2b1b92ad7eb5baefe743f592dfbba031b3b38cf712065d517257f0e669793ac9 | Triage

Analysis

max time kernel
20729s
max time network
149s
platform
linux_mips
resource
debian9-mipsbe-en-20211208
resource tags

arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
05-08-2022 15:11

Sharing

Report Analysis Logs

General

Target

214ad3760ec3bd0855498d41f696f9a1
Size

36KB
MD5

214ad3760ec3bd0855498d41f696f9a1
SHA1

e5b30c7099ca0f5a306a8d078f1b912427eceac5
SHA256

2b1b92ad7eb5baefe743f592dfbba031b3b38cf712065d517257f0e669793ac9
SHA512

514bc2fe9442b8e93dfdb466e2bb9a362d8efdac4acd1963e8cbc20f1afaa41448618aa333359deb5685fc206dd200d5b52cbdf649b2f4795cacccb466205118

Score

9^/10

Malware Config

Signatures

Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

Impair Defenses
T1562
Writes file to system bin folder 1 TTPs 2 IoCs

Hijack Execution Flow
T1574

Processes:

description ioc

/bin/watchdog /bin/watchdog
/sbin/watchdog /sbin/watchdog
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.

Processes:

description ioc

/proc/ /proc/

/tmp/214ad3760ec3bd0855498d41f696f9a1
/tmp/214ad3760ec3bd0855498d41f696f9a1
1⤵
PID:320

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...