Malware Analysis Report

2024-12-01 00:47

Sample ID 220121-3rm7padggn
Target 66ea36c2513e60ae75834f2a58505839a65cfc17b551879932aa13df444582c8
SHA256 66ea36c2513e60ae75834f2a58505839a65cfc17b551879932aa13df444582c8
Tags
persistence kaiten
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

66ea36c2513e60ae75834f2a58505839a65cfc17b551879932aa13df444582c8

Threat Level: Known bad

The file 66ea36c2513e60ae75834f2a58505839a65cfc17b551879932aa13df444582c8 was found to be: Known bad.

Malicious Activity Summary

persistence kaiten

Identified Kaiten Bot

Kaiten family

Modifies rc script

Reads CPU attributes

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-01-21 23:44

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2022-01-21 23:44

Reported

2022-01-22 01:50

Platform

debian9-mipsbe-en-20211208

Max time kernel

3832s

Max time network

153s

Command Line

[./66ea36c2513e60ae75834f2a58505839a65cfc17b551879932aa13df444582c8]

Signatures

Modifies rc script

persistence
Description Indicator Process Target
/etc/rc.d/rc.local /etc/rc.d/rc.local N/A N/A

Reads CPU attributes

Description Indicator Process Target
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A

Reads runtime system information

Description Indicator Process Target
/proc/70/cmdline /proc/70/cmdline /usr/bin/pkill N/A
/proc/307/status /proc/307/status /usr/bin/pkill N/A
/proc/7/status /proc/7/status /usr/bin/pkill N/A
/proc/13/status /proc/13/status /usr/bin/pkill N/A
/proc/331/cmdline /proc/331/cmdline /usr/bin/pkill N/A
/proc/255/status /proc/255/status /usr/bin/pkill N/A
/proc/23/cmdline /proc/23/cmdline /usr/bin/pkill N/A
/proc/3/status /proc/3/status /usr/bin/pkill N/A
/proc/23/status /proc/23/status /usr/bin/pkill N/A
/proc/224/cmdline /proc/224/cmdline /usr/bin/pkill N/A
/proc/3/cmdline /proc/3/cmdline /usr/bin/pkill N/A
/proc/8/status /proc/8/status /usr/bin/pkill N/A
/proc/142/cmdline /proc/142/cmdline /usr/bin/pkill N/A
/proc/144/cmdline /proc/144/cmdline /usr/bin/pkill N/A
/proc/73/status /proc/73/status /usr/bin/pkill N/A
/proc/4/cmdline /proc/4/cmdline /usr/bin/pkill N/A
/proc/74/cmdline /proc/74/cmdline /usr/bin/pkill N/A
/proc/21/cmdline /proc/21/cmdline /usr/bin/pkill N/A
/proc/307/status /proc/307/status /usr/bin/pkill N/A
/proc/82/status /proc/82/status /usr/bin/pkill N/A
/proc/323/cmdline /proc/323/cmdline /usr/bin/pkill N/A
/proc/14/status /proc/14/status /usr/bin/pkill N/A
/proc/326/status /proc/326/status /usr/bin/pkill N/A
/proc/77/status /proc/77/status /usr/bin/pkill N/A
/proc/115/cmdline /proc/115/cmdline /usr/bin/pkill N/A
/proc/331/cmdline /proc/331/cmdline /usr/bin/pkill N/A
/proc/104/cmdline /proc/104/cmdline /usr/bin/pkill N/A
/proc/7/status /proc/7/status /usr/bin/pkill N/A
/proc/685/cmdline /proc/685/cmdline /usr/bin/pkill N/A
/proc/72/cmdline /proc/72/cmdline /usr/bin/pkill N/A
/proc/10/cmdline /proc/10/cmdline /usr/bin/pkill N/A
/proc/8/cmdline /proc/8/cmdline /usr/bin/pkill N/A
/proc/16/cmdline /proc/16/cmdline /usr/bin/pkill N/A
/proc/17/cmdline /proc/17/cmdline /usr/bin/pkill N/A
/proc/82/cmdline /proc/82/cmdline /usr/bin/pkill N/A
/proc/36/cmdline /proc/36/cmdline /usr/bin/pkill N/A
/proc/69/status /proc/69/status /usr/bin/pkill N/A
/proc/114/status /proc/114/status /usr/bin/pkill N/A
/proc/20/status /proc/20/status /usr/bin/pkill N/A
/proc/331/status /proc/331/status /usr/bin/pkill N/A
/proc/80/status /proc/80/status /usr/bin/pkill N/A
/proc/226/cmdline /proc/226/cmdline /usr/bin/pkill N/A
/proc/155/cmdline /proc/155/cmdline /usr/bin/pkill N/A
/proc/114/status /proc/114/status /usr/bin/pkill N/A
/proc/582/status /proc/582/status /usr/bin/pkill N/A
/proc/10/status /proc/10/status /usr/bin/pkill N/A
/proc/733/cmdline /proc/733/cmdline /usr/bin/pkill N/A
/proc/222/status /proc/222/status /usr/bin/pkill N/A
/proc/20/cmdline /proc/20/cmdline /usr/bin/pkill N/A
/proc/82/status /proc/82/status /usr/bin/pkill N/A
/proc/36/status /proc/36/status /usr/bin/pkill N/A
/proc/17/status /proc/17/status /usr/bin/pkill N/A
/proc/114/cmdline /proc/114/cmdline /usr/bin/pkill N/A
/proc/36/cmdline /proc/36/cmdline /usr/bin/pkill N/A
/proc/482/cmdline /proc/482/cmdline /usr/bin/pkill N/A
/proc/114/cmdline /proc/114/cmdline /usr/bin/pkill N/A
/proc/20/status /proc/20/status /usr/bin/pkill N/A
/proc/77/status /proc/77/status /usr/bin/pkill N/A
/proc/225/cmdline /proc/225/cmdline /usr/bin/pkill N/A
/proc/225/status /proc/225/status /usr/bin/pkill N/A
/proc/75/status /proc/75/status /usr/bin/pkill N/A
/proc/2/status /proc/2/status /usr/bin/pkill N/A
/proc/518/status /proc/518/status /usr/bin/pkill N/A
/proc/224/cmdline /proc/224/cmdline /usr/bin/pkill N/A

Processes

./66ea36c2513e60ae75834f2a58505839a65cfc17b551879932aa13df444582c8

[./66ea36c2513e60ae75834f2a58505839a65cfc17b551879932aa13df444582c8]

/bin/sh

[sh -c pkill -9 mirai.* || busybox pkill -9 mirai.*]

/usr/bin/pkill

[pkill -9 mirai.*]

/bin/busybox

[busybox pkill -9 mirai.*]

/bin/sh

[sh -c pkill -9 dlr.*mips || busybox pkill -9 dlr.*mips]

/usr/bin/pkill

[pkill -9 dlr.*mips]

/bin/busybox

[busybox pkill -9 dlr.*mips]

/bin/sh

[sh -c pkill -9 mips64 || busybox pkill -9 mips64]

/usr/bin/pkill

[pkill -9 mips64]

/bin/busybox

[busybox pkill -9 mips64]

/bin/sh

[sh -c pkill -9 mipsel || busybox pkill -9 mipsel]

/usr/bin/pkill

[pkill -9 mipsel]

/bin/busybox

[busybox pkill -9 mipsel]

/bin/sh

[sh -c pkill -9 sh2eb || busybox pkill -9 sh2eb]

/usr/bin/pkill

[pkill -9 sh2eb]

/bin/busybox

[busybox pkill -9 sh2eb]

/bin/sh

[sh -c pkill -9 sh2elf || busybox pkill -9 sh2elf]

/usr/bin/pkill

[pkill -9 sh2elf]

/bin/busybox

[busybox pkill -9 sh2elf]

/bin/sh

[sh -c pkill -9 sh4 || busybox pkill -9 sh4]

/usr/bin/pkill

[pkill -9 sh4]

/bin/busybox

[busybox pkill -9 sh4]

/bin/sh

[sh -c pkill -9 x86 || busybox pkill -9 x86]

/usr/bin/pkill

[pkill -9 x86]

/bin/busybox

[busybox pkill -9 x86]

/bin/sh

[sh -c pkill -9 arm || busybox pkill -9 arm]

/usr/bin/pkill

[pkill -9 arm]

/bin/busybox

[busybox pkill -9 arm]

/bin/sh

[sh -c pkill -9 armv5 || busybox pkill -9 armv5]

/usr/bin/pkill

[pkill -9 armv5]

/bin/busybox

[busybox pkill -9 armv5]

/bin/sh

[sh -c pkill -9 armv4tl || busybox pkill -9 armv4tl]

/usr/bin/pkill

[pkill -9 armv4tl]

/bin/busybox

[busybox pkill -9 armv4tl]

/bin/sh

[sh -c pkill -9 armv4 || busybox pkill -9 armv4]

/usr/bin/pkill

[pkill -9 armv4]

/bin/busybox

[busybox pkill -9 armv4]

/bin/sh

[sh -c pkill -9 armv6 || busybox pkill -9 armv6]

/usr/bin/pkill

[pkill -9 armv6]

/bin/busybox

[busybox pkill -9 armv6]

/bin/sh

[sh -c pkill -9 i686 || busybox pkill -9 i686]

/usr/bin/pkill

[pkill -9 i686]

/bin/busybox

[busybox pkill -9 i686]

/bin/sh

[sh -c pkill -9 powerpc || busybox pkill -9 powerpc]

/usr/bin/pkill

[pkill -9 powerpc]

/bin/busybox

[busybox pkill -9 powerpc]

/bin/sh

[sh -c pkill -9 powerpc440fp || busybox pkill -9 powerpc440fp]

/usr/bin/pkill

[pkill -9 powerpc440fp]

/bin/busybox

[busybox pkill -9 powerpc440fp]

/bin/sh

[sh -c pkill -9 i586 || busybox pkill -9 i586]

/usr/bin/pkill

[pkill -9 i586]

/bin/busybox

[busybox pkill -9 i586]

/bin/sh

[sh -c pkill -9 m68k || busybox pkill -9 m68k]

/usr/bin/pkill

[pkill -9 m68k]

/bin/busybox

[busybox pkill -9 m68k]

/bin/sh

[sh -c pkill -9 sparc || busybox pkill -9 sparc]

/usr/bin/pkill

[pkill -9 sparc]

/bin/busybox

[busybox pkill -9 sparc]

/bin/sh

[sh -c pkill -9 x86_64 || busybox pkill -9 x86_64]

/usr/bin/pkill

[pkill -9 x86_64]

/bin/busybox

[busybox pkill -9 x86_64]

/bin/sh

[sh -c pkill -9 jackmy* || busybox pkill -9 jackmy*]

/usr/bin/pkill

[pkill -9 jackmy*]

/bin/busybox

[busybox pkill -9 jackmy*]

/bin/sh

[sh -c pkill -9 hackmy* || busybox pkill -9 hackmy*]

/usr/bin/pkill

[pkill -9 hackmy*]

/bin/busybox

[busybox pkill -9 hackmy*]

/bin/sh

[sh -c pkill -9 b1 || busybox pkill -9 b1]

/usr/bin/pkill

[pkill -9 b1]

/bin/busybox

[busybox pkill -9 b1]

/bin/sh

[sh -c pkill -9 b2 || busybox pkill -9 b2]

/usr/bin/pkill

[pkill -9 b2]

/bin/busybox

[busybox pkill -9 b2]

/bin/sh

[sh -c pkill -9 b3 || busybox pkill -9 b3]

/usr/bin/pkill

[pkill -9 b3]

/bin/busybox

[busybox pkill -9 b3]

/bin/sh

[sh -c pkill -9 b4 || busybox pkill -9 b4]

/usr/bin/pkill

[pkill -9 b4]

/bin/busybox

[busybox pkill -9 b4]

/bin/sh

[sh -c pkill -9 b5 || busybox pkill -9 b5]

/usr/bin/pkill

[pkill -9 b5]

/bin/busybox

[busybox pkill -9 b5]

/bin/sh

[sh -c pkill -9 b6 || busybox pkill -9 b6]

/usr/bin/pkill

[pkill -9 b6]

/bin/busybox

[busybox pkill -9 b6]

/bin/sh

[sh -c pkill -9 b7 || busybox pkill -9 b7]

/usr/bin/pkill

[pkill -9 b7]

/bin/busybox

[busybox pkill -9 b7]

/bin/sh

[sh -c pkill -9 b8 || busybox pkill -9 b8]

/usr/bin/pkill

[pkill -9 b8]

/bin/busybox

[busybox pkill -9 b8]

/bin/sh

[sh -c pkill -9 b9 || busybox pkill -9 b9]

/usr/bin/pkill

[pkill -9 b9]

/bin/busybox

[busybox pkill -9 b9]

/bin/sh

[sh -c pkill -9 b10 || busybox pkill -9 b10]

/usr/bin/pkill

[pkill -9 b10]

/bin/busybox

[busybox pkill -9 b10]

/bin/sh

[sh -c pkill -9 b11 || busybox pkill -9 b11]

/usr/bin/pkill

[pkill -9 b11]

/bin/busybox

[busybox pkill -9 b11]

/bin/sh

[sh -c pkill -9 b12 || busybox pkill -9 b12]

/usr/bin/pkill

[pkill -9 b12]

/bin/busybox

[busybox pkill -9 b12]

/bin/sh

[sh -c pkill -9 b13 || busybox pkill -9 b13]

/usr/bin/pkill

[pkill -9 b13]

/bin/busybox

[busybox pkill -9 b13]

/bin/sh

[sh -c pkill -9 b14 || busybox pkill -9 b14]

/usr/bin/pkill

[pkill -9 b14]

/bin/busybox

[busybox pkill -9 b14]

/bin/sh

[sh -c pkill -9 b15 || busybox pkill -9 b15]

/usr/bin/pkill

[pkill -9 b15]

/bin/busybox

[busybox pkill -9 b15]

/bin/sh

[sh -c pkill -9 b16 || busybox pkill -9 b16]

/usr/bin/pkill

[pkill -9 b16]

/bin/busybox

[busybox pkill -9 b16]

/bin/sh

[sh -c pkill -9 b17 || busybox pkill -9 b17]

/usr/bin/pkill

[pkill -9 b17]

/bin/busybox

[busybox pkill -9 b17]

/bin/sh

[sh -c pkill -9 b18 || busybox pkill -9 b18]

/usr/bin/pkill

[pkill -9 b18]

/bin/busybox

[busybox pkill -9 b18]

/bin/sh

[sh -c pkill -9 b19 || busybox pkill -9 b19]

/usr/bin/pkill

[pkill -9 b19]

/bin/busybox

[busybox pkill -9 b19]

/bin/sh

[sh -c pkill -9 b20 || busybox pkill -9 b20]

/usr/bin/pkill

[pkill -9 b20]

/bin/busybox

[busybox pkill -9 b20]

/bin/sh

[sh -c pkill -9 busyboxterrorist || busybox pkill -9 busyboxterrorist]

/usr/bin/pkill

[pkill -9 busyboxterrorist]

/bin/busybox

[busybox pkill -9 busyboxterrorist]

/bin/sh

[sh -c pkill -9 dvrHelper || busybox pkill -9 dvrHelper]

/usr/bin/pkill

[pkill -9 dvrHelper]

/bin/busybox

[busybox pkill -9 dvrHelper]

/bin/sh

[sh -c pkill -9 kmy* || busybox pkill -9 kmy*]

/usr/bin/pkill

[pkill -9 kmy*]

/bin/busybox

[busybox pkill -9 kmy*]

/bin/sh

[sh -c pkill -9 lol* || busybox pkill -9 lol*]

/usr/bin/pkill

[pkill -9 lol*]

/bin/sh

[sh -c pkill -9 telmips || busybox pkill -9 telmips]

/usr/bin/pkill

[pkill -9 telmips]

/bin/busybox

[busybox pkill -9 telmips]

/bin/sh

[sh -c pkill -9 telmips64 || busybox pkill -9 telmips64]

/usr/bin/pkill

[pkill -9 telmips64]

/bin/busybox

[busybox pkill -9 telmips64]

/bin/sh

[sh -c pkill -9 telmipsel || busybox pkill -9 telmipsel]

/usr/bin/pkill

[pkill -9 telmipsel]

/bin/busybox

[busybox pkill -9 telmipsel]

/bin/sh

[sh -c pkill -9 telsh2eb || busybox pkill -9 telsh2eb]

/usr/bin/pkill

[pkill -9 telsh2eb]

/bin/busybox

[busybox pkill -9 telsh2eb]

/bin/sh

[sh -c pkill -9 telsh2elf || busybox pkill -9 telsh2elf]

/usr/bin/pkill

[pkill -9 telsh2elf]

/bin/busybox

[busybox pkill -9 telsh2elf]

/bin/sh

[sh -c pkill -9 telsh4 || busybox pkill -9 telsh4]

/usr/bin/pkill

[pkill -9 telsh4]

/bin/busybox

[busybox pkill -9 telsh4]

/bin/sh

[sh -c pkill -9 telx86 || busybox pkill -9 telx86]

/usr/bin/pkill

[pkill -9 telx86]

/bin/busybox

[busybox pkill -9 telx86]

/bin/sh

[sh -c pkill -9 telarmv5 || busybox pkill -9 telarmv5]

/usr/bin/pkill

[pkill -9 telarmv5]

/bin/busybox

[busybox pkill -9 telarmv5]

/bin/sh

[sh -c pkill -9 telarmv4tl || busybox pkill -9 telarmv4tl]

/usr/bin/pkill

[pkill -9 telarmv4tl]

/bin/busybox

[busybox pkill -9 telarmv4tl]

/bin/sh

[sh -c pkill -9 telarmv4 || busybox pkill -9 telarmv4]

/usr/bin/pkill

[pkill -9 telarmv4]

/bin/busybox

[busybox pkill -9 telarmv4]

/bin/sh

[sh -c pkill -9 telarmv6 || busybox pkill -9 telarmv6]

/usr/bin/pkill

[pkill -9 telarmv6]

/bin/busybox

[busybox pkill -9 telarmv6]

/bin/sh

[sh -c pkill -9 teli686 || busybox pkill -9 teli686]

/usr/bin/pkill

[pkill -9 teli686]

/bin/busybox

[busybox pkill -9 teli686]

/bin/sh

[sh -c pkill -9 telpowerpc || busybox pkill -9 telpowerpc]

/usr/bin/pkill

[pkill -9 telpowerpc]

/bin/busybox

[busybox pkill -9 telpowerpc]

/bin/sh

[sh -c pkill -9 telpowerpc440fp || busybox pkill -9 telpowerpc440fp]

/usr/bin/pkill

[pkill -9 telpowerpc440fp]

/bin/busybox

[busybox pkill -9 telpowerpc440fp]

/bin/sh

[sh -c pkill -9 teli586 || busybox pkill -9 teli586]

/usr/bin/pkill

[pkill -9 teli586]

/bin/busybox

[busybox pkill -9 teli586]

/bin/sh

[sh -c pkill -9 telm68k || busybox pkill -9 telm68k]

/usr/bin/pkill

[pkill -9 telm68k]

/bin/busybox

[busybox pkill -9 telm68k]

/bin/sh

[sh -c pkill -9 telsparc || busybox pkill -9 telsparc]

/usr/bin/pkill

[pkill -9 telsparc]

/bin/busybox

[busybox pkill -9 telsparc]

/bin/sh

[sh -c pkill -9 telx86_64 || busybox pkill -9 telx86_64]

/usr/bin/pkill

[pkill -9 telx86_64]

/bin/busybox

[busybox pkill -9 telx86_64]

/bin/sh

[sh -c pkill -9 TwoFace* || busybox pkill -9 TwoFace*]

/usr/bin/pkill

[pkill -9 TwoFace*]

/bin/busybox

[busybox pkill -9 TwoFace*]

/bin/sh

[sh -c pkill -9 xxb* || busybox pkill -9 xxb*]

/usr/bin/pkill

[pkill -9 xxb*]

/bin/busybox

[busybox pkill -9 xxb*]

/bin/sh

[sh -c pkill -9 bb || busybox pkill -9 bb]

/usr/bin/pkill

[pkill -9 bb]

/bin/busybox

[busybox pkill -9 bb]

/bin/sh

[sh -c pkill -9 busybotnet || busybox pkill -9 busybotnet]

/usr/bin/pkill

[pkill -9 busybotnet]

/bin/busybox

[busybox pkill -9 busybotnet]

/bin/sh

[sh -c pkill -9 busybox || busybox pkill -9 busybox]

/usr/bin/pkill

[pkill -9 busybox]

/bin/busybox

[busybox pkill -9 busybox]

/bin/sh

[sh -c pkill -9 badbox || busybox pkill -9 badbox]

/usr/bin/pkill

[pkill -9 badbox]

/bin/busybox

[busybox pkill -9 badbox]

/bin/sh

[sh -c pkill -9 B1 || busybox pkill -9 B1]

/usr/bin/pkill

[pkill -9 B1]

/bin/busybox

[busybox pkill -9 B1]

/bin/sh

[sh -c pkill -9 B2 || busybox pkill -9 B2]

/usr/bin/pkill

[pkill -9 B2]

/bin/busybox

[busybox pkill -9 B2]

/bin/sh

[sh -c pkill -9 B3 || busybox pkill -9 B3]

/usr/bin/pkill

[pkill -9 B3]

/bin/busybox

[busybox pkill -9 B3]

/bin/sh

[sh -c pkill -9 B4 || busybox pkill -9 B4]

/usr/bin/pkill

[pkill -9 B4]

/bin/busybox

[busybox pkill -9 B4]

/bin/sh

[sh -c pkill -9 B5 || busybox pkill -9 B5]

/usr/bin/pkill

[pkill -9 B5]

/bin/busybox

[busybox pkill -9 B5]

/bin/sh

[sh -c pkill -9 B6 || busybox pkill -9 B6]

/usr/bin/pkill

[pkill -9 B6]

/bin/busybox

[busybox pkill -9 B6]

/bin/sh

[sh -c pkill -9 B7 || busybox pkill -9 B7]

/usr/bin/pkill

[pkill -9 B7]

/bin/busybox

[busybox pkill -9 B7]

/bin/sh

[sh -c pkill -9 B8 || busybox pkill -9 B8]

/usr/bin/pkill

[pkill -9 B8]

/bin/busybox

[busybox pkill -9 B8]

/bin/sh

[sh -c pkill -9 B9 || busybox pkill -9 B9]

/usr/bin/pkill

[pkill -9 B9]

/bin/busybox

[busybox pkill -9 B9]

/bin/sh

[sh -c pkill -9 B10 || busybox pkill -9 B10]

/usr/bin/pkill

[pkill -9 B10]

/bin/busybox

[busybox pkill -9 B10]

/bin/sh

[sh -c pkill -9 B11 || busybox pkill -9 B11]

/usr/bin/pkill

[pkill -9 B11]

/bin/busybox

[busybox pkill -9 B11]

/bin/sh

[sh -c pkill -9 B12 || busybox pkill -9 B12]

/usr/bin/pkill

[pkill -9 B12]

/bin/busybox

[busybox pkill -9 B12]

/bin/sh

[sh -c pkill -9 B13 || busybox pkill -9 B13]

/usr/bin/pkill

[pkill -9 B13]

/bin/busybox

[busybox pkill -9 B13]

/bin/sh

[sh -c pkill -9 B14 || busybox pkill -9 B14]

/usr/bin/pkill

[pkill -9 B14]

/bin/busybox

[busybox pkill -9 B14]

/bin/sh

[sh -c pkill -9 B15 || busybox pkill -9 B15]

/usr/bin/pkill

[pkill -9 B15]

/bin/busybox

[busybox pkill -9 B15]

/bin/sh

[sh -c pkill -9 B16 || busybox pkill -9 B16]

/usr/bin/pkill

[pkill -9 B16]

/bin/busybox

[busybox pkill -9 B16]

/bin/sh

[sh -c pkill -9 B17 || busybox pkill -9 B17]

/usr/bin/pkill

[pkill -9 B17]

/bin/busybox

[busybox pkill -9 B17]

/bin/sh

[sh -c pkill -9 B18 || busybox pkill -9 B18]

/usr/bin/pkill

[pkill -9 B18]

/bin/busybox

[busybox pkill -9 B18]

/bin/sh

[sh -c pkill -9 B20 || busybox pkill -9 B20]

/usr/bin/pkill

[pkill -9 B20]

/bin/busybox

[busybox pkill -9 B20]

/bin/sh

[sh -c pkill -9 gaybot || busybox pkill -9 gaybot]

/usr/bin/pkill

[pkill -9 gaybot]

/bin/busybox

[busybox pkill -9 gaybot]

/bin/sh

[sh -c pkill -9 hackz || busybox pkill -9 hackz]

/usr/bin/pkill

[pkill -9 hackz]

/bin/busybox

[busybox pkill -9 hackz]

/bin/sh

[sh -c pkill -9 bin* || busybox pkill -9 bin*]

/usr/bin/pkill

[pkill -9 bin]

/bin/busybox

[busybox pkill -9 bin]

/bin/sh

[sh -c pkill -9 gtop || busybox pkill -9 gtop]

/usr/bin/pkill

[pkill -9 gtop]

/bin/busybox

[busybox pkill -9 gtop]

/bin/sh

[sh -c pkill -9 botnet || busybox pkill -9 botnet]

/usr/bin/pkill

[pkill -9 botnet]

/bin/busybox

[busybox pkill -9 botnet]

/bin/sh

[sh -c pkill -9 swatnet || busybox pkill -9 swatnet]

/usr/bin/pkill

[pkill -9 swatnet]

/bin/busybox

[busybox pkill -9 swatnet]

/bin/sh

[sh -c pkill -9 ballpit || busybox pkill -9 ballpit]

/usr/bin/pkill

[pkill -9 ballpit]

/bin/busybox

[busybox pkill -9 ballpit]

/bin/sh

[sh -c pkill -9 fucknet || busybox pkill -9 fucknet]

/usr/bin/pkill

[pkill -9 fucknet]

/bin/busybox

[busybox pkill -9 fucknet]

/bin/sh

[sh -c pkill -9 cracknet || busybox pkill -9 cracknet]

/usr/bin/pkill

[pkill -9 cracknet]

/bin/busybox

[busybox pkill -9 cracknet]

/bin/sh

[sh -c pkill -9 weednet || busybox pkill -9 weednet]

/usr/bin/pkill

[pkill -9 weednet]

/bin/busybox

[busybox pkill -9 weednet]

/bin/sh

[sh -c pkill -9 gaynet || busybox pkill -9 gaynet]

/usr/bin/pkill

[pkill -9 gaynet]

/bin/busybox

[busybox pkill -9 gaynet]

/bin/sh

[sh -c pkill -9 queernet || busybox pkill -9 queernet]

/usr/bin/pkill

[pkill -9 queernet]

/bin/busybox

[busybox pkill -9 queernet]

/bin/sh

[sh -c pkill -9 ballnet || busybox pkill -9 ballnet]

/usr/bin/pkill

[pkill -9 ballnet]

/bin/busybox

[busybox pkill -9 ballnet]

/bin/sh

[sh -c pkill -9 unet || busybox pkill -9 unet]

/usr/bin/pkill

[pkill -9 unet]

/bin/busybox

[busybox pkill -9 unet]

/bin/sh

[sh -c pkill -9 yougay || busybox pkill -9 yougay]

/usr/bin/pkill

[pkill -9 yougay]

/bin/busybox

[busybox pkill -9 yougay]

/bin/sh

[sh -c pkill -9 sttftp || busybox pkill -9 sttftp]

/usr/bin/pkill

[pkill -9 sttftp]

/bin/busybox

[busybox pkill -9 sttftp]

/bin/sh

[sh -c pkill -9 sstftp || busybox pkill -9 sstftp]

/usr/bin/pkill

[pkill -9 sstftp]

/bin/busybox

[busybox pkill -9 sstftp]

/bin/sh

[sh -c pkill -9 sbtftp || busybox pkill -9 sbtftp]

/usr/bin/pkill

[pkill -9 sbtftp]

/bin/busybox

[busybox pkill -9 sbtftp]

/bin/sh

[sh -c pkill -9 btftp || busybox pkill -9 btftp]

/usr/bin/pkill

[pkill -9 btftp]

/bin/busybox

[busybox pkill -9 btftp]

/bin/sh

[sh -c pkill -9 y0u1sg3y || busybox pkill -9 y0u1sg3y]

/usr/bin/pkill

[pkill -9 y0u1sg3y]

/bin/busybox

[busybox pkill -9 y0u1sg3y]

/bin/sh

[sh -c pkill -9 bruv* || busybox pkill -9 bruv*]

/usr/bin/pkill

[pkill -9 bruv*]

/bin/busybox

[busybox pkill -9 bruv*]

/bin/sh

[sh -c pkill -9 IoT*kinsing || busybox pkill -9 IoT*kinsing]

/usr/bin/pkill

[pkill -9 IoT*kinsing]

/bin/busybox

[busybox pkill -9 IoT*kinsing]

Network

Country Destination Domain Proto
CN 212.64.67.230:6667 tcp
CN 106.52.68.18:6667 tcp
CN 212.64.67.230:6667 tcp
CN 106.53.200.20:6667 tcp
CN 106.52.68.18:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.53.200.20:6667 tcp
CN 106.52.68.18:6667 tcp
US 1.1.1.1:53 debian9-mipsbe-en-20211208-0 udp
CN 106.53.200.20:6667 tcp
CN 106.52.68.18:6667 tcp
CN 212.64.67.230:6667 tcp
CN 212.64.67.230:6667 tcp
HK 154.92.16.67:6667 tcp
HK 154.92.16.67:6667 tcp
CN 212.64.67.230:6667 tcp
HK 154.92.16.67:6667 tcp
HK 154.92.16.67:6667 tcp
CN 106.52.68.18:6667 tcp
CN 106.52.68.18:6667 tcp
CN 106.53.200.20:6667 tcp
CN 106.53.200.20:6667 tcp

Files

N/A