Malware Analysis Report

2024-12-01 00:44

Sample ID 220217-1y1egsfab4
Target 3061a4f408abc5a473d2dee721a1a99d401e53dcf049fee1e7143ce0893f1b6a
SHA256 3061a4f408abc5a473d2dee721a1a99d401e53dcf049fee1e7143ce0893f1b6a
Tags
kaiten persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

3061a4f408abc5a473d2dee721a1a99d401e53dcf049fee1e7143ce0893f1b6a

Threat Level: Known bad

The file 3061a4f408abc5a473d2dee721a1a99d401e53dcf049fee1e7143ce0893f1b6a was found to be: Known bad.

Malicious Activity Summary

kaiten persistence

Identified Kaiten Bot

Kaiten family

Modifies rc script

Reads CPU attributes

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-02-17 22:04

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2022-02-17 22:04

Reported

2022-02-18 01:25

Platform

ubuntu1804-amd64-en-20211208

Max time kernel

0s

Max time network

154s

Command Line

[./3061a4f408abc5a473d2dee721a1a99d401e53dcf049fee1e7143ce0893f1b6a]

Signatures

Modifies rc script

persistence
Description Indicator Process Target
/etc/rc.d/rc.local /etc/rc.d/rc.local ./3061a4f408abc5a473d2dee721a1a99d401e53dcf049fee1e7143ce0893f1b6a N/A

Reads CPU attributes

Description Indicator Process Target
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A
/sys/devices/system/cpu/online /sys/devices/system/cpu/online /usr/bin/pkill N/A

Reads runtime system information

Description Indicator Process Target
/proc/34/status /proc/34/status /usr/bin/pkill N/A
/proc/578/cmdline /proc/578/cmdline /usr/bin/pkill N/A
/proc/85/cmdline /proc/85/cmdline /usr/bin/pkill N/A
/proc/6/cmdline /proc/6/cmdline /usr/bin/pkill N/A
/proc/159/cmdline /proc/159/cmdline /usr/bin/pkill N/A
/proc/252/status /proc/252/status /usr/bin/pkill N/A
/proc/34/cmdline /proc/34/cmdline /usr/bin/pkill N/A
/proc/251/status /proc/251/status /usr/bin/pkill N/A
/proc/1/status /proc/1/status /usr/bin/pkill N/A
/proc/352/status /proc/352/status /usr/bin/pkill N/A
/proc/574/cmdline /proc/574/cmdline /usr/bin/pkill N/A
/proc/606/cmdline /proc/606/cmdline /usr/bin/pkill N/A
/proc/369/cmdline /proc/369/cmdline /usr/bin/pkill N/A
/proc/32/cmdline /proc/32/cmdline /usr/bin/pkill N/A
/proc/32/cmdline /proc/32/cmdline /usr/bin/pkill N/A
/proc/15/status /proc/15/status /usr/bin/pkill N/A
/proc/83/cmdline /proc/83/cmdline /usr/bin/pkill N/A
/proc/16/status /proc/16/status /usr/bin/pkill N/A
/proc/579/status /proc/579/status /usr/bin/pkill N/A
/proc/774/cmdline /proc/774/cmdline /usr/bin/pkill N/A
/proc/19/cmdline /proc/19/cmdline /usr/bin/pkill N/A
/proc/289/status /proc/289/status /usr/bin/pkill N/A
/proc/289/status /proc/289/status /usr/bin/pkill N/A
/proc/636/cmdline /proc/636/cmdline /usr/bin/pkill N/A
/proc/6/status /proc/6/status /usr/bin/pkill N/A
/proc/162/status /proc/162/status /usr/bin/pkill N/A
/proc/16/cmdline /proc/16/cmdline /usr/bin/pkill N/A
/proc/341/cmdline /proc/341/cmdline /usr/bin/pkill N/A
/proc/22/cmdline /proc/22/cmdline /usr/bin/pkill N/A
/proc/157/cmdline /proc/157/cmdline /usr/bin/pkill N/A
/proc/332/cmdline /proc/332/cmdline /usr/bin/pkill N/A
/proc/333/status /proc/333/status /usr/bin/pkill N/A
/proc/164/status /proc/164/status /usr/bin/pkill N/A
/proc/32/status /proc/32/status /usr/bin/pkill N/A
/proc/458/status /proc/458/status /usr/bin/pkill N/A
/proc/7/cmdline /proc/7/cmdline /usr/bin/pkill N/A
/proc/674/status /proc/674/status /usr/bin/pkill N/A
/proc/162/status /proc/162/status /usr/bin/pkill N/A
/proc/192/cmdline /proc/192/cmdline /usr/bin/pkill N/A
/proc/289/cmdline /proc/289/cmdline /usr/bin/pkill N/A
/proc/333/status /proc/333/status /usr/bin/pkill N/A
/proc/26/cmdline /proc/26/cmdline /usr/bin/pkill N/A
/proc/347/cmdline /proc/347/cmdline /usr/bin/pkill N/A
/proc/26/cmdline /proc/26/cmdline /usr/bin/pkill N/A
/proc/5/status /proc/5/status /usr/bin/pkill N/A
/proc/115/cmdline /proc/115/cmdline /usr/bin/pkill N/A
/proc/10/status /proc/10/status /usr/bin/pkill N/A
/proc/83/cmdline /proc/83/cmdline /usr/bin/pkill N/A
/proc/286/status /proc/286/status /usr/bin/pkill N/A
/proc/22/status /proc/22/status /usr/bin/pkill N/A
/proc/31/cmdline /proc/31/cmdline /usr/bin/pkill N/A
/proc/251/cmdline /proc/251/cmdline /usr/bin/pkill N/A
/proc/252/status /proc/252/status /usr/bin/pkill N/A
/proc/83/status /proc/83/status /usr/bin/pkill N/A
/proc/154/cmdline /proc/154/cmdline /usr/bin/pkill N/A
/proc/665/cmdline /proc/665/cmdline /usr/bin/pkill N/A
/proc/34/status /proc/34/status /usr/bin/pkill N/A
/proc/27/status /proc/27/status /usr/bin/pkill N/A
/proc/83/status /proc/83/status /usr/bin/pkill N/A
/proc/578/status /proc/578/status /usr/bin/pkill N/A
/proc/157/status /proc/157/status /usr/bin/pkill N/A
/proc/157/cmdline /proc/157/cmdline /usr/bin/pkill N/A
/proc/289/cmdline /proc/289/cmdline /usr/bin/pkill N/A
/proc/577/cmdline /proc/577/cmdline /usr/bin/pkill N/A

Processes

./3061a4f408abc5a473d2dee721a1a99d401e53dcf049fee1e7143ce0893f1b6a

[./3061a4f408abc5a473d2dee721a1a99d401e53dcf049fee1e7143ce0893f1b6a]

/bin/sh

[sh -c pkill -9 mips || busybox pkill -9 mips || /usr/busybox pkill -9 mips || /bin/busybox pkill -9 mips > /dev/null]

/usr/bin/pkill

[pkill -9 mips]

/bin/busybox

[busybox pkill -9 mips]

/usr/busybox

[/usr/busybox pkill -9 mips]

/bin/busybox

[/bin/busybox pkill -9 mips]

/bin/sh

[sh -c pkill -9 mips64 || busybox pkill -9 mips64 || /usr/busybox pkill -9 mips64 || /bin/busybox pkill -9 mips64 > /dev/null]

/usr/bin/pkill

[pkill -9 mips64]

/bin/busybox

[busybox pkill -9 mips64]

/usr/busybox

[/usr/busybox pkill -9 mips64]

/bin/busybox

[/bin/busybox pkill -9 mips64]

/bin/sh

[sh -c pkill -9 mipsel || busybox pkill -9 mipsel || /usr/busybox pkill -9 mipsel || /bin/busybox pkill -9 mipsel > /dev/null]

/usr/bin/pkill

[pkill -9 mipsel]

/bin/busybox

[busybox pkill -9 mipsel]

/usr/busybox

[/usr/busybox pkill -9 mipsel]

/bin/busybox

[/bin/busybox pkill -9 mipsel]

/bin/sh

[sh -c pkill -9 sh2eb || busybox pkill -9 sh2eb || /usr/busybox pkill -9 sh2eb || /bin/busybox pkill -9 sh2eb > /dev/null]

/usr/bin/pkill

[pkill -9 sh2eb]

/bin/busybox

[busybox pkill -9 sh2eb]

/usr/busybox

[/usr/busybox pkill -9 sh2eb]

/bin/busybox

[/bin/busybox pkill -9 sh2eb]

/bin/sh

[sh -c pkill -9 sh2elf || busybox pkill -9 sh2elf || /usr/busybox pkill -9 sh2elf || /bin/busybox pkill -9 sh2elf > /dev/null]

/usr/bin/pkill

[pkill -9 sh2elf]

/bin/busybox

[busybox pkill -9 sh2elf]

/usr/busybox

[/usr/busybox pkill -9 sh2elf]

/bin/busybox

[/bin/busybox pkill -9 sh2elf]

/bin/sh

[sh -c pkill -9 sh4 || busybox pkill -9 sh4 || /usr/busybox pkill -9 sh4 || /bin/busybox pkill -9 sh4 > /dev/null]

/usr/bin/pkill

[pkill -9 sh4]

/bin/busybox

[busybox pkill -9 sh4]

/usr/busybox

[/usr/busybox pkill -9 sh4]

/bin/busybox

[/bin/busybox pkill -9 sh4]

/bin/sh

[sh -c pkill -9 x86 || busybox pkill -9 x86 || /usr/busybox pkill -9 x86 || /bin/busybox pkill -9 x86 > /dev/null]

/usr/bin/pkill

[pkill -9 x86]

/bin/busybox

[busybox pkill -9 x86]

/usr/busybox

[/usr/busybox pkill -9 x86]

/bin/busybox

[/bin/busybox pkill -9 x86]

/bin/sh

[sh -c pkill -9 arm || busybox pkill -9 arm || /usr/busybox pkill -9 arm || /bin/busybox pkill -9 arm > /dev/null]

/usr/bin/pkill

[pkill -9 arm]

/bin/busybox

[busybox pkill -9 arm]

/usr/busybox

[/usr/busybox pkill -9 arm]

/bin/busybox

[/bin/busybox pkill -9 arm]

/bin/sh

[sh -c pkill -9 armv5 || busybox pkill -9 armv5 || /usr/busybox pkill -9 armv5 || /bin/busybox pkill -9 armv5 > /dev/null]

/usr/bin/pkill

[pkill -9 armv5]

/bin/busybox

[busybox pkill -9 armv5]

/usr/busybox

[/usr/busybox pkill -9 armv5]

/bin/busybox

[/bin/busybox pkill -9 armv5]

/bin/sh

[sh -c pkill -9 armv4tl || busybox pkill -9 armv4tl || /usr/busybox pkill -9 armv4tl || /bin/busybox pkill -9 armv4tl > /dev/null]

/usr/bin/pkill

[pkill -9 armv4tl]

/bin/busybox

[busybox pkill -9 armv4tl]

/usr/busybox

[/usr/busybox pkill -9 armv4tl]

/bin/busybox

[/bin/busybox pkill -9 armv4tl]

/bin/sh

[sh -c pkill -9 armv4 || busybox pkill -9 armv4 || /usr/busybox pkill -9 armv4 || /bin/busybox pkill -9 armv4 > /dev/null]

/usr/bin/pkill

[pkill -9 armv4]

/bin/busybox

[busybox pkill -9 armv4]

/usr/busybox

[/usr/busybox pkill -9 armv4]

/bin/busybox

[/bin/busybox pkill -9 armv4]

/bin/sh

[sh -c pkill -9 armv6 || busybox pkill -9 armv6 || /usr/busybox pkill -9 armv6 || /bin/busybox pkill -9 armv6 > /dev/null]

/usr/bin/pkill

[pkill -9 armv6]

/bin/busybox

[busybox pkill -9 armv6]

/usr/busybox

[/usr/busybox pkill -9 armv6]

/bin/busybox

[/bin/busybox pkill -9 armv6]

/bin/sh

[sh -c pkill -9 i686 || busybox pkill -9 i686 || /usr/busybox pkill -9 i686 || /bin/busybox pkill -9 i686 > /dev/null]

/usr/bin/pkill

[pkill -9 i686]

/bin/busybox

[busybox pkill -9 i686]

/usr/busybox

[/usr/busybox pkill -9 i686]

/bin/busybox

[/bin/busybox pkill -9 i686]

/bin/sh

[sh -c pkill -9 powerpc || busybox pkill -9 powerpc || /usr/busybox pkill -9 powerpc || /bin/busybox pkill -9 powerpc > /dev/null]

/usr/bin/pkill

[pkill -9 powerpc]

/bin/busybox

[busybox pkill -9 powerpc]

/usr/busybox

[/usr/busybox pkill -9 powerpc]

/bin/busybox

[/bin/busybox pkill -9 powerpc]

/bin/sh

[sh -c pkill -9 powerpc440fp || busybox pkill -9 powerpc440fp || /usr/busybox pkill -9 powerpc440fp || /bin/busybox pkill -9 powerpc440fp > /dev/null]

/usr/bin/pkill

[pkill -9 powerpc440fp]

/bin/busybox

[busybox pkill -9 powerpc440fp]

/usr/busybox

[/usr/busybox pkill -9 powerpc440fp]

/bin/busybox

[/bin/busybox pkill -9 powerpc440fp]

/bin/sh

[sh -c pkill -9 i586 || busybox pkill -9 i586 || /usr/busybox pkill -9 i586 || /bin/busybox pkill -9 i586 > /dev/null]

/usr/bin/pkill

[pkill -9 i586]

/bin/busybox

[busybox pkill -9 i586]

/usr/busybox

[/usr/busybox pkill -9 i586]

/bin/busybox

[/bin/busybox pkill -9 i586]

/bin/sh

[sh -c pkill -9 m68k || busybox pkill -9 m68k || /usr/busybox pkill -9 m68k || /bin/busybox pkill -9 m68k > /dev/null]

/usr/bin/pkill

[pkill -9 m68k]

/bin/busybox

[busybox pkill -9 m68k]

/usr/busybox

[/usr/busybox pkill -9 m68k]

/bin/busybox

[/bin/busybox pkill -9 m68k]

/bin/sh

[sh -c pkill -9 sparc || busybox pkill -9 sparc || /usr/busybox pkill -9 sparc || /bin/busybox pkill -9 sparc > /dev/null]

/usr/bin/pkill

[pkill -9 sparc]

/bin/busybox

[busybox pkill -9 sparc]

/usr/busybox

[/usr/busybox pkill -9 sparc]

/bin/busybox

[/bin/busybox pkill -9 sparc]

/bin/sh

[sh -c pkill -9 x86_64 || busybox pkill -9 x86_64 || /usr/busybox pkill -9 x86_64 || /bin/busybox pkill -9 x86_64 > /dev/null]

/usr/bin/pkill

[pkill -9 x86_64]

/bin/busybox

[busybox pkill -9 x86_64]

/usr/busybox

[/usr/busybox pkill -9 x86_64]

/bin/busybox

[/bin/busybox pkill -9 x86_64]

/bin/sh

[sh -c pkill -9 jackmymips || busybox pkill -9 jackmymips || /usr/busybox pkill -9 jackmymips || /bin/busybox pkill -9 jackmymips > /dev/null]

/usr/bin/pkill

[pkill -9 jackmymips]

/bin/busybox

[busybox pkill -9 jackmymips]

/usr/busybox

[/usr/busybox pkill -9 jackmymips]

/bin/busybox

[/bin/busybox pkill -9 jackmymips]

/bin/sh

[sh -c pkill -9 jackmymips64 || busybox pkill -9 jackmymips64 || /usr/busybox pkill -9 jackmymips64 || /bin/busybox pkill -9 jackmymips64 > /dev/null]

/usr/bin/pkill

[pkill -9 jackmymips64]

/bin/busybox

[busybox pkill -9 jackmymips64]

/usr/busybox

[/usr/busybox pkill -9 jackmymips64]

/bin/busybox

[/bin/busybox pkill -9 jackmymips64]

/bin/sh

[sh -c pkill -9 jackmymipsel || busybox pkill -9 jackmymipsel || /usr/busybox pkill -9 jackmymipsel || /bin/busybox pkill -9 jackmymipsel > /dev/null]

/usr/bin/pkill

[pkill -9 jackmymipsel]

/bin/busybox

[busybox pkill -9 jackmymipsel]

/usr/busybox

[/usr/busybox pkill -9 jackmymipsel]

/bin/busybox

[/bin/busybox pkill -9 jackmymipsel]

/bin/sh

[sh -c pkill -9 jackmysh2eb || busybox pkill -9 jackmysh2eb || /usr/busybox pkill -9 jackmysh2eb || /bin/busybox pkill -9 jackmysh2eb > /dev/null]

/usr/bin/pkill

[pkill -9 jackmysh2eb]

/bin/busybox

[busybox pkill -9 jackmysh2eb]

/usr/busybox

[/usr/busybox pkill -9 jackmysh2eb]

/bin/busybox

[/bin/busybox pkill -9 jackmysh2eb]

/bin/sh

[sh -c pkill -9 jackmysh2elf || busybox pkill -9 jackmysh2elf || /usr/busybox pkill -9 jackmysh2elf || /bin/busybox pkill -9 jackmysh2elf > /dev/null]

/usr/bin/pkill

[pkill -9 jackmysh2elf]

/bin/busybox

[busybox pkill -9 jackmysh2elf]

/usr/busybox

[/usr/busybox pkill -9 jackmysh2elf]

/bin/busybox

[/bin/busybox pkill -9 jackmysh2elf]

/bin/sh

[sh -c pkill -9 jackmysh4 || busybox pkill -9 jackmysh4 || /usr/busybox pkill -9 jackmysh4 || /bin/busybox pkill -9 jackmysh4 > /dev/null]

/usr/bin/pkill

[pkill -9 jackmysh4]

/bin/busybox

[busybox pkill -9 jackmysh4]

/usr/busybox

[/usr/busybox pkill -9 jackmysh4]

/bin/busybox

[/bin/busybox pkill -9 jackmysh4]

/bin/sh

[sh -c pkill -9 jackmyx86 || busybox pkill -9 jackmyx86 || /usr/busybox pkill -9 jackmyx86 || /bin/busybox pkill -9 jackmyx86 > /dev/null]

/usr/bin/pkill

[pkill -9 jackmyx86]

/bin/busybox

[busybox pkill -9 jackmyx86]

/usr/busybox

[/usr/busybox pkill -9 jackmyx86]

/bin/busybox

[/bin/busybox pkill -9 jackmyx86]

/bin/sh

[sh -c pkill -9 jackmyarmv5 || busybox pkill -9 jackmyarmv5 || /usr/busybox pkill -9 jackmyarmv5 || /bin/busybox pkill -9 jackmyarmv5 > /dev/null]

/usr/bin/pkill

[pkill -9 jackmyarmv5]

/bin/busybox

[busybox pkill -9 jackmyarmv5]

/usr/busybox

[/usr/busybox pkill -9 jackmyarmv5]

/bin/busybox

[/bin/busybox pkill -9 jackmyarmv5]

/bin/sh

[sh -c pkill -9 jackmyarmv4tl || busybox pkill -9 jackmyarmv4tl || /usr/busybox pkill -9 jackmyarmv4tl || /bin/busybox pkill -9 jackmyarmv4tl > /dev/null]

/usr/bin/pkill

[pkill -9 jackmyarmv4tl]

/bin/busybox

[busybox pkill -9 jackmyarmv4tl]

/usr/busybox

[/usr/busybox pkill -9 jackmyarmv4tl]

/bin/busybox

[/bin/busybox pkill -9 jackmyarmv4tl]

/bin/sh

[sh -c pkill -9 jackmyarmv4 || busybox pkill -9 jackmyarmv4 || /usr/busybox pkill -9 jackmyarmv4 || /bin/busybox pkill -9 jackmyarmv4 > /dev/null]

/usr/bin/pkill

[pkill -9 jackmyarmv4]

/bin/busybox

[busybox pkill -9 jackmyarmv4]

/usr/busybox

[/usr/busybox pkill -9 jackmyarmv4]

/bin/busybox

[/bin/busybox pkill -9 jackmyarmv4]

/bin/sh

[sh -c pkill -9 jackmyarmv6 || busybox pkill -9 jackmyarmv6 || /usr/busybox pkill -9 jackmyarmv6 || /bin/busybox pkill -9 jackmyarmv6 > /dev/null]

/usr/bin/pkill

[pkill -9 jackmyarmv6]

/bin/busybox

[busybox pkill -9 jackmyarmv6]

/usr/busybox

[/usr/busybox pkill -9 jackmyarmv6]

/bin/busybox

[/bin/busybox pkill -9 jackmyarmv6]

/bin/sh

[sh -c pkill -9 jackmyi686 || busybox pkill -9 jackmyi686 || /usr/busybox pkill -9 jackmyi686 || /bin/busybox pkill -9 jackmyi686 > /dev/null]

/usr/bin/pkill

[pkill -9 jackmyi686]

/bin/busybox

[busybox pkill -9 jackmyi686]

/usr/busybox

[/usr/busybox pkill -9 jackmyi686]

/bin/busybox

[/bin/busybox pkill -9 jackmyi686]

/bin/sh

[sh -c pkill -9 jackmypowerpc || busybox pkill -9 jackmypowerpc || /usr/busybox pkill -9 jackmypowerpc || /bin/busybox pkill -9 jackmypowerpc > /dev/null]

/usr/bin/pkill

[pkill -9 jackmypowerpc]

/bin/busybox

[busybox pkill -9 jackmypowerpc]

/usr/busybox

[/usr/busybox pkill -9 jackmypowerpc]

/bin/busybox

[/bin/busybox pkill -9 jackmypowerpc]

/bin/sh

[sh -c pkill -9 jackmypowerpc440fp || busybox pkill -9 jackmypowerpc440fp || /usr/busybox pkill -9 jackmypowerpc440fp || /bin/busybox pkill -9 jackmypowerpc440fp > /dev/null]

/usr/bin/pkill

[pkill -9 jackmypowerpc440fp]

/bin/busybox

[busybox pkill -9 jackmypowerpc440fp]

/usr/busybox

[/usr/busybox pkill -9 jackmypowerpc440fp]

/bin/busybox

[/bin/busybox pkill -9 jackmypowerpc440fp]

/bin/sh

[sh -c pkill -9 jackmyi586 || busybox pkill -9 jackmyi586 || /usr/busybox pkill -9 jackmyi586 || /bin/busybox pkill -9 jackmyi586 > /dev/null]

/usr/bin/pkill

[pkill -9 jackmyi586]

/bin/busybox

[busybox pkill -9 jackmyi586]

/usr/busybox

[/usr/busybox pkill -9 jackmyi586]

/bin/busybox

[/bin/busybox pkill -9 jackmyi586]

/bin/sh

[sh -c pkill -9 jackmym68k || busybox pkill -9 jackmym68k || /usr/busybox pkill -9 jackmym68k || /bin/busybox pkill -9 jackmym68k > /dev/null]

/usr/bin/pkill

[pkill -9 jackmym68k]

/bin/busybox

[busybox pkill -9 jackmym68k]

/usr/busybox

[/usr/busybox pkill -9 jackmym68k]

/bin/busybox

[/bin/busybox pkill -9 jackmym68k]

/bin/sh

[sh -c pkill -9 jackmysparc || busybox pkill -9 jackmysparc || /usr/busybox pkill -9 jackmysparc || /bin/busybox pkill -9 jackmysparc > /dev/null]

/usr/bin/pkill

[pkill -9 jackmysparc]

/bin/busybox

[busybox pkill -9 jackmysparc]

/usr/busybox

[/usr/busybox pkill -9 jackmysparc]

/bin/busybox

[/bin/busybox pkill -9 jackmysparc]

/bin/sh

[sh -c pkill -9 jackmyx86_64 || busybox pkill -9 jackmyx86_64 || /usr/busybox pkill -9 jackmyx86_64 || /bin/busybox pkill -9 jackmyx86_64 > /dev/null]

/usr/bin/pkill

[pkill -9 jackmyx86_64]

/bin/busybox

[busybox pkill -9 jackmyx86_64]

/usr/busybox

[/usr/busybox pkill -9 jackmyx86_64]

/bin/busybox

[/bin/busybox pkill -9 jackmyx86_64]

/bin/sh

[sh -c pkill -9 hackmymips || busybox pkill -9 hackmymips || /usr/busybox pkill -9 hackmymips || /bin/busybox pkill -9 hackmymips > /dev/null]

/usr/bin/pkill

[pkill -9 hackmymips]

/bin/busybox

[busybox pkill -9 hackmymips]

/usr/busybox

[/usr/busybox pkill -9 hackmymips]

/bin/busybox

[/bin/busybox pkill -9 hackmymips]

/bin/sh

[sh -c pkill -9 hackmymips64 || busybox pkill -9 hackmymips64 || /usr/busybox pkill -9 hackmymips64 || /bin/busybox pkill -9 hackmymips64 > /dev/null]

/usr/bin/pkill

[pkill -9 hackmymips64]

/bin/busybox

[busybox pkill -9 hackmymips64]

/usr/busybox

[/usr/busybox pkill -9 hackmymips64]

/bin/busybox

[/bin/busybox pkill -9 hackmymips64]

/bin/sh

[sh -c pkill -9 hackmymipsel || busybox pkill -9 hackmymipsel || /usr/busybox pkill -9 hackmymipsel || /bin/busybox pkill -9 hackmymipsel > /dev/null]

/usr/bin/pkill

[pkill -9 hackmymipsel]

/bin/busybox

[busybox pkill -9 hackmymipsel]

/usr/busybox

[/usr/busybox pkill -9 hackmymipsel]

/bin/busybox

[/bin/busybox pkill -9 hackmymipsel]

/bin/sh

[sh -c pkill -9 hackmysh2eb || busybox pkill -9 hackmysh2eb || /usr/busybox pkill -9 hackmysh2eb || /bin/busybox pkill -9 hackmysh2eb > /dev/null]

/usr/bin/pkill

[pkill -9 hackmysh2eb]

/bin/busybox

[busybox pkill -9 hackmysh2eb]

/usr/busybox

[/usr/busybox pkill -9 hackmysh2eb]

/bin/busybox

[/bin/busybox pkill -9 hackmysh2eb]

/bin/sh

[sh -c pkill -9 hackmysh2elf || busybox pkill -9 hackmysh2elf || /usr/busybox pkill -9 hackmysh2elf || /bin/busybox pkill -9 hackmysh2elf > /dev/null]

/usr/bin/pkill

[pkill -9 hackmysh2elf]

/bin/busybox

[busybox pkill -9 hackmysh2elf]

/usr/busybox

[/usr/busybox pkill -9 hackmysh2elf]

/bin/busybox

[/bin/busybox pkill -9 hackmysh2elf]

/bin/sh

[sh -c pkill -9 hackmysh4 || busybox pkill -9 hackmysh4 || /usr/busybox pkill -9 hackmysh4 || /bin/busybox pkill -9 hackmysh4 > /dev/null]

/usr/bin/pkill

[pkill -9 hackmysh4]

/bin/busybox

[busybox pkill -9 hackmysh4]

/usr/busybox

[/usr/busybox pkill -9 hackmysh4]

/bin/busybox

[/bin/busybox pkill -9 hackmysh4]

/bin/sh

[sh -c pkill -9 hackmyx86 || busybox pkill -9 hackmyx86 || /usr/busybox pkill -9 hackmyx86 || /bin/busybox pkill -9 hackmyx86 > /dev/null]

/usr/bin/pkill

[pkill -9 hackmyx86]

/bin/busybox

[busybox pkill -9 hackmyx86]

/usr/busybox

[/usr/busybox pkill -9 hackmyx86]

/bin/busybox

[/bin/busybox pkill -9 hackmyx86]

/bin/sh

[sh -c pkill -9 hackmyarmv5 || busybox pkill -9 hackmyarmv5 || /usr/busybox pkill -9 hackmyarmv5 || /bin/busybox pkill -9 hackmyarmv5 > /dev/null]

/usr/bin/pkill

[pkill -9 hackmyarmv5]

/bin/busybox

[busybox pkill -9 hackmyarmv5]

/usr/busybox

[/usr/busybox pkill -9 hackmyarmv5]

/bin/busybox

[/bin/busybox pkill -9 hackmyarmv5]

/bin/sh

[sh -c pkill -9 hackmyarmv4tl || busybox pkill -9 hackmyarmv4tl || /usr/busybox pkill -9 hackmyarmv4tl || /bin/busybox pkill -9 hackmyarmv4tl > /dev/null]

/usr/bin/pkill

[pkill -9 hackmyarmv4tl]

/bin/busybox

[busybox pkill -9 hackmyarmv4tl]

/usr/busybox

[/usr/busybox pkill -9 hackmyarmv4tl]

/bin/busybox

[/bin/busybox pkill -9 hackmyarmv4tl]

/bin/sh

[sh -c pkill -9 hackmyarmv4 || busybox pkill -9 hackmyarmv4 || /usr/busybox pkill -9 hackmyarmv4 || /bin/busybox pkill -9 hackmyarmv4 > /dev/null]

/usr/bin/pkill

[pkill -9 hackmyarmv4]

/bin/busybox

[busybox pkill -9 hackmyarmv4]

/usr/busybox

[/usr/busybox pkill -9 hackmyarmv4]

/bin/busybox

[/bin/busybox pkill -9 hackmyarmv4]

/bin/sh

[sh -c pkill -9 hackmyarmv6 || busybox pkill -9 hackmyarmv6 || /usr/busybox pkill -9 hackmyarmv6 || /bin/busybox pkill -9 hackmyarmv6 > /dev/null]

/usr/bin/pkill

[pkill -9 hackmyarmv6]

/bin/busybox

[busybox pkill -9 hackmyarmv6]

/usr/busybox

[/usr/busybox pkill -9 hackmyarmv6]

/bin/busybox

[/bin/busybox pkill -9 hackmyarmv6]

/bin/sh

[sh -c pkill -9 hackmyi686 || busybox pkill -9 hackmyi686 || /usr/busybox pkill -9 hackmyi686 || /bin/busybox pkill -9 hackmyi686 > /dev/null]

/usr/bin/pkill

[pkill -9 hackmyi686]

/bin/busybox

[busybox pkill -9 hackmyi686]

/usr/busybox

[/usr/busybox pkill -9 hackmyi686]

/bin/busybox

[/bin/busybox pkill -9 hackmyi686]

/bin/sh

[sh -c pkill -9 hackmypowerpc || busybox pkill -9 hackmypowerpc || /usr/busybox pkill -9 hackmypowerpc || /bin/busybox pkill -9 hackmypowerpc > /dev/null]

/usr/bin/pkill

[pkill -9 hackmypowerpc]

/bin/busybox

[busybox pkill -9 hackmypowerpc]

/usr/busybox

[/usr/busybox pkill -9 hackmypowerpc]

/bin/busybox

[/bin/busybox pkill -9 hackmypowerpc]

/bin/sh

[sh -c pkill -9 hackmypowerpc440fp || busybox pkill -9 hackmypowerpc440fp || /usr/busybox pkill -9 hackmypowerpc440fp || /bin/busybox pkill -9 hackmypowerpc440fp > /dev/null]

/usr/bin/pkill

[pkill -9 hackmypowerpc440fp]

/bin/busybox

[busybox pkill -9 hackmypowerpc440fp]

/usr/busybox

[/usr/busybox pkill -9 hackmypowerpc440fp]

/bin/busybox

[/bin/busybox pkill -9 hackmypowerpc440fp]

/bin/sh

[sh -c pkill -9 hackmyi586 || busybox pkill -9 hackmyi586 || /usr/busybox pkill -9 hackmyi586 || /bin/busybox pkill -9 hackmyi586 > /dev/null]

/usr/bin/pkill

[pkill -9 hackmyi586]

/bin/busybox

[busybox pkill -9 hackmyi586]

/usr/busybox

[/usr/busybox pkill -9 hackmyi586]

/bin/busybox

[/bin/busybox pkill -9 hackmyi586]

/bin/sh

[sh -c pkill -9 hackmym68k || busybox pkill -9 hackmym68k || /usr/busybox pkill -9 hackmym68k || /bin/busybox pkill -9 hackmym68k > /dev/null]

/usr/bin/pkill

[pkill -9 hackmym68k]

/bin/busybox

[busybox pkill -9 hackmym68k]

/usr/busybox

[/usr/busybox pkill -9 hackmym68k]

/bin/busybox

[/bin/busybox pkill -9 hackmym68k]

/bin/sh

[sh -c pkill -9 hackmysparc || busybox pkill -9 hackmysparc || /usr/busybox pkill -9 hackmysparc || /bin/busybox pkill -9 hackmysparc > /dev/null]

/usr/bin/pkill

[pkill -9 hackmysparc]

/bin/busybox

[busybox pkill -9 hackmysparc]

/usr/busybox

[/usr/busybox pkill -9 hackmysparc]

/bin/busybox

[/bin/busybox pkill -9 hackmysparc]

/bin/sh

[sh -c pkill -9 hackmyx86_64 || busybox pkill -9 hackmyx86_64 || /usr/busybox pkill -9 hackmyx86_64 || /bin/busybox pkill -9 hackmyx86_64 > /dev/null]

/usr/bin/pkill

[pkill -9 hackmyx86_64]

/bin/busybox

[busybox pkill -9 hackmyx86_64]

/usr/busybox

[/usr/busybox pkill -9 hackmyx86_64]

/bin/busybox

[/bin/busybox pkill -9 hackmyx86_64]

/bin/sh

[sh -c pkill -9 b1 || busybox pkill -9 b1 || /usr/busybox pkill -9 b1 || /bin/busybox pkill -9 b1 > /dev/null]

/usr/bin/pkill

[pkill -9 b1]

/bin/busybox

[busybox pkill -9 b1]

/usr/busybox

[/usr/busybox pkill -9 b1]

/bin/busybox

[/bin/busybox pkill -9 b1]

/bin/sh

[sh -c pkill -9 b2 || busybox pkill -9 b2 || /usr/busybox pkill -9 b2 || /bin/busybox pkill -9 b2 > /dev/null]

/usr/bin/pkill

[pkill -9 b2]

/bin/busybox

[busybox pkill -9 b2]

/usr/busybox

[/usr/busybox pkill -9 b2]

/bin/busybox

[/bin/busybox pkill -9 b2]

/bin/sh

[sh -c pkill -9 b3 || busybox pkill -9 b3 || /usr/busybox pkill -9 b3 || /bin/busybox pkill -9 b3 > /dev/null]

Network

Country Destination Domain Proto
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp
US 45.32.1.44:7547 tcp

Files

N/A