Analysis Overview
SHA256
1155e7fc20f281f4cd3d899223663dbfdde8c979816df5c60cb2d021d73b4c38
Threat Level: Shows suspicious behavior
The file mipsel.elf was found to be: Shows suspicious behavior.
Malicious Activity Summary
Renames itself
Checks hardware identifiers (DMI)
Enumerates running processes
Creates/modifies Cron job
Reads MAC address of network interface
Reads hardware information
Reads CPU attributes
Checks CPU configuration
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-03 05:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-03 05:28
Reported
2025-07-03 05:30
Platform
debian9-mipsel-20250619-en
Max time kernel
149s
Max time network
148s
Command Line
Signatures
Renames itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/mipsel.elf | N/A |
Checks hardware identifiers (DMI)
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/virtual/dmi/id/board_vendor | /root/.sys/configuration | N/A |
| File opened for reading | /sys/class/dmi/id/board_vendor | /root/.sys/configuration | N/A |
Creates/modifies Cron job
| Description | Indicator | Process | Target |
| File opened for modification | /var/spool/cron/crontabs/tmp.gydmVB | /usr/bin/crontab | N/A |
Enumerates running processes
Reads MAC address of network interface
| Description | Indicator | Process | Target |
| File opened for reading | /sys/class/net/enp0s19/address | /root/.sys/configuration | N/A |
Reads hardware information
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/virtual/dmi/id/board_name | /root/.sys/configuration | N/A |
| File opened for reading | /sys/devices/virtual/dmi/id/product_uuid | /root/.sys/configuration | N/A |
| File opened for reading | /sys/class/dmi/id/board_name | /root/.sys/configuration | N/A |
| File opened for reading | /sys/class/dmi/id/product_uuid | /root/.sys/configuration | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /root/.sys/configuration | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /root/.sys/configuration | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/class/net | /root/.sys/configuration | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/17/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/13/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/79/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/82/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/695/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/700/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/373/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/6/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/75/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/crontab | N/A |
| File opened for reading | /proc/16/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/665/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/666/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/672/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/710/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/3/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/19/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/77/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/81/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/244/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/18/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/71/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/336/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/374/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/662/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/9/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/10/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/12/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/23/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/74/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/226/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/crontab | N/A |
| File opened for reading | /proc/7/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/24/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/117/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/169/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/717/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/5/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/22/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/36/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/73/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/2/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/8/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/11/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/20/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/37/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/69/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/109/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/147/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/333/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/338/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/15/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/72/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/76/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/380/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/699/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/701/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/4/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/118/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/337/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/671/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/21/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/153/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/721/cmdline | /root/.sys/configuration | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/mipsel.elf | N/A |
| N/A | N/A | /root/.sys/configuration | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/root1086f3d | /root/.sys/configuration | N/A |
Processes
/tmp/mipsel.elf
[/tmp/mipsel.elf]
/bin/sh
[sh -c crontab -l]
/usr/bin/crontab
[crontab -l]
/bin/sh
[sh -c (crontab -l ; echo "@reboot /root/.sys/configuration")| crontab -]
/usr/bin/crontab
[crontab -l]
/usr/bin/crontab
[crontab -]
/root/.sys/configuration
[/tmp/mipsel.elf]
Network
| Country | Destination | Domain | Proto |
| AU | 1.1.1.1:53 | time.cloudflare.com | udp |
| AU | 1.1.1.1:53 | bttracker.debian.org | udp |
| AU | 1.1.1.1:53 | router.bittorrent.com | udp |
| SE | 130.239.18.158:6881 | bttracker.debian.org | udp |
| US | 67.215.246.10:6881 | router.bittorrent.com | udp |
| NL | 188.90.169.20:51413 | udp | |
| JP | 118.243.127.73:10249 | udp | |
| US | 73.208.41.226:6881 | udp | |
| NL | 45.87.251.11:28127 | udp | |
| JP | 126.74.175.82:7286 | udp | |
| BR | 143.137.3.191:6319 | udp | |
| AU | 180.200.203.116:6881 | udp | |
| KR | 120.142.31.97:40928 | udp | |
| DE | 95.91.226.170:2427 | udp | |
| HK | 38.47.220.3:15198 | udp | |
| SE | 130.239.18.158:8521 | bttracker.debian.org | udp |
| BG | 212.21.146.188:56581 | udp | |
| NL | 185.149.91.15:51010 | udp | |
| SE | 130.239.18.158:8644 | bttracker.debian.org | udp |
| NL | 178.162.174.222:28014 | udp | |
| NL | 86.104.22.178:18246 | udp | |
| FI | 135.181.238.57:50000 | udp | |
| NL | 178.162.174.65:28004 | udp | |
| SE | 130.239.18.158:8824 | bttracker.debian.org | udp |
| SE | 130.239.18.158:8524 | bttracker.debian.org | udp |
| IN | 157.49.80.175:54043 | udp | |
| GY | 190.80.53.67:45575 | udp | |
| US | 72.180.123.97:37231 | udp | |
| FR | 86.201.135.117:39292 | udp | |
| BR | 186.249.128.169:59262 | udp | |
| RU | 62.68.136.130:33695 | udp | |
| US | 47.229.186.37:25106 | udp | |
| AR | 186.124.150.204:53885 | udp | |
| DE | 89.246.96.40:1796 | udp | |
| BR | 191.217.157.141:41439 | udp | |
| AR | 200.122.10.115:44070 | udp | |
| AR | 181.116.176.110:14308 | udp | |
| BR | 189.50.232.200:29454 | udp | |
| FR | 86.104.74.124:60639 | udp | |
| NL | 185.107.45.31:7246 | udp | |
| BR | 201.182.123.130:63771 | udp | |
| AU | 124.177.210.151:6881 | udp | |
| BR | 177.37.233.18:32555 | udp | |
| NL | 178.162.174.149:28001 | udp | |
| CN | 171.222.189.44:23791 | udp | |
| CZ | 85.70.70.183:51413 | udp | |
| US | 108.28.191.220:43080 | udp | |
| PA | 181.197.124.53:31531 | udp | |
| AR | 190.179.154.70:55511 | udp | |
| IL | 77.137.69.161:18604 | udp | |
| CO | 190.251.204.205:38795 | udp | |
| TH | 1.20.94.19:33344 | udp | |
| FR | 176.170.14.213:40739 | udp | |
| KR | 221.145.67.185:40969 | udp | |
| FR | 88.173.209.44:63506 | udp | |
| US | 172.56.71.36:18014 | udp | |
| CA | 178.128.234.42:6882 | udp | |
| US | 45.203.208.35:6880 | udp | |
| NL | 185.149.91.21:51118 | udp | |
| RU | 109.174.104.47:39478 | udp | |
| MD | 213.232.235.11:8999 | udp | |
| NL | 5.79.66.11:54337 | udp | |
| NL | 95.211.247.101:28009 | udp | |
| DE | 141.95.53.34:8648 | udp | |
| NL | 64.238.204.200:14685 | udp | |
| US | 71.197.172.99:51413 | udp | |
| US | 172.111.38.128:26074 | udp | |
| CA | 69.159.19.53:51413 | udp | |
| BE | 109.133.195.229:23999 | udp | |
| NL | 45.152.209.84:49643 | udp | |
| BE | 193.105.133.241:8299 | udp | |
| NL | 85.17.52.21:62046 | udp | |
| RU | 188.113.2.204:6881 | udp | |
| DE | 78.47.84.104:22223 | udp | |
| NL | 45.87.251.6:28001 | udp | |
| NL | 178.162.173.56:28003 | udp | |
| SE | 130.239.18.158:8510 | bttracker.debian.org | udp |
| NL | 46.232.210.29:63353 | udp | |
| NL | 37.48.93.130:64884 | udp | |
| FR | 62.210.201.217:8642 | udp | |
| NL | 46.232.210.119:64100 | udp | |
| US | 73.199.179.20:29722 | udp | |
| UA | 91.236.98.230:2660 | udp | |
| JP | 58.87.27.211:27009 | udp | |
| DE | 23.158.56.119:10047 | udp | |
| RU | 89.222.147.25:6881 | udp | |
| RU | 193.233.181.227:6881 | udp | |
| RU | 193.84.113.165:6881 | udp | |
| US | 50.34.37.70:33957 | udp | |
| AL | 79.106.231.163:1434 | udp | |
| FI | 135.181.227.244:50000 | udp | |
| NL | 178.162.174.43:28004 | udp | |
| SE | 130.239.18.158:8515 | bttracker.debian.org | udp |
| SE | 130.239.18.158:8580 | bttracker.debian.org | udp |
| FR | 195.154.233.74:6880 | udp | |
| SE | 130.239.18.158:8516 | bttracker.debian.org | udp |
| GB | 80.44.217.19:46292 | udp | |
| NL | 178.162.173.91:28003 | udp | |
| SE | 130.239.18.158:8620 | bttracker.debian.org | udp |
| SE | 130.239.18.158:8597 | bttracker.debian.org | udp |
| SE | 130.239.18.158:8513 | bttracker.debian.org | udp |
| JP | 111.96.224.183:15249 | udp | |
| DE | 51.75.145.90:6881 | udp | |
| NL | 85.17.65.80:6910 | udp | |
| US | 69.50.95.40:10021 | udp | |
| DE | 23.158.56.120:14069 | udp | |
| HU | 80.95.67.237:22037 | udp | |
| RO | 86.125.14.52:26023 | udp | |
| HK | 123.202.78.150:24069 | udp | |
| CA | 198.2.95.103:39335 | udp | |
| RU | 2.63.5.214:23946 | udp | |
| DK | 86.52.115.134:35547 | udp | |
| NL | 46.232.211.167:13109 | udp | |
| FR | 5.135.184.86:50357 | udp | |
| NL | 178.162.173.110:28012 | udp | |
| NL | 46.232.211.238:58193 | udp | |
| NL | 46.232.210.246:50204 | udp | |
| FR | 188.165.194.30:51413 | udp | |
| NL | 178.162.174.77:28014 | udp | |
| FR | 5.196.68.33:51413 | udp | |
| CA | 148.163.160.5:6881 | udp | |
| NL | 46.232.211.15:12009 | udp | |
| NL | 45.87.251.6:28043 | udp | |
| BR | 177.152.99.237:32690 | udp | |
| FR | 188.165.243.15:55084 | udp | |
| GB | 143.159.145.247:63717 | udp | |
| US | 136.56.173.46:26621 | udp | |
| TW | 175.98.32.48:13639 | udp | |
| BR | 186.226.50.125:34581 | udp | |
| KR | 119.204.119.135:33183 | udp | |
| ES | 84.121.70.18:6889 | udp | |
| HK | 42.98.123.5:15000 | udp | |
| BD | 157.119.237.16:20481 | udp | |
| US | 100.11.208.248:18631 | udp | |
| NL | 178.162.174.99:28003 | udp | |
| NL | 185.203.56.55:12337 | udp | |
| NL | 89.149.202.17:28034 | udp | |
| BY | 178.124.154.112:51413 | udp | |
| HK | 118.141.251.66:7555 | udp | |
| DE | 94.31.73.127:22951 | udp | |
| RU | 5.130.16.244:23647 | udp | |
| KR | 14.36.155.162:42797 | udp | |
| RU | 185.49.109.17:49001 | udp | |
| NL | 149.143.96.50:60210 | udp | |
| CH | 185.98.169.90:20236 | udp | |
| NL | 217.121.231.94:59625 | udp | |
| SE | 130.239.18.158:8508 | bttracker.debian.org | udp |
| JP | 92.202.211.212:51413 | udp | |
| CN | 112.18.9.61:3592 | udp | |
| CN | 39.86.186.20:50969 | udp | |
| JP | 48.218.149.167:16151 | udp | |
| KR | 1.245.31.30:32888 | udp | |
| BG | 77.78.14.73:38893 | udp | |
| NL | 85.144.150.46:56979 | udp | |
| AU | 203.29.96.28:63425 | udp | |
| RU | 80.234.76.186:4352 | udp | |
| CN | 221.229.52.111:6892 | udp | |
| US | 69.50.95.40:10059 | udp | |
| US | 69.50.95.40:10096 | udp | |
| CN | 220.163.32.213:1117 | udp | |
| MY | 113.211.212.212:32426 | udp | |
| BR | 200.53.199.243:13644 | udp | |
| RO | 86.121.117.167:6889 | udp | |
| RU | 5.18.190.158:3080 | udp | |
| KR | 121.153.202.98:7732 | udp | |
| AU | 120.148.150.146:6882 | udp | |
| GB | 109.154.79.79:6881 | udp | |
| CA | 108.180.109.209:6882 | udp | |
| KR | 210.183.172.173:7973 | udp | |
| NL | 185.149.91.15:51516 | udp | |
| SE | 213.66.32.98:64665 | udp | |
| UA | 109.87.142.146:42969 | udp | |
| AT | 178.189.213.19:6881 | udp | |
| RU | 95.26.29.84:10374 | udp | |
| JP | 210.149.154.151:6880 | udp | |
| NL | 185.149.91.167:51534 | udp | |
| DK | 185.111.109.38:10527 | udp | |
| GB | 88.97.245.235:17447 | udp | |
| US | 148.153.170.2:6880 | udp | |
| CA | 172.97.233.98:6889 | udp | |
| BR | 187.99.126.123:60352 | udp | |
| BR | 186.250.8.115:6881 | udp | |
| HK | 1.36.58.21:6889 | udp | |
| BG | 178.254.207.35:26884 | udp | |
| NL | 178.162.174.168:28009 | udp | |
| HU | 87.97.120.226:51413 | udp | |
| RU | 79.139.250.170:2649 | udp | |
| US | 47.208.129.1:6881 | udp | |
| IE | 84.203.100.48:5740 | udp | |
| HU | 84.21.182.152:6881 | udp | |
| KR | 218.156.22.144:46287 | udp | |
| ES | 46.6.44.91:1796 | udp | |
| JP | 118.154.85.206:46053 | udp | |
| KR | 211.223.80.56:40757 | udp | |
| US | 129.101.59.28:65006 | udp | |
| IN | 144.24.119.225:51413 | udp | |
| RU | 217.144.161.45:10648 | udp | |
| NL | 185.203.56.67:14723 | udp | |
| KR | 222.112.77.233:59277 | udp | |
| NO | 85.252.183.114:57775 | udp | |
| AU | 101.115.25.33:2016 | udp | |
| CN | 112.23.122.241:16269 | udp | |
| PE | 190.232.205.193:38639 | udp | |
| CN | 112.0.14.153:44877 | udp | |
| CN | 36.251.1.37:42167 | udp | |
| IL | 93.172.234.143:51413 | udp | |
| UA | 94.232.209.137:15008 | udp | |
| NL | 143.179.125.83:54374 | udp | |
| FR | 94.103.121.193:15271 | udp | |
| CN | 180.173.60.255:51413 | udp | |
| US | 102.129.234.44:61976 | udp | |
| CN | 111.12.248.60:16857 | udp | |
| UZ | 213.230.112.48:42916 | udp | |
| RU | 178.72.81.137:10658 | udp | |
| BR | 177.37.138.223:47681 | udp | |
| RU | 80.234.76.15:9999 | udp | |
| LV | 90.139.68.14:23056 | udp | |
| US | 13.58.27.33:6881 | udp | |
| RU | 193.111.3.52:14479 | udp | |
| AU | 58.172.0.154:6889 | udp | |
| RU | 185.169.103.44:12631 | udp | |
| NL | 159.65.200.220:6814 | tcp | |
| BR | 186.226.55.10:55261 | udp | |
| RU | 178.71.236.95:21484 | udp | |
| RU | 82.194.247.10:4094 | udp | |
| CA | 96.21.46.22:6889 | udp | |
| PE | 38.25.18.10:38833 | udp | |
| CA | 198.245.61.26:61221 | udp | |
| BY | 46.53.253.26:49701 | udp | |
| EE | 176.46.90.46:20562 | udp | |
| AU | 124.184.141.22:45682 | udp | |
| NL | 45.87.251.132:28167 | udp | |
| RU | 45.142.122.35:51413 | udp | |
| GR | 79.130.166.254:54426 | udp | |
| IN | 223.184.243.101:30909 | udp | |
| ID | 103.184.51.101:20496 | udp | |
| KR | 175.208.71.36:33024 | udp | |
| US | 54.214.62.55:6881 | udp | |
| DE | 43.240.149.123:32681 | udp | |
| GB | 194.29.101.83:10240 | udp | |
| SG | 167.99.72.189:6881 | udp | |
| DE | 213.244.63.41:6287 | udp | |
| N/A | 10.0.2.100:60314 | udp | |
| FR | 5.39.85.155:52228 | udp | |
| SE | 87.251.203.105:6881 | udp | |
| RU | 147.45.35.216:1277 | udp | |
| N/A | 10.0.2.100:38909 | udp | |
| IN | 110.226.183.10:8809 | udp | |
| CN | 113.204.47.50:2720 | udp | |
| FR | 92.90.10.42:47176 | udp | |
| RU | 176.49.117.71:56203 | udp | |
| HU | 176.63.12.59:35491 | udp | |
| CN | 60.173.178.47:15000 | udp | |
| CZ | 46.13.217.101:6881 | udp | |
| MX | 38.65.166.75:40405 | udp | |
| CN | 223.149.193.51:4512 | udp | |
| SE | 2.248.149.79:56435 | udp | |
| RU | 79.105.116.32:2272 | udp | |
| RU | 95.153.180.32:59238 | udp | |
| NL | 46.232.210.80:64118 | udp | |
| CN | 114.92.111.167:51212 | udp | |
| US | 66.56.80.179:42837 | udp | |
| UA | 213.174.10.21:23065 | tcp | |
| NL | 159.65.200.220:6811 | tcp | |
| PE | 38.250.154.255:60306 | udp | |
| FR | 90.2.110.190:22482 | udp | |
| UA | 94.244.59.101:33717 | udp | |
| IN | 152.57.165.118:46878 | udp | |
| DE | 209.38.196.30:6818 | tcp | |
| PH | 120.29.90.87:5462 | udp | |
| CN | 117.65.152.254:33164 | udp | |
| TW | 114.34.175.132:6881 | udp | |
| IN | 152.59.34.217:49503 | udp | |
| JO | 94.249.81.211:33198 | udp | |
| PL | 88.135.163.69:6881 | udp | |
| US | 76.149.173.207:18888 | udp | |
| CA | 108.172.158.203:62076 | udp | |
| CA | 54.39.107.165:16481 | udp | |
| US | 35.167.186.212:6881 | udp | |
| IE | 54.194.124.68:6881 | udp | |
| BG | 83.97.64.97:1148 | udp | |
| CN | 121.27.84.81:30406 | udp | |
| RU | 185.141.77.190:16116 | udp | |
| IN | 103.59.75.105:22341 | udp | |
| US | 34.82.108.93:6145 | udp | |
| AZ | 212.47.151.4:2465 | udp | |
| PE | 38.25.17.211:48788 | udp | |
| PL | 46.227.240.79:3031 | udp | |
| GB | 90.195.112.79:42112 | udp | |
| NL | 193.32.16.248:23065 | tcp | |
| NL | 159.65.200.220:6813 | tcp | |
| DE | 91.47.100.126:6889 | udp | |
| CZ | 78.80.34.215:63580 | udp | |
| AU | 180.150.36.0:29940 | udp | |
| RU | 159.253.172.189:3949 | udp | |
| US | 54.214.62.31:6881 | udp | |
| NL | 178.162.173.160:28012 | udp | |
| NL | 178.162.173.117:28010 | udp | |
| NL | 178.162.173.98:28000 | udp | |
| SE | 130.239.18.158:8531 | bttracker.debian.org | udp |
| US | 35.163.251.58:6881 | udp | |
| US | 43.130.56.223:6000 | udp | |
| TR | 85.102.84.104:23065 | tcp | |
| CA | 54.39.52.183:18985 | udp | |
| US | 142.171.125.191:6881 | udp | |
| PL | 54.36.168.18:46075 | udp | |
| SI | 46.122.67.75:23376 | udp | |
| EG | 105.196.62.186:49383 | udp | |
| PL | 89.67.24.139:60366 | udp | |
| PH | 210.4.120.188:33836 | udp | |
| US | 98.55.88.105:43138 | udp | |
| CH | 212.102.37.58:27218 | udp | |
| KR | 58.78.128.148:6881 | udp | |
| NL | 5.79.93.242:61920 | udp | |
| US | 73.219.249.34:46510 | udp | |
| GB | 134.65.149.9:59852 | udp | |
| FR | 163.172.69.72:24242 | udp | |
| NL | 45.131.79.89:64015 | udp | |
| ES | 83.35.165.178:52207 | udp | |
| ID | 103.156.164.27:22561 | udp | |
| FR | 88.160.95.5:34785 | udp | |
| KR | 175.212.11.94:32691 | udp | |
| FR | 193.32.126.149:42944 | udp | |
| US | 69.50.95.40:10080 | udp | |
| CN | 120.233.34.165:6904 | udp | |
| NL | 37.48.89.221:41579 | udp | |
| BR | 187.106.35.232:4920 | udp | |
| KR | 112.164.101.93:7802 | udp | |
| FR | 62.210.124.91:55609 | udp | |
| KR | 59.7.247.226:7823 | udp | |
| JP | 14.133.49.120:9311 | udp | |
| KR | 222.100.58.95:6881 | udp | |
| NL | 80.115.120.20:55552 | udp | |
| RU | 79.139.146.157:1350 | udp | |
| DZ | 197.202.7.20:23065 | tcp | |
| PT | 95.136.8.201:16817 | udp | |
| RU | 5.44.6.177:2079 | udp | |
| IT | 93.34.237.68:18788 | udp | |
| PH | 180.190.208.65:8886 | udp | |
| BB | 65.48.167.8:21797 | udp | |
| EC | 102.177.166.75:6881 | udp | |
| US | 145.224.101.39:18233 | udp | |
| NL | 95.168.168.200:52908 | udp | |
| RU | 188.162.6.47:17637 | udp | |
| IT | 2.36.225.40:40815 | udp | |
| UA | 37.57.31.17:32000 | udp | |
| NO | 84.202.87.244:16430 | udp | |
| BR | 192.141.188.141:20537 | udp | |
| BR | 181.191.161.108:28294 | udp | |
| RU | 95.25.175.55:39473 | udp | |
| US | 18.191.2.28:6881 | udp | |
| RU | 79.105.116.113:2411 | udp | |
| BR | 189.201.249.13:6881 | udp | |
| KR | 175.213.130.196:7739 | udp | |
| GB | 94.174.73.98:6882 | udp | |
| NL | 165.140.119.114:27847 | udp | |
| RU | 82.194.247.10:4115 | udp | |
| DE | 91.59.251.27:51413 | udp | |
| CN | 180.97.50.210:6890 | udp |
Files
/var/spool/cron/crontabs/tmp.gydmVB
| MD5 | 0d9f567dc152036c07805d6a39f8484f |
| SHA1 | 1e91240d4daf47f1b58c08a37bc7e1ec1043b1a4 |
| SHA256 | 239d280a9a8eb4d82665c775e2f6aac27d9a8b66d37ec24f6955ec072fedefeb |
| SHA512 | ac73e472dddd75c17c15915d1fd15e78d4e5b63f96c088a27d1eb8a28a8e57bc46bc7642e614fffe69c0c5d23de50aab34baa7ee21e460c32bb3cc6a0947fac9 |
memory/718-1-0x00400000-0x0050a78c-memory.dmp