kaiten | 594a4bc0f819e60976e43139ae1f09259a87c5c014e1bfde62efabe34997beb7 | Triage

Submit
Reports

Overview

overview

Static

static

1

2b404255f4...kes118

debian-9-mips

Sharing

General

Target

2b404255f46cc50edb66b11d3c559636_JaffaCakes118
Size

57KB
Sample

240728-3ltsaa1epn
MD5

2b404255f46cc50edb66b11d3c559636
SHA1

149d024cd07e346b9bc983153ccd544997efa77a
SHA256

594a4bc0f819e60976e43139ae1f09259a87c5c014e1bfde62efabe34997beb7
SHA512

6ff44170d0b610d3ffa2b8c61b2cc70b68b856b1d8b065e77299c49e8e0f6d6cb9b06a37325332b8c330ff7405bbc5ebd64824b67018b4247f3ef16e16c05047
SSDEEP

1536:/oo48wXR5lvyN76/KTRAjDSzEhVcuqqBW:AopwXR55+6STzsV7vBW

Score

10^/10

kaiten botnet persistence

Static task

static1

Behavioral task

behavioral1

Sample

2b404255f46cc50edb66b11d3c559636_JaffaCakes118

Resource

debian9-mipsbe-20240729-en

kaiten botnet persistence

debian-9-mips

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  2b404255f46cc50edb66b11d3c559636_JaffaCakes118
- Size
  
  57KB
- MD5
  
  2b404255f46cc50edb66b11d3c559636
- SHA1
  
  149d024cd07e346b9bc983153ccd544997efa77a
- SHA256
  
  594a4bc0f819e60976e43139ae1f09259a87c5c014e1bfde62efabe34997beb7
- SHA512
  
  6ff44170d0b610d3ffa2b8c61b2cc70b68b856b1d8b065e77299c49e8e0f6d6cb9b06a37325332b8c330ff7405bbc5ebd64824b67018b4247f3ef16e16c05047
- SSDEEP
  
  1536:/oo48wXR5lvyN76/KTRAjDSzEhVcuqqBW:AopwXR55+6STzsV7vBW
Score

10^/10

kaiten botnet persistence
- Detects Kaiten/Tsunami Payload
- Kaiten/Tsunami
  Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
  botnet kaiten
- Writes DNS configuration
  Writes data to DNS resolver config file.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Dynamic Resolution

Exfiltration

Impact

Tasks

static1

behavioral1

kaitenbotnetpersistence

© 2018-2025

Terms | Privacy