kaiten | 9789a54be7b6faea45f1ad9a2b92f32fb602390a40f4d301c786cf2ee2b39459 | Triage

Sharing

General

Target

620db8719f37ec3f8de6e9656655ef5b
Size

63KB
Sample

231219-3d17dsegeq
MD5

620db8719f37ec3f8de6e9656655ef5b
SHA1

659b8c8a12548c747782e96886c83941c64e6ab2
SHA256

9789a54be7b6faea45f1ad9a2b92f32fb602390a40f4d301c786cf2ee2b39459
SHA512

62a8809e42070736e8a67cba144c379f428e30fb76ee14a627ce0afe3c5353b03338710862dba77c0c0d07468e925d18df9a787b50bd99a787bda3d6a0bbe08a
SSDEEP

768:+rQMpqc88Ah5AW4Z9xHZGKs1RK0ppgJu4RDbnHhsJgGlzDpYuR1J1fUO:+rQ21jW4HhQKsK0p94vkVGuXfU

Score

10^/10

kaiten botnet persistence

Malware Config

Targets

- Target
  
  620db8719f37ec3f8de6e9656655ef5b
- Size
  
  63KB
- MD5
  
  620db8719f37ec3f8de6e9656655ef5b
- SHA1
  
  659b8c8a12548c747782e96886c83941c64e6ab2
- SHA256
  
  9789a54be7b6faea45f1ad9a2b92f32fb602390a40f4d301c786cf2ee2b39459
- SHA512
  
  62a8809e42070736e8a67cba144c379f428e30fb76ee14a627ce0afe3c5353b03338710862dba77c0c0d07468e925d18df9a787b50bd99a787bda3d6a0bbe08a
- SSDEEP
  
  768:+rQMpqc88Ah5AW4Z9xHZGKs1RK0ppgJu4RDbnHhsJgGlzDpYuR1J1fUO:+rQ21jW4HhQKsK0p94vkVGuXfU
Score

10^/10

kaiten botnet persistence
- Detects Kaiten/Tsunami Payload
- Kaiten/Tsunami
  Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
  botnet kaiten
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

kaitenbotnetpersistence