Analysis
-
max time kernel
149s -
max time network
100s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240611-en -
resource tags
-
submitted
28-08-2024 20:11
General
-
Target
go
-
Size
3KB
-
MD5
fd55f0754084ba041539bb469f06a83d
-
SHA1
af7beef3297d77bdf1299a4fbf6cc50e27113aa4
-
SHA256
9bde6ebc01e00f36cb71b979f602f61a0f78e201ad9073ae557d764578789023
-
SHA512
cee0d136026accde83034f0b135dac8bdc2eec1a395a518f4b15c813062d75d49432b6d0ba996448107c1735382e84c31aeec372e9e1a9f830f1be848f7a8248
Malware Config
Signatures
-
Detects Kaiten/Tsunami Payload 3 IoCs
-
Detects Kaiten/Tsunami payload 2 IoCs
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
Adds new SSH keys 2 IoCs
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Modifies password files for system users/ groups 16 IoCs
Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
-
Write file to user bin folder 1 TTPs 1 IoCs
-
Writes file to system bin folder 1 TTPs 64 IoCs
-
Changes its process name 2 IoCs
-
Reads runtime system information 18 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 36 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/go/tmp/go1⤵
- Adds new SSH keys
-
/usr/bin/gccgcc -o /usr/share/man/man1/kwk a.c2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/mipsel-linux-gnu/6/cc1/usr/lib/gcc/mipsel-linux-gnu/6/cc1 -quiet -imultiarch mipsel-linux-gnu a.c -mel -quiet -dumpbase a.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mno-madd4 -mips32r2 "-mabi=32" -auxbase a -o /tmp/ccBKzUEH.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccaFIeLB.o /tmp/ccBKzUEH.s3⤵
-
-
/usr/local/bin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccaFIeLB.o /tmp/ccBKzUEH.s3⤵
-
-
/usr/sbin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccaFIeLB.o /tmp/ccBKzUEH.s3⤵
-
-
/usr/bin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccaFIeLB.o /tmp/ccBKzUEH.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/mipsel-linux-gnu/6/collect2/usr/lib/gcc/mipsel-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccIK0SO7.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o /usr/share/man/man1/kwk /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/ccaFIeLB.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccIK0SO7.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o /usr/share/man/man1/kwk /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/ccaFIeLB.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o4⤵
-
-
-
-
/tmp/distro./distro2⤵
-
-
/bin/rmrm -rf /sbin/nologin2⤵
-
-
/bin/rmrm -rf /usr/sbin/nologin2⤵
-
-
/bin/rmrm -rf /bin/false2⤵
-
-
/bin/cpcp /bin/bash /bin/false2⤵
- Reads runtime system information
-
-
/bin/cpcp /bin/bash /usr/sbin/nologin2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/bin/cpcp /bin/bash /sbin/nologin2⤵
- Reads runtime system information
-
-
/usr/sbin/usermodusermod -G root nobody2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/usr/sbin/usermodusermod -G root bin2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/usr/sbin/usermodusermod -G sudo nobody2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/usr/sbin/usermodusermod -G sudo bin2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/bin/rmrm -rf "/bin/.ssh/authorized*"2⤵
-
-
/bin/rmrm -rf "/usr/games/.ssh/authorized*"2⤵
-
-
/bin/mkdirmkdir /bin/.ssh -p2⤵
- Reads runtime system information
-
-
/bin/mkdirmkdir /usr/games/.ssh -p2⤵
- Reads runtime system information
-
-
/bin/mkdirmkdir /root/.ssh -p2⤵
- Reads runtime system information
-
-
/bin/mkdirmkdir /usr/games/.ssh -p2⤵
- Reads runtime system information
-
-
/usr/bin/whoamiwhoami2⤵
-
-
/bin/hostnamehostname2⤵
-
-
/bin/mkdirmkdir /root/.ssh -p2⤵
- Reads runtime system information
-
-
/usr/bin/whoamiwhoami2⤵
-
-
/bin/hostnamehostname2⤵
-
-
/bin/chmodchmod 600 /root/.ssh/authorized_keys2⤵
-
-
/bin/chmodchmod 755 /usr/games/.ssh2⤵
-
-
/bin/chmodchmod 600 /usr/games/.ssh/authorized_keys2⤵
-
-
/bin/chownchown games:games /usr/games/.ssh/2⤵
-
-
/bin/chownchown games:games /usr/games/.ssh/authorized_keys2⤵
-
-
/bin/chownchown bin:bin /usr/bin/.ssh/2⤵
-
-
/bin/chownchown bin:bin "/usr/bin/.ssh/au*"2⤵
-
-
/bin/rmrm -rf /bin/ping6 /sbin/ping62⤵
-
-
/usr/bin/gccgcc -o /bin/ping6 ping.c2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/mipsel-linux-gnu/6/cc1/usr/lib/gcc/mipsel-linux-gnu/6/cc1 -quiet -imultiarch mipsel-linux-gnu ping.c -mel -quiet -dumpbase ping.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mno-madd4 -mips32r2 "-mabi=32" -auxbase ping -o /tmp/ccspWXQj.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccs03w6h.o /tmp/ccspWXQj.s3⤵
-
-
/usr/local/bin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccs03w6h.o /tmp/ccspWXQj.s3⤵
-
-
/usr/sbin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccs03w6h.o /tmp/ccspWXQj.s3⤵
-
-
/usr/bin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccs03w6h.o /tmp/ccspWXQj.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/mipsel-linux-gnu/6/collect2/usr/lib/gcc/mipsel-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc5lnnDK.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o /bin/ping6 /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/ccs03w6h.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc5lnnDK.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o /bin/ping6 /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/ccs03w6h.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o4⤵
-
-
-
-
/bin/chmodchmod u+xs /bin/ping62⤵
-
-
/bin/cpcp /bin/ping6 /sbin/uid2⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/bin/cpcp /bin/ping6 /usr/include/bakla.h2⤵
- Reads runtime system information
-
-
/usr/bin/gccgcc -DLINUX -Wall -o /bin/cls cls.c2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/mipsel-linux-gnu/6/cc1/usr/lib/gcc/mipsel-linux-gnu/6/cc1 -quiet -imultiarch mipsel-linux-gnu -D LINUX cls.c -mel -quiet -dumpbase cls.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mno-madd4 -mips32r2 "-mabi=32" -auxbase cls -Wall -o /tmp/ccd9DnTg.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccXf6Qj8.o /tmp/ccd9DnTg.s3⤵
-
-
/usr/local/bin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccXf6Qj8.o /tmp/ccd9DnTg.s3⤵
-
-
/usr/sbin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccXf6Qj8.o /tmp/ccd9DnTg.s3⤵
-
-
/usr/bin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccXf6Qj8.o /tmp/ccd9DnTg.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/mipsel-linux-gnu/6/collect2/usr/lib/gcc/mipsel-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc48mxOg.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o /bin/cls /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/ccXf6Qj8.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc48mxOg.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o /bin/cls /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/ccXf6Qj8.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o4⤵
- Writes file to system bin folder
-
-
-
-
/usr/bin/gccgcc clean.c -o /bin/clean -D Linux2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/mipsel-linux-gnu/6/cc1/usr/lib/gcc/mipsel-linux-gnu/6/cc1 -quiet -imultiarch mipsel-linux-gnu -D Linux clean.c -mel -quiet -dumpbase clean.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mno-madd4 -mips32r2 "-mabi=32" -auxbase clean -o /tmp/ccP1ahAJ.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc3aJszx.o /tmp/ccP1ahAJ.s3⤵
-
-
/usr/local/bin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc3aJszx.o /tmp/ccP1ahAJ.s3⤵
-
-
/usr/sbin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc3aJszx.o /tmp/ccP1ahAJ.s3⤵
-
-
/usr/bin/asas -EL -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/cc3aJszx.o /tmp/ccP1ahAJ.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/mipsel-linux-gnu/6/collect2/usr/lib/gcc/mipsel-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cchsjNvF.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o /bin/clean /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/cc3aJszx.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/mipsel-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mipsel-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cchsjNvF.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EL -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32ltsmip -pie -o /bin/clean /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/Scrt1.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crti.o /usr/lib/gcc/mipsel-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mipsel-linux-gnu/6 -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu -L/usr/lib/gcc/mipsel-linux-gnu/6/../../../../lib -L/lib/mipsel-linux-gnu -L/lib/../lib -L/usr/lib/mipsel-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mipsel-linux-gnu/6/../../.. /tmp/cc3aJszx.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mipsel-linux-gnu/6/crtendS.o /usr/lib/gcc/mipsel-linux-gnu/6/../../../mipsel-linux-gnu/crtn.o4⤵
-
-
-
-
/usr/bin/perlperl bot plm.ftp.sh 1080 -bash2⤵
- Changes its process name
-
-
/usr/bin/perlperl bot irc.undernet.org 6667 -bash2⤵
- Changes its process name
-
-
/usr/bin/touchtouch -d "Dec 1 2018" /root/.ssh /root/.ssh/authorized_keys /bin/bash /bin/bunzip2 /bin/busybox /bin/bzcat /bin/bzcmp /bin/bzdiff /bin/bzegrep /bin/bzexe /bin/bzfgrep /bin/bzgrep /bin/bzip2 /bin/bzip2recover /bin/bzless /bin/bzmore /bin/cat /bin/chgrp /bin/chmod /bin/chown /bin/chvt /bin/clean /bin/cls /bin/cp /bin/cpio /bin/dash /bin/date /bin/dd /bin/df /bin/dir /bin/dmesg /bin/dnsdomainname /bin/domainname /bin/dumpkeys /bin/echo /bin/egrep /bin/false /bin/fgconsole /bin/fgrep /bin/findmnt /bin/fuser /bin/grep /bin/gunzip /bin/gzexe /bin/gzip /bin/hostname /bin/ip /bin/journalctl /bin/kbd_mode /bin/kill /bin/kmod /bin/ln /bin/loadkeys /bin/login /bin/loginctl /bin/ls /bin/lsblk /bin/lsmod /bin/mkdir /bin/mknod /bin/mktemp /bin/more /bin/mount /bin/mountpoint /bin/mt /bin/mt-gnu /bin/mv /bin/nano /bin/networkctl /bin/nisdomainname /bin/open /bin/openvt /bin/pidof /bin/ping /bin/ping4 /bin/ping6 /bin/ps /bin/pwd /bin/rbash /bin/readlink /bin/rm /bin/rmdir /bin/rnano /bin/run-parts /bin/sed /bin/setfont /bin/setupcon /bin/sh /bin/sh.distrib /bin/sleep /bin/ss /bin/stty /bin/su /bin/sync /bin/systemctl /bin/systemd /bin/systemd-ask-password /bin/systemd-escape /bin/systemd-hwdb /bin/systemd-inhibit /bin/systemd-machine-id-setup /bin/systemd-notify /bin/systemd-sysusers /bin/systemd-tmpfiles /bin/systemd-tty-ask-password-agent /bin/tailf /bin/tar /bin/tempfile /bin/touch /bin/true /bin/udevadm /bin/umount /bin/uname /bin/uncompress /bin/unicode_start /bin/vdir /bin/wdctl /bin/which /bin/ypdomainname /bin/zcat /bin/zcmp /bin/zdiff /bin/zegrep /bin/zfgrep /bin/zforce /bin/zgrep /bin/zless /bin/zmore /bin/znew /bin/.ssh/authorized_keys /bin /boot /dev /etc /home /initrd.img /initrd.img.old /lib /lost+found /media /mnt /opt /proc /root /run /sbin /srv /sys /tmp /usr /var /vmlinux /vmlinux.old /sbin/agetty /sbin/audispd /sbin/auditctl /sbin/auditd /sbin/augenrules /sbin/aureport /sbin/ausearch /sbin/autrace /sbin/badblocks /sbin/blkdeactivate /sbin/blkdiscard /sbin/blkid /sbin/blockdev /sbin/bridge /sbin/cfdisk /sbin/chcpu /sbin/ctrlaltdel /sbin/debugfs /sbin/depmod /sbin/devlink /sbin/dhclient /sbin/dhclient-script /sbin/discover /sbin/discover-modprobe /sbin/discover-pkginstall /sbin/dmsetup /sbin/dmstats /sbin/dumpe2fs /sbin/e2fsck /sbin/e2image /sbin/e2label /sbin/e2undo /sbin/fdisk /sbin/findfs /sbin/fixfiles /sbin/fsck /sbin/fsck.cramfs /sbin/fsck.ext2 /sbin/fsck.ext3 /sbin/fsck.ext4 /sbin/fsck.minix /sbin/fsfreeze /sbin/fstab-decode /sbin/fstrim /sbin/getty /sbin/halt /sbin/hwclock /sbin/ifdown /sbin/ifquery /sbin/ifup /sbin/init /sbin/insmod /sbin/installkernel /sbin/ip /sbin/ip6tables /sbin/ip6tables-restore /sbin/ip6tables-save /sbin/iptables /sbin/iptables-restore /sbin/iptables-save /sbin/isosize /sbin/kbdrate /sbin/killall5 /sbin/ldconfig /sbin/load_policy /sbin/logsave /sbin/losetup /sbin/lsmod /sbin/mke2fs /sbin/mkfs /sbin/mkfs.bfs /sbin/mkfs.cramfs /sbin/mkfs.ext2 /sbin/mkfs.ext3 /sbin/mkfs.ext4 /sbin/mkfs.minix /sbin/mkhomedir_helper /sbin/mkswap /sbin/modinfo /sbin/modprobe /sbin/nologin /sbin/pam_tally /sbin/pam_tally2 /sbin/pivot_root /sbin/poweroff /sbin/raw /sbin/reboot /sbin/resize2fs /sbin/restorecon /sbin/restorecon_xattr /sbin/rmmod /sbin/rtacct /sbin/rtmon /sbin/runlevel /sbin/runuser /sbin/setfiles /sbin/sfdisk /sbin/shadowconfig /sbin/shutdown /sbin/start-stop-daemon /sbin/sulogin /sbin/swaplabel /sbin/swapoff /sbin/swapon /sbin/switch_root /sbin/sysctl /sbin/tc /sbin/telinit /sbin/tipc /sbin/tune2fs /sbin/udevadm /sbin/uid /sbin/unix_chkpwd /sbin/unix_update /sbin/wipefs /sbin/xtables-multi /sbin/zramctl2⤵
- Adds new SSH keys
- Writes file to system bin folder
-
-
/bin/rmrm -rf a.c ".reboot*" a.c clean.c cls.c ping.c "scan*" distro go "go.tgz*" cls.c clean.c bot ping.c go "gs*"2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
381B
MD5fada28f9405c20320d0169f7549137da
SHA153f934539664a6e2c0ef06317b8518385e1272aa
SHA256e962c1d303f7d1b24325d7e8165e7b3c157455c07d666af1a5bfce4e6bcb8640
SHA512caf57f3fef4eccef88a83c74ec9b53ffffe52bfc6ba809957991beedebf581f427994a59bdec5cb9e5c9b361e6c646501f952d7941acc4ef90721f7bc6399784
-
Filesize
27KB
MD5371e44f4c2a9c84ce20e484467fb8451
SHA135ec67202ae57ffbd9b3bf8345c14e0dceee1b19
SHA2566024f2495d8084285d0804bb9552984badb9c7ff56948d5893163a59fef6b62a
SHA5121c39bab0a3433ad02ec25fb301ed6471d170e806292c941d774c2bf9f06b0cbca21f631022cd148fb0e9e8a5d84e3fe7d11254e8d5eb28e16e1ccfbe5bb895c1
-
Filesize
23KB
MD51aefaced40ed7bbd045bd7aa3a85c2b1
SHA138a6fbdf768f191a0c22982fd9dba12f5dbfaa3f
SHA256297a4ad0de93af86d21f3602eabe8a3fbc26b83b9c5732b9733eb7a7d28268ab
SHA512e8c1c7df4fd344ac780636dea683492b3aa8082855eb11ee1934d31cd8872c7f4babb27a7dcbe125c0cca19f8aa3808a80bb42bf9b630ff61b991b2c3d984299
-
Filesize
1.2MB
MD5ff888a762cf16272e430e01339a82159
SHA12aa621d5aad40292085f966fb58fd64c92f77781
SHA256ee7e16d652d1c6ad490a8c5405a7196cd7081c541e6f81f6ed45e4987acf14ae
SHA512421afe6b505c67e0753f0431caa0563dbe8ca29427a36c563226544c9d89dc6c38f6f788bc768854cd1b1ec39e7f08c3842441aa8eed4a865e6bb02197e2b2d0
-
Filesize
6KB
MD51c0ef70f102ad1f4b93627ce5fd267ce
SHA1b8d192f85aba9a9d93ed562bb22cc93c0069b5e2
SHA2561a6243890b1e84c8c483c436c859e6894388cff617b62858d190eb141a5921d7
SHA51263764f9e6938845e71ebf23f8ac4185f8b10e7321403585c35aae303bee4888804c5716130c493c1be4cb1e2a22a875d38702a7c4c9c472b7379d4180e84223d
-
Filesize
705B
MD5cf124b9edd110708e2b22b758ad0d835
SHA15d07eabc77d7f46283cea67ac8a89208956c3eaa
SHA2565561a4c4229ed03e9a63526205ee0a8c9f012bd8bab8feef18126598ee3f1517
SHA512076423cc2d6954d7ccfa1b70f75d4f137ceda38eeb8e69c79d146de2a307292b922145d2888b4794ec9e22584609d2d156975a286b0245307fcdc777c0d60512
-
Filesize
709B
MD5c6129bfd885a1213cd7ad471efb3ba74
SHA1b5e523796bdab13a8fb71f7c5072df649709474b
SHA25644c7c37e619aa264615e910cec3e6298267d531f8b2c94867984d931d38a11b3
SHA512c9f090c2e271c7f7718ebb946ed0c80e789e6cae5755817626a0bfa1287bdbcfed80f5fd5e6b6fab428e7b1ae3f444fbd7e0781761917e14a651fddd7f5013d5
-
Filesize
709B
MD53664f87017a0b2b4f44de7ce94eb3183
SHA1db632c33abc29148c98cce40dc6832630e119ade
SHA2569961a4fb30575425c404c804a99028e78f1799e8431fc27a7f9524e0322f480f
SHA512097160bfc2d0e1450e30f03dd57551a02490ff0504d6aa49351155ec6491590cb86cdcba30d83c977a5f1c8b8410f07981c0fbf22b9cc218d1716220a9e9c02f
-
Filesize
710B
MD58134414453b29650fed022b1f044a957
SHA1ab208a413c77c085d1d9341f374c9b9378ae669a
SHA256dc726a19a7f0e7617aa2d0f14aa28f29946e4c52e27a3c5c7f8d864374814481
SHA512e495439100e866ac1fdc4f9b4cdd709120827f7e4b839cc48b0dd6b286c82c2eb2717d2fa430b61b1faeec3d3d0fcb30fb6d7481e7ccb14c49670dd496588760
-
Filesize
596B
MD5af8cf26ed51defb6aa80306851dd077a
SHA1c845c7e36b4a15775e1262871f117d2ee7b5b491
SHA256986faa915f371052ac91bd5554394a13cb44e33100da9d9b3d383d9b795fdf77
SHA512f0d9524f37742cba47f0efefb8c27218263bef7601b7b4f28163fed100d591513161d42da93d3c6937b1b092b69a5c8c1eda200911494afda1a3dbccac240bd6
-
Filesize
600B
MD53088263e37c5d364223b9bb481c7ccc8
SHA1eee2afa05db3d5350e253cfecb556e7d537091ae
SHA2564b5401c08792b55f5f4ee1745634e3667ff4b5387030b011f520d37aa2957fc2
SHA512975fcc23a3bdd3b85869ba894e3bc7328388f36cb5b970fef3e4281b801bdd5e6ad344601685a53441b5b345df636562fe1193bd4fe872e2bd715dd622007574
-
Filesize
600B
MD5662e6170cb98f29772ee0fde60c9509a
SHA18e4b8a670a18f21a7b05235705dc28b24f375885
SHA256ea97056485a501aef2ac1cf3b893cb30d9ad222b4cb923ffe61c2dbbcd877077
SHA512b8a1430b23cb6e10c9b8a1b596f9e46423eaff45325e48f8f718cde1f97c92d11e78078d0ae93f15d8fa32710587eac025ae082ca3ac1959735ff432c1c7037e
-
Filesize
601B
MD5909b1e747f3a72366b47e8ee9a7df8a7
SHA1d23a0e105296de3412a2756c8fcbe5388585d000
SHA256d17257c2509ba1157f96409407bb659b6e55717782c1c1445d372d295c022cd4
SHA512f8461b4d0f989a6cb792e4566b8895a4305a32ad9324784bab7a102a3799dc03355ed538bf1e611d8040ce3e8e59bdc41f43474ab7afe6dabb1bd9cdeb5f2428
-
Filesize
6KB
MD501e9927b6e4d3095d9952331579d63d4
SHA1af818f62f7af9a0d55a07103c887e239ba33805e
SHA256ed1439a0af37cf16212aaa0ae4665ba3a04c2fd9f3e5616506dddc6d94f4523e
SHA5127032e601599abfbf67977cd904c4b2b89d3da2be6e8b945f19778b895033ff39157f8dac7b3871aed865cc28b455f6fe6591d0ddd679e8be7c18a3547ffa7e95
-
Filesize
24KB
MD5d298e39df845e2bc54f05496ae9d6776
SHA1bfa9026963524185e52d76b25745724e117ca009
SHA2567862aefaf22915da8f865bfcfe8d956790035c8869b02f5fd9a4b1103e50488e
SHA5121abe3db88e0b36bd1eff87e2aaf568da54075d19ee9c3946a6d4059463309ad2a7dee08da83f6ffa97d813b749b11f7f1040d4a11b1be93940ccb13167641ced
-
Filesize
115KB
MD500655f389842e3843d0d0c71115be034
SHA18f96df62175345159376d21b4df273b724b0b69b
SHA2565ce1272399d5afa860a2a51ae02246fe820916a29a6e7fa36b6000057b7fe1b3
SHA512d9b4212f6870d2fced182a38f61874a46f22f6b0b76711df3c11c73c35feda34903e8d531ff4e0722c230fc48932fa019e22d173449a572fc934d072c3173e6e
-
Filesize
68KB
MD53ce6503fc2c01169e21f89935edf1677
SHA1b6f7af1552609c024b27e64004c734c012ab6de8
SHA2563dcde4aa104d3c6c10514bdad74eb3653fa3b3c4cc2925bf9a581b2b7f24e091
SHA512d8c7ad353c6889e9ec8a3fd1b299216a7a5c579278bc8817d5ee2b15284c9103c047f3fb1a0329132cd3f2260212a375be03a3d3f0a380e26c23767ae4589b40
-
Filesize
23KB
MD5b78abcdc2aa9daf97339f28dd8de2457
SHA166f7a365cb54bd691643708d28ce5f88f92ebc00
SHA256128924d9b0c4722fb297bebb1107fbfbaed0e7553e08d77e182c3795b82841ad
SHA51284b322f77f39f971a0bc28f81951f03eac661f215af214cc7108eea84dd770a62c115935f8119e11b735b08a79f1e6e229c8d3a0a9f089c0fe355eb06bb5fde4
-
Filesize
40KB
MD5c7526f95eb300f1ba0807e960406124c
SHA1329cc78b98e3e5abfb3d65734969e3a22a7acb50
SHA25600f80cca192b07ae05e35be4ebd8f4a15efc54a136c87ca1d1a6d02bed4b604c
SHA51214cff5d8a6a3de8fafa25e8cf2cfacbde6d085d7f0904957f30d390c9cd11070504f623c32009f7b002a2e626c34dfb93765e32adecd08710e71ba90113ab618
-
Filesize
60KB
MD540ed369c2fc8b6f6fb24e01742d100a0
SHA1478fd5162e04c27895ef165e2d846a6a5916a3a2
SHA25607baa338902ea5ea0bd160824ecdc6bf7d79da394c5ac5edd18799cd394e0047
SHA51251a92164f6ffe3615937d35ca0a42009e1832472270a3d3912d9ec90b1c08de6ab60e810cb8ef74743a5a883ce6b2494c1fb80034334f6210198c07b3f10c7d3
-
Filesize
1KB
MD545d220aebea9184e8d359221ee6d614f
SHA13cb2aa4ac5efb45471a04ab3467396005e550014
SHA256ce7a9adc496616b83a548fd5cf89b859150f5d87f0dc4f52e7d5fe787b498f71
SHA512319c438f4c888eeaf66de4f615ac33f15d4909474379c4b6bf580bd6e2d0b9a409b5d9ad6cd8604bbf86a4527355f919aa6f59673bd05f18df60198b1d4c99d1
-
Filesize
1KB
MD53fa646a0ade6cf1ba093e9d8d0422c8e
SHA1bcb10062d11d9926620b580f27b2c44615568906
SHA2567d6eaaa3e248d2c4bfcf461fb210c00e1733e4b898786714f1371fe8aa1437df
SHA5123e72d076d87c0beff46fba5703c3146364ce0203c1e6437bb59fff5f8348791b0752a8007d5bf091027ec24eaf8e2715f97d390d5d7b5c50e095efda45e1e2a5
-
Filesize
797B
MD57c2bae7e1cd58b113a964c65c03343cd
SHA10dde0dd5bb73c8e7221f6425d4a69b9adaa1a3e7
SHA25630819ab1f978acbc09c4ad85e41fd6ead73d6d062cd4e8f85126e8899bc78f1d
SHA5123a6cd47eacd5a6a5376ac7bec0a20f7b5898b1f7b794222ec32716690ec4ee329ddbf60f6dc682fb83a2e44c1dc2031138b564458d4e66fd9d791fbaa58f85bc
-
Filesize
40KB
MD5568e5f515bb22688247b236a003119b8
SHA16afd1892a92a5c3f1a8e8b3f347d888db693b2eb
SHA256cb85dc7ca4a92abe0ca69a977586675f41145aa5660129996f56d12687ecbc7b
SHA512a7d3f7ef18247d3edc2ff89387ae4b9fffc53d77988633ce46b56af7788b87539f3ec39ebf3e2f08891b51e98972ef125350fe3875f0a39760556ba86fd9228a