Overview
overview
10Static
static
10123.exe
windows7-x64
1123.exe
windows10-2004-x64
1360sb.exe
windows7-x64
10360sb.exe
windows10-2004-x64
107000.32
ubuntu-18.04-amd64
17000.64
ubuntu-18.04-amd64
7Linux577
ubuntu-18.04-amd64
8Mh.exe
windows7-x64
7Mh.exe
windows10-2004-x64
10Mh1.exe
windows7-x64
7Mh1.exe
windows10-2004-x64
10Mh2.exe
windows7-x64
7Mh2.exe
windows10-2004-x64
10SETUP.exe
windows7-x64
SETUP.exe
windows10-2004-x64
TX98
ubuntu-18.04-amd64
1TX981
ubuntu-18.04-amd64
1TX982
ubuntu-18.04-amd64
7TX984
debian-9-armhf
7TX985
debian-9-mipsel
7TX986
debian-9-mips
7bjyk.exe
windows7-x64
10bjyk.exe
windows10-2004-x64
10ceshi.exe
windows7-x64
10ceshi.exe
windows10-2004-x64
10ddos.exe
windows7-x64
1ddos.exe
windows10-2004-x64
10dhl.exe
windows7-x64
7dhl.exe
windows10-2004-x64
10mh3.exe
windows7-x64
7mh3.exe
windows10-2004-x64
10server.exe
windows7-x64
10Analysis
-
max time kernel
0s -
max time network
102s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
27-03-2023 09:42
Behavioral task
behavioral1
Sample
123.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
123.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral3
Sample
360sb.exe
Resource
win7-20230220-en
Behavioral task
behavioral4
Sample
360sb.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral5
Sample
7000.32
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral6
Sample
7000.64
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral7
Sample
Linux577
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral8
Sample
Mh.exe
Resource
win7-20230220-en
Behavioral task
behavioral9
Sample
Mh.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral10
Sample
Mh1.exe
Resource
win7-20230220-en
Behavioral task
behavioral11
Sample
Mh1.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral12
Sample
Mh2.exe
Resource
win7-20230220-en
Behavioral task
behavioral13
Sample
Mh2.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral14
Sample
SETUP.exe
Resource
win7-20230220-en
Behavioral task
behavioral15
Sample
SETUP.exe
Resource
win10v2004-20230221-en
Behavioral task
behavioral16
Sample
TX98
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral17
Sample
TX981
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral18
Sample
TX982
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral19
Sample
TX984
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral20
Sample
TX985
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral21
Sample
TX986
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral22
Sample
bjyk.exe
Resource
win7-20230220-en
Behavioral task
behavioral23
Sample
bjyk.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral24
Sample
ceshi.exe
Resource
win7-20230220-en
Behavioral task
behavioral25
Sample
ceshi.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral26
Sample
ddos.exe
Resource
win7-20230220-en
Behavioral task
behavioral27
Sample
ddos.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral28
Sample
dhl.exe
Resource
win7-20230220-en
Behavioral task
behavioral29
Sample
dhl.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral30
Sample
mh3.exe
Resource
win7-20230220-en
Behavioral task
behavioral31
Sample
mh3.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral32
Sample
server.exe
Resource
win7-20230220-en
General
-
Target
7000.64
-
Size
710KB
-
MD5
d80e1546a194e42f049b1a15287aa4d6
-
SHA1
980f2d902a250cd3298e2acf45bfbc31044cd8f5
-
SHA256
7bce4673ac5b7db9bd5d27076c770925c181745b784f806024413a3b5552eebf
-
SHA512
24501f6bb75078ebdb51999ed32ec1cea6ad57fe27dd48e12066de65dacf8570d0f875c79b9734f844f60042ad8c806d8293f9a92ee15d59fd9b68a50eec8a49
-
SSDEEP
12288:ZIlddxPHCo90S9LTXIXs5im4MkQbSJDTdx4Is//O1ScnBM:ZI/dLTXIXw4jQb+Tffs//gScS
Malware Config
Signatures
-
Processes:
7000.64description ioc process /etc/init.d/.zl /etc/init.d/.zl 7000.64 -
Write file to user bin folder 1 TTPs 4 IoCs
Processes:
serviceserviceufwdescription ioc process /usr/sbin/service /usr/sbin/service service /usr/sbin/service /usr/sbin/service service /usr/bin/pyvenv.cfg /usr/bin/pyvenv.cfg ufw /usr/sbin/ufw /usr/sbin/ufw ufw -
Reads CPU attributes 1 TTPs 7 IoCs
Processes:
pstoppspspspspsdescription ioc process /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online top /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps /sys/devices/system/cpu/online /sys/devices/system/cpu/online ps -
Reads system network configuration 1 TTPs 2 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
grepgrepdescription ioc process /proc/net/dev /proc/net/dev grep /proc/net/dev /proc/net/dev grep -
Enumerates kernel/hardware configuration 1 TTPs 5 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
topmodprobedescription ioc process /sys/devices/system/node/node0/meminfo /sys/devices/system/node/node0/meminfo top /sys/devices/system/cpu /sys/devices/system/cpu top /sys/module/ip6_tables/initstate /sys/module/ip6_tables/initstate modprobe /sys/module/x_tables/initstate /sys/module/x_tables/initstate modprobe /sys/devices/system/node /sys/devices/system/node top -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
pspspstopsystemctlpspspssystemctlsystemctlsystemctldescription ioc process /proc/30/status /proc/30/status ps /proc/169/stat /proc/169/stat ps /proc/35/status /proc/35/status ps /proc/372/status /proc/372/status ps /proc/89/status /proc/89/status top /proc/sys/kernel/osrelease /proc/sys/kernel/osrelease systemctl /proc/160/cmdline /proc/160/cmdline ps /proc/153/cmdline /proc/153/cmdline ps /proc/586/status /proc/586/status ps /proc/379/cmdline /proc/379/cmdline ps /proc/221/cmdline /proc/221/cmdline ps /proc/600/stat /proc/600/stat ps /proc/162/stat /proc/162/stat ps /proc/163/stat /proc/163/stat ps /proc/285/stat /proc/285/stat ps /proc/115/statm /proc/115/statm top /proc/285/status /proc/285/status ps /proc/252/status /proc/252/status ps /proc/13/status /proc/13/status ps /proc/meminfo /proc/meminfo ps /proc/26/cmdline /proc/26/cmdline ps /proc/155/status /proc/155/status ps /proc/168/status /proc/168/status ps /proc/287/stat /proc/287/stat ps /proc/360/stat /proc/360/stat ps /proc/79/status /proc/79/status ps /proc/20/stat /proc/20/stat ps /proc/12/cmdline /proc/12/cmdline ps /proc/28/status /proc/28/status ps /proc/5/cmdline /proc/5/cmdline ps /proc/29/cmdline /proc/29/cmdline ps /proc/115/stat /proc/115/stat ps /proc/425/stat /proc/425/stat ps /proc/22/stat /proc/22/stat ps /proc/342/stat /proc/342/stat ps /proc/451/cmdline /proc/451/cmdline ps /proc/157/status /proc/157/status ps /proc/163/stat /proc/163/stat ps /proc/453/cmdline /proc/453/cmdline ps /proc/285/cmdline /proc/285/cmdline ps /proc/filesystems /proc/filesystems systemctl /proc/361/stat /proc/361/stat ps /proc/11/cmdline /proc/11/cmdline ps /proc/163/stat /proc/163/stat ps /proc/192/stat /proc/192/stat ps /proc/27/cmdline /proc/27/cmdline ps /proc/meminfo /proc/meminfo ps /proc/26/cmdline /proc/26/cmdline ps /proc/417/cmdline /proc/417/cmdline ps /proc/self/stat /proc/self/stat systemctl /proc/163/cmdline /proc/163/cmdline ps /proc/417/status /proc/417/status top /proc/626/status /proc/626/status top /proc/578/stat /proc/578/stat ps /proc/11/status /proc/11/status ps /proc/192/stat /proc/192/stat top /proc/163/stat /proc/163/stat ps /proc/self/stat /proc/self/stat systemctl /proc/25/cmdline /proc/25/cmdline ps /proc/11/cmdline /proc/11/cmdline ps /proc/168/status /proc/168/status ps /proc/155/status /proc/155/status ps /proc/34/status /proc/34/status ps /proc/593/status /proc/593/status ps -
Writes file to tmp directory 13 IoCs
Malware often drops required files in the /tmp directory.
Processes:
chmodcpcprmdescription ioc process /tmp/systemd-private-7d3edfa3223b4e89a002395ef6150049-systemd-resolved.service-dPbxmW /tmp/systemd-private-7d3edfa3223b4e89a002395ef6150049-systemd-resolved.service-dPbxmW chmod /tmp/systemd-private-7d3edfa3223b4e89a002395ef6150049-systemd-resolved.service-dPbxmW/tmp /tmp/systemd-private-7d3edfa3223b4e89a002395ef6150049-systemd-resolved.service-dPbxmW/tmp chmod /tmp/.lz1638981833 /tmp/.lz1638981833 cp /tmp/.Test-unix /tmp/.Test-unix chmod /tmp/.font-unix /tmp/.font-unix chmod /tmp/.X11-unix /tmp/.X11-unix chmod /tmp/systemd-private-7d3edfa3223b4e89a002395ef6150049-systemd-timesyncd.service-Dz8lxC/tmp /tmp/systemd-private-7d3edfa3223b4e89a002395ef6150049-systemd-timesyncd.service-Dz8lxC/tmp chmod /tmp/7000.64 /tmp/7000.64 cp /tmp/.lz1638981833 /tmp/.lz1638981833 cp /tmp/.XIM-unix /tmp/.XIM-unix chmod /tmp/.ICE-unix /tmp/.ICE-unix chmod /tmp/systemd-private-7d3edfa3223b4e89a002395ef6150049-systemd-timesyncd.service-Dz8lxC /tmp/systemd-private-7d3edfa3223b4e89a002395ef6150049-systemd-timesyncd.service-Dz8lxC chmod /tmp/.lz* /tmp/.lz* rm
Processes
-
/tmp/7000.64/tmp/7000.641⤵
- Modifies init.d
-
/bin/shsh -c "ps -ef"2⤵
-
/bin/psps -ef3⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/shsh -c "chmod 777 /etc/init.d/.zl"2⤵
-
/bin/chmodchmod 777 /etc/init.d/.zl3⤵
-
/bin/shsh -c "ps -ef"2⤵
-
/bin/psps -ef3⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/shsh -c "(chmod -R 777 /tmp) ; (rm -f /tmp/.lz*) ; (echo yes|cp -p /tmp/7000.64 /tmp/.lz1638981833)"2⤵
-
/bin/chmodchmod -R 777 /tmp3⤵
- Writes file to tmp directory
-
/bin/rmrm -f "/tmp/.lz*"3⤵
- Writes file to tmp directory
-
/bin/shsh -c "(chmod +x /tmp/.lz1638981833) ; (setsid /tmp/.lz1638981833 &) "2⤵
-
/bin/chmodchmod +x /tmp/.lz16389818333⤵
-
/bin/cpcp -p /tmp/7000.64 /tmp/.lz16389818331⤵
- Writes file to tmp directory
-
/usr/bin/setsidsetsid /tmp/.lz16389818331⤵
-
/tmp/.lz1638981833/tmp/.lz16389818331⤵
-
/bin/shsh -c "ps -ef"2⤵
-
/bin/psps -ef3⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/shsh -c "ps -ef"1⤵
-
/bin/psps -ef2⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/shsh -c "chkconfig --level 0123456 iptables off > /dev/null"1⤵
-
/bin/shsh -c "top -bn 1 | grep Cpu | cut -d \",\" -f 1 | cut -d \":\" -f 2"1⤵
-
/usr/bin/toptop -bn 12⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/bin/grepgrep Cpu2⤵
-
/usr/bin/cutcut -d "," -f 12⤵
-
/usr/bin/cutcut -d : -f 22⤵
-
/bin/shsh -c "chkconfig --level 0123456 ip6tables off > /dev/null"1⤵
-
/bin/shsh -c "echo yes|cp -p /tmp/.lz1638981833 /etc/.zl"1⤵
-
/bin/cpcp -p /tmp/.lz1638981833 /etc/.zl2⤵
- Writes file to tmp directory
-
/bin/shsh -c "systemctl stop iptables.service > /dev/null"1⤵
-
/bin/systemctlsystemctl stop iptables.service2⤵
- Reads runtime system information
-
/bin/shsh -c "service iptables stop > /dev/null"1⤵
-
/usr/sbin/serviceservice iptables stop2⤵
- Write file to user bin folder
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
-
/bin/systemctlsystemctl -p Triggers show dbus.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show ssh.socket3⤵
- Reads runtime system information
-
/bin/systemctlsystemctl -p Triggers show syslog.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-fsckd.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-initctl.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-audit.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-dev-log.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-journald.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-networkd.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-rfkill.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-control.socket3⤵
- Reads runtime system information
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-kernel.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show uuidd.socket3⤵
-
/usr/local/sbin/systemctlsystemctl stop iptables.service2⤵
-
/usr/local/bin/systemctlsystemctl stop iptables.service2⤵
-
/usr/sbin/systemctlsystemctl stop iptables.service2⤵
-
/usr/bin/systemctlsystemctl stop iptables.service2⤵
-
/sbin/systemctlsystemctl stop iptables.service2⤵
-
/bin/systemctlsystemctl stop iptables.service2⤵
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"1⤵
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"1⤵
-
/bin/shsh -c "grep \"\\beth\" /proc/net/dev |cut -d \":\" -f 2 | awk '{print \$9}'"1⤵
-
/bin/grepgrep "\\beth" /proc/net/dev2⤵
- Reads system network configuration
-
/usr/bin/cutcut -d : -f 22⤵
-
/usr/bin/awkawk "{print \$9}"2⤵
-
/bin/shsh -c "grep \"\\beth\" /proc/net/dev |cut -d \":\" -f 2 | awk '{print \$10}'"1⤵
-
/bin/grepgrep "\\beth" /proc/net/dev2⤵
- Reads system network configuration
-
/usr/bin/awkawk "{print \$10}"2⤵
-
/usr/bin/cutcut -d : -f 22⤵
-
/bin/shsh -c "/etc/init.d/iptables stop > /dev/null"1⤵
-
/etc/init.d/iptables/etc/init.d/iptables stop2⤵
-
/bin/shsh -c "reSuSEfirewall2 stop > /dev/null"1⤵
-
/bin/shsh -c "SuSEfirewall2 stop > /dev/null"1⤵
-
/bin/shsh -c "service ebtables stop > /dev/null"1⤵
-
/usr/sbin/serviceservice ebtables stop2⤵
- Write file to user bin folder
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
-
/bin/systemctlsystemctl -p Triggers show dbus.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show ssh.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show syslog.socket3⤵
- Reads runtime system information
-
/bin/systemctlsystemctl -p Triggers show systemd-fsckd.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-initctl.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-audit.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-dev-log.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-journald.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-networkd.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-rfkill.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-control.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-kernel.socket3⤵
-
/bin/systemctlsystemctl -p Triggers show uuidd.socket3⤵
-
/usr/local/sbin/systemctlsystemctl stop ebtables.service2⤵
-
/usr/local/bin/systemctlsystemctl stop ebtables.service2⤵
-
/usr/sbin/systemctlsystemctl stop ebtables.service2⤵
-
/usr/bin/systemctlsystemctl stop ebtables.service2⤵
-
/sbin/systemctlsystemctl stop ebtables.service2⤵
-
/bin/systemctlsystemctl stop ebtables.service2⤵
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"1⤵
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"1⤵
-
/bin/shsh -c "/etc/init.d/ebtables stop > /dev/null"1⤵
-
/etc/init.d/ebtables/etc/init.d/ebtables stop2⤵
-
/bin/shsh -c "ufw disable > /dev/null"1⤵
-
/usr/sbin/ufwufw disable2⤵
- Write file to user bin folder
-
/sbin/iptables/sbin/iptables -V3⤵
-
/lib/ufw/ufw-init/lib/ufw/ufw-init force-stop3⤵
-
/sbin/ip6tablesip6tables -L INPUT -n4⤵
-
/sbin/iptablesiptables -F ufw-logging-deny4⤵
-
/sbin/iptablesiptables -F ufw-logging-allow4⤵
-
/sbin/iptablesiptables -F ufw-not-local4⤵
-
/sbin/iptablesiptables -F ufw-user-logging-input4⤵
-
/sbin/iptablesiptables -F ufw-user-limit-accept4⤵
-
/sbin/iptablesiptables -F ufw-user-limit4⤵
-
/sbin/iptablesiptables -F ufw-skip-to-policy-input4⤵
-
/sbin/iptablesiptables -F ufw-reject-input4⤵
-
/sbin/iptablesiptables -F ufw-after-logging-input4⤵
-
/sbin/iptablesiptables -F ufw-after-input4⤵
-
/sbin/iptablesiptables -F ufw-user-input4⤵
-
/sbin/iptablesiptables -F ufw-before-input4⤵
-
/sbin/iptablesiptables -F ufw-before-logging-input4⤵
-
/sbin/iptablesiptables -F ufw-skip-to-policy-forward4⤵
-
/sbin/iptablesiptables -F ufw-reject-forward4⤵
-
/sbin/iptablesiptables -F ufw-after-logging-forward4⤵
-
/sbin/iptablesiptables -F ufw-after-forward4⤵
-
/sbin/iptablesiptables -F ufw-user-logging-forward4⤵
-
/sbin/iptablesiptables -F ufw-user-forward4⤵
-
/sbin/iptablesiptables -F ufw-before-forward4⤵
-
/sbin/iptablesiptables -F ufw-before-logging-forward4⤵
-
/sbin/iptablesiptables -F ufw-track-forward4⤵
-
/sbin/iptablesiptables -F ufw-track-output4⤵
-
/sbin/iptablesiptables -F ufw-track-input4⤵
-
/sbin/iptablesiptables -F ufw-skip-to-policy-output4⤵
-
/sbin/iptablesiptables -F ufw-reject-output4⤵
-
/sbin/iptablesiptables -F ufw-after-logging-output4⤵
-
/sbin/iptablesiptables -F ufw-after-output4⤵
-
/sbin/iptablesiptables -F ufw-user-logging-output4⤵
-
/sbin/iptablesiptables -F ufw-user-output4⤵
-
/sbin/iptablesiptables -F ufw-before-output4⤵
-
/sbin/iptablesiptables -F ufw-before-logging-output4⤵
-
/sbin/iptablesiptables -Z ufw-logging-deny4⤵
-
/sbin/iptablesiptables -Z ufw-logging-allow4⤵
-
/sbin/iptablesiptables -Z ufw-not-local4⤵
-
/sbin/iptablesiptables -Z ufw-user-logging-input4⤵
-
/sbin/iptablesiptables -Z ufw-user-limit-accept4⤵
-
/sbin/iptablesiptables -Z ufw-user-limit4⤵
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-input4⤵
-
/sbin/iptablesiptables -Z ufw-reject-input4⤵
-
/sbin/iptablesiptables -Z ufw-after-logging-input4⤵
-
/sbin/iptablesiptables -Z ufw-after-input4⤵
-
/sbin/iptablesiptables -Z ufw-user-input4⤵
-
/sbin/iptablesiptables -Z ufw-before-input4⤵
-
/sbin/iptablesiptables -Z ufw-before-logging-input4⤵
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-forward4⤵
-
/sbin/iptablesiptables -Z ufw-reject-forward4⤵
-
/sbin/iptablesiptables -Z ufw-after-logging-forward4⤵
-
/sbin/iptablesiptables -Z ufw-after-forward4⤵
-
/sbin/iptablesiptables -Z ufw-user-logging-forward4⤵
-
/sbin/iptablesiptables -Z ufw-user-forward4⤵
-
/sbin/iptablesiptables -Z ufw-before-forward4⤵
-
/sbin/iptablesiptables -Z ufw-before-logging-forward4⤵
-
/sbin/iptablesiptables -Z ufw-track-forward4⤵
-
/sbin/iptablesiptables -Z ufw-track-output4⤵
-
/sbin/iptablesiptables -Z ufw-track-input4⤵
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-output4⤵
-
/sbin/iptablesiptables -Z ufw-reject-output4⤵
-
/sbin/iptablesiptables -Z ufw-after-logging-output4⤵
-
/sbin/iptablesiptables -Z ufw-after-output4⤵
-
/sbin/iptablesiptables -Z ufw-user-logging-output4⤵
-
/sbin/iptablesiptables -Z ufw-user-output4⤵
-
/sbin/iptablesiptables -Z ufw-before-output4⤵
-
/sbin/iptablesiptables -Z ufw-before-logging-output4⤵
-
/sbin/iptablesiptables -X ufw-logging-deny4⤵
-
/sbin/iptablesiptables -X ufw-logging-allow4⤵
-
/sbin/iptablesiptables -X ufw-not-local4⤵
-
/sbin/iptablesiptables -X ufw-user-logging-input4⤵
-
/sbin/iptablesiptables -X ufw-user-logging-output4⤵
-
/sbin/iptablesiptables -X ufw-user-logging-forward4⤵
-
/sbin/iptablesiptables -X ufw-user-limit-accept4⤵
-
/sbin/iptablesiptables -X ufw-user-limit4⤵
-
/sbin/iptablesiptables -X ufw-user-input4⤵
-
/sbin/iptablesiptables -X ufw-user-forward4⤵
-
/sbin/iptablesiptables -X ufw-user-output4⤵
-
/sbin/iptablesiptables -X ufw-skip-to-policy-input4⤵
-
/sbin/iptablesiptables -X ufw-skip-to-policy-output4⤵
-
/sbin/iptablesiptables -X ufw-skip-to-policy-forward4⤵
-
/sbin/iptablesiptables -P INPUT ACCEPT4⤵
-
/sbin/iptablesiptables -P OUTPUT ACCEPT4⤵
-
/sbin/iptablesiptables -P FORWARD ACCEPT4⤵
-
/sbin/ip6tablesip6tables -F ufw6-logging-deny4⤵
-
/sbin/ip6tablesip6tables -F ufw6-logging-allow4⤵
-
/sbin/ip6tablesip6tables -F ufw6-not-local4⤵
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-input4⤵
-
/sbin/ip6tablesip6tables -F ufw6-user-limit-accept4⤵
-
/sbin/ip6tablesip6tables -F ufw6-user-limit4⤵
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-input4⤵
-
/sbin/ip6tablesip6tables -F ufw6-reject-input4⤵
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-input4⤵
-
/sbin/ip6tablesip6tables -F ufw6-after-input4⤵
-
/sbin/ip6tablesip6tables -F ufw6-user-input4⤵
-
/sbin/ip6tablesip6tables -F ufw6-before-input4⤵
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-input4⤵
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-forward4⤵
-
/sbin/ip6tablesip6tables -F ufw6-reject-forward4⤵
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-forward4⤵
-
/sbin/ip6tablesip6tables -F ufw6-after-forward4⤵
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-forward4⤵
-
/sbin/ip6tablesip6tables -F ufw6-user-forward4⤵
-
/sbin/ip6tablesip6tables -F ufw6-before-forward4⤵
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-forward4⤵
-
/sbin/ip6tablesip6tables -F ufw6-track-forward4⤵
-
/sbin/ip6tablesip6tables -F ufw6-track-output4⤵
-
/sbin/ip6tablesip6tables -F ufw6-track-input4⤵
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-output4⤵
-
/sbin/ip6tablesip6tables -F ufw6-reject-output4⤵
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-output4⤵
-
/sbin/ip6tablesip6tables -F ufw6-after-output4⤵
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-output4⤵
-
/sbin/ip6tablesip6tables -F ufw6-user-output4⤵
-
/sbin/ip6tablesip6tables -F ufw6-before-output4⤵
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-output4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-logging-deny4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-logging-allow4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-not-local4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-input4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit-accept4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-input4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-reject-input4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-input4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-after-input4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-user-input4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-before-input4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-input4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-forward4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-reject-forward4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-forward4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-after-forward4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-forward4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-user-forward4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-before-forward4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-forward4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-track-forward4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-track-output4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-track-input4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-output4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-reject-output4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-output4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-after-output4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-output4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-user-output4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-before-output4⤵
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-output4⤵
-
/sbin/ip6tablesip6tables -X ufw6-logging-deny4⤵
-
/sbin/ip6tablesip6tables -X ufw6-logging-allow4⤵
-
/sbin/ip6tablesip6tables -X ufw6-not-local4⤵
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-input4⤵
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-output4⤵
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-forward4⤵
-
/sbin/ip6tablesip6tables -X ufw6-user-limit-accept4⤵
-
/sbin/ip6tablesip6tables -X ufw6-user-limit4⤵
-
/sbin/ip6tablesip6tables -X ufw6-user-input4⤵
-
/sbin/ip6tablesip6tables -X ufw6-user-forward4⤵
-
/sbin/ip6tablesip6tables -X ufw6-user-output4⤵
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-input4⤵
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-output4⤵
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-forward4⤵
-
/sbin/ip6tablesip6tables -P INPUT ACCEPT4⤵
-
/sbin/ip6tablesip6tables -P OUTPUT ACCEPT4⤵
-
/sbin/ip6tablesip6tables -P FORWARD ACCEPT4⤵
-
/sbin/modprobe/sbin/modprobe ip6_tables1⤵
- Enumerates kernel/hardware configuration
-
/bin/shsh -c "(chmod +x /etc/.zl) ; (setsid /etc/.zl &) "1⤵
-
/bin/chmodchmod +x /etc/.zl2⤵
-
/usr/bin/setsidsetsid /etc/.zl1⤵
-
/etc/.zl/etc/.zl1⤵
-
/bin/shsh -c "ps -ef"2⤵
-
/bin/psps -ef3⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/shsh -c "ps -ef"2⤵
-
/bin/psps -ef3⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/shsh -c "ps -ef"2⤵
-
/bin/shsh -c "netstat -anp | grep \":6009\" |awk '{print \$NF}' |cut -d \"/\" -f 1 | xargs kill -9 > /dev/null ;free -m > /dev/null"1⤵
-
/bin/grepgrep :60092⤵
-
/usr/bin/awkawk "{print \$NF}"2⤵