Analysis
-
max time kernel
3s -
max time network
133s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
-
submitted
19/03/2024, 02:06
General
-
Target
190be0efc2d9727289bd74c4cba38ba52890ebfb20d7539f47d17575807c53de.elf
-
Size
53KB
-
MD5
3f471655836f641059bc2da85eaf3aee
-
SHA1
b4339e8c1b20145e2814724fc24606b5a3014a63
-
SHA256
190be0efc2d9727289bd74c4cba38ba52890ebfb20d7539f47d17575807c53de
-
SHA512
56f8c266648910fd0262bd4021468daf82c2103cc93ee46d6bb1cb0edf280d9e1b736be5e98bb6079a332e9bf832dd885b481f91e49986c7b2f796665a8429a1
-
SSDEEP
1536:ogVYnH4HZrV9wm3FcFSmP9NvWZL+LEiIp7:op8ZrVJ30qB7
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
MIRAI
C2
z.hxhk.cc
y.hxhk.cc
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Changes its process name 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Flushes firewall rules 64 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
-
Loads a kernel module 1 IoCs
Loads a Linux kernel module, potentially to achieve persistence
-
Modifies init.d 1 TTPs 1 IoCs
Adds/modifies system service, likely for persistence.
-
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 49 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/190be0efc2d9727289bd74c4cba38ba52890ebfb20d7539f47d17575807c53de.elf/tmp/190be0efc2d9727289bd74c4cba38ba52890ebfb20d7539f47d17575807c53de.elf1⤵
-
/bin/shsh -c "iptables -F >/dev/null 2>&1"2⤵
-
/sbin/iptablesiptables -F3⤵
-
-
-
/bin/shsh -c "iptables -X >/dev/null 2>&1"2⤵
-
/sbin/iptablesiptables -X3⤵
- Flushes firewall rules
-
-
-
/bin/shsh -c "iptables -t nat -F >/dev/null 2>&1"2⤵
-
/sbin/iptablesiptables -t nat -F3⤵
- Flushes firewall rules
-
-
-
/bin/shsh -c "iptables -t nat -X >/dev/null 2>&1"2⤵
-
/sbin/iptablesiptables -t nat -X3⤵
- Flushes firewall rules
-
-
-
/bin/shsh -c "iptables -t mangle -F >/dev/null 2>&1"2⤵
-
/sbin/iptablesiptables -t mangle -F3⤵
- Flushes firewall rules
-
-
-
/bin/shsh -c "iptables -t mangle -X >/dev/null 2>&1"2⤵
-
/sbin/iptablesiptables -t mangle -X3⤵
- Flushes firewall rules
-
-
-
/bin/shsh -c "iptables -P INPUT ACCEPT >/dev/null 2>&1"2⤵
-
/sbin/iptablesiptables -P INPUT ACCEPT3⤵
-
-
-
/bin/shsh -c "iptables -P FORWARD ACCEPT >/dev/null 2>&1"2⤵
-
/sbin/iptablesiptables -P FORWARD ACCEPT3⤵
- Flushes firewall rules
-
-
-
/bin/shsh -c "service iptables save >/dev/null 2>&1"2⤵
-
/usr/sbin/serviceservice iptables save3⤵
-
/usr/bin/basenamebasename /usr/sbin/service4⤵
-
-
/usr/bin/basenamebasename /usr/sbin/service4⤵
-
-
/bin/systemctlsystemctl --quiet is-active multi-user.target4⤵
- Reads runtime system information
-
-
-
-
/bin/shsh -c "systemctl stop firewalld >/dev/null 2>&1"2⤵
-
/bin/systemctlsystemctl stop firewalld3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "systemctl disable firewalld >/dev/null 2>&1"2⤵
-
/bin/systemctlsystemctl disable firewalld3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "ufw disable >/dev/null 2>&1"2⤵
-
/usr/sbin/ufwufw disable3⤵
-
/sbin/iptables/sbin/iptables -V4⤵
-
-
/lib/ufw/ufw-init/lib/ufw/ufw-init force-stop4⤵
-
/sbin/ip6tablesip6tables -L INPUT -n5⤵
- Reads runtime system information
-
/sbin/modprobe/sbin/modprobe ip6_tables6⤵
- Loads a kernel module
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
-
/sbin/iptablesiptables -F ufw-logging-deny5⤵
-
-
/sbin/iptablesiptables -F ufw-logging-allow5⤵
-
-
/sbin/iptablesiptables -F ufw-not-local5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-user-logging-input5⤵
-
-
/sbin/iptablesiptables -F ufw-user-limit-accept5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-user-limit5⤵
-
-
/sbin/iptablesiptables -F ufw-skip-to-policy-input5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-reject-input5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-after-logging-input5⤵
-
-
/sbin/iptablesiptables -F ufw-after-input5⤵
-
-
/sbin/iptablesiptables -F ufw-user-input5⤵
-
-
/sbin/iptablesiptables -F ufw-before-input5⤵
-
-
/sbin/iptablesiptables -F ufw-before-logging-input5⤵
-
-
/sbin/iptablesiptables -F ufw-skip-to-policy-forward5⤵
-
-
/sbin/iptablesiptables -F ufw-reject-forward5⤵
-
-
/sbin/iptablesiptables -F ufw-after-logging-forward5⤵
-
-
/sbin/iptablesiptables -F ufw-after-forward5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-user-logging-forward5⤵
-
-
/sbin/iptablesiptables -F ufw-user-forward5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-before-forward5⤵
-
-
/sbin/iptablesiptables -F ufw-before-logging-forward5⤵
-
-
/sbin/iptablesiptables -F ufw-track-forward5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-track-output5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-track-input5⤵
-
-
/sbin/iptablesiptables -F ufw-skip-to-policy-output5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-reject-output5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-after-logging-output5⤵
-
-
/sbin/iptablesiptables -F ufw-after-output5⤵
-
-
/sbin/iptablesiptables -F ufw-user-logging-output5⤵
-
-
/sbin/iptablesiptables -F ufw-user-output5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-before-output5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-before-logging-output5⤵
-
-
/sbin/iptablesiptables -Z ufw-logging-deny5⤵
-
-
/sbin/iptablesiptables -Z ufw-logging-allow5⤵
-
-
/sbin/iptablesiptables -Z ufw-not-local5⤵
-
-
/sbin/iptablesiptables -Z ufw-user-logging-input5⤵
-
-
/sbin/iptablesiptables -Z ufw-user-limit-accept5⤵
-
-
/sbin/iptablesiptables -Z ufw-user-limit5⤵
-
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-input5⤵
-
-
/sbin/iptablesiptables -Z ufw-reject-input5⤵
-
-
/sbin/iptablesiptables -Z ufw-after-logging-input5⤵
-
-
/sbin/iptablesiptables -Z ufw-after-input5⤵
-
-
/sbin/iptablesiptables -Z ufw-user-input5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-before-input5⤵
-
-
/sbin/iptablesiptables -Z ufw-before-logging-input5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-forward5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-reject-forward5⤵
-
-
/sbin/iptablesiptables -Z ufw-after-logging-forward5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-after-forward5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-user-logging-forward5⤵
-
-
/sbin/iptablesiptables -Z ufw-user-forward5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-before-forward5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-before-logging-forward5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-track-forward5⤵
-
-
/sbin/iptablesiptables -Z ufw-track-output5⤵
-
-
/sbin/iptablesiptables -Z ufw-track-input5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-output5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-reject-output5⤵
-
-
/sbin/iptablesiptables -Z ufw-after-logging-output5⤵
-
-
/sbin/iptablesiptables -Z ufw-after-output5⤵
-
-
/sbin/iptablesiptables -Z ufw-user-logging-output5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-user-output5⤵
-
-
/sbin/iptablesiptables -Z ufw-before-output5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-before-logging-output5⤵
-
-
/sbin/iptablesiptables -X ufw-logging-deny5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -X ufw-logging-allow5⤵
-
-
/sbin/iptablesiptables -X ufw-not-local5⤵
-
-
/sbin/iptablesiptables -X ufw-user-logging-input5⤵
-
-
/sbin/iptablesiptables -X ufw-user-logging-output5⤵
-
-
/sbin/iptablesiptables -X ufw-user-logging-forward5⤵
-
-
/sbin/iptablesiptables -X ufw-user-limit-accept5⤵
-
-
/sbin/iptablesiptables -X ufw-user-limit5⤵
-
-
/sbin/iptablesiptables -X ufw-user-input5⤵
-
-
/sbin/iptablesiptables -X ufw-user-forward5⤵
-
-
/sbin/iptablesiptables -X ufw-user-output5⤵
-
-
/sbin/iptablesiptables -X ufw-skip-to-policy-input5⤵
-
-
/sbin/iptablesiptables -X ufw-skip-to-policy-output5⤵
-
-
/sbin/iptablesiptables -X ufw-skip-to-policy-forward5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -P INPUT ACCEPT5⤵
-
-
/sbin/iptablesiptables -P OUTPUT ACCEPT5⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -P FORWARD ACCEPT5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-logging-deny5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-logging-allow5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-not-local5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-input5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-user-limit-accept5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-user-limit5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-input5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-reject-input5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-input5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-after-input5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-user-input5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-before-input5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-input5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-forward5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-reject-forward5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-forward5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-after-forward5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-forward5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-user-forward5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-before-forward5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-forward5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-track-forward5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-track-output5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-track-input5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-output5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-reject-output5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-output5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-after-output5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-output5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-user-output5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-before-output5⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-output5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-logging-deny5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-logging-allow5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-not-local5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-input5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit-accept5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-input5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-reject-input5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-input5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-input5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-input5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-input5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-input5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-forward5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-reject-forward5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-forward5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-forward5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-forward5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-forward5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-forward5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-forward5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-track-forward5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-track-output5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-track-input5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-output5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-reject-output5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-output5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-output5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-output5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-output5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-output5⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-output5⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-logging-deny5⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-logging-allow5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -X ufw6-not-local5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-input5⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-output5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-forward5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -X ufw6-user-limit-accept5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -X ufw6-user-limit5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -X ufw6-user-input5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -X ufw6-user-forward5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -X ufw6-user-output5⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-input5⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-output5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-forward5⤵
-
-
/sbin/ip6tablesip6tables -P INPUT ACCEPT5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -P OUTPUT ACCEPT5⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -P FORWARD ACCEPT5⤵
-
-
-
-
-
/bin/shsh -c "systemctl disable ufw >/dev/null 2>&1"2⤵
-
/bin/systemctlsystemctl disable ufw3⤵
- Reads runtime system information
-
/lib/systemd/systemd-sysv-install/lib/systemd/systemd-sysv-install disable ufw4⤵
-
/usr/bin/getoptgetopt -o r: --long root: -- disable ufw5⤵
-
-
/usr/sbin/update-rc.d/usr/sbin/update-rc.d ufw defaults5⤵
-
/usr/local/sbin/systemctlsystemctl daemon-reload6⤵
-
-
/usr/local/bin/systemctlsystemctl daemon-reload6⤵
-
-
/usr/sbin/systemctlsystemctl daemon-reload6⤵
-
-
/usr/bin/systemctlsystemctl daemon-reload6⤵
-
-
/sbin/systemctlsystemctl daemon-reload6⤵
-
-
/bin/systemctlsystemctl daemon-reload6⤵
- Reads runtime system information
-
-
-
/usr/sbin/update-rc.d/usr/sbin/update-rc.d ufw disable5⤵
-
/usr/local/sbin/systemctlsystemctl daemon-reload6⤵
-
-
/usr/local/bin/systemctlsystemctl daemon-reload6⤵
-
-
/usr/sbin/systemctlsystemctl daemon-reload6⤵
-
-
/usr/bin/systemctlsystemctl daemon-reload6⤵
-
-
/sbin/systemctlsystemctl daemon-reload6⤵
-
-
/bin/systemctlsystemctl daemon-reload6⤵
- Reads runtime system information
-
-
-
-
-
-
/bin/shsh -c "systemctl stop ufw >/dev/null 2>&1"2⤵
-
/bin/systemctlsystemctl stop ufw3⤵
- Reads runtime system information
-
-
-
/bin/shsh -c "chmod 777 -R /etc/dars.sh;"2⤵
-
/bin/chmodchmod 777 -R /etc/dars.sh3⤵
-
-
-
/bin/shsh -c "/etc/dars.sh /dev/null 2>&1"2⤵
-
/etc/dars.sh/etc/dars.sh /dev/null3⤵
- Executes dropped EXE
-
/bin/chmodchmod 777 -R /etc/init.d/cron4⤵
-
-
/bin/chmodchmod 777 -R /etc/crontab4⤵
-
-
/bin/sedsed -i "/\\/lib\\/system-mark/d" /etc/init.d/cron4⤵
- Modifies init.d
- Reads runtime system information
-
-
/bin/sedsed -i "/^*/1 * * * * root /.mod/d" /etc/crontab4⤵
- Reads runtime system information
-
-
/bin/chmodchmod 777 -R /etc/init.d/acpid /etc/init.d/alsa-utils /etc/init.d/anacron /etc/init.d/apparmor /etc/init.d/apport /etc/init.d/atd /etc/init.d/auditd /etc/init.d/avahi-daemon /etc/init.d/bluetooth /etc/init.d/console-setup.sh /etc/init.d/cron /etc/init.d/cups /etc/init.d/cups-browsed /etc/init.d/dbus /etc/init.d/dns-clean /etc/init.d/gdm3 /etc/init.d/grub-common /etc/init.d/hwclock.sh /etc/init.d/irqbalance /etc/init.d/kerneloops /etc/init.d/keyboard-setup.sh /etc/init.d/kmod /etc/init.d/networking /etc/init.d/network-manager /etc/init.d/plymouth /etc/init.d/plymouth-log /etc/init.d/pppd-dns /etc/init.d/procps /etc/init.d/rsync /etc/init.d/rsyslog /etc/init.d/saned /etc/init.d/selinux-autorelabel /etc/init.d/speech-dispatcher /etc/init.d/spice-vdagent /etc/init.d/ssh /etc/init.d/udev /etc/init.d/ufw /etc/init.d/unattended-upgrades /etc/init.d/uuidd /etc/init.d/whoopsie /etc/init.d/x11-common4⤵
-
-
/bin/rmrm -rf /.mod4⤵
-
-
/bin/rmrm -rf /etc/.walk4⤵
-
-
/bin/rmrm -rf /etc/326754⤵
-
-
/bin/rmrm -rf /etc/rc.local4⤵
-
-
/bin/rmrm -rf /etc/init.d/acpid4⤵
-
-
/bin/rmrm -rf /etc/init.d/alsa-utils4⤵
-
-
/bin/rmrm -rf /etc/init.d/anacron4⤵
-
-
/bin/rmrm -rf /etc/init.d/apache-htcacheclean4⤵
-
-
/bin/rmrm -rf /etc/init.d/apache24⤵
-
-
/bin/rmrm -rf /etc/init.d/apparmor4⤵
-
-
/bin/rmrm -rf /etc/init.d/apport4⤵
-
-
/bin/rmrm -rf /etc/init.d/avahi-daemon4⤵
-
-
/bin/rmrm -rf /etc/init.d/bluetooth4⤵
-
-
/bin/rmrm -rf /etc/init.d/console-setup.sh4⤵
-
-
/bin/rmrm -rf /etc/init.d/cups4⤵
-
-
/bin/rmrm -rf /etc/init.d/cups-browsed4⤵
-
-
/bin/rmrm -rf /etc/init.d/dbus4⤵
-
-
/bin/rmrm -rf /etc/init.d/hwclock.sh4⤵
-
-
/bin/rmrm -rf /etc/init.d/irqbalance4⤵
-
-
/bin/rmrm -rf /etc/init.d/keyboard-setup.sh4⤵
-
-
/bin/rmrm -rf /etc/init.d/kmod4⤵
-
-
/bin/rmrm -rf /etc/init.d/lightdm4⤵
-
-
/bin/rmrm -rf /etc/init.d/networking4⤵
-
-
/bin/rmrm -rf /etc/init.d/openvpn4⤵
-
-
/bin/rmrm -rf /etc/init.d/plymouth4⤵
-
-
/bin/rmrm -rf /etc/init.d/plymouth-log4⤵
-
-
/bin/rmrm -rf /etc/init.d/procps4⤵
-
-
/bin/rmrm -rf /etc/init.d/resolvconf4⤵
-
-
/bin/rmrm -rf /etc/init.d/rsync4⤵
-
-
/bin/rmrm -rf /etc/init.d/rsyslog4⤵
-
-
/bin/rmrm -rf /etc/init.d/saned4⤵
-
-
/bin/rmrm -rf /etc/init.d/speech-dispatcher4⤵
-
-
/bin/rmrm -rf /etc/init.d/ssh4⤵
-
-
/bin/rmrm -rf /etc/init.d/udev4⤵
-
-
/bin/rmrm -rf /etc/init.d/ufw4⤵
-
-
/bin/rmrm -rf /etc/init.d/uml-utilities4⤵
-
-
/bin/rmrm -rf /etc/init.d/unattended-upgrades4⤵
-
-
/bin/rmrm -rf /etc/init.d/uuidd4⤵
-
-
/bin/rmrm -rf /etc/init.d/x11-common4⤵
-
-
/bin/rmrm -rf /etc/profile.d/bash_cfg.sh4⤵
-
-
/bin/rmrm -rf /etc/profile.d/gateway.sh4⤵
-
-
/bin/rmrm -rf /usr/bin/include/find4⤵
-
-
/bin/rmrm -rf /usr/bin/include/lsof4⤵
-
-
/bin/rmrm -rf /boot/System.mod4⤵
-
-
/bin/rmrm -rf /etc/opt.services.cfg4⤵
-
-
/bin/rmrm -rf /etc/profile.d/bash_cfg4⤵
-
-
/bin/rmrm -rf /lib/system-mark4⤵
-
-
/bin/rmrm -rf /usr/lib/libgdi.so.0.8.14⤵
-
-
/bin/rmrm -rf /usr/sbin/ifconfig.cfg4⤵
-
-
/bin/rmrm -rf /etc/init.d/acpid4⤵
-
-
/bin/rmrm -rf /etc/init.d/alsa-utils4⤵
-
-
/bin/rmrm -rf /etc/init.d/anacron4⤵
-
-
/bin/rmrm -rf /etc/init.d/apparmor4⤵
-
-
/bin/rmrm -rf /etc/init.d/apport4⤵
-
-
/bin/rmrm -rf /etc/init.d/avahi-daemon4⤵
-
-
/bin/rmrm -rf /etc/init.d/binfmt-support4⤵
-
-
/bin/rmrm -rf /etc/init.d/bluetooth4⤵
-
-
/bin/rmrm -rf /etc/init.d/console-setup.sh4⤵
-
-
/bin/rmrm -rf /etc/init.d/cryptdisks4⤵
-
-
/bin/rmrm -rf /etc/init.d/cryptdisks-early4⤵
-
-
/bin/rmrm -rf /etc/init.d/cups4⤵
-
-
/bin/rmrm -rf /etc/init.d/cups-browsed4⤵
-
-
/bin/rmrm -rf /etc/init.d/dbus4⤵
-
-
/bin/rmrm -rf /etc/init.d/gdm34⤵
-
-
/bin/rmrm -rf /etc/init.d/hddtemp4⤵
-
-
/bin/rmrm -rf /etc/init.d/hwclock.sh4⤵
-
-
/bin/rmrm -rf /etc/init.d/irqbalance4⤵
-
-
/bin/rmrm -rf /etc/init.d/iscsid4⤵
-
-
/bin/rmrm -rf /etc/init.d/keyboard-setup.sh4⤵
-
-
/bin/rmrm -rf /etc/init.d/kmod4⤵
-
-
/bin/rmrm -rf /etc/init.d/lightdm4⤵
-
-
/bin/rmrm -rf /etc/init.d/lm-sensors4⤵
-
-
/bin/rmrm -rf /etc/init.d/lvm2-lvmpolld4⤵
-
-
/bin/rmrm -rf /etc/init.d/mono-xsp44⤵
-
-
/bin/rmrm -rf /etc/init.d/multipath-tools4⤵
-
-
/bin/rmrm -rf /etc/init.d/open-iscsi4⤵
-
-
/bin/rmrm -rf /etc/init.d/open-vm-tools4⤵
-
-
/bin/rmrm -rf /etc/init.d/plymouth4⤵
-
-
/bin/rmrm -rf /etc/init.d/plymouth-log4⤵
-
-
/bin/rmrm -rf /etc/init.d/procps4⤵
-
-
/bin/rmrm -rf /etc/init.d/rsync4⤵
-
-
/bin/rmrm -rf /etc/init.d/rsyslog4⤵
-
-
/bin/rmrm -rf /etc/init.d/saned4⤵
-
-
/bin/rmrm -rf /etc/init.d/screen-cleanup4⤵
-
-
/bin/rmrm -rf /etc/init.d/spice-vdagent4⤵
-
-
/bin/rmrm -rf /etc/init.d/ssh4⤵
-
-
/bin/rmrm -rf /etc/init.d/udev4⤵
-
-
/bin/rmrm -rf /etc/init.d/ufw4⤵
-
-
/bin/rmrm -rf /etc/init.d/uuidd4⤵
-
-
/bin/rmrm -rf /etc/init.d/x11-common4⤵
-
-
/bin/rmrm -rf /etc/profile.d/bash_cfg.sh4⤵
-
-
/bin/rmrm -rf /etc/profile.d/gateway.sh4⤵
-
-
/bin/rmrm -rf /proc/3434/loginuid4⤵
-
-
/bin/rmrm -rf /run/crond.pid4⤵
-
-
/bin/rmrm -rf /usr/lib/systemd/system/quotaoff.service4⤵
-
-
-
-
/usr/bin/awkawk "{print \$2}"1⤵
- Reads runtime system information
-
/bin/grepgrep -e " /proc/[0-9]* " /proc/mounts1⤵
- Reads runtime system information
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3KB
MD599c7a64e10b688132a7144d4ee60f924
SHA136b0329c7de613edd25eee40ef5e7d3502500c18
SHA25631730a51bf6d7521725634228099ca12dff7af6651add4260414f1f9c579c263
SHA5124bc2029540c35800177d9042c268ae4d86c41439aceb23f8d12c88eab2342c7bdb839325b6d9a048396801144cbc1d7fb673e7f44e685043f9b009a27cb22eb9
-
Filesize
2KB
MD585d7a3783889ea93dcda2fb488420c1c
SHA18edf95b211ad7e8df3ee2a331c4e658e9b746e5c
SHA2562df15277374dedbff7fb792f22e42a72c75fbfc73414ccc87e07f49d377ad9d0
SHA5129abf28183e952b372423ec48c3b20cd218cfd76b50138ced0dd1969f7be66e0697cbcaee28d71984c46369ea14f9a62a8061ee992ddc2ca2b186c87b689dc3e9