Analysis Overview
SHA256
bb6cb684d2845050828adef8e78e6a242ad595064bce60d675d2b240a4ebf87d
Threat Level: Shows suspicious behavior
The file 5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
UPX packed file
Modifies init.d
Reads system routing table
Write file to user bin folder
Writes file to system bin folder
Checks CPU configuration
Reads system network configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-20 07:16
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-20 07:16
Reported
2024-05-20 07:18
Platform
ubuntu2004-amd64-20240508-en
Max time kernel
149s
Max time network
151s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | N/A |
| N/A | /usr/bin/bsd-port/getty | /usr/bin/bsd-port/getty | N/A |
| N/A | /etc/ssh/sshpa | /etc/ssh/sshpa | N/A |
| N/A | /usr/bin/bsd-port/udevd | /usr/bin/bsd-port/udevd | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Modifies init.d
| Description | Indicator | Process | Target |
| File opened for modification | /etc/init.d/DbSecuritySpt | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for modification | /etc/init.d/selinux | /usr/bin/bsd-port/getty | N/A |
Reads system routing table
| Description | Indicator | Process | Target |
| File opened for reading | /proc/net/route | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | N/A |
| File opened for reading | /proc/net/route | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
Write file to user bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /usr/bin/lsof | /usr/bin/cp | N/A |
| File opened for modification | /usr/bin/ps | /usr/bin/cp | N/A |
| File opened for modification | /usr/bin/bsd-port/getty.lock | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for modification | /usr/bin/bsd-port/getty | /usr/bin/cp | N/A |
| File opened for modification | /usr/bin/bsd-port/udevd | /usr/bin/bsd-port/getty | N/A |
| File opened for modification | /usr/bin/bsd-port/udevd.lock | /usr/bin/bsd-port/udevd | N/A |
| File opened for modification | /usr/bin/bsd-port/getty.lock | /usr/bin/bsd-port/getty | N/A |
| File opened for modification | /usr/bin/dpkgd/lsof | /usr/bin/cp | N/A |
| File opened for modification | /usr/bin/dpkgd/ps | /usr/bin/cp | N/A |
Writes file to system bin folder
| Description | Indicator | Process | Target |
| File opened for modification | /bin/lsof | /usr/bin/cp | N/A |
| File opened for modification | /bin/ps | /usr/bin/cp | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | N/A |
| File opened for reading | /proc/cpuinfo | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/bsd-port/udevd | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/bsd-port/getty | N/A |
Reads system network configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/net/route | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | N/A |
| File opened for reading | /proc/net/arp | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | N/A |
| File opened for reading | /proc/net/dev | /usr/bin/bsd-port/getty | N/A |
| File opened for reading | /proc/net/dev | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | N/A |
| File opened for reading | /proc/net/dev | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for reading | /proc/net/dev | /usr/bin/bsd-port/udevd | N/A |
| File opened for reading | /proc/net/route | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for reading | /proc/net/arp | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/kernel/version | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/cp | N/A |
| File opened for reading | /proc/cmdline | /usr/sbin/insmod | N/A |
| File opened for reading | /proc/sys/kernel/version | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | N/A |
| File opened for reading | /proc/stat | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for reading | /proc/sys/kernel/version | /usr/bin/bsd-port/udevd | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/cp | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/mkdir | N/A |
| File opened for reading | /proc/meminfo | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/cp | N/A |
| File opened for reading | /proc/sys/kernel/version | /usr/bin/bsd-port/getty | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/cp | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/cp | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/mkdir | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/bsd-port/getty | N/A |
| File opened for reading | /proc/meminfo | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/mkdir | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/mkdir | N/A |
| File opened for reading | /proc/stat | /usr/bin/bsd-port/udevd | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/bsd-port/udevd | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/cp | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/cp | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/cp | N/A |
| File opened for reading | /proc/stat | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | N/A |
| File opened for reading | /proc/cmdline | /usr/sbin/insmod | N/A |
| File opened for reading | /proc/sys/kernel/version | /etc/ssh/sshpa | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/mkdir | N/A |
| File opened for reading | /proc/stat | /usr/bin/bsd-port/getty | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/moni.lock | /etc/ssh/sshpa | N/A |
| File opened for modification | /tmp/notify.file | /etc/ssh/sshpa | N/A |
| File opened for modification | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for modification | /tmp/notify.file | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for modification | /tmp/conf.n | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for modification | /tmp/gates.lock | /etc/ssh/sshpa | N/A |
| File opened for modification | /tmp/moni.lock | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for modification | /tmp/gates.lock | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 | N/A |
| File opened for modification | /tmp/bill.lock | /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h | N/A |
Processes
/tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118
[/tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118]
/bin/sh
[sh -c /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h]
/tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h
[/tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h]
/bin/sh
[sh -c insmod /usr/lib/xpacket.ko]
/usr/sbin/insmod
[insmod /usr/lib/xpacket.ko]
/bin/sh
[sh -c ln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt]
/usr/bin/ln
[ln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt]
/bin/sh
[sh -c ln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt]
/usr/bin/ln
[ln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt]
/bin/sh
[sh -c ln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt]
/usr/bin/ln
[ln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt]
/bin/sh
[sh -c ln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt]
/usr/bin/ln
[ln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt]
/bin/sh
[sh -c ln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt]
/usr/bin/ln
[ln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt]
/bin/sh
[sh -c mkdir -p /usr/bin/bsd-port]
/usr/bin/mkdir
[mkdir -p /usr/bin/bsd-port]
/bin/sh
[sh -c cp -f /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 /usr/bin/bsd-port/getty]
/usr/bin/cp
[cp -f /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 /usr/bin/bsd-port/getty]
/bin/sh
[sh -c /usr/bin/bsd-port/getty]
/usr/bin/bsd-port/getty
[/usr/bin/bsd-port/getty]
/bin/sh
[sh -c mkdir -p /etc/ssh]
/usr/bin/mkdir
[mkdir -p /etc/ssh]
/bin/sh
[sh -c cp -f /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 /etc/ssh/sshpa]
/usr/bin/cp
[cp -f /tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118 /etc/ssh/sshpa]
/bin/sh
[sh -c /etc/ssh/sshpa]
/etc/ssh/sshpa
[/etc/ssh/sshpa]
/bin/sh
[sh -c ln -s /etc/init.d/selinux /etc/rc1.d/S99selinux]
/usr/bin/ln
[ln -s /etc/init.d/selinux /etc/rc1.d/S99selinux]
/bin/sh
[sh -c ln -s /etc/init.d/selinux /etc/rc2.d/S99selinux]
/usr/bin/ln
[ln -s /etc/init.d/selinux /etc/rc2.d/S99selinux]
/bin/sh
[sh -c ln -s /etc/init.d/selinux /etc/rc3.d/S99selinux]
/usr/bin/ln
[ln -s /etc/init.d/selinux /etc/rc3.d/S99selinux]
/bin/sh
[sh -c ln -s /etc/init.d/selinux /etc/rc4.d/S99selinux]
/usr/bin/ln
[ln -s /etc/init.d/selinux /etc/rc4.d/S99selinux]
/bin/sh
[sh -c ln -s /etc/init.d/selinux /etc/rc5.d/S99selinux]
/usr/bin/ln
[ln -s /etc/init.d/selinux /etc/rc5.d/S99selinux]
/bin/sh
[sh -c /usr/bin/bsd-port/udevd]
/usr/bin/bsd-port/udevd
[/usr/bin/bsd-port/udevd]
/bin/sh
[sh -c insmod /usr/lib/xpacket.ko]
/usr/sbin/insmod
[insmod /usr/lib/xpacket.ko]
/bin/sh
[sh -c mkdir -p /usr/bin/dpkgd]
/usr/bin/mkdir
[mkdir -p /usr/bin/dpkgd]
/bin/sh
[sh -c cp -f /bin/lsof /usr/bin/dpkgd/lsof]
/usr/bin/cp
[cp -f /bin/lsof /usr/bin/dpkgd/lsof]
/bin/sh
[sh -c mkdir -p /bin]
/usr/bin/mkdir
[mkdir -p /bin]
/bin/sh
[sh -c cp -f /usr/bin/bsd-port/getty /bin/lsof]
/usr/bin/cp
[cp -f /usr/bin/bsd-port/getty /bin/lsof]
/bin/sh
[sh -c chmod 0755 /bin/lsof]
/usr/bin/chmod
[chmod 0755 /bin/lsof]
/bin/sh
[sh -c cp -f /bin/ps /usr/bin/dpkgd/ps]
/usr/bin/cp
[cp -f /bin/ps /usr/bin/dpkgd/ps]
/bin/sh
[sh -c mkdir -p /bin]
/usr/bin/mkdir
[mkdir -p /bin]
/bin/sh
[sh -c cp -f /usr/bin/bsd-port/getty /bin/ps]
/usr/bin/cp
[cp -f /usr/bin/bsd-port/getty /bin/ps]
/bin/sh
[sh -c chmod 0755 /bin/ps]
/usr/bin/chmod
[chmod 0755 /bin/ps]
/bin/sh
[sh -c mkdir -p /usr/bin]
/usr/bin/mkdir
[mkdir -p /usr/bin]
/bin/sh
[sh -c cp -f /usr/bin/bsd-port/getty /usr/bin/lsof]
/usr/bin/cp
[cp -f /usr/bin/bsd-port/getty /usr/bin/lsof]
/bin/sh
[sh -c chmod 0755 /usr/bin/lsof]
/usr/bin/chmod
[chmod 0755 /usr/bin/lsof]
/bin/sh
[sh -c mkdir -p /usr/bin]
/usr/bin/mkdir
[mkdir -p /usr/bin]
/bin/sh
[sh -c cp -f /usr/bin/bsd-port/getty /usr/bin/ps]
/usr/bin/cp
[cp -f /usr/bin/bsd-port/getty /usr/bin/ps]
/bin/sh
[sh -c chmod 0755 /usr/bin/ps]
/usr/bin/chmod
[chmod 0755 /usr/bin/ps]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| TR | 194.55.187.56:36000 | tcp | |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | connectivity-check.ubuntu.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| TR | 194.55.187.56:36000 | tcp | |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
| US | 1.1.1.1:53 | bbb.dj6cc.com | udp |
Files
/tmp/5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118h
| MD5 | ba0fe97c515fad8562417fed51763a26 |
| SHA1 | 9127171c177261ccc5745715223d51d8553be510 |
| SHA256 | e20cdd06a09e352ec1037385f226ec1c5ad2248d539a91e0f9f2a81c2609d7b8 |
| SHA512 | 4c5464dbcaea48440c6469ef51d289951df5ad395bee4e66c41173760400e4136e2229820c673f0e897277bb27aa915ab1dc0d3b3d482ce3efef5325548271b4 |
/tmp/gates.lock
| MD5 | 9701a1c165dd9420816bfec5edd6c2b1 |
| SHA1 | e4b5a2b01ee1b51b2d17a165855b43c142d822c4 |
| SHA256 | afd679cd3f9a81fd9ce02e6434a24f848937f09909fabcc3b3781e06036e284c |
| SHA512 | f4596df70f72dc79c62da6b3a8af26ff242ae224525a1e241006735ddc8b04bf95c59b03bf095873e1fcfa28a68029146a9f8f66ddf0198710448b385eb1721c |
/tmp/bill.lock
| MD5 | afe434653a898da20044041262b3ac74 |
| SHA1 | ee176776f84a8e7eb91c3560943535558748ab9e |
| SHA256 | 2315bd64e75a346541681575e5b227059bc726907f5a5b893505b648a3062e77 |
| SHA512 | fe563a8a3e842094a20ab2263438dedd05cf2b347a0e541a4198a855514788fe8a3c1ddfdaf6af76a554da878694296b74e7cbe75eaf4a94111cde51299c9faf |
memory/1443-1-0x0000000008048000-0x0000000008112c2c-memory.dmp
/etc/init.d/DbSecuritySpt
| MD5 | 0d18626dc1370fb69a3dcadbdb62af33 |
| SHA1 | 4253c6aaeaeee1d6c706f24fc2a5124a4a119a3a |
| SHA256 | 72a6861b01758fdb3b00ea9652e6336a4c24ec198bd0bb9ab683e90c6afb7b41 |
| SHA512 | 3a7e3376a0fb8f4ccdc1107c8f69b6c7f04bf8fa6d3e0a441c8fe8626be0a294cd3da3512a59038df20b3bbff097adf67f6b54c955532d6953bf2b977494469b |
/usr/bin/bsd-port/getty
| MD5 | 5dd0958ec75fcf14d16d03b2ec7629d0 |
| SHA1 | b72c201d1fb3b239395b1136675760e3a7365111 |
| SHA256 | bb6cb684d2845050828adef8e78e6a242ad595064bce60d675d2b240a4ebf87d |
| SHA512 | 74bfda790e337735e33d7a1b633369f64cb3ba8df4280213f3d4f6a7cb9dbd73db3f77f305d34cf7868fd3da251a15f152dc7db89091ae8bcf475c1f72535ee4 |
/tmp/notify.file
| MD5 | fbf63607cb2541b33889789656aff149 |
| SHA1 | 824a5166c2daec99b7ecb9aff8ba86866527cb09 |
| SHA256 | ff21aac2d30e7b2704e7d504629a879797fc3faa9a0da014e06e831305092f7b |
| SHA512 | bc9cae6409a0b2d4ee0019b7d2bb34c28b9691dcf45c42fb70d505c8846b2caac9eb091427dd52d34641eb476d7f9f0e491e63cc5e513779f22cb356fd19da54 |
/etc/init.d/selinux
| MD5 | 993cc15058142d96c3daf7852c3d5ee8 |
| SHA1 | 0950b8b391b04dd3895ea33cd3141543ebd2525d |
| SHA256 | 8171d077918611803d93088409f220c66fae1c670b297e1aa5d8cbd548ce9208 |
| SHA512 | 0c4256c00a3710f97e92581b552682b36b62afc35fe72622c491323c618c19ea62611ac04ccafc3dfcde2254a2ebbd93b69b66795b16e36332293bed83adb928 |
memory/1493-2-0x0000000008048000-0x0000000008112c2c-memory.dmp
/usr/bin/dpkgd/lsof
| MD5 | 061386937ec7acf924438a2643a32be0 |
| SHA1 | 01a044b9e58839bea3e58c66cb32acc16241bf91 |
| SHA256 | 8a26bbae9eb85aa98ef29cfe5b0a291234db6eb394c3e0c2841983dcf7dda959 |
| SHA512 | 2de2e56ac4c32f47b4a1945ccfb0db378e6d59019ee8004e3e5d2ec8935efb5aa8ee14b8a0b21c61a267e195d42a3232a6dcade8720de06118fd579277f59db7 |
/usr/bin/dpkgd/ps
| MD5 | d194576b899af45b1d2a448612ec21e5 |
| SHA1 | 492f7d8f28cd4397ce22fcf0d8bf3304ea93465a |
| SHA256 | a8cf81f3a1137c999c3cf336507ce120b3065e633ade01db6280d427b7d986ca |
| SHA512 | b323babd9580b91772cde29c9f22ae75b27f5ce8ce0268a48ca41713c3545dd72409932a5c48f6af66ac6e43127eb5461d1f686bd667fa1b0e56a1564db3c539 |
/tmp/moni.lock
| MD5 | 7d6044e95a16761171b130dcb476a43e |
| SHA1 | fcd8b5b9ecb89e65d56504f6f6cfe82eed26887e |
| SHA256 | 3a047b4a81effb2caf23b20df833b025335658cf85b97b02138786ff6301be36 |
| SHA512 | 9a56f289b19b3466787c937bcb7e1b83668939aa733c0baac5c10afaa3ef1c4a676defb299db217aa7089747fd788fe49acdf48a563489efa1f4df5b1630777b |