e4b97889fd03e2d12d395cee75c7316cd655689cff616e8ae64f72759322b00c

General

Target

1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
Size

60KB
MD5

1fddd8b0aadb0a02ea890f698caff89c
SHA1

211110ccd5195d8eb3124899b656774741e91429
SHA256

e4b97889fd03e2d12d395cee75c7316cd655689cff616e8ae64f72759322b00c
SHA512

aa5b1109741c9983d7bcc15e32fbacf36e4d011316bb19ec282703435133a63117d59aae1e32936e32577baeccd9488d41f3b6c7a618d93c4458e7185d5cbf1a
SSDEEP

1536:ItLBpV4/JSWE/h8RAv+QvQpiIXRySsuZG:YBpV4/JSWE/hgARQpd8V

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (103431) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

Processes:

1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118

description	ioc	process
File opened for modification	/dev/watchdog	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for modification	/dev/misc/watchdog	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118

Enumerates running processes
Discovers information about currently running processes on the system

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118

description	ioc	process
File opened for reading	/proc/949/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1172/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1582/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/422/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1581/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1813/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1833/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/557/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1724/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1820/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1831/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1591/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1635/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1688/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1931/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/428/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1063/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1119/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1143/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1155/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1159/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1727/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1715/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/468/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1632/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1914/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/684/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1682/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1850/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1876/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1895/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1921/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1264/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1922/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1924/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1679/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1714/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1840/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1917/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/454/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/465/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/662/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/672/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1111/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1906/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1982/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1151/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1666/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1836/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/538/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1618/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1078/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1127/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1880/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1934/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1937/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1990/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/597/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/984/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1169/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1619/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1641/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/461/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
File opened for reading	/proc/1088/exe	1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118

/tmp/1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
/tmp/1fddd8b0aadb0a02ea890f698caff89c_JaffaCakes118
1⤵
- Modifies Watchdog functionality
- Reads runtime system information
PID:1584

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

1

T1562

Credential Access

Discovery

Network Service Discovery

2

T1046

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads