Malware Analysis Report

2024-12-01 00:47

Sample ID 220121-3lb78sdecj
Target 82ddbe87036acba611c4cc1e6fb00f107b691a22e1e03da0a86d662ea56ea18f
SHA256 82ddbe87036acba611c4cc1e6fb00f107b691a22e1e03da0a86d662ea56ea18f
Tags
kaiten persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

82ddbe87036acba611c4cc1e6fb00f107b691a22e1e03da0a86d662ea56ea18f

Threat Level: Known bad

The file 82ddbe87036acba611c4cc1e6fb00f107b691a22e1e03da0a86d662ea56ea18f was found to be: Known bad.

Malicious Activity Summary

kaiten persistence

Identified Kaiten Bot

Kaiten family

Modifies rc script

Reads CPU attributes

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-01-21 23:35

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-21 23:35

Reported

2022-01-22 01:19

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

3832s

Max time network

149s

Command Line

[./82ddbe87036acba611c4cc1e6fb00f107b691a22e1e03da0a86d662ea56ea18f]

Signatures

Modifies rc script

persistence
Description Indicator Process Target
/etc/rc.d/rc.local /etc/rc.d/rc.local N/A N/A

Reads CPU attributes

Description Indicator Process Target
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A

Reads runtime system information

Description Indicator Process Target
/proc/78/cmdline /proc/78/cmdline /usr/bin/pkill N/A
/proc/85/status /proc/85/status /usr/bin/pkill N/A
/proc/261/status /proc/261/status /usr/bin/pkill N/A
/proc/23/status /proc/23/status /usr/bin/pkill N/A
/proc/594/status /proc/594/status /usr/bin/pkill N/A
/proc/171/cmdline /proc/171/cmdline /usr/bin/pkill N/A
/proc/126/cmdline /proc/126/cmdline /usr/bin/pkill N/A
/proc/765/cmdline /proc/765/cmdline /usr/bin/pkill N/A
/proc/17/cmdline /proc/17/cmdline /usr/bin/pkill N/A
/proc/83/status /proc/83/status /usr/bin/pkill N/A
/proc/355/status /proc/355/status /usr/bin/pkill N/A
/proc/26/cmdline /proc/26/cmdline /usr/bin/pkill N/A
/proc/179/cmdline /proc/179/cmdline /usr/bin/pkill N/A
/proc/739/status /proc/739/status /usr/bin/pkill N/A
/proc/758/status /proc/758/status /usr/bin/pkill N/A
/proc/19/cmdline /proc/19/cmdline /usr/bin/pkill N/A
/proc/26/status /proc/26/status /usr/bin/pkill N/A
/proc/382/status /proc/382/status /usr/bin/pkill N/A
/proc/sys/kernel/osrelease /proc/sys/kernel/osrelease /usr/bin/pkill N/A
/proc/17/cmdline /proc/17/cmdline /usr/bin/pkill N/A
/proc/176/status /proc/176/status /usr/bin/pkill N/A
/proc/177/status /proc/177/status /usr/bin/pkill N/A
/proc/170/status /proc/170/status /usr/bin/pkill N/A
/proc/11/status /proc/11/status /usr/bin/pkill N/A
/proc/175/status /proc/175/status /usr/bin/pkill N/A
/proc/11/status /proc/11/status /usr/bin/pkill N/A
/proc/34/cmdline /proc/34/cmdline /usr/bin/pkill N/A
/proc/31/status /proc/31/status /usr/bin/pkill N/A
/proc/176/cmdline /proc/176/cmdline /usr/bin/pkill N/A
/proc/167/status /proc/167/status /usr/bin/pkill N/A
/proc/180/cmdline /proc/180/cmdline /usr/bin/pkill N/A
/proc/738/cmdline /proc/738/cmdline /usr/bin/pkill N/A
/proc/175/status /proc/175/status /usr/bin/pkill N/A
/proc/174/status /proc/174/status /usr/bin/pkill N/A
/proc/333/status /proc/333/status /usr/bin/pkill N/A
/proc/202/status /proc/202/status /usr/bin/pkill N/A
/proc/17/cmdline /proc/17/cmdline /usr/bin/pkill N/A
/proc/180/status /proc/180/status /usr/bin/pkill N/A
/proc/13/status /proc/13/status /usr/bin/pkill N/A
/proc/35/status /proc/35/status /usr/bin/pkill N/A
/proc/591/cmdline /proc/591/cmdline /usr/bin/pkill N/A
/proc/174/status /proc/174/status /usr/bin/pkill N/A
/proc/126/status /proc/126/status /usr/bin/pkill N/A
/proc/21/cmdline /proc/21/cmdline /usr/bin/pkill N/A
/proc/409/status /proc/409/status /usr/bin/pkill N/A
/proc/422/status /proc/422/status /usr/bin/pkill N/A
/proc/80/cmdline /proc/80/cmdline /usr/bin/pkill N/A
/proc/36/cmdline /proc/36/cmdline /usr/bin/pkill N/A
/proc/18/status /proc/18/status /usr/bin/pkill N/A
/proc/203/status /proc/203/status /usr/bin/pkill N/A
/proc/175/cmdline /proc/175/cmdline /usr/bin/pkill N/A
/proc/350/status /proc/350/status /usr/bin/pkill N/A
/proc/11/status /proc/11/status /usr/bin/pkill N/A
/proc/262/status /proc/262/status /usr/bin/pkill N/A
/proc/594/status /proc/594/status /usr/bin/pkill N/A
/proc/31/cmdline /proc/31/cmdline /usr/bin/pkill N/A
/proc/19/status /proc/19/status /usr/bin/pkill N/A
/proc/29/status /proc/29/status /usr/bin/pkill N/A
/proc/366/status /proc/366/status /usr/bin/pkill N/A
/proc/13/status /proc/13/status /usr/bin/pkill N/A
/proc/8/status /proc/8/status /usr/bin/pkill N/A
/proc/175/cmdline /proc/175/cmdline /usr/bin/pkill N/A
/proc/29/cmdline /proc/29/cmdline /usr/bin/pkill N/A
/proc/262/cmdline /proc/262/cmdline /usr/bin/pkill N/A

Processes

./82ddbe87036acba611c4cc1e6fb00f107b691a22e1e03da0a86d662ea56ea18f

[./82ddbe87036acba611c4cc1e6fb00f107b691a22e1e03da0a86d662ea56ea18f]

/bin/sh

[sh -c pkill -9 mirai.* || busybox pkill -9 mirai.*]

/usr/bin/pkill

[pkill -9 mirai.*]

/bin/busybox

[busybox pkill -9 mirai.*]

/bin/sh

[sh -c pkill -9 dlr.*mips || busybox pkill -9 dlr.*mips]

/usr/bin/pkill

[pkill -9 dlr.*mips]

/bin/busybox

[busybox pkill -9 dlr.*mips]

/bin/sh

[sh -c pkill -9 mips64 || busybox pkill -9 mips64]

/usr/bin/pkill

[pkill -9 mips64]

/bin/busybox

[busybox pkill -9 mips64]

/bin/sh

[sh -c pkill -9 mipsel || busybox pkill -9 mipsel]

/usr/bin/pkill

[pkill -9 mipsel]

/bin/busybox

[busybox pkill -9 mipsel]

/bin/sh

[sh -c pkill -9 sh2eb || busybox pkill -9 sh2eb]

/usr/bin/pkill

[pkill -9 sh2eb]

/bin/busybox

[busybox pkill -9 sh2eb]

/bin/sh

[sh -c pkill -9 sh2elf || busybox pkill -9 sh2elf]

/usr/bin/pkill

[pkill -9 sh2elf]

/bin/busybox

[busybox pkill -9 sh2elf]

/bin/sh

[sh -c pkill -9 sh4 || busybox pkill -9 sh4]

/usr/bin/pkill

[pkill -9 sh4]

/bin/busybox

[busybox pkill -9 sh4]

/bin/sh

[sh -c pkill -9 x86 || busybox pkill -9 x86]

/usr/bin/pkill

[pkill -9 x86]

/bin/busybox

[busybox pkill -9 x86]

/bin/sh

[sh -c pkill -9 arm || busybox pkill -9 arm]

/usr/bin/pkill

[pkill -9 arm]

/bin/busybox

[busybox pkill -9 arm]

/bin/sh

[sh -c pkill -9 armv5 || busybox pkill -9 armv5]

/usr/bin/pkill

[pkill -9 armv5]

/bin/busybox

[busybox pkill -9 armv5]

/bin/sh

[sh -c pkill -9 armv4tl || busybox pkill -9 armv4tl]

/usr/bin/pkill

[pkill -9 armv4tl]

/bin/busybox

[busybox pkill -9 armv4tl]

/bin/sh

[sh -c pkill -9 armv4 || busybox pkill -9 armv4]

/usr/bin/pkill

[pkill -9 armv4]

/bin/busybox

[busybox pkill -9 armv4]

/bin/sh

[sh -c pkill -9 armv6 || busybox pkill -9 armv6]

/usr/bin/pkill

[pkill -9 armv6]

/bin/busybox

[busybox pkill -9 armv6]

/bin/sh

[sh -c pkill -9 i686 || busybox pkill -9 i686]

/usr/bin/pkill

[pkill -9 i686]

/bin/busybox

[busybox pkill -9 i686]

/bin/sh

[sh -c pkill -9 powerpc || busybox pkill -9 powerpc]

/usr/bin/pkill

[pkill -9 powerpc]

/bin/busybox

[busybox pkill -9 powerpc]

/bin/sh

[sh -c pkill -9 powerpc440fp || busybox pkill -9 powerpc440fp]

/usr/bin/pkill

[pkill -9 powerpc440fp]

/bin/busybox

[busybox pkill -9 powerpc440fp]

/bin/sh

[sh -c pkill -9 i586 || busybox pkill -9 i586]

/usr/bin/pkill

[pkill -9 i586]

/bin/busybox

[busybox pkill -9 i586]

/bin/sh

[sh -c pkill -9 m68k || busybox pkill -9 m68k]

/usr/bin/pkill

[pkill -9 m68k]

/bin/busybox

[busybox pkill -9 m68k]

/bin/sh

[sh -c pkill -9 sparc || busybox pkill -9 sparc]

/usr/bin/pkill

[pkill -9 sparc]

/bin/busybox

[busybox pkill -9 sparc]

/bin/sh

[sh -c pkill -9 x86_64 || busybox pkill -9 x86_64]

/usr/bin/pkill

[pkill -9 x86_64]

/bin/busybox

[busybox pkill -9 x86_64]

/bin/sh

[sh -c pkill -9 jackmy* || busybox pkill -9 jackmy*]

/usr/bin/pkill

[pkill -9 jackmy*]

/bin/busybox

[busybox pkill -9 jackmy*]

/bin/sh

[sh -c pkill -9 hackmy* || busybox pkill -9 hackmy*]

/usr/bin/pkill

[pkill -9 hackmy*]

/bin/busybox

[busybox pkill -9 hackmy*]

/bin/sh

[sh -c pkill -9 b1 || busybox pkill -9 b1]

/usr/bin/pkill

[pkill -9 b1]

/bin/busybox

[busybox pkill -9 b1]

/bin/sh

[sh -c pkill -9 b2 || busybox pkill -9 b2]

/usr/bin/pkill

[pkill -9 b2]

/bin/busybox

[busybox pkill -9 b2]

/bin/sh

[sh -c pkill -9 b3 || busybox pkill -9 b3]

/usr/bin/pkill

[pkill -9 b3]

/bin/busybox

[busybox pkill -9 b3]

/bin/sh

[sh -c pkill -9 b4 || busybox pkill -9 b4]

/usr/bin/pkill

[pkill -9 b4]

/bin/busybox

[busybox pkill -9 b4]

/bin/sh

[sh -c pkill -9 b5 || busybox pkill -9 b5]

/usr/bin/pkill

[pkill -9 b5]

/bin/busybox

[busybox pkill -9 b5]

/bin/sh

[sh -c pkill -9 b6 || busybox pkill -9 b6]

/usr/bin/pkill

[pkill -9 b6]

/bin/busybox

[busybox pkill -9 b6]

/bin/sh

[sh -c pkill -9 b7 || busybox pkill -9 b7]

/usr/bin/pkill

[pkill -9 b7]

/bin/busybox

[busybox pkill -9 b7]

/bin/sh

[sh -c pkill -9 b8 || busybox pkill -9 b8]

/usr/bin/pkill

[pkill -9 b8]

/bin/busybox

[busybox pkill -9 b8]

/bin/sh

[sh -c pkill -9 b9 || busybox pkill -9 b9]

/usr/bin/pkill

[pkill -9 b9]

/bin/busybox

[busybox pkill -9 b9]

/bin/sh

[sh -c pkill -9 b10 || busybox pkill -9 b10]

/usr/bin/pkill

[pkill -9 b10]

/bin/busybox

[busybox pkill -9 b10]

/bin/sh

[sh -c pkill -9 b11 || busybox pkill -9 b11]

/usr/bin/pkill

[pkill -9 b11]

/bin/busybox

[busybox pkill -9 b11]

/bin/sh

[sh -c pkill -9 b12 || busybox pkill -9 b12]

/usr/bin/pkill

[pkill -9 b12]

/bin/busybox

[busybox pkill -9 b12]

/bin/sh

[sh -c pkill -9 b13 || busybox pkill -9 b13]

/usr/bin/pkill

[pkill -9 b13]

/bin/busybox

[busybox pkill -9 b13]

/bin/sh

[sh -c pkill -9 b14 || busybox pkill -9 b14]

/usr/bin/pkill

[pkill -9 b14]

/bin/busybox

[busybox pkill -9 b14]

/bin/sh

[sh -c pkill -9 b15 || busybox pkill -9 b15]

/usr/bin/pkill

[pkill -9 b15]

/bin/busybox

[busybox pkill -9 b15]

/bin/sh

[sh -c pkill -9 b16 || busybox pkill -9 b16]

/usr/bin/pkill

[pkill -9 b16]

/bin/busybox

[busybox pkill -9 b16]

/bin/sh

[sh -c pkill -9 b17 || busybox pkill -9 b17]

/usr/bin/pkill

[pkill -9 b17]

/bin/busybox

[busybox pkill -9 b17]

/bin/sh

[sh -c pkill -9 b18 || busybox pkill -9 b18]

/usr/bin/pkill

[pkill -9 b18]

/bin/busybox

[busybox pkill -9 b18]

/bin/sh

[sh -c pkill -9 b19 || busybox pkill -9 b19]

/usr/bin/pkill

[pkill -9 b19]

/bin/busybox

[busybox pkill -9 b19]

/bin/sh

[sh -c pkill -9 b20 || busybox pkill -9 b20]

/usr/bin/pkill

[pkill -9 b20]

/bin/busybox

[busybox pkill -9 b20]

/bin/sh

[sh -c pkill -9 busyboxterrorist || busybox pkill -9 busyboxterrorist]

/usr/bin/pkill

[pkill -9 busyboxterrorist]

/bin/busybox

[busybox pkill -9 busyboxterrorist]

/bin/sh

[sh -c pkill -9 dvrHelper || busybox pkill -9 dvrHelper]

/usr/bin/pkill

[pkill -9 dvrHelper]

/bin/busybox

[busybox pkill -9 dvrHelper]

/bin/sh

[sh -c pkill -9 kmy* || busybox pkill -9 kmy*]

/usr/bin/pkill

[pkill -9 kmy*]

/bin/busybox

[busybox pkill -9 kmy*]

/bin/sh

[sh -c pkill -9 lol* || busybox pkill -9 lol*]

/usr/bin/pkill

[pkill -9 lol*]

/bin/sh

[sh -c pkill -9 telmips || busybox pkill -9 telmips]

/usr/bin/pkill

[pkill -9 telmips]

/bin/busybox

[busybox pkill -9 telmips]

/bin/sh

[sh -c pkill -9 telmips64 || busybox pkill -9 telmips64]

/usr/bin/pkill

[pkill -9 telmips64]

/bin/busybox

[busybox pkill -9 telmips64]

/bin/sh

[sh -c pkill -9 telmipsel || busybox pkill -9 telmipsel]

/usr/bin/pkill

[pkill -9 telmipsel]

/bin/busybox

[busybox pkill -9 telmipsel]

/bin/sh

[sh -c pkill -9 telsh2eb || busybox pkill -9 telsh2eb]

/usr/bin/pkill

[pkill -9 telsh2eb]

/bin/busybox

[busybox pkill -9 telsh2eb]

/bin/sh

[sh -c pkill -9 telsh2elf || busybox pkill -9 telsh2elf]

/usr/bin/pkill

[pkill -9 telsh2elf]

/bin/busybox

[busybox pkill -9 telsh2elf]

/bin/sh

[sh -c pkill -9 telsh4 || busybox pkill -9 telsh4]

/usr/bin/pkill

[pkill -9 telsh4]

/bin/busybox

[busybox pkill -9 telsh4]

/bin/sh

[sh -c pkill -9 telx86 || busybox pkill -9 telx86]

/usr/bin/pkill

[pkill -9 telx86]

/bin/busybox

[busybox pkill -9 telx86]

/bin/sh

[sh -c pkill -9 telarmv5 || busybox pkill -9 telarmv5]

/usr/bin/pkill

[pkill -9 telarmv5]

/bin/busybox

[busybox pkill -9 telarmv5]

/bin/sh

[sh -c pkill -9 telarmv4tl || busybox pkill -9 telarmv4tl]

/usr/bin/pkill

[pkill -9 telarmv4tl]

/bin/busybox

[busybox pkill -9 telarmv4tl]

/bin/sh

[sh -c pkill -9 telarmv4 || busybox pkill -9 telarmv4]

/usr/bin/pkill

[pkill -9 telarmv4]

/bin/busybox

[busybox pkill -9 telarmv4]

/bin/sh

[sh -c pkill -9 telarmv6 || busybox pkill -9 telarmv6]

/usr/bin/pkill

[pkill -9 telarmv6]

/bin/busybox

[busybox pkill -9 telarmv6]

/bin/sh

[sh -c pkill -9 teli686 || busybox pkill -9 teli686]

/usr/bin/pkill

[pkill -9 teli686]

/bin/busybox

[busybox pkill -9 teli686]

/bin/sh

[sh -c pkill -9 telpowerpc || busybox pkill -9 telpowerpc]

/usr/bin/pkill

[pkill -9 telpowerpc]

/bin/busybox

[busybox pkill -9 telpowerpc]

/bin/sh

[sh -c pkill -9 telpowerpc440fp || busybox pkill -9 telpowerpc440fp]

/usr/bin/pkill

[pkill -9 telpowerpc440fp]

/bin/busybox

[busybox pkill -9 telpowerpc440fp]

/bin/sh

[sh -c pkill -9 teli586 || busybox pkill -9 teli586]

/usr/bin/pkill

[pkill -9 teli586]

/bin/busybox

[busybox pkill -9 teli586]

/bin/sh

[sh -c pkill -9 telm68k || busybox pkill -9 telm68k]

/usr/bin/pkill

[pkill -9 telm68k]

/bin/busybox

[busybox pkill -9 telm68k]

/bin/sh

[sh -c pkill -9 telsparc || busybox pkill -9 telsparc]

/usr/bin/pkill

[pkill -9 telsparc]

/bin/busybox

[busybox pkill -9 telsparc]

/bin/sh

[sh -c pkill -9 telx86_64 || busybox pkill -9 telx86_64]

/usr/bin/pkill

[pkill -9 telx86_64]

/bin/busybox

[busybox pkill -9 telx86_64]

/bin/sh

[sh -c pkill -9 TwoFace* || busybox pkill -9 TwoFace*]

/usr/bin/pkill

[pkill -9 TwoFace*]

/bin/busybox

[busybox pkill -9 TwoFace*]

/bin/sh

[sh -c pkill -9 xxb* || busybox pkill -9 xxb*]

/usr/bin/pkill

[pkill -9 xxb*]

/bin/busybox

[busybox pkill -9 xxb*]

/bin/sh

[sh -c pkill -9 bb || busybox pkill -9 bb]

/usr/bin/pkill

[pkill -9 bb]

/bin/busybox

[busybox pkill -9 bb]

/bin/sh

[sh -c pkill -9 busybotnet || busybox pkill -9 busybotnet]

/usr/bin/pkill

[pkill -9 busybotnet]

/bin/busybox

[busybox pkill -9 busybotnet]

/bin/sh

[sh -c pkill -9 busybox || busybox pkill -9 busybox]

/usr/bin/pkill

[pkill -9 busybox]

/bin/busybox

[busybox pkill -9 busybox]

/bin/sh

[sh -c pkill -9 badbox || busybox pkill -9 badbox]

/usr/bin/pkill

[pkill -9 badbox]

/bin/busybox

[busybox pkill -9 badbox]

/bin/sh

[sh -c pkill -9 B1 || busybox pkill -9 B1]

/usr/bin/pkill

[pkill -9 B1]

/bin/busybox

[busybox pkill -9 B1]

/bin/sh

[sh -c pkill -9 B2 || busybox pkill -9 B2]

/usr/bin/pkill

[pkill -9 B2]

/bin/busybox

[busybox pkill -9 B2]

/bin/sh

[sh -c pkill -9 B3 || busybox pkill -9 B3]

/usr/bin/pkill

[pkill -9 B3]

/bin/busybox

[busybox pkill -9 B3]

/bin/sh

[sh -c pkill -9 B4 || busybox pkill -9 B4]

/usr/bin/pkill

[pkill -9 B4]

/bin/busybox

[busybox pkill -9 B4]

/bin/sh

[sh -c pkill -9 B5 || busybox pkill -9 B5]

/usr/bin/pkill

[pkill -9 B5]

/bin/busybox

[busybox pkill -9 B5]

/bin/sh

[sh -c pkill -9 B6 || busybox pkill -9 B6]

/usr/bin/pkill

[pkill -9 B6]

/bin/busybox

[busybox pkill -9 B6]

/bin/sh

[sh -c pkill -9 B7 || busybox pkill -9 B7]

/usr/bin/pkill

[pkill -9 B7]

/bin/busybox

[busybox pkill -9 B7]

/bin/sh

[sh -c pkill -9 B8 || busybox pkill -9 B8]

/usr/bin/pkill

[pkill -9 B8]

/bin/busybox

[busybox pkill -9 B8]

/bin/sh

[sh -c pkill -9 B9 || busybox pkill -9 B9]

/usr/bin/pkill

[pkill -9 B9]

/bin/busybox

[busybox pkill -9 B9]

/bin/sh

[sh -c pkill -9 B10 || busybox pkill -9 B10]

/usr/bin/pkill

[pkill -9 B10]

/bin/busybox

[busybox pkill -9 B10]

/bin/sh

[sh -c pkill -9 B11 || busybox pkill -9 B11]

/usr/bin/pkill

[pkill -9 B11]

/bin/busybox

[busybox pkill -9 B11]

/bin/sh

[sh -c pkill -9 B12 || busybox pkill -9 B12]

/usr/bin/pkill

[pkill -9 B12]

/bin/busybox

[busybox pkill -9 B12]

/bin/sh

[sh -c pkill -9 B13 || busybox pkill -9 B13]

/usr/bin/pkill

[pkill -9 B13]

/bin/busybox

[busybox pkill -9 B13]

/bin/sh

[sh -c pkill -9 B14 || busybox pkill -9 B14]

/usr/bin/pkill

[pkill -9 B14]

/bin/busybox

[busybox pkill -9 B14]

/bin/sh

[sh -c pkill -9 B15 || busybox pkill -9 B15]

/usr/bin/pkill

[pkill -9 B15]

/bin/busybox

[busybox pkill -9 B15]

/bin/sh

[sh -c pkill -9 B16 || busybox pkill -9 B16]

/usr/bin/pkill

[pkill -9 B16]

/bin/busybox

[busybox pkill -9 B16]

/bin/sh

[sh -c pkill -9 B17 || busybox pkill -9 B17]

/usr/bin/pkill

[pkill -9 B17]

/bin/busybox

[busybox pkill -9 B17]

/bin/sh

[sh -c pkill -9 B18 || busybox pkill -9 B18]

/usr/bin/pkill

[pkill -9 B18]

/bin/busybox

[busybox pkill -9 B18]

/bin/sh

[sh -c pkill -9 B20 || busybox pkill -9 B20]

/usr/bin/pkill

[pkill -9 B20]

/bin/busybox

[busybox pkill -9 B20]

/bin/sh

[sh -c pkill -9 gaybot || busybox pkill -9 gaybot]

/usr/bin/pkill

[pkill -9 gaybot]

/bin/busybox

[busybox pkill -9 gaybot]

/bin/sh

[sh -c pkill -9 hackz || busybox pkill -9 hackz]

/usr/bin/pkill

[pkill -9 hackz]

/bin/busybox

[busybox pkill -9 hackz]

/bin/sh

[sh -c pkill -9 bin* || busybox pkill -9 bin*]

/usr/bin/pkill

[pkill -9 bin]

/bin/busybox

[busybox pkill -9 bin]

/bin/sh

[sh -c pkill -9 gtop || busybox pkill -9 gtop]

/usr/bin/pkill

[pkill -9 gtop]

/bin/busybox

[busybox pkill -9 gtop]

/bin/sh

[sh -c pkill -9 botnet || busybox pkill -9 botnet]

/usr/bin/pkill

[pkill -9 botnet]

/bin/busybox

[busybox pkill -9 botnet]

/bin/sh

[sh -c pkill -9 swatnet || busybox pkill -9 swatnet]

/usr/bin/pkill

[pkill -9 swatnet]

/bin/busybox

[busybox pkill -9 swatnet]

/bin/sh

[sh -c pkill -9 ballpit || busybox pkill -9 ballpit]

/usr/bin/pkill

[pkill -9 ballpit]

/bin/busybox

[busybox pkill -9 ballpit]

/bin/sh

[sh -c pkill -9 fucknet || busybox pkill -9 fucknet]

/usr/bin/pkill

[pkill -9 fucknet]

/bin/busybox

[busybox pkill -9 fucknet]

/bin/sh

[sh -c pkill -9 cracknet || busybox pkill -9 cracknet]

/usr/bin/pkill

[pkill -9 cracknet]

/bin/busybox

[busybox pkill -9 cracknet]

/bin/sh

[sh -c pkill -9 weednet || busybox pkill -9 weednet]

/usr/bin/pkill

[pkill -9 weednet]

/bin/busybox

[busybox pkill -9 weednet]

/bin/sh

[sh -c pkill -9 gaynet || busybox pkill -9 gaynet]

/usr/bin/pkill

[pkill -9 gaynet]

/bin/busybox

[busybox pkill -9 gaynet]

/bin/sh

[sh -c pkill -9 queernet || busybox pkill -9 queernet]

/usr/bin/pkill

[pkill -9 queernet]

/bin/busybox

[busybox pkill -9 queernet]

/bin/sh

[sh -c pkill -9 ballnet || busybox pkill -9 ballnet]

/usr/bin/pkill

[pkill -9 ballnet]

/bin/busybox

[busybox pkill -9 ballnet]

/bin/sh

[sh -c pkill -9 unet || busybox pkill -9 unet]

/usr/bin/pkill

[pkill -9 unet]

/bin/busybox

[busybox pkill -9 unet]

/bin/sh

[sh -c pkill -9 yougay || busybox pkill -9 yougay]

/usr/bin/pkill

[pkill -9 yougay]

/bin/busybox

[busybox pkill -9 yougay]

/bin/sh

[sh -c pkill -9 sttftp || busybox pkill -9 sttftp]

/usr/bin/pkill

[pkill -9 sttftp]

/bin/busybox

[busybox pkill -9 sttftp]

/bin/sh

[sh -c pkill -9 sstftp || busybox pkill -9 sstftp]

/usr/bin/pkill

[pkill -9 sstftp]

/bin/busybox

[busybox pkill -9 sstftp]

/bin/sh

[sh -c pkill -9 sbtftp || busybox pkill -9 sbtftp]

/usr/bin/pkill

[pkill -9 sbtftp]

/bin/busybox

[busybox pkill -9 sbtftp]

/bin/sh

[sh -c pkill -9 btftp || busybox pkill -9 btftp]

/usr/bin/pkill

[pkill -9 btftp]

/bin/busybox

[busybox pkill -9 btftp]

/bin/sh

[sh -c pkill -9 y0u1sg3y || busybox pkill -9 y0u1sg3y]

Network

Country Destination Domain Proto
CN 106.52.68.18:6667 tcp
CN 106.53.200.20:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.53.200.20:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.52.68.18:6667 tcp
CN 212.64.67.230:6667 tcp
CN 212.64.67.230:6667 tcp
HK 154.92.16.67:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.52.68.18:6667 tcp
CN 212.64.67.230:6667 tcp
HK 154.92.16.67:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.53.200.20:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.53.200.20:6667 tcp
CN 106.52.68.18:6667 tcp

Files

N/A