a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3

Analysis

Target

Mozi.abpcybebk
Size

78KB
MD5

9b6c3518a91d23ed77504b5416bfb5b3
SHA1

0a2d170abbf5031566377b01431e3b82d342630a
SHA256

a04ac6d98ad989312783d4fe3456c53730b212c79a426fb215708b6c6daa3de3
SHA512

b2b08d5d5e6c6708d88b793e9340a780d47b5dce61e0a3026b4cdea8a9e4cbf9824037255e4ea4a40fee5bce956485232376d4677ce72ccb6c7f00badd09956e

Score

9^/10

Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562

Modifies hosts file 1 IoCs

Adds to hosts file used for mapping hosts to IP addresses.

Processes:

description	ioc
/etc/hosts	/etc/hosts

Writes DNS configuration 1 TTPs 1 IoCs

Writes data to DNS resolver config file.

Dynamic Resolution

Processes:

description	ioc
/etc/resolv.conf	/etc/resolv.conf

Enumerates active TCP sockets 1 TTPs 1 IoCs

Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery

Processes:

description	ioc
/proc/net/tcp	/proc/net/tcp

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery

Processes:

Mozi.abpcybebk

description	ioc	Process
/proc/net/route	/proc/net/route	Mozi.abpcybebk

Reads system network configuration 1 TTPs 3 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

Processes:

Mozi.abpcybebk

description	ioc	Process
/proc/net/tcp6	/proc/net/tcp6