kaiten | d2e2fd9bcb3ba0416e9f057c3b09c8470d51634fc6ab0414611ba27ac7e98e2d | Triage

Submit
Reports

Overview

overview

Static

static

1

httpds

ubuntu-18.04-amd64

inst

ubuntu-18.04-amd64

inst

debian-9-armhf

inst

debian-9-mips

inst

debian-9-mipsel

Sharing

General

Target

4c7a5f228c86ec4d4445789ab0eae04c
Size

21KB
Sample

231222-b9y85agdc9
MD5

4c7a5f228c86ec4d4445789ab0eae04c
SHA1

08db9fba4a3602885927b856c8f4a6d0b5c6ab59
SHA256

d2e2fd9bcb3ba0416e9f057c3b09c8470d51634fc6ab0414611ba27ac7e98e2d
SHA512

5164b5334bc1704f03dbfbf126e059134dbb8f0277413ef7bac5b9a4bd44261a4f21685d3433a059e3699fd4cd2b79fb5a1f6e5d0455a9fb913b127f52cf075c
SSDEEP

384:Nd3g9RLWavjJfO1rmpzt5FkA9R/x6+4iYvd47UeTB+V8EhQDcKqPGsHKxfhND:Ni9Qil6rSZrKiY1OPTIVJhCcKqP1cpR

Score

10^/10

kaiten botnet linux persistence

Static task

static1

Behavioral task

behavioral1

Sample

httpds

Resource

ubuntu1804-amd64-20231222-en

ubuntu-18.04-amd64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

inst

Resource

ubuntu1804-amd64-20231215-en

kaiten botnet persistence

ubuntu-18.04-amd64

6 signatures

150 seconds

Behavioral task

behavioral3

Sample

inst

Resource

debian9-armhf-20231215-en

kaiten botnet persistence

debian-9-armhf

6 signatures

150 seconds

Behavioral task

behavioral4

Sample

inst

Resource

debian9-mipsbe-20231215-en

kaiten botnet persistence

debian-9-mips

6 signatures

150 seconds

Behavioral task

behavioral5

Sample

inst

Resource

debian9-mipsel-20231215-en

kaiten botnet persistence

debian-9-mipsel

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  httpds
- Size
  
  29KB
- MD5
  
  ab91b09434af11ff0e406ca5453dec25
- SHA1
  
  83a75593d595e54991749583ac6e3e4f3acb9156
- SHA256
  
  cc012777f71f66c1ba32be96ee70296f1c34b93e2068d1dae69a523552bc487c
- SHA512
  
  b24341f603ad973675219fc8ecd390973510e728a30e4def28049267f75b5da06977d42b122bce34ba05b1e450cb9023b3a9101dd763d44b3c090881335dd1e2
- SSDEEP
  
  768:mHUHA5zzZxcm8xcTa5UfAA9f/PN6Wpm4S:PkzzZxcm8xc+DS3V6WpmN
Score

1^/10
behavioral1
- Target
  
  inst
- Size
  
  732B
- MD5
  
  56a30205ea23a457ff2af18a76cd521c
- SHA1
  
  a2007725d6a3e6b2a1b6dfed6a9a735ac66a7606
- SHA256
  
  d1469b9971ed7346f21104b2044feb538a5206e55bdbc60b641c9d8ca11ab851
- SHA512
  
  7f44fbe568895c25fc63577aad7c5b1208226a42949e71a770b10a7f780ebe431d69182600fe190da6444554b29397168e6b51b815b1161febe5b8fe7269073b
Score

10^/10

kaiten botnet persistence
- Detects Kaiten/Tsunami Payload
- Detects Kaiten/Tsunami payload
- Kaiten/Tsunami
  Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
  botnet kaiten
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
behavioral2 behavioral3 behavioral4 behavioral5

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

kaitenbotnetpersistence

behavioral3

kaitenbotnetpersistence

behavioral4

kaitenbotnetpersistence

behavioral5

kaitenbotnetpersistence

© 2018-2025

Terms | Privacy