kaiten | f199d3f16a1475ef2395898c8b102db6756c8f2a3ab7eda2b613430ea003acb1 | Triage

Submit
Reports

Overview

overview

Static

static

1

d547d86ce8...3148aa

debian-9-mips

Sharing

General

Target

d547d86ce86849f33031d8a3643148aa
Size

62KB
Sample

231220-sp4rjsgdd8
MD5

d547d86ce86849f33031d8a3643148aa
SHA1

5b8054686bc9f986af7b145388aa9bf2f07420f5
SHA256

f199d3f16a1475ef2395898c8b102db6756c8f2a3ab7eda2b613430ea003acb1
SHA512

da20d1cdc82cec1ef87ecfb5e67e62f1ec31f2fbfe78341842557bb4131991c83b2e3d1a697ac382990162b24ea58dccc3041676e3fc54d7adb08590682fb4bb
SSDEEP

768:vYPjLmGo1TW7QXgdRv4r5J8+/DBW1DR/WhUiDH1kWsLnJgGlzDpYuR1JQHRkAg3:AvmG8i7Qwn4lJTC9YUaVkWqlVGu2RW

Score

10^/10

kaiten botnet persistence

Static task

static1

Behavioral task

behavioral1

Sample

d547d86ce86849f33031d8a3643148aa

Resource

debian9-mipsbe-20231215-en

kaiten botnet persistence

debian-9-mips

7 signatures

150 seconds

Malware Config

Targets

- Target
  
  d547d86ce86849f33031d8a3643148aa
- Size
  
  62KB
- MD5
  
  d547d86ce86849f33031d8a3643148aa
- SHA1
  
  5b8054686bc9f986af7b145388aa9bf2f07420f5
- SHA256
  
  f199d3f16a1475ef2395898c8b102db6756c8f2a3ab7eda2b613430ea003acb1
- SHA512
  
  da20d1cdc82cec1ef87ecfb5e67e62f1ec31f2fbfe78341842557bb4131991c83b2e3d1a697ac382990162b24ea58dccc3041676e3fc54d7adb08590682fb4bb
- SSDEEP
  
  768:vYPjLmGo1TW7QXgdRv4r5J8+/DBW1DR/WhUiDH1kWsLnJgGlzDpYuR1JQHRkAg3:AvmG8i7Qwn4lJTC9YUaVkWqlVGu2RW
Score

10^/10

kaiten botnet persistence
- Detects Kaiten/Tsunami Payload
- Kaiten/Tsunami
  Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
  botnet kaiten
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Dynamic Resolution

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

kaitenbotnetpersistence

© 2018-2024

Terms | Privacy