Analysis Overview
SHA256
805ef7ea0d4c1f1d0ef9ba6b28583c3d3c46b35d0ac57e3159e541b2e2ded3ad
Threat Level: Known bad
The file 805ef7ea0d4c1f1d0ef9ba6b28583c3d3c46b35d0ac57e3159e541b2e2ded3ad was found to be: Known bad.
Malicious Activity Summary
Identified Kaiten Bot
Kaiten family
Modifies rc script
Reads CPU attributes
Reads runtime system information
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-01-21 23:36
Signatures
Identified Kaiten Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiten family
Analysis: behavioral1
Detonation Overview
Submitted
2022-01-21 23:36
Reported
2022-01-22 01:21
Platform
debian9-mipsbe-en-20211208
Max time kernel
3831s
Max time network
151s
Command Line
Signatures
Modifies rc script
| Description | Indicator | Process | Target |
| /etc/rc.d/rc.local | /etc/rc.d/rc.local | N/A | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
| /sys/devices/system/cpu/online | /sys/devices/system/cpu/online | /usr/bin/pkill | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| /proc/1/status | /proc/1/status | /usr/bin/pkill | N/A |
| /proc/513/status | /proc/513/status | /usr/bin/pkill | N/A |
| /proc/3/status | /proc/3/status | /usr/bin/pkill | N/A |
| /proc/15/status | /proc/15/status | /usr/bin/pkill | N/A |
| /proc/217/status | /proc/217/status | /usr/bin/pkill | N/A |
| /proc/4/status | /proc/4/status | /usr/bin/pkill | N/A |
| /proc/14/cmdline | /proc/14/cmdline | /usr/bin/pkill | N/A |
| /proc/70/cmdline | /proc/70/cmdline | /usr/bin/pkill | N/A |
| /proc/16/cmdline | /proc/16/cmdline | /usr/bin/pkill | N/A |
| /proc/73/status | /proc/73/status | /usr/bin/pkill | N/A |
| /proc/515/status | /proc/515/status | /usr/bin/pkill | N/A |
| /proc/327/status | /proc/327/status | /usr/bin/pkill | N/A |
| /proc/36/status | /proc/36/status | /usr/bin/pkill | N/A |
| /proc/323/cmdline | /proc/323/cmdline | /usr/bin/pkill | N/A |
| /proc/12/status | /proc/12/status | /usr/bin/pkill | N/A |
| /proc/83/cmdline | /proc/83/cmdline | /usr/bin/pkill | N/A |
| /proc/78/status | /proc/78/status | /usr/bin/pkill | N/A |
| /proc/14/cmdline | /proc/14/cmdline | /usr/bin/pkill | N/A |
| /proc/83/status | /proc/83/status | /usr/bin/pkill | N/A |
| /proc/103/status | /proc/103/status | /usr/bin/pkill | N/A |
| /proc/8/cmdline | /proc/8/cmdline | /usr/bin/pkill | N/A |
| /proc/21/status | /proc/21/status | /usr/bin/pkill | N/A |
| /proc/18/cmdline | /proc/18/cmdline | /usr/bin/pkill | N/A |
| /proc/74/status | /proc/74/status | /usr/bin/pkill | N/A |
| /proc/6/status | /proc/6/status | /usr/bin/pkill | N/A |
| /proc/70/status | /proc/70/status | /usr/bin/pkill | N/A |
| /proc/281/status | /proc/281/status | /usr/bin/pkill | N/A |
| /proc/7/cmdline | /proc/7/cmdline | /usr/bin/pkill | N/A |
| /proc/83/status | /proc/83/status | /usr/bin/pkill | N/A |
| /proc/23/status | /proc/23/status | /usr/bin/pkill | N/A |
| /proc/323/cmdline | /proc/323/cmdline | /usr/bin/pkill | N/A |
| /proc/70/status | /proc/70/status | /usr/bin/pkill | N/A |
| /proc/3/cmdline | /proc/3/cmdline | /usr/bin/pkill | N/A |
| /proc/36/cmdline | /proc/36/cmdline | /usr/bin/pkill | N/A |
| /proc/24/cmdline | /proc/24/cmdline | /usr/bin/pkill | N/A |
| /proc/15/cmdline | /proc/15/cmdline | /usr/bin/pkill | N/A |
| /proc/18/cmdline | /proc/18/cmdline | /usr/bin/pkill | N/A |
| /proc/217/status | /proc/217/status | /usr/bin/pkill | N/A |
| /proc/81/cmdline | /proc/81/cmdline | /usr/bin/pkill | N/A |
| /proc/515/status | /proc/515/status | /usr/bin/pkill | N/A |
| /proc/21/cmdline | /proc/21/cmdline | /usr/bin/pkill | N/A |
| /proc/333/status | /proc/333/status | /usr/bin/pkill | N/A |
| /proc/14/cmdline | /proc/14/cmdline | /usr/bin/pkill | N/A |
| /proc/214/cmdline | /proc/214/cmdline | /usr/bin/pkill | N/A |
| /proc/249/cmdline | /proc/249/cmdline | /usr/bin/pkill | N/A |
| /proc/654/cmdline | /proc/654/cmdline | /usr/bin/pkill | N/A |
| /proc/5/cmdline | /proc/5/cmdline | /usr/bin/pkill | N/A |
| /proc/475/status | /proc/475/status | /usr/bin/pkill | N/A |
| /proc/7/cmdline | /proc/7/cmdline | /usr/bin/pkill | N/A |
| /proc/322/cmdline | /proc/322/cmdline | /usr/bin/pkill | N/A |
| /proc/77/status | /proc/77/status | /usr/bin/pkill | N/A |
| /proc/23/status | /proc/23/status | /usr/bin/pkill | N/A |
| /proc/319/status | /proc/319/status | /usr/bin/pkill | N/A |
| /proc/204/status | /proc/204/status | /usr/bin/pkill | N/A |
| /proc/322/cmdline | /proc/322/cmdline | /usr/bin/pkill | N/A |
| /proc/22/cmdline | /proc/22/cmdline | /usr/bin/pkill | N/A |
| /proc/291/cmdline | /proc/291/cmdline | /usr/bin/pkill | N/A |
| /proc/3/status | /proc/3/status | /usr/bin/pkill | N/A |
| /proc/3/cmdline | /proc/3/cmdline | /usr/bin/pkill | N/A |
| /proc/37/cmdline | /proc/37/cmdline | /usr/bin/pkill | N/A |
| /proc/17/status | /proc/17/status | /usr/bin/pkill | N/A |
| /proc/280/cmdline | /proc/280/cmdline | /usr/bin/pkill | N/A |
| /proc/242/status | /proc/242/status | /usr/bin/pkill | N/A |
| /proc/2/cmdline | /proc/2/cmdline | /usr/bin/pkill | N/A |
Processes
./805ef7ea0d4c1f1d0ef9ba6b28583c3d3c46b35d0ac57e3159e541b2e2ded3ad
[./805ef7ea0d4c1f1d0ef9ba6b28583c3d3c46b35d0ac57e3159e541b2e2ded3ad]
/bin/sh
[sh -c pkill -9 mirai.* || busybox pkill -9 mirai.*]
/usr/bin/pkill
[pkill -9 mirai.*]
/bin/busybox
[busybox pkill -9 mirai.*]
/bin/sh
[sh -c pkill -9 dlr.*mips || busybox pkill -9 dlr.*mips]
/usr/bin/pkill
[pkill -9 dlr.*mips]
/bin/busybox
[busybox pkill -9 dlr.*mips]
/bin/sh
[sh -c pkill -9 mips64 || busybox pkill -9 mips64]
/usr/bin/pkill
[pkill -9 mips64]
/bin/busybox
[busybox pkill -9 mips64]
/bin/sh
[sh -c pkill -9 mipsel || busybox pkill -9 mipsel]
/usr/bin/pkill
[pkill -9 mipsel]
/bin/busybox
[busybox pkill -9 mipsel]
/bin/sh
[sh -c pkill -9 sh2eb || busybox pkill -9 sh2eb]
/usr/bin/pkill
[pkill -9 sh2eb]
/bin/busybox
[busybox pkill -9 sh2eb]
/bin/sh
[sh -c pkill -9 sh2elf || busybox pkill -9 sh2elf]
/usr/bin/pkill
[pkill -9 sh2elf]
/bin/busybox
[busybox pkill -9 sh2elf]
/bin/sh
[sh -c pkill -9 sh4 || busybox pkill -9 sh4]
/usr/bin/pkill
[pkill -9 sh4]
/bin/busybox
[busybox pkill -9 sh4]
/bin/sh
[sh -c pkill -9 x86 || busybox pkill -9 x86]
/usr/bin/pkill
[pkill -9 x86]
/bin/busybox
[busybox pkill -9 x86]
/bin/sh
[sh -c pkill -9 arm || busybox pkill -9 arm]
/usr/bin/pkill
[pkill -9 arm]
/bin/busybox
[busybox pkill -9 arm]
/bin/sh
[sh -c pkill -9 armv5 || busybox pkill -9 armv5]
/usr/bin/pkill
[pkill -9 armv5]
/bin/busybox
[busybox pkill -9 armv5]
/bin/sh
[sh -c pkill -9 armv4tl || busybox pkill -9 armv4tl]
/usr/bin/pkill
[pkill -9 armv4tl]
/bin/busybox
[busybox pkill -9 armv4tl]
/bin/sh
[sh -c pkill -9 armv4 || busybox pkill -9 armv4]
/usr/bin/pkill
[pkill -9 armv4]
/bin/busybox
[busybox pkill -9 armv4]
/bin/sh
[sh -c pkill -9 armv6 || busybox pkill -9 armv6]
/usr/bin/pkill
[pkill -9 armv6]
/bin/busybox
[busybox pkill -9 armv6]
/bin/sh
[sh -c pkill -9 i686 || busybox pkill -9 i686]
/usr/bin/pkill
[pkill -9 i686]
/bin/busybox
[busybox pkill -9 i686]
/bin/sh
[sh -c pkill -9 powerpc || busybox pkill -9 powerpc]
/usr/bin/pkill
[pkill -9 powerpc]
/bin/busybox
[busybox pkill -9 powerpc]
/bin/sh
[sh -c pkill -9 powerpc440fp || busybox pkill -9 powerpc440fp]
/usr/bin/pkill
[pkill -9 powerpc440fp]
/bin/busybox
[busybox pkill -9 powerpc440fp]
/bin/sh
[sh -c pkill -9 i586 || busybox pkill -9 i586]
/usr/bin/pkill
[pkill -9 i586]
/bin/busybox
[busybox pkill -9 i586]
/bin/sh
[sh -c pkill -9 m68k || busybox pkill -9 m68k]
/usr/bin/pkill
[pkill -9 m68k]
/bin/busybox
[busybox pkill -9 m68k]
/bin/sh
[sh -c pkill -9 sparc || busybox pkill -9 sparc]
/usr/bin/pkill
[pkill -9 sparc]
/bin/busybox
[busybox pkill -9 sparc]
/bin/sh
[sh -c pkill -9 x86_64 || busybox pkill -9 x86_64]
/usr/bin/pkill
[pkill -9 x86_64]
/bin/busybox
[busybox pkill -9 x86_64]
/bin/sh
[sh -c pkill -9 jackmy* || busybox pkill -9 jackmy*]
/usr/bin/pkill
[pkill -9 jackmy*]
/bin/busybox
[busybox pkill -9 jackmy*]
/bin/sh
[sh -c pkill -9 hackmy* || busybox pkill -9 hackmy*]
/usr/bin/pkill
[pkill -9 hackmy*]
/bin/busybox
[busybox pkill -9 hackmy*]
/bin/sh
[sh -c pkill -9 b1 || busybox pkill -9 b1]
/usr/bin/pkill
[pkill -9 b1]
/bin/busybox
[busybox pkill -9 b1]
/bin/sh
[sh -c pkill -9 b2 || busybox pkill -9 b2]
/usr/bin/pkill
[pkill -9 b2]
/bin/busybox
[busybox pkill -9 b2]
/bin/sh
[sh -c pkill -9 b3 || busybox pkill -9 b3]
/usr/bin/pkill
[pkill -9 b3]
/bin/busybox
[busybox pkill -9 b3]
/bin/sh
[sh -c pkill -9 b4 || busybox pkill -9 b4]
/usr/bin/pkill
[pkill -9 b4]
/bin/busybox
[busybox pkill -9 b4]
/bin/sh
[sh -c pkill -9 b5 || busybox pkill -9 b5]
/usr/bin/pkill
[pkill -9 b5]
/bin/busybox
[busybox pkill -9 b5]
/bin/sh
[sh -c pkill -9 b6 || busybox pkill -9 b6]
/usr/bin/pkill
[pkill -9 b6]
/bin/busybox
[busybox pkill -9 b6]
/bin/sh
[sh -c pkill -9 b7 || busybox pkill -9 b7]
/usr/bin/pkill
[pkill -9 b7]
/bin/busybox
[busybox pkill -9 b7]
/bin/sh
[sh -c pkill -9 b8 || busybox pkill -9 b8]
/usr/bin/pkill
[pkill -9 b8]
/bin/busybox
[busybox pkill -9 b8]
/bin/sh
[sh -c pkill -9 b9 || busybox pkill -9 b9]
/usr/bin/pkill
[pkill -9 b9]
/bin/busybox
[busybox pkill -9 b9]
/bin/sh
[sh -c pkill -9 b10 || busybox pkill -9 b10]
/usr/bin/pkill
[pkill -9 b10]
/bin/busybox
[busybox pkill -9 b10]
/bin/sh
[sh -c pkill -9 b11 || busybox pkill -9 b11]
/usr/bin/pkill
[pkill -9 b11]
/bin/busybox
[busybox pkill -9 b11]
/bin/sh
[sh -c pkill -9 b12 || busybox pkill -9 b12]
/usr/bin/pkill
[pkill -9 b12]
/bin/busybox
[busybox pkill -9 b12]
/bin/sh
[sh -c pkill -9 b13 || busybox pkill -9 b13]
/usr/bin/pkill
[pkill -9 b13]
/bin/busybox
[busybox pkill -9 b13]
/bin/sh
[sh -c pkill -9 b14 || busybox pkill -9 b14]
/usr/bin/pkill
[pkill -9 b14]
/bin/busybox
[busybox pkill -9 b14]
/bin/sh
[sh -c pkill -9 b15 || busybox pkill -9 b15]
/usr/bin/pkill
[pkill -9 b15]
/bin/busybox
[busybox pkill -9 b15]
/bin/sh
[sh -c pkill -9 b16 || busybox pkill -9 b16]
/usr/bin/pkill
[pkill -9 b16]
/bin/busybox
[busybox pkill -9 b16]
/bin/sh
[sh -c pkill -9 b17 || busybox pkill -9 b17]
/usr/bin/pkill
[pkill -9 b17]
/bin/busybox
[busybox pkill -9 b17]
/bin/sh
[sh -c pkill -9 b18 || busybox pkill -9 b18]
/usr/bin/pkill
[pkill -9 b18]
/bin/busybox
[busybox pkill -9 b18]
/bin/sh
[sh -c pkill -9 b19 || busybox pkill -9 b19]
/usr/bin/pkill
[pkill -9 b19]
/bin/busybox
[busybox pkill -9 b19]
/bin/sh
[sh -c pkill -9 b20 || busybox pkill -9 b20]
/usr/bin/pkill
[pkill -9 b20]
/bin/busybox
[busybox pkill -9 b20]
/bin/sh
[sh -c pkill -9 busyboxterrorist || busybox pkill -9 busyboxterrorist]
/usr/bin/pkill
[pkill -9 busyboxterrorist]
/bin/busybox
[busybox pkill -9 busyboxterrorist]
/bin/sh
[sh -c pkill -9 dvrHelper || busybox pkill -9 dvrHelper]
/usr/bin/pkill
[pkill -9 dvrHelper]
/bin/busybox
[busybox pkill -9 dvrHelper]
/bin/sh
[sh -c pkill -9 kmy* || busybox pkill -9 kmy*]
/usr/bin/pkill
[pkill -9 kmy*]
/bin/busybox
[busybox pkill -9 kmy*]
/bin/sh
[sh -c pkill -9 lol* || busybox pkill -9 lol*]
/usr/bin/pkill
[pkill -9 lol*]
/bin/sh
[sh -c pkill -9 telmips || busybox pkill -9 telmips]
/usr/bin/pkill
[pkill -9 telmips]
/bin/busybox
[busybox pkill -9 telmips]
/bin/sh
[sh -c pkill -9 telmips64 || busybox pkill -9 telmips64]
/usr/bin/pkill
[pkill -9 telmips64]
/bin/busybox
[busybox pkill -9 telmips64]
/bin/sh
[sh -c pkill -9 telmipsel || busybox pkill -9 telmipsel]
/usr/bin/pkill
[pkill -9 telmipsel]
/bin/busybox
[busybox pkill -9 telmipsel]
/bin/sh
[sh -c pkill -9 telsh2eb || busybox pkill -9 telsh2eb]
/usr/bin/pkill
[pkill -9 telsh2eb]
/bin/busybox
[busybox pkill -9 telsh2eb]
/bin/sh
[sh -c pkill -9 telsh2elf || busybox pkill -9 telsh2elf]
/usr/bin/pkill
[pkill -9 telsh2elf]
/bin/busybox
[busybox pkill -9 telsh2elf]
/bin/sh
[sh -c pkill -9 telsh4 || busybox pkill -9 telsh4]
/usr/bin/pkill
[pkill -9 telsh4]
/bin/busybox
[busybox pkill -9 telsh4]
/bin/sh
[sh -c pkill -9 telx86 || busybox pkill -9 telx86]
/usr/bin/pkill
[pkill -9 telx86]
/bin/busybox
[busybox pkill -9 telx86]
/bin/sh
[sh -c pkill -9 telarmv5 || busybox pkill -9 telarmv5]
/usr/bin/pkill
[pkill -9 telarmv5]
/bin/busybox
[busybox pkill -9 telarmv5]
/bin/sh
[sh -c pkill -9 telarmv4tl || busybox pkill -9 telarmv4tl]
/usr/bin/pkill
[pkill -9 telarmv4tl]
/bin/busybox
[busybox pkill -9 telarmv4tl]
/bin/sh
[sh -c pkill -9 telarmv4 || busybox pkill -9 telarmv4]
/usr/bin/pkill
[pkill -9 telarmv4]
/bin/busybox
[busybox pkill -9 telarmv4]
/bin/sh
[sh -c pkill -9 telarmv6 || busybox pkill -9 telarmv6]
/usr/bin/pkill
[pkill -9 telarmv6]
/bin/busybox
[busybox pkill -9 telarmv6]
/bin/sh
[sh -c pkill -9 teli686 || busybox pkill -9 teli686]
/usr/bin/pkill
[pkill -9 teli686]
/bin/busybox
[busybox pkill -9 teli686]
/bin/sh
[sh -c pkill -9 telpowerpc || busybox pkill -9 telpowerpc]
/usr/bin/pkill
[pkill -9 telpowerpc]
/bin/busybox
[busybox pkill -9 telpowerpc]
/bin/sh
[sh -c pkill -9 telpowerpc440fp || busybox pkill -9 telpowerpc440fp]
/usr/bin/pkill
[pkill -9 telpowerpc440fp]
/bin/busybox
[busybox pkill -9 telpowerpc440fp]
/bin/sh
[sh -c pkill -9 teli586 || busybox pkill -9 teli586]
/usr/bin/pkill
[pkill -9 teli586]
/bin/busybox
[busybox pkill -9 teli586]
/bin/sh
[sh -c pkill -9 telm68k || busybox pkill -9 telm68k]
/usr/bin/pkill
[pkill -9 telm68k]
/bin/busybox
[busybox pkill -9 telm68k]
/bin/sh
[sh -c pkill -9 telsparc || busybox pkill -9 telsparc]
/usr/bin/pkill
[pkill -9 telsparc]
/bin/busybox
[busybox pkill -9 telsparc]
/bin/sh
[sh -c pkill -9 telx86_64 || busybox pkill -9 telx86_64]
/usr/bin/pkill
[pkill -9 telx86_64]
/bin/busybox
[busybox pkill -9 telx86_64]
/bin/sh
[sh -c pkill -9 TwoFace* || busybox pkill -9 TwoFace*]
/usr/bin/pkill
[pkill -9 TwoFace*]
/bin/busybox
[busybox pkill -9 TwoFace*]
/bin/sh
[sh -c pkill -9 xxb* || busybox pkill -9 xxb*]
/usr/bin/pkill
[pkill -9 xxb*]
/bin/busybox
[busybox pkill -9 xxb*]
/bin/sh
[sh -c pkill -9 bb || busybox pkill -9 bb]
/usr/bin/pkill
[pkill -9 bb]
/bin/busybox
[busybox pkill -9 bb]
/bin/sh
[sh -c pkill -9 busybotnet || busybox pkill -9 busybotnet]
/usr/bin/pkill
[pkill -9 busybotnet]
/bin/busybox
[busybox pkill -9 busybotnet]
/bin/sh
[sh -c pkill -9 busybox || busybox pkill -9 busybox]
/usr/bin/pkill
[pkill -9 busybox]
/bin/busybox
[busybox pkill -9 busybox]
/bin/sh
[sh -c pkill -9 badbox || busybox pkill -9 badbox]
/usr/bin/pkill
[pkill -9 badbox]
/bin/busybox
[busybox pkill -9 badbox]
/bin/sh
[sh -c pkill -9 B1 || busybox pkill -9 B1]
/usr/bin/pkill
[pkill -9 B1]
/bin/busybox
[busybox pkill -9 B1]
/bin/sh
[sh -c pkill -9 B2 || busybox pkill -9 B2]
/usr/bin/pkill
[pkill -9 B2]
/bin/busybox
[busybox pkill -9 B2]
/bin/sh
[sh -c pkill -9 B3 || busybox pkill -9 B3]
/usr/bin/pkill
[pkill -9 B3]
/bin/busybox
[busybox pkill -9 B3]
/bin/sh
[sh -c pkill -9 B4 || busybox pkill -9 B4]
/usr/bin/pkill
[pkill -9 B4]
/bin/busybox
[busybox pkill -9 B4]
/bin/sh
[sh -c pkill -9 B5 || busybox pkill -9 B5]
/usr/bin/pkill
[pkill -9 B5]
/bin/busybox
[busybox pkill -9 B5]
/bin/sh
[sh -c pkill -9 B6 || busybox pkill -9 B6]
/usr/bin/pkill
[pkill -9 B6]
/bin/busybox
[busybox pkill -9 B6]
/bin/sh
[sh -c pkill -9 B7 || busybox pkill -9 B7]
/usr/bin/pkill
[pkill -9 B7]
/bin/busybox
[busybox pkill -9 B7]
/bin/sh
[sh -c pkill -9 B8 || busybox pkill -9 B8]
/usr/bin/pkill
[pkill -9 B8]
/bin/busybox
[busybox pkill -9 B8]
/bin/sh
[sh -c pkill -9 B9 || busybox pkill -9 B9]
/usr/bin/pkill
[pkill -9 B9]
/bin/busybox
[busybox pkill -9 B9]
/bin/sh
[sh -c pkill -9 B10 || busybox pkill -9 B10]
/usr/bin/pkill
[pkill -9 B10]
/bin/busybox
[busybox pkill -9 B10]
/bin/sh
[sh -c pkill -9 B11 || busybox pkill -9 B11]
/usr/bin/pkill
[pkill -9 B11]
/bin/busybox
[busybox pkill -9 B11]
/bin/sh
[sh -c pkill -9 B12 || busybox pkill -9 B12]
/usr/bin/pkill
[pkill -9 B12]
/bin/busybox
[busybox pkill -9 B12]
/bin/sh
[sh -c pkill -9 B13 || busybox pkill -9 B13]
/usr/bin/pkill
[pkill -9 B13]
/bin/busybox
[busybox pkill -9 B13]
/bin/sh
[sh -c pkill -9 B14 || busybox pkill -9 B14]
/usr/bin/pkill
[pkill -9 B14]
/bin/busybox
[busybox pkill -9 B14]
/bin/sh
[sh -c pkill -9 B15 || busybox pkill -9 B15]
/usr/bin/pkill
[pkill -9 B15]
/bin/busybox
[busybox pkill -9 B15]
/bin/sh
[sh -c pkill -9 B16 || busybox pkill -9 B16]
/usr/bin/pkill
[pkill -9 B16]
/bin/busybox
[busybox pkill -9 B16]
/bin/sh
[sh -c pkill -9 B17 || busybox pkill -9 B17]
/usr/bin/pkill
[pkill -9 B17]
/bin/busybox
[busybox pkill -9 B17]
/bin/sh
[sh -c pkill -9 B18 || busybox pkill -9 B18]
/usr/bin/pkill
[pkill -9 B18]
/bin/busybox
[busybox pkill -9 B18]
/bin/sh
[sh -c pkill -9 B20 || busybox pkill -9 B20]
/usr/bin/pkill
[pkill -9 B20]
/bin/busybox
[busybox pkill -9 B20]
/bin/sh
[sh -c pkill -9 gaybot || busybox pkill -9 gaybot]
/usr/bin/pkill
[pkill -9 gaybot]
/bin/busybox
[busybox pkill -9 gaybot]
/bin/sh
[sh -c pkill -9 hackz || busybox pkill -9 hackz]
/usr/bin/pkill
[pkill -9 hackz]
/bin/busybox
[busybox pkill -9 hackz]
/bin/sh
[sh -c pkill -9 bin* || busybox pkill -9 bin*]
/usr/bin/pkill
[pkill -9 bin]
/bin/busybox
[busybox pkill -9 bin]
/bin/sh
[sh -c pkill -9 gtop || busybox pkill -9 gtop]
/usr/bin/pkill
[pkill -9 gtop]
/bin/busybox
[busybox pkill -9 gtop]
/bin/sh
[sh -c pkill -9 botnet || busybox pkill -9 botnet]
/usr/bin/pkill
[pkill -9 botnet]
/bin/busybox
[busybox pkill -9 botnet]
/bin/sh
[sh -c pkill -9 swatnet || busybox pkill -9 swatnet]
/usr/bin/pkill
[pkill -9 swatnet]
/bin/busybox
[busybox pkill -9 swatnet]
/bin/sh
[sh -c pkill -9 ballpit || busybox pkill -9 ballpit]
/usr/bin/pkill
[pkill -9 ballpit]
/bin/busybox
[busybox pkill -9 ballpit]
/bin/sh
[sh -c pkill -9 fucknet || busybox pkill -9 fucknet]
/usr/bin/pkill
[pkill -9 fucknet]
/bin/busybox
[busybox pkill -9 fucknet]
/bin/sh
[sh -c pkill -9 cracknet || busybox pkill -9 cracknet]
/usr/bin/pkill
[pkill -9 cracknet]
/bin/busybox
[busybox pkill -9 cracknet]
/bin/sh
[sh -c pkill -9 weednet || busybox pkill -9 weednet]
/usr/bin/pkill
[pkill -9 weednet]
/bin/busybox
[busybox pkill -9 weednet]
/bin/sh
[sh -c pkill -9 gaynet || busybox pkill -9 gaynet]
/usr/bin/pkill
[pkill -9 gaynet]
/bin/busybox
[busybox pkill -9 gaynet]
/bin/sh
[sh -c pkill -9 queernet || busybox pkill -9 queernet]
/usr/bin/pkill
[pkill -9 queernet]
/bin/busybox
[busybox pkill -9 queernet]
/bin/sh
[sh -c pkill -9 ballnet || busybox pkill -9 ballnet]
/usr/bin/pkill
[pkill -9 ballnet]
/bin/busybox
[busybox pkill -9 ballnet]
/bin/sh
[sh -c pkill -9 unet || busybox pkill -9 unet]
/usr/bin/pkill
[pkill -9 unet]
/bin/busybox
[busybox pkill -9 unet]
/bin/sh
[sh -c pkill -9 yougay || busybox pkill -9 yougay]
/usr/bin/pkill
[pkill -9 yougay]
/bin/busybox
[busybox pkill -9 yougay]
/bin/sh
[sh -c pkill -9 sttftp || busybox pkill -9 sttftp]
/usr/bin/pkill
[pkill -9 sttftp]
/bin/busybox
[busybox pkill -9 sttftp]
/bin/sh
[sh -c pkill -9 sstftp || busybox pkill -9 sstftp]
/usr/bin/pkill
[pkill -9 sstftp]
/bin/busybox
[busybox pkill -9 sstftp]
/bin/sh
[sh -c pkill -9 sbtftp || busybox pkill -9 sbtftp]
/usr/bin/pkill
[pkill -9 sbtftp]
/bin/busybox
[busybox pkill -9 sbtftp]
/bin/sh
[sh -c pkill -9 btftp || busybox pkill -9 btftp]
/usr/bin/pkill
[pkill -9 btftp]
/bin/busybox
[busybox pkill -9 btftp]
/bin/sh
[sh -c pkill -9 y0u1sg3y || busybox pkill -9 y0u1sg3y]
/usr/bin/pkill
[pkill -9 y0u1sg3y]
/bin/busybox
[busybox pkill -9 y0u1sg3y]
/bin/sh
[sh -c pkill -9 bruv* || busybox pkill -9 bruv*]
/usr/bin/pkill
[pkill -9 bruv*]
/bin/busybox
[busybox pkill -9 bruv*]
Network
| Country | Destination | Domain | Proto |
| CN | 106.53.200.20:6667 | tcp | |
| CN | 106.52.68.18:6667 | tcp | |
| CN | 106.53.200.20:6667 | tcp | |
| CN | 212.64.67.230:6667 | tcp | |
| CN | 106.52.68.18:6667 | tcp | |
| CN | 212.64.67.230:6667 | tcp | |
| CN | 106.53.200.20:6667 | tcp | |
| CN | 106.52.68.18:6667 | tcp | |
| US | 1.1.1.1:53 | debian9-mipsbe-en-20211208-3 | udp |
| HK | 154.92.16.67:6667 | tcp | |
| CN | 106.53.200.20:6667 | tcp | |
| CN | 106.52.68.18:6667 | tcp | |
| CN | 106.53.200.20:6667 | tcp | |
| CN | 106.52.68.18:6667 | tcp | |
| CN | 212.64.67.230:6667 | tcp | |
| CN | 212.64.67.230:6667 | tcp | |
| HK | 154.92.16.67:6667 | tcp | |
| HK | 154.92.16.67:6667 | tcp | |
| CN | 212.64.67.230:6667 | tcp | |
| HK | 154.92.16.67:6667 | tcp | |
| HK | 154.92.16.67:6667 | tcp |