kaiten | cf7f09319e46bf38232f1887e0d9aab18170ece148141f538a94b871fa25aa7c | Triage

Submit
Reports

Overview

overview

Static

static

1

97c58795cc...48e1a2

debian-9-mipsel

Sharing

General

Target

97c58795cc03edfed788af94d848e1a2
Size

38KB
Sample

231222-qbx1qsdfdr
MD5

97c58795cc03edfed788af94d848e1a2
SHA1

55a86ceac7cd6aa61d39b00205d97498242d21d5
SHA256

cf7f09319e46bf38232f1887e0d9aab18170ece148141f538a94b871fa25aa7c
SHA512

1ab1ca965803cf1587f77f671da8fe02024680e52f73ae16c63ed8bdaef04932ebbffdeb816b390efbf1d150de25827b3f57e2b3ed42f357724f0d5c7d2cbb0e
SSDEEP

768:BaQPk7tOmLWoFOJADhA6gLdQAvi+EKuvG+urhWPdSOAf2zjQDq:uV3FOmFCQ3ZKuW6SgzjQO

Score

10^/10

kaiten botnet persistence

Static task

static1

Behavioral task

behavioral1

Sample

97c58795cc03edfed788af94d848e1a2

Resource

debian9-mipsel-20231215-en

kaiten botnet persistence

debian-9-mipsel

8 signatures

150 seconds

Malware Config

Targets

- Target
  
  97c58795cc03edfed788af94d848e1a2
- Size
  
  38KB
- MD5
  
  97c58795cc03edfed788af94d848e1a2
- SHA1
  
  55a86ceac7cd6aa61d39b00205d97498242d21d5
- SHA256
  
  cf7f09319e46bf38232f1887e0d9aab18170ece148141f538a94b871fa25aa7c
- SHA512
  
  1ab1ca965803cf1587f77f671da8fe02024680e52f73ae16c63ed8bdaef04932ebbffdeb816b390efbf1d150de25827b3f57e2b3ed42f357724f0d5c7d2cbb0e
- SSDEEP
  
  768:BaQPk7tOmLWoFOJADhA6gLdQAvi+EKuvG+urhWPdSOAf2zjQDq:uV3FOmFCQ3ZKuW6SgzjQO
Score

10^/10

kaiten botnet persistence
- Detects Kaiten/Tsunami Payload
- Kaiten/Tsunami
  Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
  botnet kaiten
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1

kaitenbotnetpersistence

© 2018-2024

Terms | Privacy