Malware Analysis Report

2024-12-01 00:46

Sample ID 220121-2z7qmacddk
Target e05f4529165e5a0d406449333cbb6de9d9af290005b34f8657c7ecd5f4867a7a
SHA256 e05f4529165e5a0d406449333cbb6de9d9af290005b34f8657c7ecd5f4867a7a
Tags
kaiten persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

e05f4529165e5a0d406449333cbb6de9d9af290005b34f8657c7ecd5f4867a7a

Threat Level: Known bad

The file e05f4529165e5a0d406449333cbb6de9d9af290005b34f8657c7ecd5f4867a7a was found to be: Known bad.

Malicious Activity Summary

kaiten persistence

Identified Kaiten Bot

Kaiten family

Modifies rc script

Reads CPU attributes

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-01-21 23:02

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-21 23:02

Reported

2022-01-21 23:29

Platform

debian9-armhf-en-20211208

Max time kernel

0s

Max time network

159s

Command Line

[./e05f4529165e5a0d406449333cbb6de9d9af290005b34f8657c7ecd5f4867a7a]

Signatures

Modifies rc script

persistence
Description Indicator Process Target
/etc/rc.d/rc.local /etc/rc.d/rc.local N/A N/A

Reads CPU attributes

Description Indicator Process Target
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A

Reads runtime system information

Description Indicator Process Target
/proc/101/status /proc/101/status /usr/bin/pkill N/A
/proc/359/status /proc/359/status /usr/bin/pkill N/A
/proc/16/status /proc/16/status /usr/bin/pkill N/A
/proc/308/status /proc/308/status /usr/bin/pkill N/A
/proc/17/cmdline /proc/17/cmdline /usr/bin/pkill N/A
/proc/362/cmdline /proc/362/cmdline /usr/bin/pkill N/A
/proc/101/cmdline /proc/101/cmdline /usr/bin/pkill N/A
/proc/525/status /proc/525/status /usr/bin/pkill N/A
/proc/110/status /proc/110/status /usr/bin/pkill N/A
/proc/6/cmdline /proc/6/cmdline /usr/bin/pkill N/A
/proc/113/status /proc/113/status /usr/bin/pkill N/A
/proc/7/cmdline /proc/7/cmdline /usr/bin/pkill N/A
/proc/29/cmdline /proc/29/cmdline /usr/bin/pkill N/A
/proc/169/status /proc/169/status /usr/bin/pkill N/A
/proc/112/cmdline /proc/112/cmdline /usr/bin/pkill N/A
/proc/291/status /proc/291/status /usr/bin/pkill N/A
/proc/19/cmdline /proc/19/cmdline /usr/bin/pkill N/A
/proc/101/status /proc/101/status /usr/bin/pkill N/A
/proc/676/status /proc/676/status /usr/bin/pkill N/A
/proc/312/cmdline /proc/312/cmdline /usr/bin/pkill N/A
/proc/525/status /proc/525/status /usr/bin/pkill N/A
/proc/3/cmdline /proc/3/cmdline /usr/bin/pkill N/A
/proc/359/cmdline /proc/359/cmdline /usr/bin/pkill N/A
/proc/507/status /proc/507/status /usr/bin/pkill N/A
/proc/8/status /proc/8/status /usr/bin/pkill N/A
/proc/217/status /proc/217/status /usr/bin/pkill N/A
/proc/15/status /proc/15/status /usr/bin/pkill N/A
/proc/110/status /proc/110/status /usr/bin/pkill N/A
/proc/280/status /proc/280/status /usr/bin/pkill N/A
/proc/42/status /proc/42/status /usr/bin/pkill N/A
/proc/17/cmdline /proc/17/cmdline /usr/bin/pkill N/A
/proc/23/status /proc/23/status /usr/bin/pkill N/A
/proc/112/status /proc/112/status /usr/bin/pkill N/A
/proc/279/status /proc/279/status /usr/bin/pkill N/A
/proc/4/cmdline /proc/4/cmdline /usr/bin/pkill N/A
/proc/279/status /proc/279/status /usr/bin/pkill N/A
/proc/4/status /proc/4/status /usr/bin/pkill N/A
/proc/18/cmdline /proc/18/cmdline /usr/bin/pkill N/A
/proc/7/status /proc/7/status /usr/bin/pkill N/A
/proc/169/status /proc/169/status /usr/bin/pkill N/A
/proc/238/cmdline /proc/238/cmdline /usr/bin/pkill N/A
/proc/585/status /proc/585/status /usr/bin/pkill N/A
/proc/112/status /proc/112/status /usr/bin/pkill N/A
/proc/139/cmdline /proc/139/cmdline /usr/bin/pkill N/A
/proc/29/status /proc/29/status /usr/bin/pkill N/A
/proc/17/status /proc/17/status /usr/bin/pkill N/A
/proc/548/cmdline /proc/548/cmdline /usr/bin/pkill N/A
/proc/13/status /proc/13/status /usr/bin/pkill N/A
/proc/24/status /proc/24/status /usr/bin/pkill N/A
/proc/19/cmdline /proc/19/cmdline /usr/bin/pkill N/A
/proc/16/cmdline /proc/16/cmdline /usr/bin/pkill N/A
/proc/1/cmdline /proc/1/cmdline /usr/bin/pkill N/A
/proc/291/cmdline /proc/291/cmdline /usr/bin/pkill N/A
/proc/43/status /proc/43/status /usr/bin/pkill N/A
/proc/22/status /proc/22/status /usr/bin/pkill N/A
/proc/359/status /proc/359/status /usr/bin/pkill N/A
/proc/283/status /proc/283/status /usr/bin/pkill N/A
/proc/15/cmdline /proc/15/cmdline /usr/bin/pkill N/A
/proc/20/status /proc/20/status /usr/bin/pkill N/A
/proc/23/cmdline /proc/23/cmdline /usr/bin/pkill N/A
/proc/4/cmdline /proc/4/cmdline /usr/bin/pkill N/A
/proc/24/cmdline /proc/24/cmdline /usr/bin/pkill N/A
/proc/24/cmdline /proc/24/cmdline /usr/bin/pkill N/A
/proc/525/status /proc/525/status /usr/bin/pkill N/A

Processes

./e05f4529165e5a0d406449333cbb6de9d9af290005b34f8657c7ecd5f4867a7a

[./e05f4529165e5a0d406449333cbb6de9d9af290005b34f8657c7ecd5f4867a7a]

/bin/sh

[sh -c pkill -9 mirai.* || busybox pkill -9 mirai.*]

/usr/bin/pkill

[pkill -9 mirai.*]

/bin/busybox

[busybox pkill -9 mirai.*]

/bin/sh

[sh -c pkill -9 dlr.*mips || busybox pkill -9 dlr.*mips]

/usr/bin/pkill

[pkill -9 dlr.*mips]

/bin/busybox

[busybox pkill -9 dlr.*mips]

/bin/sh

[sh -c pkill -9 mips64 || busybox pkill -9 mips64]

/usr/bin/pkill

[pkill -9 mips64]

/bin/busybox

[busybox pkill -9 mips64]

/bin/sh

[sh -c pkill -9 mipsel || busybox pkill -9 mipsel]

/usr/bin/pkill

[pkill -9 mipsel]

/bin/busybox

[busybox pkill -9 mipsel]

/bin/sh

[sh -c pkill -9 sh2eb || busybox pkill -9 sh2eb]

/usr/bin/pkill

[pkill -9 sh2eb]

/bin/busybox

[busybox pkill -9 sh2eb]

/bin/sh

[sh -c pkill -9 sh2elf || busybox pkill -9 sh2elf]

/usr/bin/pkill

[pkill -9 sh2elf]

/bin/busybox

[busybox pkill -9 sh2elf]

/bin/sh

[sh -c pkill -9 sh4 || busybox pkill -9 sh4]

/usr/bin/pkill

[pkill -9 sh4]

/bin/busybox

[busybox pkill -9 sh4]

/bin/sh

[sh -c pkill -9 x86 || busybox pkill -9 x86]

/usr/bin/pkill

[pkill -9 x86]

/bin/busybox

[busybox pkill -9 x86]

/bin/sh

[sh -c pkill -9 arm || busybox pkill -9 arm]

/usr/bin/pkill

[pkill -9 arm]

/bin/busybox

[busybox pkill -9 arm]

/bin/sh

[sh -c pkill -9 armv5 || busybox pkill -9 armv5]

/usr/bin/pkill

[pkill -9 armv5]

/bin/busybox

[busybox pkill -9 armv5]

/bin/sh

[sh -c pkill -9 armv4tl || busybox pkill -9 armv4tl]

/usr/bin/pkill

[pkill -9 armv4tl]

/bin/busybox

[busybox pkill -9 armv4tl]

/bin/sh

[sh -c pkill -9 armv4 || busybox pkill -9 armv4]

/usr/bin/pkill

[pkill -9 armv4]

/bin/busybox

[busybox pkill -9 armv4]

/bin/sh

[sh -c pkill -9 armv6 || busybox pkill -9 armv6]

/usr/bin/pkill

[pkill -9 armv6]

/bin/busybox

[busybox pkill -9 armv6]

/bin/sh

[sh -c pkill -9 i686 || busybox pkill -9 i686]

/usr/bin/pkill

[pkill -9 i686]

/bin/busybox

[busybox pkill -9 i686]

/bin/sh

[sh -c pkill -9 powerpc || busybox pkill -9 powerpc]

/usr/bin/pkill

[pkill -9 powerpc]

/bin/busybox

[busybox pkill -9 powerpc]

/bin/sh

[sh -c pkill -9 powerpc440fp || busybox pkill -9 powerpc440fp]

/usr/bin/pkill

[pkill -9 powerpc440fp]

/bin/busybox

[busybox pkill -9 powerpc440fp]

/bin/sh

[sh -c pkill -9 i586 || busybox pkill -9 i586]

/usr/bin/pkill

[pkill -9 i586]

/bin/busybox

[busybox pkill -9 i586]

/bin/sh

[sh -c pkill -9 m68k || busybox pkill -9 m68k]

/usr/bin/pkill

[pkill -9 m68k]

/bin/busybox

[busybox pkill -9 m68k]

/bin/sh

[sh -c pkill -9 sparc || busybox pkill -9 sparc]

/usr/bin/pkill

[pkill -9 sparc]

/bin/busybox

[busybox pkill -9 sparc]

/bin/sh

[sh -c pkill -9 x86_64 || busybox pkill -9 x86_64]

/usr/bin/pkill

[pkill -9 x86_64]

/bin/busybox

[busybox pkill -9 x86_64]

/bin/sh

[sh -c pkill -9 jackmy* || busybox pkill -9 jackmy*]

/usr/bin/pkill

[pkill -9 jackmy*]

/bin/busybox

[busybox pkill -9 jackmy*]

/bin/sh

[sh -c pkill -9 hackmy* || busybox pkill -9 hackmy*]

/usr/bin/pkill

[pkill -9 hackmy*]

/bin/busybox

[busybox pkill -9 hackmy*]

/bin/sh

[sh -c pkill -9 b1 || busybox pkill -9 b1]

/usr/bin/pkill

[pkill -9 b1]

/bin/busybox

[busybox pkill -9 b1]

/bin/sh

[sh -c pkill -9 b2 || busybox pkill -9 b2]

/usr/bin/pkill

[pkill -9 b2]

/bin/busybox

[busybox pkill -9 b2]

/bin/sh

[sh -c pkill -9 b3 || busybox pkill -9 b3]

/usr/bin/pkill

[pkill -9 b3]

/bin/busybox

[busybox pkill -9 b3]

/bin/sh

[sh -c pkill -9 b4 || busybox pkill -9 b4]

/usr/bin/pkill

[pkill -9 b4]

/bin/busybox

[busybox pkill -9 b4]

/bin/sh

[sh -c pkill -9 b5 || busybox pkill -9 b5]

/usr/bin/pkill

[pkill -9 b5]

/bin/busybox

[busybox pkill -9 b5]

/bin/sh

[sh -c pkill -9 b6 || busybox pkill -9 b6]

/usr/bin/pkill

[pkill -9 b6]

/bin/busybox

[busybox pkill -9 b6]

/bin/sh

[sh -c pkill -9 b7 || busybox pkill -9 b7]

/usr/bin/pkill

[pkill -9 b7]

/bin/busybox

[busybox pkill -9 b7]

/bin/sh

[sh -c pkill -9 b8 || busybox pkill -9 b8]

/usr/bin/pkill

[pkill -9 b8]

/bin/busybox

[busybox pkill -9 b8]

/bin/sh

[sh -c pkill -9 b9 || busybox pkill -9 b9]

/usr/bin/pkill

[pkill -9 b9]

/bin/busybox

[busybox pkill -9 b9]

/bin/sh

[sh -c pkill -9 b10 || busybox pkill -9 b10]

/usr/bin/pkill

[pkill -9 b10]

/bin/busybox

[busybox pkill -9 b10]

/bin/sh

[sh -c pkill -9 b11 || busybox pkill -9 b11]

/usr/bin/pkill

[pkill -9 b11]

/bin/busybox

[busybox pkill -9 b11]

/bin/sh

[sh -c pkill -9 b12 || busybox pkill -9 b12]

/usr/bin/pkill

[pkill -9 b12]

/bin/busybox

[busybox pkill -9 b12]

/bin/sh

[sh -c pkill -9 b13 || busybox pkill -9 b13]

/usr/bin/pkill

[pkill -9 b13]

/bin/busybox

[busybox pkill -9 b13]

/bin/sh

[sh -c pkill -9 b14 || busybox pkill -9 b14]

/usr/bin/pkill

[pkill -9 b14]

/bin/busybox

[busybox pkill -9 b14]

/bin/sh

[sh -c pkill -9 b15 || busybox pkill -9 b15]

/usr/bin/pkill

[pkill -9 b15]

/bin/busybox

[busybox pkill -9 b15]

/bin/sh

[sh -c pkill -9 b16 || busybox pkill -9 b16]

/usr/bin/pkill

[pkill -9 b16]

/bin/busybox

[busybox pkill -9 b16]

/bin/sh

[sh -c pkill -9 b17 || busybox pkill -9 b17]

/usr/bin/pkill

[pkill -9 b17]

/bin/busybox

[busybox pkill -9 b17]

/bin/sh

[sh -c pkill -9 b18 || busybox pkill -9 b18]

/usr/bin/pkill

[pkill -9 b18]

/bin/busybox

[busybox pkill -9 b18]

/bin/sh

[sh -c pkill -9 b19 || busybox pkill -9 b19]

/usr/bin/pkill

[pkill -9 b19]

/bin/busybox

[busybox pkill -9 b19]

/bin/sh

[sh -c pkill -9 b20 || busybox pkill -9 b20]

/usr/bin/pkill

[pkill -9 b20]

/bin/busybox

[busybox pkill -9 b20]

/bin/sh

[sh -c pkill -9 busyboxterrorist || busybox pkill -9 busyboxterrorist]

/usr/bin/pkill

[pkill -9 busyboxterrorist]

/bin/busybox

[busybox pkill -9 busyboxterrorist]

/bin/sh

[sh -c pkill -9 dvrHelper || busybox pkill -9 dvrHelper]

/usr/bin/pkill

[pkill -9 dvrHelper]

/bin/busybox

[busybox pkill -9 dvrHelper]

/bin/sh

[sh -c pkill -9 kmy* || busybox pkill -9 kmy*]

/usr/bin/pkill

[pkill -9 kmy*]

/bin/busybox

[busybox pkill -9 kmy*]

/bin/sh

[sh -c pkill -9 lol* || busybox pkill -9 lol*]

/usr/bin/pkill

[pkill -9 lol*]

/bin/sh

[sh -c pkill -9 telmips || busybox pkill -9 telmips]

/usr/bin/pkill

[pkill -9 telmips]

/bin/busybox

[busybox pkill -9 telmips]

/bin/sh

[sh -c pkill -9 telmips64 || busybox pkill -9 telmips64]

/usr/bin/pkill

[pkill -9 telmips64]

/bin/busybox

[busybox pkill -9 telmips64]

/bin/sh

[sh -c pkill -9 telmipsel || busybox pkill -9 telmipsel]

/usr/bin/pkill

[pkill -9 telmipsel]

/bin/busybox

[busybox pkill -9 telmipsel]

/bin/sh

[sh -c pkill -9 telsh2eb || busybox pkill -9 telsh2eb]

/usr/bin/pkill

[pkill -9 telsh2eb]

/bin/busybox

[busybox pkill -9 telsh2eb]

/bin/sh

[sh -c pkill -9 telsh2elf || busybox pkill -9 telsh2elf]

/usr/bin/pkill

[pkill -9 telsh2elf]

/bin/busybox

[busybox pkill -9 telsh2elf]

/bin/sh

[sh -c pkill -9 telsh4 || busybox pkill -9 telsh4]

/usr/bin/pkill

[pkill -9 telsh4]

/bin/busybox

[busybox pkill -9 telsh4]

/bin/sh

[sh -c pkill -9 telx86 || busybox pkill -9 telx86]

/usr/bin/pkill

[pkill -9 telx86]

/bin/busybox

[busybox pkill -9 telx86]

/bin/sh

[sh -c pkill -9 telarmv5 || busybox pkill -9 telarmv5]

/usr/bin/pkill

[pkill -9 telarmv5]

/bin/busybox

[busybox pkill -9 telarmv5]

/bin/sh

[sh -c pkill -9 telarmv4tl || busybox pkill -9 telarmv4tl]

/usr/bin/pkill

[pkill -9 telarmv4tl]

/bin/busybox

[busybox pkill -9 telarmv4tl]

/bin/sh

[sh -c pkill -9 telarmv4 || busybox pkill -9 telarmv4]

/usr/bin/pkill

[pkill -9 telarmv4]

/bin/busybox

[busybox pkill -9 telarmv4]

/bin/sh

[sh -c pkill -9 telarmv6 || busybox pkill -9 telarmv6]

/usr/bin/pkill

[pkill -9 telarmv6]

/bin/busybox

[busybox pkill -9 telarmv6]

/bin/sh

[sh -c pkill -9 teli686 || busybox pkill -9 teli686]

/usr/bin/pkill

[pkill -9 teli686]

/bin/busybox

[busybox pkill -9 teli686]

/bin/sh

[sh -c pkill -9 telpowerpc || busybox pkill -9 telpowerpc]

/usr/bin/pkill

[pkill -9 telpowerpc]

/bin/busybox

[busybox pkill -9 telpowerpc]

/bin/sh

[sh -c pkill -9 telpowerpc440fp || busybox pkill -9 telpowerpc440fp]

/usr/bin/pkill

[pkill -9 telpowerpc440fp]

/bin/busybox

[busybox pkill -9 telpowerpc440fp]

/bin/sh

[sh -c pkill -9 teli586 || busybox pkill -9 teli586]

/usr/bin/pkill

[pkill -9 teli586]

/bin/busybox

[busybox pkill -9 teli586]

/bin/sh

[sh -c pkill -9 telm68k || busybox pkill -9 telm68k]

/usr/bin/pkill

[pkill -9 telm68k]

/bin/busybox

[busybox pkill -9 telm68k]

/bin/sh

[sh -c pkill -9 telsparc || busybox pkill -9 telsparc]

/usr/bin/pkill

[pkill -9 telsparc]

/bin/busybox

[busybox pkill -9 telsparc]

/bin/sh

[sh -c pkill -9 telx86_64 || busybox pkill -9 telx86_64]

/usr/bin/pkill

[pkill -9 telx86_64]

/bin/busybox

[busybox pkill -9 telx86_64]

/bin/sh

[sh -c pkill -9 TwoFace* || busybox pkill -9 TwoFace*]

/usr/bin/pkill

[pkill -9 TwoFace*]

/bin/busybox

[busybox pkill -9 TwoFace*]

/bin/sh

[sh -c pkill -9 xxb* || busybox pkill -9 xxb*]

/usr/bin/pkill

[pkill -9 xxb*]

/bin/busybox

[busybox pkill -9 xxb*]

/bin/sh

[sh -c pkill -9 bb || busybox pkill -9 bb]

/usr/bin/pkill

[pkill -9 bb]

/bin/busybox

[busybox pkill -9 bb]

/bin/sh

[sh -c pkill -9 busybotnet || busybox pkill -9 busybotnet]

/usr/bin/pkill

[pkill -9 busybotnet]

/bin/busybox

[busybox pkill -9 busybotnet]

/bin/sh

[sh -c pkill -9 busybox || busybox pkill -9 busybox]

/usr/bin/pkill

[pkill -9 busybox]

/bin/busybox

[busybox pkill -9 busybox]

/bin/sh

[sh -c pkill -9 badbox || busybox pkill -9 badbox]

/usr/bin/pkill

[pkill -9 badbox]

/bin/busybox

[busybox pkill -9 badbox]

/bin/sh

[sh -c pkill -9 B1 || busybox pkill -9 B1]

/usr/bin/pkill

[pkill -9 B1]

/bin/busybox

[busybox pkill -9 B1]

/bin/sh

[sh -c pkill -9 B2 || busybox pkill -9 B2]

/usr/bin/pkill

[pkill -9 B2]

/bin/busybox

[busybox pkill -9 B2]

/bin/sh

[sh -c pkill -9 B3 || busybox pkill -9 B3]

/usr/bin/pkill

[pkill -9 B3]

/bin/busybox

[busybox pkill -9 B3]

/bin/sh

[sh -c pkill -9 B4 || busybox pkill -9 B4]

/usr/bin/pkill

[pkill -9 B4]

/bin/busybox

[busybox pkill -9 B4]

/bin/sh

[sh -c pkill -9 B5 || busybox pkill -9 B5]

/usr/bin/pkill

[pkill -9 B5]

/bin/busybox

[busybox pkill -9 B5]

/bin/sh

[sh -c pkill -9 B6 || busybox pkill -9 B6]

/usr/bin/pkill

[pkill -9 B6]

/bin/busybox

[busybox pkill -9 B6]

/bin/sh

[sh -c pkill -9 B7 || busybox pkill -9 B7]

/usr/bin/pkill

[pkill -9 B7]

/bin/busybox

[busybox pkill -9 B7]

/bin/sh

[sh -c pkill -9 B8 || busybox pkill -9 B8]

/usr/bin/pkill

[pkill -9 B8]

/bin/busybox

[busybox pkill -9 B8]

/bin/sh

[sh -c pkill -9 B9 || busybox pkill -9 B9]

/usr/bin/pkill

[pkill -9 B9]

/bin/busybox

[busybox pkill -9 B9]

/bin/sh

[sh -c pkill -9 B10 || busybox pkill -9 B10]

/usr/bin/pkill

[pkill -9 B10]

/bin/busybox

[busybox pkill -9 B10]

/bin/sh

[sh -c pkill -9 B11 || busybox pkill -9 B11]

/usr/bin/pkill

[pkill -9 B11]

/bin/busybox

[busybox pkill -9 B11]

/bin/sh

[sh -c pkill -9 B12 || busybox pkill -9 B12]

/usr/bin/pkill

[pkill -9 B12]

/bin/busybox

[busybox pkill -9 B12]

/bin/sh

[sh -c pkill -9 B13 || busybox pkill -9 B13]

/usr/bin/pkill

[pkill -9 B13]

/bin/busybox

[busybox pkill -9 B13]

/bin/sh

[sh -c pkill -9 B14 || busybox pkill -9 B14]

/usr/bin/pkill

[pkill -9 B14]

/bin/busybox

[busybox pkill -9 B14]

/bin/sh

[sh -c pkill -9 B15 || busybox pkill -9 B15]

/usr/bin/pkill

[pkill -9 B15]

/bin/busybox

[busybox pkill -9 B15]

/bin/sh

[sh -c pkill -9 B16 || busybox pkill -9 B16]

/usr/bin/pkill

[pkill -9 B16]

/bin/busybox

[busybox pkill -9 B16]

/bin/sh

[sh -c pkill -9 B17 || busybox pkill -9 B17]

/usr/bin/pkill

[pkill -9 B17]

/bin/busybox

[busybox pkill -9 B17]

/bin/sh

[sh -c pkill -9 B18 || busybox pkill -9 B18]

/usr/bin/pkill

[pkill -9 B18]

/bin/busybox

[busybox pkill -9 B18]

/bin/sh

[sh -c pkill -9 B20 || busybox pkill -9 B20]

/usr/bin/pkill

[pkill -9 B20]

/bin/busybox

[busybox pkill -9 B20]

/bin/sh

[sh -c pkill -9 gaybot || busybox pkill -9 gaybot]

/usr/bin/pkill

[pkill -9 gaybot]

/bin/busybox

[busybox pkill -9 gaybot]

/bin/sh

[sh -c pkill -9 hackz || busybox pkill -9 hackz]

/usr/bin/pkill

[pkill -9 hackz]

/bin/busybox

[busybox pkill -9 hackz]

/bin/sh

[sh -c pkill -9 bin* || busybox pkill -9 bin*]

/usr/bin/pkill

[pkill -9 bin]

/bin/busybox

[busybox pkill -9 bin]

/bin/sh

[sh -c pkill -9 gtop || busybox pkill -9 gtop]

/usr/bin/pkill

[pkill -9 gtop]

/bin/busybox

[busybox pkill -9 gtop]

/bin/sh

[sh -c pkill -9 botnet || busybox pkill -9 botnet]

/usr/bin/pkill

[pkill -9 botnet]

/bin/busybox

[busybox pkill -9 botnet]

/bin/sh

[sh -c pkill -9 swatnet || busybox pkill -9 swatnet]

/usr/bin/pkill

[pkill -9 swatnet]

/bin/busybox

[busybox pkill -9 swatnet]

/bin/sh

[sh -c pkill -9 ballpit || busybox pkill -9 ballpit]

/usr/bin/pkill

[pkill -9 ballpit]

/bin/busybox

[busybox pkill -9 ballpit]

/bin/sh

[sh -c pkill -9 fucknet || busybox pkill -9 fucknet]

/usr/bin/pkill

[pkill -9 fucknet]

/bin/busybox

[busybox pkill -9 fucknet]

/bin/sh

[sh -c pkill -9 cracknet || busybox pkill -9 cracknet]

/usr/bin/pkill

[pkill -9 cracknet]

/bin/busybox

[busybox pkill -9 cracknet]

/bin/sh

[sh -c pkill -9 weednet || busybox pkill -9 weednet]

/usr/bin/pkill

[pkill -9 weednet]

/bin/busybox

[busybox pkill -9 weednet]

/bin/sh

[sh -c pkill -9 gaynet || busybox pkill -9 gaynet]

/usr/bin/pkill

[pkill -9 gaynet]

/bin/busybox

[busybox pkill -9 gaynet]

/bin/sh

[sh -c pkill -9 queernet || busybox pkill -9 queernet]

/usr/bin/pkill

[pkill -9 queernet]

/bin/busybox

[busybox pkill -9 queernet]

/bin/sh

[sh -c pkill -9 ballnet || busybox pkill -9 ballnet]

/usr/bin/pkill

[pkill -9 ballnet]

/bin/busybox

[busybox pkill -9 ballnet]

/bin/sh

[sh -c pkill -9 unet || busybox pkill -9 unet]

/usr/bin/pkill

[pkill -9 unet]

/bin/busybox

[busybox pkill -9 unet]

/bin/sh

[sh -c pkill -9 yougay || busybox pkill -9 yougay]

/usr/bin/pkill

[pkill -9 yougay]

/bin/busybox

[busybox pkill -9 yougay]

/bin/sh

[sh -c pkill -9 sttftp || busybox pkill -9 sttftp]

/usr/bin/pkill

[pkill -9 sttftp]

/bin/busybox

[busybox pkill -9 sttftp]

/bin/sh

[sh -c pkill -9 sstftp || busybox pkill -9 sstftp]

/usr/bin/pkill

[pkill -9 sstftp]

/bin/busybox

[busybox pkill -9 sstftp]

/bin/sh

[sh -c pkill -9 sbtftp || busybox pkill -9 sbtftp]

/usr/bin/pkill

[pkill -9 sbtftp]

/bin/busybox

[busybox pkill -9 sbtftp]

Network

Country Destination Domain Proto
CN 212.64.67.230:6667 tcp
CN 212.64.67.230:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.52.68.18:6667 tcp
CN 106.53.200.20:6667 tcp
HK 154.92.16.67:6667 tcp
HK 154.92.16.67:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.52.68.18:6667 tcp
HK 154.92.16.67:6667 tcp
US 1.1.1.1:53 debian9-armhf-en-20211208-1 udp
HK 154.92.16.67:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.52.68.18:6667 tcp
CN 106.53.200.20:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.53.200.20:6667 tcp
CN 106.53.200.20:6667 tcp
HK 154.92.16.67:6667 tcp

Files

N/A