Malware Analysis Report

2024-12-01 00:52

Sample ID 220121-3dxh7sdbdj
Target a0715dc573604f1f6d09df118b72d97080d0a061deafe4dd6ff6a812adb3b77e
SHA256 a0715dc573604f1f6d09df118b72d97080d0a061deafe4dd6ff6a812adb3b77e
Tags
kaiten persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a0715dc573604f1f6d09df118b72d97080d0a061deafe4dd6ff6a812adb3b77e

Threat Level: Known bad

The file a0715dc573604f1f6d09df118b72d97080d0a061deafe4dd6ff6a812adb3b77e was found to be: Known bad.

Malicious Activity Summary

kaiten persistence

Identified Kaiten Bot

Kaiten family

Modifies rc script

Reads CPU attributes

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-01-21 23:24

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-21 23:24

Reported

2022-01-22 00:38

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

3830s

Max time network

148s

Command Line

[./a0715dc573604f1f6d09df118b72d97080d0a061deafe4dd6ff6a812adb3b77e]

Signatures

Modifies rc script

persistence
Description Indicator Process Target
/etc/rc.d/rc.local /etc/rc.d/rc.local N/A N/A

Reads CPU attributes

Description Indicator Process Target
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A

Reads runtime system information

Description Indicator Process Target
/proc/155/status /proc/155/status /usr/bin/pkill N/A
/proc/26/cmdline /proc/26/cmdline /usr/bin/pkill N/A
/proc/11/status /proc/11/status /usr/bin/pkill N/A
/proc/8/cmdline /proc/8/cmdline /usr/bin/pkill N/A
/proc/28/status /proc/28/status /usr/bin/pkill N/A
/proc/163/status /proc/163/status /usr/bin/pkill N/A
/proc/83/status /proc/83/status /usr/bin/pkill N/A
/proc/24/status /proc/24/status /usr/bin/pkill N/A
/proc/79/status /proc/79/status /usr/bin/pkill N/A
/proc/447/cmdline /proc/447/cmdline /usr/bin/pkill N/A
/proc/154/cmdline /proc/154/cmdline /usr/bin/pkill N/A
/proc/28/cmdline /proc/28/cmdline /usr/bin/pkill N/A
/proc/356/cmdline /proc/356/cmdline /usr/bin/pkill N/A
/proc/168/status /proc/168/status /usr/bin/pkill N/A
/proc/30/status /proc/30/status /usr/bin/pkill N/A
/proc/35/status /proc/35/status /usr/bin/pkill N/A
/proc/251/cmdline /proc/251/cmdline /usr/bin/pkill N/A
/proc/575/status /proc/575/status /usr/bin/pkill N/A
/proc/352/cmdline /proc/352/cmdline /usr/bin/pkill N/A
/proc/155/status /proc/155/status /usr/bin/pkill N/A
/proc/35/status /proc/35/status /usr/bin/pkill N/A
/proc/356/status /proc/356/status /usr/bin/pkill N/A
/proc/723/cmdline /proc/723/cmdline /usr/bin/pkill N/A
/proc/579/status /proc/579/status /usr/bin/pkill N/A
/proc/369/status /proc/369/status /usr/bin/pkill N/A
/proc/286/cmdline /proc/286/cmdline /usr/bin/pkill N/A
/proc/78/cmdline /proc/78/cmdline /usr/bin/pkill N/A
/proc/27/status /proc/27/status /usr/bin/pkill N/A
/proc/163/cmdline /proc/163/cmdline /usr/bin/pkill N/A
/proc/1005/cmdline /proc/1005/cmdline /usr/bin/pkill N/A
/proc/27/cmdline /proc/27/cmdline /usr/bin/pkill N/A
/proc/14/status /proc/14/status /usr/bin/pkill N/A
/proc/193/status /proc/193/status /usr/bin/pkill N/A
/proc/157/status /proc/157/status /usr/bin/pkill N/A
/proc/341/status /proc/341/status /usr/bin/pkill N/A
/proc/356/cmdline /proc/356/cmdline /usr/bin/pkill N/A
/proc/169/cmdline /proc/169/cmdline /usr/bin/pkill N/A
/proc/2/status /proc/2/status /usr/bin/pkill N/A
/proc/165/status /proc/165/status /usr/bin/pkill N/A
/proc/579/cmdline /proc/579/cmdline /usr/bin/pkill N/A
/proc/17/cmdline /proc/17/cmdline /usr/bin/pkill N/A
/proc/115/cmdline /proc/115/cmdline /usr/bin/pkill N/A
/proc/332/status /proc/332/status /usr/bin/pkill N/A
/proc/28/cmdline /proc/28/cmdline /usr/bin/pkill N/A
/proc/sys/kernel/osrelease /proc/sys/kernel/osrelease /usr/bin/pkill N/A
/proc/18/cmdline /proc/18/cmdline /usr/bin/pkill N/A
/proc/25/status /proc/25/status /usr/bin/pkill N/A
/proc/156/status /proc/156/status /usr/bin/pkill N/A
/proc/27/status /proc/27/status /usr/bin/pkill N/A
/proc/158/cmdline /proc/158/cmdline /usr/bin/pkill N/A
/proc/25/status /proc/25/status /usr/bin/pkill N/A
/proc/578/status /proc/578/status /usr/bin/pkill N/A
/proc/8/cmdline /proc/8/cmdline /usr/bin/pkill N/A
/proc/739/cmdline /proc/739/cmdline /usr/bin/pkill N/A
/proc/31/status /proc/31/status /usr/bin/pkill N/A
/proc/583/cmdline /proc/583/cmdline /usr/bin/pkill N/A
/proc/341/status /proc/341/status /usr/bin/pkill N/A
/proc/252/status /proc/252/status /usr/bin/pkill N/A
/proc/80/status /proc/80/status /usr/bin/pkill N/A
/proc/160/status /proc/160/status /usr/bin/pkill N/A
/proc/7/status /proc/7/status /usr/bin/pkill N/A
/proc/30/cmdline /proc/30/cmdline /usr/bin/pkill N/A
/proc/78/status /proc/78/status /usr/bin/pkill N/A
/proc/24/cmdline /proc/24/cmdline /usr/bin/pkill N/A

Processes

./a0715dc573604f1f6d09df118b72d97080d0a061deafe4dd6ff6a812adb3b77e

[./a0715dc573604f1f6d09df118b72d97080d0a061deafe4dd6ff6a812adb3b77e]

/bin/sh

[sh -c pkill -9 mirai.* || busybox pkill -9 mirai.*]

/usr/bin/pkill

[pkill -9 mirai.*]

/bin/busybox

[busybox pkill -9 mirai.*]

/bin/sh

[sh -c pkill -9 dlr.*mips || busybox pkill -9 dlr.*mips]

/usr/bin/pkill

[pkill -9 dlr.*mips]

/bin/busybox

[busybox pkill -9 dlr.*mips]

/bin/sh

[sh -c pkill -9 mips64 || busybox pkill -9 mips64]

/usr/bin/pkill

[pkill -9 mips64]

/bin/busybox

[busybox pkill -9 mips64]

/bin/sh

[sh -c pkill -9 mipsel || busybox pkill -9 mipsel]

/usr/bin/pkill

[pkill -9 mipsel]

/bin/busybox

[busybox pkill -9 mipsel]

/bin/sh

[sh -c pkill -9 sh2eb || busybox pkill -9 sh2eb]

/usr/bin/pkill

[pkill -9 sh2eb]

/bin/busybox

[busybox pkill -9 sh2eb]

/bin/sh

[sh -c pkill -9 sh2elf || busybox pkill -9 sh2elf]

/usr/bin/pkill

[pkill -9 sh2elf]

/bin/busybox

[busybox pkill -9 sh2elf]

/bin/sh

[sh -c pkill -9 sh4 || busybox pkill -9 sh4]

/usr/bin/pkill

[pkill -9 sh4]

/bin/busybox

[busybox pkill -9 sh4]

/bin/sh

[sh -c pkill -9 x86 || busybox pkill -9 x86]

/usr/bin/pkill

[pkill -9 x86]

/bin/busybox

[busybox pkill -9 x86]

/bin/sh

[sh -c pkill -9 arm || busybox pkill -9 arm]

/usr/bin/pkill

[pkill -9 arm]

/bin/busybox

[busybox pkill -9 arm]

/bin/sh

[sh -c pkill -9 armv5 || busybox pkill -9 armv5]

/usr/bin/pkill

[pkill -9 armv5]

/bin/busybox

[busybox pkill -9 armv5]

/bin/sh

[sh -c pkill -9 armv4tl || busybox pkill -9 armv4tl]

/usr/bin/pkill

[pkill -9 armv4tl]

/bin/busybox

[busybox pkill -9 armv4tl]

/bin/sh

[sh -c pkill -9 armv4 || busybox pkill -9 armv4]

/usr/bin/pkill

[pkill -9 armv4]

/bin/busybox

[busybox pkill -9 armv4]

/bin/sh

[sh -c pkill -9 armv6 || busybox pkill -9 armv6]

/usr/bin/pkill

[pkill -9 armv6]

/bin/busybox

[busybox pkill -9 armv6]

/bin/sh

[sh -c pkill -9 i686 || busybox pkill -9 i686]

/usr/bin/pkill

[pkill -9 i686]

/bin/busybox

[busybox pkill -9 i686]

/bin/sh

[sh -c pkill -9 powerpc || busybox pkill -9 powerpc]

/usr/bin/pkill

[pkill -9 powerpc]

/bin/busybox

[busybox pkill -9 powerpc]

/bin/sh

[sh -c pkill -9 powerpc440fp || busybox pkill -9 powerpc440fp]

/usr/bin/pkill

[pkill -9 powerpc440fp]

/bin/busybox

[busybox pkill -9 powerpc440fp]

/bin/sh

[sh -c pkill -9 i586 || busybox pkill -9 i586]

/usr/bin/pkill

[pkill -9 i586]

/bin/busybox

[busybox pkill -9 i586]

/bin/sh

[sh -c pkill -9 m68k || busybox pkill -9 m68k]

/usr/bin/pkill

[pkill -9 m68k]

/bin/busybox

[busybox pkill -9 m68k]

/bin/sh

[sh -c pkill -9 sparc || busybox pkill -9 sparc]

/usr/bin/pkill

[pkill -9 sparc]

/bin/busybox

[busybox pkill -9 sparc]

/bin/sh

[sh -c pkill -9 x86_64 || busybox pkill -9 x86_64]

/usr/bin/pkill

[pkill -9 x86_64]

/bin/busybox

[busybox pkill -9 x86_64]

/bin/sh

[sh -c pkill -9 jackmy* || busybox pkill -9 jackmy*]

/usr/bin/pkill

[pkill -9 jackmy*]

/bin/busybox

[busybox pkill -9 jackmy*]

/bin/sh

[sh -c pkill -9 hackmy* || busybox pkill -9 hackmy*]

/usr/bin/pkill

[pkill -9 hackmy*]

/bin/busybox

[busybox pkill -9 hackmy*]

/bin/sh

[sh -c pkill -9 b1 || busybox pkill -9 b1]

/usr/bin/pkill

[pkill -9 b1]

/bin/busybox

[busybox pkill -9 b1]

/bin/sh

[sh -c pkill -9 b2 || busybox pkill -9 b2]

/usr/bin/pkill

[pkill -9 b2]

/bin/busybox

[busybox pkill -9 b2]

/bin/sh

[sh -c pkill -9 b3 || busybox pkill -9 b3]

/usr/bin/pkill

[pkill -9 b3]

/bin/busybox

[busybox pkill -9 b3]

/bin/sh

[sh -c pkill -9 b4 || busybox pkill -9 b4]

/usr/bin/pkill

[pkill -9 b4]

/bin/busybox

[busybox pkill -9 b4]

/bin/sh

[sh -c pkill -9 b5 || busybox pkill -9 b5]

/usr/bin/pkill

[pkill -9 b5]

/bin/busybox

[busybox pkill -9 b5]

/bin/sh

[sh -c pkill -9 b6 || busybox pkill -9 b6]

/usr/bin/pkill

[pkill -9 b6]

/bin/busybox

[busybox pkill -9 b6]

/bin/sh

[sh -c pkill -9 b7 || busybox pkill -9 b7]

/usr/bin/pkill

[pkill -9 b7]

/bin/busybox

[busybox pkill -9 b7]

/bin/sh

[sh -c pkill -9 b8 || busybox pkill -9 b8]

/usr/bin/pkill

[pkill -9 b8]

/bin/busybox

[busybox pkill -9 b8]

/bin/sh

[sh -c pkill -9 b9 || busybox pkill -9 b9]

/usr/bin/pkill

[pkill -9 b9]

/bin/busybox

[busybox pkill -9 b9]

/bin/sh

[sh -c pkill -9 b10 || busybox pkill -9 b10]

/usr/bin/pkill

[pkill -9 b10]

/bin/busybox

[busybox pkill -9 b10]

/bin/sh

[sh -c pkill -9 b11 || busybox pkill -9 b11]

/usr/bin/pkill

[pkill -9 b11]

/bin/busybox

[busybox pkill -9 b11]

/bin/sh

[sh -c pkill -9 b12 || busybox pkill -9 b12]

/usr/bin/pkill

[pkill -9 b12]

/bin/busybox

[busybox pkill -9 b12]

/bin/sh

[sh -c pkill -9 b13 || busybox pkill -9 b13]

/usr/bin/pkill

[pkill -9 b13]

/bin/busybox

[busybox pkill -9 b13]

/bin/sh

[sh -c pkill -9 b14 || busybox pkill -9 b14]

/usr/bin/pkill

[pkill -9 b14]

/bin/busybox

[busybox pkill -9 b14]

/bin/sh

[sh -c pkill -9 b15 || busybox pkill -9 b15]

/usr/bin/pkill

[pkill -9 b15]

/bin/busybox

[busybox pkill -9 b15]

/bin/sh

[sh -c pkill -9 b16 || busybox pkill -9 b16]

/usr/bin/pkill

[pkill -9 b16]

/bin/busybox

[busybox pkill -9 b16]

/bin/sh

[sh -c pkill -9 b17 || busybox pkill -9 b17]

/usr/bin/pkill

[pkill -9 b17]

/bin/busybox

[busybox pkill -9 b17]

/bin/sh

[sh -c pkill -9 b18 || busybox pkill -9 b18]

/usr/bin/pkill

[pkill -9 b18]

/bin/busybox

[busybox pkill -9 b18]

/bin/sh

[sh -c pkill -9 b19 || busybox pkill -9 b19]

/usr/bin/pkill

[pkill -9 b19]

/bin/busybox

[busybox pkill -9 b19]

/bin/sh

[sh -c pkill -9 b20 || busybox pkill -9 b20]

/usr/bin/pkill

[pkill -9 b20]

/bin/busybox

[busybox pkill -9 b20]

/bin/sh

[sh -c pkill -9 busyboxterrorist || busybox pkill -9 busyboxterrorist]

/usr/bin/pkill

[pkill -9 busyboxterrorist]

/bin/busybox

[busybox pkill -9 busyboxterrorist]

/bin/sh

[sh -c pkill -9 dvrHelper || busybox pkill -9 dvrHelper]

/usr/bin/pkill

[pkill -9 dvrHelper]

/bin/busybox

[busybox pkill -9 dvrHelper]

/bin/sh

[sh -c pkill -9 kmy* || busybox pkill -9 kmy*]

/usr/bin/pkill

[pkill -9 kmy*]

/bin/busybox

[busybox pkill -9 kmy*]

/bin/sh

[sh -c pkill -9 lol* || busybox pkill -9 lol*]

/usr/bin/pkill

[pkill -9 lol*]

/bin/sh

[sh -c pkill -9 telmips || busybox pkill -9 telmips]

/usr/bin/pkill

[pkill -9 telmips]

/bin/busybox

[busybox pkill -9 telmips]

/bin/sh

[sh -c pkill -9 telmips64 || busybox pkill -9 telmips64]

/usr/bin/pkill

[pkill -9 telmips64]

/bin/busybox

[busybox pkill -9 telmips64]

/bin/sh

[sh -c pkill -9 telmipsel || busybox pkill -9 telmipsel]

/usr/bin/pkill

[pkill -9 telmipsel]

/bin/busybox

[busybox pkill -9 telmipsel]

/bin/sh

[sh -c pkill -9 telsh2eb || busybox pkill -9 telsh2eb]

/usr/bin/pkill

[pkill -9 telsh2eb]

/bin/busybox

[busybox pkill -9 telsh2eb]

/bin/sh

[sh -c pkill -9 telsh2elf || busybox pkill -9 telsh2elf]

/usr/bin/pkill

[pkill -9 telsh2elf]

/bin/busybox

[busybox pkill -9 telsh2elf]

/bin/sh

[sh -c pkill -9 telsh4 || busybox pkill -9 telsh4]

/usr/bin/pkill

[pkill -9 telsh4]

/bin/busybox

[busybox pkill -9 telsh4]

/bin/sh

[sh -c pkill -9 telx86 || busybox pkill -9 telx86]

/usr/bin/pkill

[pkill -9 telx86]

/bin/busybox

[busybox pkill -9 telx86]

/bin/sh

[sh -c pkill -9 telarmv5 || busybox pkill -9 telarmv5]

/usr/bin/pkill

[pkill -9 telarmv5]

/bin/busybox

[busybox pkill -9 telarmv5]

/bin/sh

[sh -c pkill -9 telarmv4tl || busybox pkill -9 telarmv4tl]

/usr/bin/pkill

[pkill -9 telarmv4tl]

/bin/busybox

[busybox pkill -9 telarmv4tl]

/bin/sh

[sh -c pkill -9 telarmv4 || busybox pkill -9 telarmv4]

/usr/bin/pkill

[pkill -9 telarmv4]

/bin/busybox

[busybox pkill -9 telarmv4]

/bin/sh

[sh -c pkill -9 telarmv6 || busybox pkill -9 telarmv6]

/usr/bin/pkill

[pkill -9 telarmv6]

/bin/busybox

[busybox pkill -9 telarmv6]

/bin/sh

[sh -c pkill -9 teli686 || busybox pkill -9 teli686]

/usr/bin/pkill

[pkill -9 teli686]

/bin/busybox

[busybox pkill -9 teli686]

/bin/sh

[sh -c pkill -9 telpowerpc || busybox pkill -9 telpowerpc]

/usr/bin/pkill

[pkill -9 telpowerpc]

/bin/busybox

[busybox pkill -9 telpowerpc]

/bin/sh

[sh -c pkill -9 telpowerpc440fp || busybox pkill -9 telpowerpc440fp]

/usr/bin/pkill

[pkill -9 telpowerpc440fp]

/bin/busybox

[busybox pkill -9 telpowerpc440fp]

/bin/sh

[sh -c pkill -9 teli586 || busybox pkill -9 teli586]

/usr/bin/pkill

[pkill -9 teli586]

/bin/busybox

[busybox pkill -9 teli586]

/bin/sh

[sh -c pkill -9 telm68k || busybox pkill -9 telm68k]

/usr/bin/pkill

[pkill -9 telm68k]

/bin/busybox

[busybox pkill -9 telm68k]

/bin/sh

[sh -c pkill -9 telsparc || busybox pkill -9 telsparc]

/usr/bin/pkill

[pkill -9 telsparc]

/bin/busybox

[busybox pkill -9 telsparc]

/bin/sh

[sh -c pkill -9 telx86_64 || busybox pkill -9 telx86_64]

/usr/bin/pkill

[pkill -9 telx86_64]

/bin/busybox

[busybox pkill -9 telx86_64]

/bin/sh

[sh -c pkill -9 TwoFace* || busybox pkill -9 TwoFace*]

/usr/bin/pkill

[pkill -9 TwoFace*]

/bin/busybox

[busybox pkill -9 TwoFace*]

/bin/sh

[sh -c pkill -9 xxb* || busybox pkill -9 xxb*]

/usr/bin/pkill

[pkill -9 xxb*]

/bin/busybox

[busybox pkill -9 xxb*]

/bin/sh

[sh -c pkill -9 bb || busybox pkill -9 bb]

/usr/bin/pkill

[pkill -9 bb]

/bin/busybox

[busybox pkill -9 bb]

/bin/sh

[sh -c pkill -9 busybotnet || busybox pkill -9 busybotnet]

/usr/bin/pkill

[pkill -9 busybotnet]

/bin/busybox

[busybox pkill -9 busybotnet]

/bin/sh

[sh -c pkill -9 busybox || busybox pkill -9 busybox]

/usr/bin/pkill

[pkill -9 busybox]

/bin/busybox

[busybox pkill -9 busybox]

/bin/sh

[sh -c pkill -9 badbox || busybox pkill -9 badbox]

/usr/bin/pkill

[pkill -9 badbox]

/bin/busybox

[busybox pkill -9 badbox]

/bin/sh

[sh -c pkill -9 B1 || busybox pkill -9 B1]

/usr/bin/pkill

[pkill -9 B1]

/bin/busybox

[busybox pkill -9 B1]

/bin/sh

[sh -c pkill -9 B2 || busybox pkill -9 B2]

/usr/bin/pkill

[pkill -9 B2]

/bin/busybox

[busybox pkill -9 B2]

/bin/sh

[sh -c pkill -9 B3 || busybox pkill -9 B3]

/usr/bin/pkill

[pkill -9 B3]

/bin/busybox

[busybox pkill -9 B3]

/bin/sh

[sh -c pkill -9 B4 || busybox pkill -9 B4]

/usr/bin/pkill

[pkill -9 B4]

/bin/busybox

[busybox pkill -9 B4]

/bin/sh

[sh -c pkill -9 B5 || busybox pkill -9 B5]

/usr/bin/pkill

[pkill -9 B5]

/bin/busybox

[busybox pkill -9 B5]

/bin/sh

[sh -c pkill -9 B6 || busybox pkill -9 B6]

/usr/bin/pkill

[pkill -9 B6]

/bin/busybox

[busybox pkill -9 B6]

/bin/sh

[sh -c pkill -9 B7 || busybox pkill -9 B7]

/usr/bin/pkill

[pkill -9 B7]

/bin/busybox

[busybox pkill -9 B7]

/bin/sh

[sh -c pkill -9 B8 || busybox pkill -9 B8]

/usr/bin/pkill

[pkill -9 B8]

/bin/busybox

[busybox pkill -9 B8]

/bin/sh

[sh -c pkill -9 B9 || busybox pkill -9 B9]

/usr/bin/pkill

[pkill -9 B9]

/bin/busybox

[busybox pkill -9 B9]

/bin/sh

[sh -c pkill -9 B10 || busybox pkill -9 B10]

/usr/bin/pkill

[pkill -9 B10]

/bin/busybox

[busybox pkill -9 B10]

/bin/sh

[sh -c pkill -9 B11 || busybox pkill -9 B11]

/usr/bin/pkill

[pkill -9 B11]

/bin/busybox

[busybox pkill -9 B11]

/bin/sh

[sh -c pkill -9 B12 || busybox pkill -9 B12]

/usr/bin/pkill

[pkill -9 B12]

/bin/busybox

[busybox pkill -9 B12]

/bin/sh

[sh -c pkill -9 B13 || busybox pkill -9 B13]

/usr/bin/pkill

[pkill -9 B13]

/bin/busybox

[busybox pkill -9 B13]

/bin/sh

[sh -c pkill -9 B14 || busybox pkill -9 B14]

/usr/bin/pkill

[pkill -9 B14]

/bin/busybox

[busybox pkill -9 B14]

/bin/sh

[sh -c pkill -9 B15 || busybox pkill -9 B15]

/usr/bin/pkill

[pkill -9 B15]

/bin/busybox

[busybox pkill -9 B15]

/bin/sh

[sh -c pkill -9 B16 || busybox pkill -9 B16]

/usr/bin/pkill

[pkill -9 B16]

/bin/busybox

[busybox pkill -9 B16]

/bin/sh

[sh -c pkill -9 B17 || busybox pkill -9 B17]

/usr/bin/pkill

[pkill -9 B17]

/bin/busybox

[busybox pkill -9 B17]

/bin/sh

[sh -c pkill -9 B18 || busybox pkill -9 B18]

/usr/bin/pkill

[pkill -9 B18]

/bin/busybox

[busybox pkill -9 B18]

/bin/sh

[sh -c pkill -9 B20 || busybox pkill -9 B20]

/usr/bin/pkill

[pkill -9 B20]

/bin/busybox

[busybox pkill -9 B20]

/bin/sh

[sh -c pkill -9 gaybot || busybox pkill -9 gaybot]

/usr/bin/pkill

[pkill -9 gaybot]

/bin/busybox

[busybox pkill -9 gaybot]

/bin/sh

[sh -c pkill -9 hackz || busybox pkill -9 hackz]

/usr/bin/pkill

[pkill -9 hackz]

/bin/busybox

[busybox pkill -9 hackz]

/bin/sh

[sh -c pkill -9 bin* || busybox pkill -9 bin*]

/usr/bin/pkill

[pkill -9 bin]

/bin/busybox

[busybox pkill -9 bin]

/bin/sh

[sh -c pkill -9 gtop || busybox pkill -9 gtop]

/usr/bin/pkill

[pkill -9 gtop]

/bin/busybox

[busybox pkill -9 gtop]

/bin/sh

[sh -c pkill -9 botnet || busybox pkill -9 botnet]

/usr/bin/pkill

[pkill -9 botnet]

/bin/busybox

[busybox pkill -9 botnet]

/bin/sh

[sh -c pkill -9 swatnet || busybox pkill -9 swatnet]

/usr/bin/pkill

[pkill -9 swatnet]

/bin/busybox

[busybox pkill -9 swatnet]

/bin/sh

[sh -c pkill -9 ballpit || busybox pkill -9 ballpit]

/usr/bin/pkill

[pkill -9 ballpit]

/bin/busybox

[busybox pkill -9 ballpit]

/bin/sh

[sh -c pkill -9 fucknet || busybox pkill -9 fucknet]

/usr/bin/pkill

[pkill -9 fucknet]

/bin/busybox

[busybox pkill -9 fucknet]

/bin/sh

[sh -c pkill -9 cracknet || busybox pkill -9 cracknet]

/usr/bin/pkill

[pkill -9 cracknet]

/bin/busybox

[busybox pkill -9 cracknet]

/bin/sh

[sh -c pkill -9 weednet || busybox pkill -9 weednet]

/usr/bin/pkill

[pkill -9 weednet]

/bin/busybox

[busybox pkill -9 weednet]

/bin/sh

[sh -c pkill -9 gaynet || busybox pkill -9 gaynet]

/usr/bin/pkill

[pkill -9 gaynet]

/bin/busybox

[busybox pkill -9 gaynet]

/bin/sh

[sh -c pkill -9 queernet || busybox pkill -9 queernet]

/usr/bin/pkill

[pkill -9 queernet]

/bin/busybox

[busybox pkill -9 queernet]

/bin/sh

[sh -c pkill -9 ballnet || busybox pkill -9 ballnet]

/usr/bin/pkill

[pkill -9 ballnet]

/bin/busybox

[busybox pkill -9 ballnet]

/bin/sh

[sh -c pkill -9 unet || busybox pkill -9 unet]

/usr/bin/pkill

[pkill -9 unet]

/bin/busybox

[busybox pkill -9 unet]

/bin/sh

[sh -c pkill -9 yougay || busybox pkill -9 yougay]

/usr/bin/pkill

[pkill -9 yougay]

/bin/busybox

[busybox pkill -9 yougay]

/bin/sh

[sh -c pkill -9 sttftp || busybox pkill -9 sttftp]

/usr/bin/pkill

[pkill -9 sttftp]

/bin/busybox

[busybox pkill -9 sttftp]

/bin/sh

[sh -c pkill -9 sstftp || busybox pkill -9 sstftp]

/usr/bin/pkill

[pkill -9 sstftp]

/bin/busybox

[busybox pkill -9 sstftp]

/bin/sh

[sh -c pkill -9 sbtftp || busybox pkill -9 sbtftp]

/usr/bin/pkill

[pkill -9 sbtftp]

/bin/busybox

[busybox pkill -9 sbtftp]

/bin/sh

[sh -c pkill -9 btftp || busybox pkill -9 btftp]

/usr/bin/pkill

[pkill -9 btftp]

/bin/busybox

[busybox pkill -9 btftp]

/bin/sh

[sh -c pkill -9 y0u1sg3y || busybox pkill -9 y0u1sg3y]

Network

Country Destination Domain Proto
CN 106.53.200.20:6667 tcp
CN 106.52.68.18:6667 tcp
CN 106.52.68.18:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.53.200.20:6667 tcp
CN 212.64.67.230:6667 tcp
HK 154.92.16.67:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
HK 154.92.16.67:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.52.68.18:6667 tcp
CN 106.52.68.18:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.53.200.20:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.53.200.20:6667 tcp
CN 106.52.68.18:6667 tcp

Files

N/A