kaiten | a506c6cf25de202e6b2bf60fe0236911a6ff8aa33f12a78edad9165ab0851caf

Analysis

max time kernel
149s
max time network
148s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
01-07-2024 06:17

Target

a506c6cf25de202e6b2bf60fe0236911a6ff8aa33f12a78edad9165ab0851caf
Size

16KB
MD5

df386df8c8a376686f788ceff1216f11
SHA1

b878d4c559855d65a4359341e11e7382f18aeb54
SHA256

a506c6cf25de202e6b2bf60fe0236911a6ff8aa33f12a78edad9165ab0851caf
SHA512

cef61ef0c2d7f925c49c8834c701d3c08b37367829df10e8f7839d360518d61a3ff0c957749081104ae80096aed76b2f2dc182ea61c14d1664f8c15dec30d21d
SSDEEP

384:YfWm2aSROZcxHjUR46e3otA94kPotslUOZxZft5:YfWNEWFjURt4B9JJuU3P

Score

10^/10

kaiten botnet

Detects Kaiten/Tsunami Payload 1 IoCs

resource	yara_rule
behavioral1/memory/1398-1-0x00007fcfb0edf000-0x00007fcfb0ee9860-memory.dmp	family_kaiten2

Detects Kaiten/Tsunami payload 1 IoCs

resource	yara_rule
behavioral1/memory/1398-1-0x00007fcfb0edf000-0x00007fcfb0ee9860-memory.dmp	family_kaiten

Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
botnet kaiten

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/self/exe	a506c6cf25de202e6b2bf60fe0236911a6ff8aa33f12a78edad9165ab0851caf

/tmp/a506c6cf25de202e6b2bf60fe0236911a6ff8aa33f12a78edad9165ab0851caf
/tmp/a506c6cf25de202e6b2bf60fe0236911a6ff8aa33f12a78edad9165ab0851caf
1⤵
- Reads runtime system information
PID:1398