9d3ecfce98d1e6adf77c3132cefea45c8c82e8988f34ff874c1e93799e7fd59d

Analysis

max time kernel
13s
max time network
2s
platform
debian-9_armhf
resource
debian9-armhf-20240611-en
resource tags

arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
08-09-2024 17:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d4d8b7039b8686c4053d95f9ce9133af_JaffaCakes118
Size

27KB
MD5

d4d8b7039b8686c4053d95f9ce9133af
SHA1

450bca999599e264b58ffba74140a57ed9d3921c
SHA256

9d3ecfce98d1e6adf77c3132cefea45c8c82e8988f34ff874c1e93799e7fd59d
SHA512

703095a7d895a48906c1252cd26caf0282ed0162f2b5f4ca87e23843215338b271c770dd2aa5cc7654fe46fade302919deea22c01171faff8a0b32cd79262ba2
SSDEEP

384:G7pQQwQHDf6jlpTWg3vMGQiKMvU/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeh:G7JVFNcD8FLcIwgiYq0xzBGy

Score

7^/10

defense_evasion discovery evasion privilege_escalation

Malware Config

Signatures

Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
evasion

Clear Linux or Mac System Logs
T1070.002

Processes:

rm

description ioc process

File deleted /var/log/syslog rm
Flushes firewall rules 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.

Processes:

iptables

pid process

665 iptables
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
privilege_escalation defense_evasion

Sudo and Sudo Caching
T1548.003

Processes:

sudo

pid process

670 sudo

description	ioc	process
File deleted	/var/log/syslog	rm

pid	process
665	iptables

pid	process
670	sudo

Attempts to change immutable files 37 IoCs

Modifies inode attributes on the filesystem to allow changing of immutable files.

Processes:

xargsxargsxargsxargsxargsgrepxargsxargsxargsxargsxargsxargsxargsxargsxargschattrxargsxargsxargsxargschattrxargsxargsxargsxargsxargsxargsgrepxargsxargsxargsxargschattrchattrxargsxargsxargs

pid	process
801	xargs
821	xargs
854	xargs
882	xargs
899	xargs
699	grep
717	xargs
833	xargs
847	xargs
891	xargs
747	xargs
759	xargs
771	xargs
861	xargs
868	xargs
659	chattr
705	xargs
795	xargs
813	xargs
807	xargs
684	chattr
723	xargs
735	xargs
753	xargs
765	xargs
783	xargs
789	xargs
693	grep
711	xargs
741	xargs
875	xargs
840	xargs
657	chattr
685	chattr
729	xargs
777	xargs
826	xargs

Enumerates running processes
Discovers information about currently running processes on the system

Reads CPU attributes 1 TTPs 13 IoCs

discovery

System Information Discovery

T1082

Processes:

pspspspspspspspskillpspspsps

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	kill
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps
File opened for reading	/sys/devices/system/cpu/online	ps

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

Processes:

pspspspspspspspsxargsxargspspsawkpsps

description	ioc	process
File opened for reading	/proc/4/stat	ps
File opened for reading	/proc/306/status	ps
File opened for reading	/proc/13/status	ps
File opened for reading	/proc/75/cmdline	ps
File opened for reading	/proc/273/status	ps
File opened for reading	/proc/107/status	ps
File opened for reading	/proc/274/status	ps
File opened for reading	/proc/307/cmdline	ps
File opened for reading	/proc/self/fd	xargs
File opened for reading	/proc/664/stat	ps
File opened for reading	/proc/588/stat	ps
File opened for reading	/proc/self/fd	xargs
File opened for reading	/proc/97/stat	ps
File opened for reading	/proc/653/cmdline	ps
File opened for reading	/proc/27/status	ps
File opened for reading	/proc/10/cmdline	ps
File opened for reading	/proc/13/status	ps
File opened for reading	/proc/597/stat	ps
File opened for reading	/proc/sys/kernel/pid_max	ps
File opened for reading	/proc/17/stat	ps
File opened for reading	/proc/107/stat	ps
File opened for reading	/proc/651/status	ps
File opened for reading	/proc/self/maps	awk
File opened for reading	/proc/4/cmdline	ps
File opened for reading	/proc/143/status	ps
File opened for reading	/proc/sys/kernel/osrelease	ps
File opened for reading	/proc/tty/drivers	ps
File opened for reading	/proc/694/stat	ps
File opened for reading	/proc/29/cmdline	ps
File opened for reading	/proc/42/cmdline	ps
File opened for reading	/proc/133/cmdline	ps
File opened for reading	/proc/274/cmdline	ps
File opened for reading	/proc/653/cmdline	ps
File opened for reading	/proc/25/stat	ps
File opened for reading	/proc/597/status	ps
File opened for reading	/proc/43/status	ps
File opened for reading	/proc/26/stat	ps
File opened for reading	/proc/75/stat	ps
File opened for reading	/proc/274/status	ps
File opened for reading	/proc/107/status	ps
File opened for reading	/proc/17/stat	ps
File opened for reading	/proc/14/status	ps
File opened for reading	/proc/11/stat	ps
File opened for reading	/proc/tty/drivers	ps
File opened for reading	/proc/271/cmdline	ps
File opened for reading	/proc/694/status	ps
File opened for reading	/proc/6/stat	ps
File opened for reading	/proc/7/status	ps
File opened for reading	/proc/20/status	ps
File opened for reading	/proc/660/cmdline	ps
File opened for reading	/proc/9/stat	ps
File opened for reading	/proc/880/status	ps
File opened for reading	/proc/3/status	ps
File opened for reading	/proc/22/cmdline	ps
File opened for reading	/proc/143/status	ps
File opened for reading	/proc/271/stat	ps
File opened for reading	/proc/143/stat	ps
File opened for reading	/proc/145/cmdline	ps
File opened for reading	/proc/8/cmdline	ps
File opened for reading	/proc/22/cmdline	ps
File opened for reading	/proc/10/stat	ps
File opened for reading	/proc/653/stat	ps
File opened for reading	/proc/24/status	ps
File opened for reading	/proc/694/status	ps

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

d4d8b7039b8686c4053d95f9ce9133af_JaffaCakes118

description ioc process

File opened for modification /tmp/log_rot d4d8b7039b8686c4053d95f9ce9133af_JaffaCakes118

description	ioc	process
File opened for modification	/tmp/log_rot	d4d8b7039b8686c4053d95f9ce9133af_JaffaCakes118

/tmp/d4d8b7039b8686c4053d95f9ce9133af_JaffaCakes118
/tmp/d4d8b7039b8686c4053d95f9ce9133af_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:654
- /bin/rm
  rm -rf /var/log/syslog
  2⤵
  - Deletes system logs
  PID:655
- /usr/bin/chattr
  chattr -iua /tmp/
  2⤵
  - Attempts to change immutable files
  PID:657
- /usr/bin/chattr
  chattr -iua /var/tmp/
  2⤵
  - Attempts to change immutable files
  PID:659
- /sbin/iptables
  iptables -F
  2⤵
  - Flushes firewall rules
  PID:665
- /usr/bin/sudo
  sudo sysctl "kernel.nmi_watchdog=0"
  2⤵
  - Abuse Elevation Control Mechanism: Sudo and Sudo Caching
  PID:670
- /usr/sbin/userdel
  userdel akay
  2⤵
  PID:677
- /usr/sbin/userdel
  userdel vfinder
  2⤵
  PID:681
- /usr/bin/chattr
  chattr -iae /root/.ssh/
  2⤵
  - Attempts to change immutable files
  PID:684
- /usr/bin/chattr
  chattr -iae /root/.ssh/authorized_keys
  2⤵
  - Attempts to change immutable files
  PID:685
- /bin/rm
  rm -rf "/tmp/addres*"
  2⤵
  PID:687
- /bin/rm
  rm -rf "/tmp/walle*"
  2⤵
  PID:689
- /bin/rm
  rm -rf /tmp/keys
  2⤵
  PID:691
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:692
- /bin/grep
  grep -i "[a]liyun"
  2⤵
  - Attempts to change immutable files
  PID:693
- /bin/grep
  grep -i "[y]unjing"
  2⤵
  - Attempts to change immutable files
  PID:699
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:698
- /bin/grep
  grep 185.71.65.238
  2⤵
  PID:702
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:703
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:704
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:705
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:711
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:710
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:709
- /bin/grep
  grep 140.82.52.87
  2⤵
  PID:708
- /bin/grep
  grep -v -
  2⤵
  PID:716
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:715
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:717
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:714
- /bin/grep
  grep :443
  2⤵
  PID:713
- /bin/grep
  grep -v -
  2⤵
  PID:722
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:721
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:723
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:720
- /bin/grep
  grep :23
  2⤵
  PID:719
- /bin/grep
  grep -v -
  2⤵
  PID:728
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:727
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:726
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:729
- /bin/grep
  grep :443
  2⤵
  PID:725
- /bin/grep
  grep -v -
  2⤵
  PID:734
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:733
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:735
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:732
- /bin/grep
  grep :143
  2⤵
  PID:731
- /bin/grep
  grep -v -
  2⤵
  PID:740
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:739
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:738
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:741
- /bin/grep
  grep :2222
  2⤵
  PID:737
- /bin/grep
  grep -v -
  2⤵
  PID:746
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:745
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:744
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:747
- /bin/grep
  grep :3333
  2⤵
  PID:743
- /bin/grep
  grep -v -
  2⤵
  PID:752
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:751
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:753
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:750
- /bin/grep
  grep :3389
  2⤵
  PID:749
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:759
- /bin/grep
  grep -v -
  2⤵
  PID:758
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:757
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:756
- /bin/grep
  grep :4444
  2⤵
  PID:755
- /bin/grep
  grep -v -
  2⤵
  PID:764
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:763
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:762
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:765
- /bin/grep
  grep :5555
  2⤵
  PID:761
- /bin/grep
  grep -v -
  2⤵
  PID:770
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:769
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:771
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:768
- /bin/grep
  grep :6666
  2⤵
  PID:767
- /bin/grep
  grep -v -
  2⤵
  PID:776
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:775
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:774
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:777
- /bin/grep
  grep :6665
  2⤵
  PID:773
- /bin/grep
  grep -v -
  2⤵
  PID:782
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:781
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:780
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  - Reads runtime system information
  PID:783
- /bin/grep
  grep :6667
  2⤵
  PID:779
- /bin/grep
  grep -v -
  2⤵
  PID:788
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:787
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:786
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:789
- /bin/grep
  grep :7777
  2⤵
  PID:785
- /bin/grep
  grep -v -
  2⤵
  PID:794
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:795
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:793
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:792
- /bin/grep
  grep :8444
  2⤵
  PID:791
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:799
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:798
- /bin/grep
  grep :3347
  2⤵
  PID:797
- /bin/grep
  grep -v -
  2⤵
  PID:800
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:801
- /bin/grep
  grep -v -
  2⤵
  PID:806
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:805
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:804
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:807
- /bin/grep
  grep :14444
  2⤵
  PID:803
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:811
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:810
- /bin/grep
  grep :14433
  2⤵
  PID:809
- /bin/grep
  grep -v -
  2⤵
  PID:812
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:813
- /usr/bin/awk
  awk "-F[/]" "{print \$1}"
  2⤵
  PID:819
- /usr/bin/awk
  awk "{print \$7}"
  2⤵
  PID:818
- /bin/grep
  grep :13531
  2⤵
  PID:817
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:821
- /bin/grep
  grep -v -
  2⤵
  PID:820
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:826
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  - Reads runtime system information
  PID:825
- /bin/grep
  grep -v grep
  2⤵
  PID:824
- /bin/grep
  grep "sleep 60"
  2⤵
  PID:823
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:822
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:833
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:832
- /bin/grep
  grep -v grep
  2⤵
  PID:831
- /bin/grep
  grep ./crun
  2⤵
  PID:830
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:829
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:840
- /usr/bin/awk
  awk "{if(\$3>80.0) print \$2}"
  2⤵
  PID:839
- /bin/grep
  grep -v grep
  2⤵
  PID:838
- /bin/grep
  grep -vw kdevtmpfsi
  2⤵
  PID:837
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:836
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  - Reads runtime system information
  PID:847
- /bin/grep
  grep :3333
  2⤵
  PID:845
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:846
- /bin/grep
  grep -v grep
  2⤵
  PID:844
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:843
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:854
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:853
- /bin/grep
  grep :5555
  2⤵
  PID:852
- /bin/grep
  grep -v grep
  2⤵
  PID:851
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:850
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:861
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:860
- /bin/grep
  grep "kworker -c\\"
  2⤵
  PID:859
- /bin/grep
  grep -v grep
  2⤵
  PID:858
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:857
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:868
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:867
- /bin/grep
  grep log_
  2⤵
  PID:866
- /bin/grep
  grep -v grep
  2⤵
  PID:865
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:864
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:874
- /bin/grep
  grep -v grep
  2⤵
  PID:872
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:875
- /bin/grep
  grep systemten
  2⤵
  PID:873
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:871
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:882
- - /usr/local/sbin/kill
    kill -9 14
    3⤵
    PID:885
- - /usr/local/bin/kill
    kill -9 14
    3⤵
    PID:885
- - /usr/sbin/kill
    kill -9 14
    3⤵
    PID:885
- - /usr/bin/kill
    kill -9 14
    3⤵
    PID:885
- - /sbin/kill
    kill -9 14
    3⤵
    PID:885
- - /bin/kill
    kill -9 14
    3⤵
    - Reads CPU attributes
    PID:885
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:881
- /bin/grep
  grep netns
  2⤵
  PID:880
- /bin/grep
  grep -v grep
  2⤵
  PID:879
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:878
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:891
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:890
- /bin/grep
  grep -v grep
  2⤵
  PID:888
- /bin/grep
  grep voltuned
  2⤵
  PID:889
- /bin/ps
  ps aux
  2⤵
  - Reads CPU attributes
  - Reads runtime system information
  PID:887
- /usr/bin/xargs
  xargs -I "%" kill -9 "%"
  2⤵
  - Attempts to change immutable files
  PID:899
- /usr/bin/awk
  awk "{print \$2}"
  2⤵
  PID:898
- /bin/grep
  grep darwin
  2⤵
  PID:897
- /bin/grep
  grep -v grep
  2⤵
  PID:896
- /bin/ps
  ps aux
  2⤵
  PID:895

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Sudo and Sudo Caching

T1548.003

Indicator Removal

T1070

Clear Linux or Mac System Logs

T1070.002

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/log_rot

Filesize
5B

MD5
727479ef7cedf30c03459bec7d87b0f0

SHA1
2082e7f715f058acab2398d25d135cf5f4c0ce41

SHA256
29872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6

SHA512
4cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba

Download Submit
memory/850-1-0xb6bd8000-0xb6be9044-memory.dmp

Download