description Indicator Process Target
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A

Reads runtime system information

Description Indicator Process Target
/proc/30/status /proc/30/status /usr/bin/pkill N/A
/proc/975/cmdline /proc/975/cmdline /usr/bin/pkill N/A
/proc/422/cmdline /proc/422/cmdline /usr/bin/pkill N/A
/proc/22/status /proc/22/status /usr/bin/pkill N/A
/proc/26/status /proc/26/status /usr/bin/pkill N/A
/proc/168/cmdline /proc/168/cmdline /usr/bin/pkill N/A
/proc/23/status /proc/23/status /usr/bin/pkill N/A
/proc/347/status /proc/347/status /usr/bin/pkill N/A
/proc/11/status /proc/11/status /usr/bin/pkill N/A
/proc/15/cmdline /proc/15/cmdline /usr/bin/pkill N/A
/proc/192/status /proc/192/status /usr/bin/pkill N/A
/proc/158/status /proc/158/status /usr/bin/pkill N/A
/proc/166/cmdline /proc/166/cmdline /usr/bin/pkill N/A
/proc/5/cmdline /proc/5/cmdline /usr/bin/pkill N/A
/proc/32/cmdline /proc/32/cmdline /usr/bin/pkill N/A
/proc/21/status /proc/21/status /usr/bin/pkill N/A
/proc/16/status /proc/16/status /usr/bin/pkill N/A
/proc/98/status /proc/98/status /usr/bin/pkill N/A
/proc/6/status /proc/6/status /usr/bin/pkill N/A
/proc/81/status /proc/81/status /usr/bin/pkill N/A
/proc/31/status /proc/31/status /usr/bin/pkill N/A
/proc/29/cmdline /proc/29/cmdline /usr/bin/pkill N/A
/proc/81/status /proc/81/status /usr/bin/pkill N/A
/proc/15/cmdline /proc/15/cmdline /usr/bin/pkill N/A
/proc/115/cmdline /proc/115/cmdline /usr/bin/pkill N/A
/proc/334/status /proc/334/status /usr/bin/pkill N/A
/proc/25/status /proc/25/status /usr/bin/pkill N/A
/proc/573/status /proc/573/status /usr/bin/pkill N/A
/proc/2/status /proc/2/status /usr/bin/pkill N/A
/proc/155/cmdline /proc/155/cmdline /usr/bin/pkill N/A
/proc/31/status /proc/31/status /usr/bin/pkill N/A
/proc/81/cmdline /proc/81/cmdline /usr/bin/pkill N/A
/proc/2/status /proc/2/status /usr/bin/pkill N/A
/proc/80/cmdline /proc/80/cmdline /usr/bin/pkill N/A
/proc/15/status /proc/15/status /usr/bin/pkill N/A
/proc/11/cmdline /proc/11/cmdline /usr/bin/pkill N/A
/proc/127/status /proc/127/status /usr/bin/pkill N/A
/proc/238/cmdline /proc/238/cmdline /usr/bin/pkill N/A
/proc/21/cmdline /proc/21/cmdline /usr/bin/pkill N/A
/proc/170/cmdline /proc/170/cmdline /usr/bin/pkill N/A
/proc/2/status /proc/2/status /usr/bin/pkill N/A
/proc/164/cmdline /proc/164/cmdline /usr/bin/pkill N/A
/proc/79/status /proc/79/status /usr/bin/pkill N/A
/proc/19/status /proc/19/status /usr/bin/pkill N/A
/proc/160/status /proc/160/status /usr/bin/pkill N/A
/proc/168/cmdline /proc/168/cmdline /usr/bin/pkill N/A
/proc/80/status /proc/80/status /usr/bin/pkill N/A
/proc/8/cmdline /proc/8/cmdline /usr/bin/pkill N/A
/proc/796/cmdline /proc/796/cmdline /usr/bin/pkill N/A
/proc/31/cmdline /proc/31/cmdline /usr/bin/pkill N/A
/proc/779/status /proc/779/status /usr/bin/pkill N/A
/proc/170/status /proc/170/status /usr/bin/pkill N/A
/proc/394/status /proc/394/status /usr/bin/pkill N/A
/proc/193/cmdline /proc/193/cmdline /usr/bin/pkill N/A
/proc/342/status /proc/342/status /usr/bin/pkill N/A
/proc/170/status /proc/170/status /usr/bin/pkill N/A
/proc/765/cmdline /proc/765/cmdline /usr/bin/pkill N/A
/proc/350/status /proc/350/status /usr/bin/pkill N/A
/proc/12/status /proc/12/status /usr/bin/pkill N/A
/proc/19/status /proc/19/status /usr/bin/pkill N/A
/proc/26/status /proc/26/status /usr/bin/pkill N/A
/proc/30/cmdline /proc/30/cmdline /usr/bin/pkill N/A
/proc/911/status /proc/911/status /usr/bin/pkill N/A
/proc/84/status /proc/84/status /usr/bin/pkill N/A

Processes

./c8d9e57e13b04eb96d7c431681c0be6ff2a8f6d7ead8e22d7a3cb9b4c6bd29a6

[./c8d9e57e13b04eb96d7c431681c0be6ff2a8f6d7ead8e22d7a3cb9b4c6bd29a6]

/bin/sh

[sh -c pkill -9 mirai.* || busybox pkill -9 mirai.*]

/usr/bin/pkill

[pkill -9 mirai.*]

/bin/busybox

[busybox pkill -9 mirai.*]

/bin/sh

[sh -c pkill -9 dlr.*mips || busybox pkill -9 dlr.*mips]

/usr/bin/pkill

[pkill -9 dlr.*mips]

/bin/busybox

[busybox pkill -9 dlr.*mips]

/bin/sh

[sh -c pkill -9 mips64 || busybox pkill -9 mips64]

/usr/bin/pkill

[pkill -9 mips64]

/bin/busybox

[busybox pkill -9 mips64]

/bin/sh

[sh -c pkill -9 mipsel || busybox pkill -9 mipsel]

/usr/bin/pkill

[pkill -9 mipsel]

/bin/busybox

[busybox pkill -9 mipsel]

/bin/sh

[sh -c pkill -9 sh2eb || busybox pkill -9 sh2eb]

/usr/bin/pkill

[pkill -9 sh2eb]

/bin/busybox

[busybox pkill -9 sh2eb]

/bin/sh

[sh -c pkill -9 sh2elf || busybox pkill -9 sh2elf]

/usr/bin/pkill

[pkill -9 sh2elf]

/bin/busybox

[busybox pkill -9 sh2elf]

/bin/sh

[sh -c pkill -9 sh4 || busybox pkill -9 sh4]

/usr/bin/pkill

[pkill -9 sh4]

/bin/busybox

[busybox pkill -9 sh4]

/bin/sh

[sh -c pkill -9 x86 || busybox pkill -9 x86]

/usr/bin/pkill

[pkill -9 x86]

/bin/busybox

[busybox pkill -9 x86]

/bin/sh

[sh -c pkill -9 arm || busybox pkill -9 arm]

/usr/bin/pkill

[pkill -9 arm]

/bin/busybox

[busybox pkill -9 arm]

/bin/sh

[sh -c pkill -9 armv5 || busybox pkill -9 armv5]

/usr/bin/pkill

[pkill -9 armv5]

/bin/busybox

[busybox pkill -9 armv5]

/bin/sh

[sh -c pkill -9 armv4tl || busybox pkill -9 armv4tl]

/usr/bin/pkill

[pkill -9 armv4tl]

/bin/busybox

[busybox pkill -9 armv4tl]

/bin/sh

[sh -c pkill -9 armv4 || busybox pkill -9 armv4]

/usr/bin/pkill

[pkill -9 armv4]

/bin/busybox

[busybox pkill -9 armv4]

/bin/sh

[sh -c pkill -9 armv6 || busybox pkill -9 armv6]

/usr/bin/pkill

[pkill -9 armv6]

/bin/busybox

[busybox pkill -9 armv6]

/bin/sh

[sh -c pkill -9 i686 || busybox pkill -9 i686]

/usr/bin/pkill

[pkill -9 i686]

/bin/busybox

[busybox pkill -9 i686]

/bin/sh

[sh -c pkill -9 powerpc || busybox pkill -9 powerpc]

/usr/bin/pkill

[pkill -9 powerpc]

/bin/busybox

[busybox pkill -9 powerpc]

/bin/sh

[sh -c pkill -9 powerpc440fp || busybox pkill -9 powerpc440fp]

/usr/bin/pkill

[pkill -9 powerpc440fp]

/bin/busybox

[busybox pkill -9 powerpc440fp]

/bin/sh

[sh -c pkill -9 i586 || busybox pkill -9 i586]

/usr/bin/pkill

[pkill -9 i586]

/bin/busybox

[busybox pkill -9 i586]

/bin/sh

[sh -c pkill -9 m68k || busybox pkill -9 m68k]

/usr/bin/pkill

[pkill -9 m68k]

/bin/busybox

[busybox pkill -9 m68k]

/bin/sh

[sh -c pkill -9 sparc || busybox pkill -9 sparc]

/usr/bin/pkill

[pkill -9 sparc]

/bin/busybox

[busybox pkill -9 sparc]

/bin/sh

[sh -c pkill -9 x86_64 || busybox pkill -9 x86_64]

/usr/bin/pkill

[pkill -9 x86_64]

/bin/busybox

[busybox pkill -9 x86_64]

/bin/sh

[sh -c pkill -9 jackmy* || busybox pkill -9 jackmy*]

/usr/bin/pkill

[pkill -9 jackmy*]

/bin/busybox

[busybox pkill -9 jackmy*]

/bin/sh

[sh -c pkill -9 hackmy* || busybox pkill -9 hackmy*]

/usr/bin/pkill

[pkill -9 hackmy*]

/bin/busybox

[busybox pkill -9 hackmy*]

/bin/sh

[sh -c pkill -9 b1 || busybox pkill -9 b1]

/usr/bin/pkill

[pkill -9 b1]

/bin/busybox

[busybox pkill -9 b1]

/bin/sh

[sh -c pkill -9 b2 || busybox pkill -9 b2]

/usr/bin/pkill

[pkill -9 b2]

/bin/busybox

[busybox pkill -9 b2]

/bin/sh

[sh -c pkill -9 b3 || busybox pkill -9 b3]

/usr/bin/pkill

[pkill -9 b3]

/bin/busybox

[busybox pkill -9 b3]

/bin/sh

[sh -c pkill -9 b4 || busybox pkill -9 b4]

/usr/bin/pkill

[pkill -9 b4]

/bin/busybox

[busybox pkill -9 b4]

/bin/sh

[sh -c pkill -9 b5 || busybox pkill -9 b5]

/usr/bin/pkill

[pkill -9 b5]

/bin/busybox

[busybox pkill -9 b5]

/bin/sh

[sh -c pkill -9 b6 || busybox pkill -9 b6]

/usr/bin/pkill

[pkill -9 b6]

/bin/busybox

[busybox pkill -9 b6]

/bin/sh

[sh -c pkill -9 b7 || busybox pkill -9 b7]

/usr/bin/pkill

[pkill -9 b7]

/bin/busybox

[busybox pkill -9 b7]

/bin/sh

[sh -c pkill -9 b8 || busybox pkill -9 b8]

/usr/bin/pkill

[pkill -9 b8]

/bin/busybox

[busybox pkill -9 b8]

/bin/sh

[sh -c pkill -9 b9 || busybox pkill -9 b9]

/usr/bin/pkill

[pkill -9 b9]

/bin/busybox

[busybox pkill -9 b9]

/bin/sh

[sh -c pkill -9 b10 || busybox pkill -9 b10]

/usr/bin/pkill

[pkill -9 b10]

/bin/busybox

[busybox pkill -9 b10]

/bin/sh

[sh -c pkill -9 b11 || busybox pkill -9 b11]

/usr/bin/pkill

[pkill -9 b11]

/bin/busybox

[busybox pkill -9 b11]

/bin/sh

[sh -c pkill -9 b12 || busybox pkill -9 b12]

/usr/bin/pkill

[pkill -9 b12]

/bin/busybox

[busybox pkill -9 b12]

/bin/sh

[sh -c pkill -9 b13 || busybox pkill -9 b13]

/usr/bin/pkill

[pkill -9 b13]

/bin/busybox

[busybox pkill -9 b13]

/bin/sh

[sh -c pkill -9 b14 || busybox pkill -9 b14]

/usr/bin/pkill

[pkill -9 b14]

/bin/busybox

[busybox pkill -9 b14]

/bin/sh

[sh -c pkill -9 b15 || busybox pkill -9 b15]

/usr/bin/pkill

[pkill -9 b15]

/bin/busybox

[busybox pkill -9 b15]

/bin/sh

[sh -c pkill -9 b16 || busybox pkill -9 b16]

/usr/bin/pkill

[pkill -9 b16]

/bin/busybox

[busybox pkill -9 b16]

/bin/sh

[sh -c pkill -9 b17 || busybox pkill -9 b17]

/usr/bin/pkill

[pkill -9 b17]

/bin/busybox

[busybox pkill -9 b17]

/bin/sh

[sh -c pkill -9 b18 || busybox pkill -9 b18]

/usr/bin/pkill

[pkill -9 b18]

/bin/busybox

[busybox pkill -9 b18]

/bin/sh

[sh -c pkill -9 b19 || busybox pkill -9 b19]

/usr/bin/pkill

[pkill -9 b19]

/bin/busybox

[busybox pkill -9 b19]

/bin/sh

[sh -c pkill -9 b20 || busybox pkill -9 b20]

/usr/bin/pkill

[pkill -9 b20]

/bin/busybox

[busybox pkill -9 b20]

/bin/sh

[sh -c pkill -9 busyboxterrorist || busybox pkill -9 busyboxterrorist]

/usr/bin/pkill

[pkill -9 busyboxterrorist]

/bin/busybox

[busybox pkill -9 busyboxterrorist]

/bin/sh

[sh -c pkill -9 dvrHelper || busybox pkill -9 dvrHelper]

/usr/bin/pkill

[pkill -9 dvrHelper]

/bin/busybox

[busybox pkill -9 dvrHelper]

/bin/sh

[sh -c pkill -9 kmy* || busybox pkill -9 kmy*]

/usr/bin/pkill

[pkill -9 kmy*]

/bin/busybox

[busybox pkill -9 kmy*]

/bin/sh

[sh -c pkill -9 lol* || busybox pkill -9 lol*]

/usr/bin/pkill

[pkill -9 lol*]

/bin/sh

[sh -c pkill -9 telmips || busybox pkill -9 telmips]

/usr/bin/pkill

[pkill -9 telmips]

/bin/busybox

[busybox pkill -9 telmips]

/bin/sh

[sh -c pkill -9 telmips64 || busybox pkill -9 telmips64]

/usr/bin/pkill

[pkill -9 telmips64]

/bin/busybox

[busybox pkill -9 telmips64]

/bin/sh

[sh -c pkill -9 telmipsel || busybox pkill -9 telmipsel]

/usr/bin/pkill

[pkill -9 telmipsel]

/bin/busybox

[busybox pkill -9 telmipsel]

/bin/sh

[sh -c pkill -9 telsh2eb || busybox pkill -9 telsh2eb]

/usr/bin/pkill

[pkill -9 telsh2eb]

/bin/busybox

[busybox pkill -9 telsh2eb]

/bin/sh

[sh -c pkill -9 telsh2elf || busybox pkill -9 telsh2elf]

/usr/bin/pkill

[pkill -9 telsh2elf]

/bin/busybox

[busybox pkill -9 telsh2elf]

/bin/sh

[sh -c pkill -9 telsh4 || busybox pkill -9 telsh4]

/usr/bin/pkill

[pkill -9 telsh4]

/bin/busybox

[busybox pkill -9 telsh4]

/bin/sh

[sh -c pkill -9 telx86 || busybox pkill -9 telx86]

/usr/bin/pkill

[pkill -9 telx86]

/bin/busybox

[busybox pkill -9 telx86]

/bin/sh

[sh -c pkill -9 telarmv5 || busybox pkill -9 telarmv5]

/usr/bin/pkill

[pkill -9 telarmv5]

/bin/busybox

[busybox pkill -9 telarmv5]

/bin/sh

[sh -c pkill -9 telarmv4tl || busybox pkill -9 telarmv4tl]

/usr/bin/pkill

[pkill -9 telarmv4tl]

/bin/busybox

[busybox pkill -9 telarmv4tl]

/bin/sh

[sh -c pkill -9 telarmv4 || busybox pkill -9 telarmv4]

/usr/bin/pkill

[pkill -9 telarmv4]

/bin/busybox

[busybox pkill -9 telarmv4]

/bin/sh

[sh -c pkill -9 telarmv6 || busybox pkill -9 telarmv6]

/usr/bin/pkill

[pkill -9 telarmv6]

/bin/busybox

[busybox pkill -9 telarmv6]

/bin/sh

[sh -c pkill -9 teli686 || busybox pkill -9 teli686]

/usr/bin/pkill

[pkill -9 teli686]

/bin/busybox

[busybox pkill -9 teli686]

/bin/sh

[sh -c pkill -9 telpowerpc || busybox pkill -9 telpowerpc]

/usr/bin/pkill

[pkill -9 telpowerpc]

/bin/busybox

[busybox pkill -9 telpowerpc]

/bin/sh

[sh -c pkill -9 telpowerpc440fp || busybox pkill -9 telpowerpc440fp]

/usr/bin/pkill

[pkill -9 telpowerpc440fp]

/bin/busybox

[busybox pkill -9 telpowerpc440fp]

/bin/sh

[sh -c pkill -9 teli586 || busybox pkill -9 teli586]

/usr/bin/pkill

[pkill -9 teli586]

/bin/busybox

[busybox pkill -9 teli586]

/bin/sh

[sh -c pkill -9 telm68k || busybox pkill -9 telm68k]

/usr/bin/pkill

[pkill -9 telm68k]

/bin/busybox

[busybox pkill -9 telm68k]

/bin/sh

[sh -c pkill -9 telsparc || busybox pkill -9 telsparc]

/usr/bin/pkill

[pkill -9 telsparc]

/bin/busybox

[busybox pkill -9 telsparc]

/bin/sh

[sh -c pkill -9 telx86_64 || busybox pkill -9 telx86_64]

/usr/bin/pkill

[pkill -9 telx86_64]

/bin/busybox

[busybox pkill -9 telx86_64]

/bin/sh

[sh -c pkill -9 TwoFace* || busybox pkill -9 TwoFace*]

/usr/bin/pkill

[pkill -9 TwoFace*]

/bin/busybox

[busybox pkill -9 TwoFace*]

/bin/sh

[sh -c pkill -9 xxb* || busybox pkill -9 xxb*]

/usr/bin/pkill

[pkill -9 xxb*]

/bin/busybox

[busybox pkill -9 xxb*]

/bin/sh

[sh -c pkill -9 bb || busybox pkill -9 bb]

/usr/bin/pkill

[pkill -9 bb]

/bin/busybox

[busybox pkill -9 bb]

/bin/sh

[sh -c pkill -9 busybotnet || busybox pkill -9 busybotnet]

/usr/bin/pkill

[pkill -9 busybotnet]

/bin/busybox

[busybox pkill -9 busybotnet]

/bin/sh

[sh -c pkill -9 busybox || busybox pkill -9 busybox]

/usr/bin/pkill

[pkill -9 busybox]

/bin/busybox

[busybox pkill -9 busybox]

/bin/sh

[sh -c pkill -9 badbox || busybox pkill -9 badbox]

/usr/bin/pkill

[pkill -9 badbox]

/bin/busybox

[busybox pkill -9 badbox]

/bin/sh

[sh -c pkill -9 B1 || busybox pkill -9 B1]

/usr/bin/pkill

[pkill -9 B1]

/bin/busybox

[busybox pkill -9 B1]

/bin/sh

[sh -c pkill -9 B2 || busybox pkill -9 B2]

/usr/bin/pkill

[pkill -9 B2]

/bin/busybox

[busybox pkill -9 B2]

/bin/sh

[sh -c pkill -9 B3 || busybox pkill -9 B3]

/usr/bin/pkill

[pkill -9 B3]

/bin/busybox

[busybox pkill -9 B3]

/bin/sh

[sh -c pkill -9 B4 || busybox pkill -9 B4]

/usr/bin/pkill

[pkill -9 B4]

/bin/busybox

[busybox pkill -9 B4]

/bin/sh

[sh -c pkill -9 B5 || busybox pkill -9 B5]

/usr/bin/pkill

[pkill -9 B5]

/bin/busybox

[busybox pkill -9 B5]

/bin/sh

[sh -c pkill -9 B6 || busybox pkill -9 B6]

/usr/bin/pkill

[pkill -9 B6]

/bin/busybox

[busybox pkill -9 B6]

/bin/sh

[sh -c pkill -9 B7 || busybox pkill -9 B7]

/usr/bin/pkill

[pkill -9 B7]

/bin/busybox

[busybox pkill -9 B7]

/bin/sh

[sh -c pkill -9 B8 || busybox pkill -9 B8]

/usr/bin/pkill

[pkill -9 B8]

/bin/busybox

[busybox pkill -9 B8]

/bin/sh

[sh -c pkill -9 B9 || busybox pkill -9 B9]

/usr/bin/pkill

[pkill -9 B9]

/bin/busybox

[busybox pkill -9 B9]

/bin/sh

[sh -c pkill -9 B10 || busybox pkill -9 B10]

/usr/bin/pkill

[pkill -9 B10]

/bin/busybox

[busybox pkill -9 B10]

/bin/sh

[sh -c pkill -9 B11 || busybox pkill -9 B11]

/usr/bin/pkill

[pkill -9 B11]

/bin/busybox

[busybox pkill -9 B11]

/bin/sh

[sh -c pkill -9 B12 || busybox pkill -9 B12]

/usr/bin/pkill

[pkill -9 B12]

/bin/busybox

[busybox pkill -9 B12]

/bin/sh

[sh -c pkill -9 B13 || busybox pkill -9 B13]

/usr/bin/pkill

[pkill -9 B13]

/bin/busybox

[busybox pkill -9 B13]

/bin/sh

[sh -c pkill -9 B14 || busybox pkill -9 B14]

/usr/bin/pkill

[pkill -9 B14]

/bin/busybox

[busybox pkill -9 B14]

/bin/sh

[sh -c pkill -9 B15 || busybox pkill -9 B15]

/usr/bin/pkill

[pkill -9 B15]

/bin/busybox

[busybox pkill -9 B15]

/bin/sh

[sh -c pkill -9 B16 || busybox pkill -9 B16]

/usr/bin/pkill

[pkill -9 B16]

/bin/busybox

[busybox pkill -9 B16]

/bin/sh

[sh -c pkill -9 B17 || busybox pkill -9 B17]

/usr/bin/pkill

[pkill -9 B17]

/bin/busybox

[busybox pkill -9 B17]

/bin/sh

[sh -c pkill -9 B18 || busybox pkill -9 B18]

/usr/bin/pkill

[pkill -9 B18]

/bin/busybox

[busybox pkill -9 B18]

/bin/sh

[sh -c pkill -9 B20 || busybox pkill -9 B20]

/usr/bin/pkill

[pkill -9 B20]

/bin/busybox

[busybox pkill -9 B20]

/bin/sh

[sh -c pkill -9 gaybot || busybox pkill -9 gaybot]

/usr/bin/pkill

[pkill -9 gaybot]

/bin/busybox

[busybox pkill -9 gaybot]

/bin/sh

[sh -c pkill -9 hackz || busybox pkill -9 hackz]

/usr/bin/pkill

[pkill -9 hackz]

/bin/busybox

[busybox pkill -9 hackz]

/bin/sh

[sh -c pkill -9 bin* || busybox pkill -9 bin*]

/usr/bin/pkill

[pkill -9 bin]

/bin/busybox

[busybox pkill -9 bin]

/bin/sh

[sh -c pkill -9 gtop || busybox pkill -9 gtop]

/usr/bin/pkill

[pkill -9 gtop]

/bin/busybox

[busybox pkill -9 gtop]

/bin/sh

[sh -c pkill -9 botnet || busybox pkill -9 botnet]

/usr/bin/pkill

[pkill -9 botnet]

/bin/busybox

[busybox pkill -9 botnet]

/bin/sh

[sh -c pkill -9 swatnet || busybox pkill -9 swatnet]

/usr/bin/pkill

[pkill -9 swatnet]

/bin/busybox

[busybox pkill -9 swatnet]

/bin/sh

[sh -c pkill -9 ballpit || busybox pkill -9 ballpit]

/usr/bin/pkill

[pkill -9 ballpit]

/bin/busybox

[busybox pkill -9 ballpit]

/bin/sh

[sh -c pkill -9 fucknet || busybox pkill -9 fucknet]

/usr/bin/pkill

[pkill -9 fucknet]

/bin/busybox

[busybox pkill -9 fucknet]

/bin/sh

[sh -c pkill -9 cracknet || busybox pkill -9 cracknet]

/usr/bin/pkill

[pkill -9 cracknet]

/bin/busybox

[busybox pkill -9 cracknet]

/bin/sh

[sh -c pkill -9 weednet || busybox pkill -9 weednet]

/usr/bin/pkill

[pkill -9 weednet]

/bin/busybox

[busybox pkill -9 weednet]

/bin/sh

[sh -c pkill -9 gaynet || busybox pkill -9 gaynet]

/usr/bin/pkill

[pkill -9 gaynet]

/bin/busybox

[busybox pkill -9 gaynet]

/bin/sh

[sh -c pkill -9 queernet || busybox pkill -9 queernet]

/usr/bin/pkill

[pkill -9 queernet]

/bin/busybox

[busybox pkill -9 queernet]

/bin/sh

[sh -c pkill -9 ballnet || busybox pkill -9 ballnet]

/usr/bin/pkill

[pkill -9 ballnet]

/bin/busybox

[busybox pkill -9 ballnet]

/bin/sh

[sh -c pkill -9 unet || busybox pkill -9 unet]

/usr/bin/pkill

[pkill -9 unet]

/bin/busybox

[busybox pkill -9 unet]

/bin/sh

[sh -c pkill -9 yougay || busybox pkill -9 yougay]

/usr/bin/pkill

[pkill -9 yougay]

/bin/busybox

[busybox pkill -9 yougay]

/bin/sh

[sh -c pkill -9 sttftp || busybox pkill -9 sttftp]

/usr/bin/pkill

[pkill -9 sttftp]

/bin/busybox

[busybox pkill -9 sttftp]

/bin/sh

[sh -c pkill -9 sstftp || busybox pkill -9 sstftp]

/usr/bin/pkill

[pkill -9 sstftp]

/bin/busybox

[busybox pkill -9 sstftp]

/bin/sh

[sh -c pkill -9 sbtftp || busybox pkill -9 sbtftp]

/usr/bin/pkill

[pkill -9 sbtftp]

/bin/busybox

[busybox pkill -9 sbtftp]

/bin/sh

[sh -c pkill -9 btftp || busybox pkill -9 btftp]

/usr/bin/pkill

[pkill -9 btftp]

/bin/busybox

[busybox pkill -9 btftp]

/bin/sh

[sh -c pkill -9 y0u1sg3y || busybox pkill -9 y0u1sg3y]

Network

Country Destination Domain Proto
CN 212.64.67.230:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
CN 212.64.67.230:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.52.68.18:6667 tcp
CN 106.52.68.18:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.52.68.18:6667 tcp
CN 106.52.68.18:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.52.68.18:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.52.68.18:6667 tcp
CN 212.64.67.230:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.53.200.20:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.52.68.18:6667 tcp
CN 106.52.68.18:6667 tcp

Files

N/A