Analysis Overview
SHA256
728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848
Threat Level: Known bad
The file 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 was found to be: Known bad.
Malicious Activity Summary
Kaiten family
Identified Kaiten Bot
Writes file to system bin folder
Writes DNS configuration
Modifies init.d
Write file to user bin folder
Modifies rc script
Reads runtime system information
Writes file to tmp directory
Enumerates kernel/hardware configuration
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2022-04-15 01:07
Signatures
Identified Kaiten Bot
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Kaiten family
Analysis: behavioral1
Detonation Overview
Submitted
2022-04-15 01:07
Reported
2022-04-15 01:39
Platform
debian9-mipsel-en-20211208
Max time kernel
0s
Max time network
120s
Command Line
Signatures
Writes file to system bin folder
| Description | Indicator | Process | Target |
| /bin/nvram | /bin/nvram | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
| /bin/cfgmtd | /bin/cfgmtd | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
| /sbin/sncfg | /sbin/sncfg | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
| /bin/crontab | /bin/crontab | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
| /bin/uname | /bin/uname | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
Writes DNS configuration
| Description | Indicator | Process | Target |
| /etc/resolv.conf | /etc/resolv.conf | N/A | N/A |
Modifies init.d
| Description | Indicator | Process | Target |
| /etc/init.d/rcS | /etc/init.d/rcS | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
Modifies rc script
| Description | Indicator | Process | Target |
| /etc/rc.d/rc.local | /etc/rc.d/rc.local | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
Write file to user bin folder
| Description | Indicator | Process | Target |
| /usr/sbin/nvram | /usr/sbin/nvram | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
| /usr/bin/compile_time | /usr/bin/compile_time | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
| /usr/bin/crontab | /usr/bin/crontab | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
| /usr/sbin/service | /usr/sbin/service | /usr/sbin/service | N/A |
| /usr/sbin/service | /usr/sbin/service | /usr/sbin/service | N/A |
| /usr/sbin/service | /usr/sbin/service | /usr/sbin/service | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
| /sys/fs/kdbus/0-system/bus | /sys/fs/kdbus/0-system/bus | /bin/systemctl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/321/cmdline | /proc/321/cmdline | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /usr/bin/crontab | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/self/stat | /proc/self/stat | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/filesystems | /proc/filesystems | /bin/systemctl | N/A |
| /proc/1/environ | /proc/1/environ | /bin/systemctl | N/A |
| /proc/cmdline | /proc/cmdline | /bin/systemctl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| /tmp/tty3 | /tmp/tty3 | /bin/rm | N/A |
| /tmp/tty4 | /tmp/tty4 | /bin/rm | N/A |
| /tmp/tty6 | /tmp/tty6 | /bin/rm | N/A |
| /tmp/.xs | /tmp/.xs | N/A | N/A |
| /tmp/.xs/*.pid | /tmp/.xs/*.pid | /bin/cat | N/A |
| /tmp/toexec | /tmp/toexec | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
| /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 | N/A |
| /tmp/tty1 | /tmp/tty1 | /bin/rm | N/A |
| /tmp/tty2 | /tmp/tty2 | /bin/rm | N/A |
| /tmp/tty5 | /tmp/tty5 | /bin/rm | N/A |
| /tmp/.xs/* | /tmp/.xs/* | /bin/rm | N/A |
Processes
./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848
[./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]
/bin/sh
[sh -c rm -rf /var/run/wgsh > /dev/null 2>&1 &]
/bin/rm
[rm -rf /var/run/wgsh]
/bin/sh
[sh -c rm -rf /var/run/bbsh > /dev/null 2>&1 &]
/bin/sh
[sh -c rm -rf /var/run/tty1 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /var/run/bbsh]
/bin/sh
[sh -c rm -rf /var/run/tty2 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /var/run/tty1]
/bin/sh
[sh -c rm -rf /var/run/tty3 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /var/run/tty2]
/bin/sh
[sh -c rm -rf /var/run/tty4 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /var/run/tty3]
/bin/sh
[sh -c rm -rf /var/run/tty5 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /var/run/tty4]
/bin/sh
[sh -c rm -rf /var/run/tty6 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /var/run/tty5]
/bin/sh
[sh -c rm -rf /tmp/tty1 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /var/run/tty6]
/bin/sh
[sh -c rm -rf /tmp/tty2 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /tmp/tty1]
/bin/sh
[sh -c rm -rf /tmp/tty3 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /tmp/tty2]
/bin/sh
[sh -c rm -rf /tmp/tty4 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /tmp/tty3]
/bin/sh
[sh -c rm -rf /tmp/tty5 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /tmp/tty4]
/bin/sh
[sh -c rm -rf /tmp/tty6 > /dev/null 2>&1 &]
/bin/rm
[rm -rf /tmp/tty5]
/bin/sh
[sh -c rm -rf /var/run/pty > /dev/null 2>&1 &]
/bin/rm
[rm -rf /tmp/tty6]
/bin/sh
[sh -c killall -9 arm > /dev/null 2>&1 &]
/bin/rm
[rm -rf /var/run/pty]
/bin/sh
[sh -c killall -9 mips > /dev/null 2>&1 &]
/bin/sh
[sh -c killall -9 mipsel > /dev/null 2>&1 &]
/bin/sh
[sh -c killall -9 powerpc > /dev/null 2>&1 &]
/bin/sh
[sh -c killall -9 ppc > /dev/null 2>&1 &]
/bin/sh
[sh -c killall -9 daemon.armv4l.mod > /dev/null 2>&1 &]
/bin/sh
[sh -c killall -9 daemon.i686.mod > /dev/null 2>&1 &]
/bin/sh
[sh -c killall -9 daemon.mips.mod > /dev/null 2>&1 &]
/bin/sh
[sh -c killall -9 daemon.mipsel.mod > /dev/null 2>&1 &]
/bin/sh
[sh -c kill -9 `cat /tmp/.xs/*.pid` > /dev/null 2>&1 &]
/bin/sh
[sh -c rm -rf /tmp/.xs/* > /dev/null 2>&1 &]
/bin/cat
[cat /tmp/.xs/*.pid]
/bin/sh
[sh -c sleep 432000 && reboot &]
/bin/rm
[rm -rf /tmp/.xs/*]
/bin/sh
[sh -c echo "nameserver 8.8.8.8" > /etc/resolv.conf &]
/bin/sleep
[sleep 432000]
/bin/sh
[sh -c chmod 700 /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 > /dev/null 2>&1 &]
/bin/sh
[sh -c touch -acmr /bin/ls /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]
/bin/chmod
[chmod 700 /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]
/usr/bin/touch
[touch -acmr /bin/ls /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]
/bin/sh
[sh -c (crontab -l | grep -v "/tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848" | grep -v "no cron" | grep -v "lesshts/run.sh" > /var/run/.x001804289383) > /dev/null 2>&1]
/bin/grep
[grep -v no cron]
/bin/grep
[grep -v /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]
/usr/bin/crontab
[crontab -l]
/bin/grep
[grep -v lesshts/run.sh]
/bin/sh
[sh -c echo "* * * * * /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 > /dev/null 2>&1 &" >> /var/run/.x001804289383]
/bin/sh
[sh -c crontab /var/run/.x001804289383]
/usr/bin/crontab
[crontab /var/run/.x001804289383]
/bin/sh
[sh -c rm -rf /var/run/.x001804289383]
/bin/rm
[rm -rf /var/run/.x001804289383]
/bin/sh
[sh -c /bin/uname -n]
/bin/uname
[/bin/uname -n]
/bin/sh
[sh -c /bin/uname -n]
/bin/uname
[/bin/uname -n]
/bin/sh
[sh -c kill -9 `cat /var/run/httpd.pid` > /dev/null 2>&1 &]
/bin/sh
[sh -c service httpd stop > /dev/null 2>&1 &]
/bin/cat
[cat /var/run/httpd.pid]
/bin/sh
[sh -c killall -9 mini_httpd > /dev/null 2>&1 &]
/usr/sbin/service
[service httpd stop]
/bin/sh
[sh -c killall -9 minihttpd > /dev/null 2>&1 &]
/usr/bin/basename
[basename /usr/sbin/service]
/bin/sh
[sh -c kill -9 `cat /var/run/thttpd.pid` > /dev/null 2>&1 &]
/usr/bin/basename
[basename /usr/sbin/service]
/bin/sh
[sh -c nvram set httpd_enable=0 > /dev/null 2>&1]
/bin/cat
[cat /var/run/thttpd.pid]
/bin/sh
[sh -c nvram set http_enable=0 > /dev/null 2>&1]
/bin/systemctl
[systemctl --quiet is-active multi-user.target]
/bin/sh
[sh -c killall -9 httpd > /dev/null 2>&1 &]
/bin/sh
[sh -c service telnetd stop > /dev/null 2>&1 &]
/bin/sh
[sh -c service sshd stop > /dev/null 2>&1 &]
/usr/sbin/service
[service telnetd stop]
/bin/systemctl
[systemctl list-unit-files --full --type=socket]
/bin/sed
[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]
/bin/sh
[sh -c killall -9 telnetd > /dev/null 2>&1 &]
/usr/sbin/service
[service sshd stop]
/usr/bin/basename
[basename /usr/sbin/service]
/bin/sh
[sh -c killall -9 utelnetd > /dev/null 2>&1 &]
/usr/bin/basename
[basename /usr/sbin/service]
/usr/bin/basename
[basename /usr/sbin/service]
/bin/sh
[sh -c killall -9 dropbear > /dev/null 2>&1 &]
/usr/bin/basename
[basename /usr/sbin/service]
/bin/systemctl
[systemctl --quiet is-active multi-user.target]
/bin/sh
[sh -c killall -9 sshd > /dev/null 2>&1 &]
/bin/systemctl
[systemctl --quiet is-active multi-user.target]
/bin/sh
[sh -c killall -9 lighttpd > /dev/null 2>&1 &]
/bin/systemctl
[systemctl -p Triggers show dbus.socket]
/bin/systemctl
[systemctl list-unit-files --full --type=socket]
/bin/systemctl
[systemctl list-unit-files --full --type=socket]
/bin/sed
[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]
/bin/sed
[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]
/bin/systemctl
[systemctl -p Triggers show ssh.socket]
/bin/systemctl
[systemctl -p Triggers show dbus.socket]
/bin/systemctl
[systemctl -p Triggers show dbus.socket]
/bin/systemctl
[systemctl -p Triggers show syslog.socket]
/bin/systemctl
[systemctl -p Triggers show ssh.socket]
/bin/systemctl
[systemctl -p Triggers show ssh.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-fsckd.socket]
/bin/systemctl
[systemctl -p Triggers show syslog.socket]
/bin/systemctl
[systemctl -p Triggers show syslog.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-initctl.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-fsckd.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-fsckd.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-journald-audit.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-initctl.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-initctl.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-journald-dev-log.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-journald-audit.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-journald-audit.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-journald.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-journald-dev-log.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-journald-dev-log.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-networkd.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-journald.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-journald.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-rfkill.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-networkd.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-networkd.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-rfkill.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-rfkill.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-udevd-control.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-udevd-control.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-udevd-control.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-udevd-kernel.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-udevd-kernel.socket]
/bin/systemctl
[systemctl -p Triggers show systemd-udevd-kernel.socket]
/usr/local/sbin/systemctl
[systemctl stop httpd.service]
/usr/local/bin/systemctl
[systemctl stop httpd.service]
/usr/sbin/systemctl
[systemctl stop httpd.service]
/usr/bin/systemctl
[systemctl stop httpd.service]
/sbin/systemctl
[systemctl stop httpd.service]
/bin/systemctl
[systemctl stop httpd.service]
/usr/local/sbin/systemctl
[systemctl stop telnetd.service]
/usr/local/bin/systemctl
[systemctl stop telnetd.service]
/usr/sbin/systemctl
[systemctl stop telnetd.service]
/usr/bin/systemctl
[systemctl stop telnetd.service]
/sbin/systemctl
[systemctl stop telnetd.service]
/bin/systemctl
[systemctl stop telnetd.service]
/usr/local/sbin/systemctl
[systemctl stop sshd.service]
/usr/local/bin/systemctl
[systemctl stop sshd.service]
/usr/sbin/systemctl
[systemctl stop sshd.service]
/usr/bin/systemctl
[systemctl stop sshd.service]
/sbin/systemctl
[systemctl stop sshd.service]
/bin/systemctl
[systemctl stop sshd.service]
Network
| Country | Destination | Domain | Proto |
| PE | 191.98.172.42:8080 | tcp | |
| CN | 211.103.199.94:8080 | tcp | |
| TH | 202.28.32.30:8080 | tcp | |
| ID | 103.3.46.2:8080 | tcp | |
| RU | 195.70.197.29:8080 | tcp |