Analysis Overview
SHA256
f686accbe32136fab610609332b5b463049be4a85e1eb145311c9b3c137d253e
Threat Level: Shows suspicious behavior
The file mipsel.elf was found to be: Shows suspicious behavior.
Malicious Activity Summary
Renames itself
Creates/modifies Cron job
Reads hardware information
Checks hardware identifiers (DMI)
Enumerates running processes
Reads MAC address of network interface
Checks CPU configuration
Reads CPU attributes
Enumerates kernel/hardware configuration
Reads runtime system information
Writes file to tmp directory
System Network Configuration Discovery
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-03 05:28
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-03 05:28
Reported
2025-07-03 05:31
Platform
debian12-mipsel-20250619-en
Max time kernel
151s
Max time network
155s
Command Line
Signatures
Renames itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/mipsel.elf | N/A |
Checks hardware identifiers (DMI)
| Description | Indicator | Process | Target |
| File opened for reading | /sys/class/dmi/id/board_vendor | /root/.sys/configuration | N/A |
| File opened for reading | /sys/devices/virtual/dmi/id/board_vendor | /root/.sys/configuration | N/A |
Creates/modifies Cron job
| Description | Indicator | Process | Target |
| File opened for modification | /var/spool/cron/crontabs/tmp.x7oviY | /usr/bin/crontab | N/A |
Enumerates running processes
Reads MAC address of network interface
| Description | Indicator | Process | Target |
| File opened for reading | /sys/class/net/enp0s19/address | /root/.sys/configuration | N/A |
Reads hardware information
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/virtual/dmi/id/board_name | /root/.sys/configuration | N/A |
| File opened for reading | /sys/devices/virtual/dmi/id/product_uuid | /root/.sys/configuration | N/A |
| File opened for reading | /sys/class/dmi/id/board_name | /root/.sys/configuration | N/A |
| File opened for reading | /sys/class/dmi/id/product_uuid | /root/.sys/configuration | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /root/.sys/configuration | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/cpu0/cpufreq/cpuinfo_max_freq | /root/.sys/configuration | N/A |
Enumerates kernel/hardware configuration
| Description | Indicator | Process | Target |
| File opened for reading | /sys/class/net | /root/.sys/configuration | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/815/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/19/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/33/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/44/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/48/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/116/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/203/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/379/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/20/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/35/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/696/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/761/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/26/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/42/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/404/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/765/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/8/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/21/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/115/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/119/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/414/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/700/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/6/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/23/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/37/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/59/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/321/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/333/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/395/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/113/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/785/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/3/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/10/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/138/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/663/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/770/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/24/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/30/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/53/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/16/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/18/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/28/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/29/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/34/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/device-tree/model | /root/.sys/configuration | N/A |
| File opened for reading | /proc/11/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/58/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/112/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/114/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/137/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/392/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/406/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/5/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/9/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/13/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/15/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/47/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/782/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/804/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/818/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/mounts | /root/.sys/configuration | N/A |
| File opened for reading | /proc/762/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/7/cmdline | /root/.sys/configuration | N/A |
| File opened for reading | /proc/12/cmdline | /root/.sys/configuration | N/A |
System Network Configuration Discovery
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/mipsel.elf | N/A |
| N/A | N/A | /root/.sys/configuration | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/root1086f3d | /root/.sys/configuration | N/A |
Processes
/tmp/mipsel.elf
[/tmp/mipsel.elf]
/bin/sh
[sh -c crontab -l]
/usr/bin/crontab
[crontab -l]
/bin/sh
[sh -c (crontab -l ; echo "@reboot /root/.sys/configuration")| crontab -]
/usr/bin/crontab
[crontab -l]
/usr/bin/crontab
[crontab -]
/root/.sys/configuration
[/tmp/mipsel.elf]
Network
| Country | Destination | Domain | Proto |
| AU | 1.1.1.1:53 | debian12-mipsel-20250619-en-7 | udp |
| AU | 1.1.1.1:53 | debian12-mipsel-20250619-en-7 | udp |
| AU | 1.1.1.1:53 | time.cloudflare.com | udp |
| AU | 1.1.1.1:53 | bttracker.debian.org | udp |
| AU | 1.1.1.1:53 | router.bittorrent.com | udp |
| SE | 130.239.18.158:6881 | bttracker.debian.org | udp |
| US | 67.215.246.10:6881 | router.bittorrent.com | udp |
| FI | 135.181.238.57:50000 | udp | |
| FI | 65.21.129.56:50000 | udp | |
| FI | 37.27.119.190:50000 | udp | |
| FI | 65.21.125.166:50000 | udp | |
| NL | 178.162.174.82:28014 | udp | |
| SE | 130.239.18.158:8524 | bttracker.debian.org | udp |
| NL | 178.162.174.149:28001 | udp | |
| FI | 37.27.119.253:50000 | udp | |
| FI | 37.27.117.180:50000 | udp | |
| DE | 23.158.56.120:14017 | udp | |
| DE | 167.235.10.94:50000 | udp | |
| SE | 130.239.18.158:8516 | bttracker.debian.org | udp |
| NL | 37.48.86.173:28002 | udp | |
| RU | 94.140.135.117:15674 | udp | |
| SE | 130.239.18.158:8513 | bttracker.debian.org | udp |
| NL | 46.232.211.200:25759 | udp | |
| NL | 178.162.173.91:28003 | udp | |
| FR | 88.160.95.5:34785 | udp | |
| US | 69.50.95.40:12097 | udp | |
| FI | 37.27.119.244:50000 | udp | |
| NL | 5.79.66.11:54337 | udp | |
| SE | 46.59.108.221:33272 | udp | |
| FI | 37.27.119.120:50000 | udp | |
| UA | 31.31.121.179:8704 | udp | |
| SG | 43.133.45.199:50210 | udp | |
| NL | 178.162.174.1:28006 | udp | |
| FI | 65.21.128.233:50000 | udp | |
| RU | 109.229.232.55:6881 | udp | |
| FI | 37.27.107.125:50000 | udp | |
| JP | 106.139.123.86:7014 | udp | |
| FI | 65.21.128.218:50000 | udp | |
| FR | 37.187.102.86:51413 | udp | |
| FI | 37.27.119.119:50000 | udp | |
| RU | 185.175.44.241:51413 | udp | |
| FI | 37.27.119.179:50000 | udp | |
| FI | 37.27.119.175:50000 | udp | |
| FI | 65.21.128.238:50000 | udp | |
| FI | 37.27.117.250:50000 | udp | |
| NL | 178.162.173.97:28006 | udp | |
| FI | 65.21.128.250:50000 | udp | |
| FI | 37.27.104.49:50000 | udp | |
| FI | 65.21.128.235:50000 | udp | |
| FI | 135.181.238.117:50000 | udp | |
| FI | 37.27.120.62:50000 | udp | |
| FI | 37.27.119.242:50000 | udp | |
| FR | 176.31.250.123:51413 | udp | |
| FI | 37.27.117.49:50000 | udp | |
| FI | 37.27.117.113:50000 | udp | |
| FI | 65.21.129.47:50000 | udp | |
| DE | 23.158.56.119:10096 | udp | |
| RU | 5.19.248.133:51413 | udp | |
| FI | 37.27.103.253:50000 | udp | |
| FI | 37.27.117.251:50000 | udp | |
| FI | 65.21.128.216:50000 | udp | |
| FI | 135.181.227.243:50000 | udp | |
| NL | 37.48.95.194:41493 | udp | |
| US | 100.11.208.248:18631 | udp | |
| GB | 81.102.24.145:21967 | udp | |
| FR | 176.31.120.24:51413 | udp | |
| RU | 84.22.138.237:6881 | udp | |
| RU | 176.77.51.198:51413 | udp | |
| US | 71.34.173.137:9010 | udp | |
| FI | 135.181.227.248:50000 | udp | |
| FI | 65.21.129.53:50000 | udp | |
| NL | 95.211.81.107:51413 | udp | |
| FI | 37.27.117.125:50000 | udp | |
| ES | 213.94.23.64:35862 | udp | |
| FI | 37.27.119.248:50000 | udp | |
| NL | 185.203.56.49:25627 | udp | |
| FI | 37.27.119.251:50000 | udp | |
| FI | 37.27.117.48:50000 | udp | |
| NL | 178.162.174.43:28007 | udp | |
| CN | 116.232.182.218:15000 | udp | |
| NL | 178.162.174.5:28005 | udp | |
| RU | 109.248.217.202:6881 | udp | |
| JP | 153.193.192.152:60000 | udp | |
| FR | 178.33.233.79:8999 | udp | |
| FI | 95.216.14.165:50000 | udp | |
| FR | 195.154.233.74:6880 | udp | |
| DE | 195.201.153.69:50000 | udp | |
| NL | 45.80.169.122:6881 | udp | |
| FI | 135.181.115.53:50000 | udp | |
| FI | 37.27.117.59:50000 | udp | |
| NL | 95.168.168.200:40477 | udp | |
| FI | 37.27.120.47:50000 | udp | |
| SE | 130.239.18.158:8824 | bttracker.debian.org | udp |
| SE | 130.239.18.158:8580 | bttracker.debian.org | udp |
| MX | 189.218.30.152:24841 | udp | |
| SE | 130.239.18.158:8620 | bttracker.debian.org | udp |
| SE | 130.239.18.158:8597 | bttracker.debian.org | udp |
| TR | 78.180.11.32:47423 | udp | |
| US | 3.215.223.233:6880 | udp | |
| SE | 90.224.129.10:51413 | udp | |
| DE | 78.47.80.71:52287 | udp | |
| US | 3.133.238.179:6880 | udp | |
| RU | 46.249.18.90:51413 | udp | |
| NL | 178.162.173.141:28002 | udp | |
| DE | 141.95.53.34:8663 | udp | |
| FR | 163.172.147.202:51413 | udp | |
| NL | 89.149.200.92:28037 | udp | |
| NL | 178.162.174.31:28013 | udp | |
| NL | 212.32.255.118:28010 | udp | |
| NL | 5.79.73.211:6918 | udp | |
| NL | 185.203.56.53:25320 | udp | |
| DE | 57.129.45.77:8653 | udp | |
| NL | 178.162.174.224:28001 | udp | |
| GB | 81.153.103.174:6881 | udp | |
| RU | 176.57.72.125:62514 | udp | |
| CA | 107.159.28.214:6881 | udp | |
| FR | 193.32.126.149:42944 | udp | |
| US | 69.50.95.40:10080 | udp | |
| JP | 14.11.128.160:9142 | udp | |
| GB | 86.23.151.204:6881 | udp | |
| BR | 168.227.166.187:38567 | udp | |
| US | 142.202.48.88:14008 | udp | |
| ES | 87.221.100.231:3737 | udp | |
| UA | 146.120.161.48:25542 | udp | |
| RU | 79.139.129.30:2395 | udp | |
| US | 54.211.14.111:6882 | udp | |
| NL | 185.149.91.147:51005 | udp | |
| SG | 43.133.45.199:50000 | udp | |
| FI | 65.21.128.242:50000 | udp | |
| FI | 37.27.117.56:50000 | udp | |
| FI | 65.109.35.105:50000 | udp | |
| DE | 23.158.56.119:10043 | udp | |
| DE | 138.201.61.180:50000 | udp | |
| GB | 93.89.141.246:51413 | udp | |
| AL | 79.106.231.163:1434 | udp | |
| FI | 135.181.227.244:50000 | udp | |
| NL | 178.162.174.222:28014 | udp | |
| NL | 178.162.174.43:28004 | udp | |
| SE | 130.239.18.158:8515 | bttracker.debian.org | udp |
| NL | 178.162.173.132:28007 | udp | |
| SG | 43.133.45.199:50378 | udp | |
| US | 104.195.12.42:6881 | udp | |
| NL | 45.87.251.153:12720 | udp | |
| US | 45.203.206.54:6880 | udp | |
| HK | 42.3.12.72:8249 | udp | |
| UA | 78.26.151.86:41059 | udp | |
| NL | 178.162.173.139:28007 | udp | |
| DE | 23.158.56.120:18060 | udp | |
| NZ | 121.75.199.81:6881 | udp | |
| US | 184.58.69.89:6881 | udp | |
| RU | 83.222.74.164:51886 | udp | |
| GB | 86.19.58.208:25000 | udp | |
| JP | 117.109.38.88:18008 | udp | |
| UA | 46.150.69.165:61962 | udp | |
| DK | 77.33.124.165:20202 | udp | |
| US | 174.80.143.0:43295 | udp | |
| RU | 77.91.111.196:24876 | udp | |
| FR | 188.165.244.171:50417 | udp | |
| FI | 135.181.238.53:50000 | udp | |
| HK | 1.65.142.70:10489 | udp | |
| GB | 81.86.138.144:15206 | udp | |
| NL | 185.203.56.55:12337 | udp | |
| FR | 5.39.85.82:57493 | udp | |
| JP | 126.91.100.42:22481 | udp | |
| TW | 118.170.228.7:18720 | udp | |
| CA | 24.53.84.104:1024 | udp | |
| GB | 94.174.73.98:6882 | udp | |
| JP | 60.104.139.146:51413 | udp | |
| NL | 178.162.174.99:28003 | udp | |
| JP | 36.13.176.213:22314 | udp | |
| GR | 94.68.176.48:38354 | udp | |
| PK | 110.38.129.83:6881 | udp | |
| FR | 5.39.85.50:55196 | udp | |
| KZ | 46.8.151.172:12978 | udp | |
| IE | 51.186.46.120:38303 | udp | |
| JP | 111.104.215.113:6881 | udp | |
| RU | 217.117.248.129:6881 | udp | |
| AR | 190.49.78.71:6881 | udp | |
| CA | 96.21.46.22:6889 | udp | |
| NZ | 222.154.155.197:53805 | udp | |
| CA | 198.245.61.26:61221 | udp | |
| JP | 153.192.104.153:51413 | udp | |
| NL | 80.115.120.20:55552 | udp | |
| AU | 122.150.241.41:1477 | udp | |
| NL | 46.232.210.80:64118 | udp | |
| RU | 83.221.16.89:34339 | udp | |
| CN | 39.188.131.12:6488 | udp | |
| ES | 46.6.44.91:1796 | udp | |
| US | 108.12.214.239:14627 | udp | |
| RU | 109.163.219.187:1483 | udp | |
| CN | 112.23.122.241:16269 | udp | |
| HU | 145.236.138.251:8999 | udp | |
| NL | 178.162.174.223:28006 | udp | |
| RU | 5.164.13.50:6881 | udp | |
| US | 209.141.60.213:52166 | udp | |
| CZ | 90.176.81.95:6889 | udp | |
| FR | 5.135.191.122:51413 | udp | |
| KR | 114.129.231.113:40799 | udp | |
| SG | 188.214.125.180:59692 | udp | |
| DE | 193.37.152.156:11635 | udp | |
| US | 147.135.85.18:59265 | udp | |
| PE | 38.250.154.255:60306 | udp | |
| US | 34.82.107.197:60020 | udp | |
| JP | 113.153.192.104:14996 | udp | |
| NL | 188.89.193.6:6881 | udp | |
| KR | 222.100.58.95:6881 | udp | |
| PT | 95.136.8.201:16817 | udp | |
| KR | 175.206.217.212:41080 | udp | |
| IL | 77.125.73.120:6889 | udp | |
| UA | 94.244.59.101:33717 | udp | |
| EC | 102.177.166.75:6881 | udp | |
| KR | 121.184.149.108:7921 | udp | |
| RU | 94.181.254.195:39729 | udp | |
| MT | 46.11.31.89:42657 | udp | |
| RU | 5.79.198.231:6881 | udp | |
| RO | 84.117.192.23:48901 | udp | |
| IL | 62.56.149.79:4375 | udp | |
| KR | 121.153.208.202:32926 | udp | |
| EE | 82.131.43.24:6881 | udp | |
| HK | 123.202.78.150:24069 | udp | |
| CA | 108.172.158.203:62076 | udp | |
| IT | 93.34.237.68:18788 | udp | |
| AE | 94.202.152.28:48731 | udp | |
| CA | 75.157.68.26:23135 | udp | |
| IN | 144.24.119.225:51413 | udp | |
| NL | 87.212.191.246:43611 | udp | |
| IT | 79.51.105.110:6881 | udp | |
| N/A | 10.0.2.100:37844 | udp | |
| HU | 178.164.167.129:6881 | udp | |
| RU | 5.35.115.93:3331 | udp | |
| PK | 182.186.152.28:41963 | udp | |
| CN | 223.166.244.116:51413 | udp | |
| FR | 94.103.121.193:15271 | udp | |
| CN | 183.194.183.95:3215 | udp | |
| NL | 159.65.200.220:6814 | tcp | |
| PH | 120.29.90.87:5462 | udp | |
| CN | 117.65.152.254:33164 | udp | |
| TW | 114.34.175.132:6881 | udp | |
| CZ | 78.80.34.215:63580 | udp | |
| AU | 180.150.36.0:29940 | udp | |
| RU | 159.253.172.189:3949 | udp | |
| JO | 94.249.81.211:33198 | udp | |
| HU | 87.97.120.226:51413 | udp | |
| RU | 195.98.79.139:43493 | udp | |
| IN | 223.185.48.17:16717 | udp | |
| GB | 89.22.197.53:6881 | udp | |
| HU | 84.21.182.152:6881 | udp | |
| CN | 223.149.193.51:4512 | udp | |
| RU | 82.194.247.10:4115 | udp | |
| LV | 90.139.68.14:23056 | udp | |
| DE | 213.244.63.41:6287 | udp | |
| N/A | 10.0.2.100:60314 | udp | |
| FR | 5.39.85.155:52228 | udp | |
| SE | 87.251.203.105:6881 | udp | |
| CN | 114.228.87.136:57001 | udp | |
| CN | 180.173.60.255:51413 | udp | |
| PE | 190.232.205.193:38639 | udp | |
| AZ | 212.47.151.4:2465 | udp | |
| US | 54.214.62.31:6881 | udp | |
| GR | 79.130.166.254:54426 | udp | |
| IN | 223.184.243.101:30909 | udp | |
| KR | 175.208.71.36:33024 | udp | |
| RU | 95.153.180.32:59238 | udp | |
| US | 54.214.62.55:6881 | udp | |
| DE | 43.240.149.123:32681 | udp | |
| GB | 194.29.101.83:10240 | udp | |
| SG | 167.99.72.189:6881 | udp | |
| KR | 222.98.68.45:56416 | tcp | |
| DE | 91.0.54.231:6889 | udp | |
| GD | 192.214.127.87:28554 | udp | |
| BR | 45.183.241.11:53785 | udp | |
| PE | 38.25.10.132:1343 | udp | |
| FI | 37.27.113.233:30787 | udp | |
| GQ | 41.222.117.178:6881 | udp | |
| ID | 103.184.51.101:20496 | udp | |
| BR | 186.226.55.10:55261 | udp | |
| CN | 114.92.111.167:51212 | udp | |
| AU | 58.107.132.14:24567 | udp | |
| RU | 82.194.247.10:4094 | udp | |
| RU | 31.200.249.233:31819 | tcp | |
| NL | 159.65.200.220:6811 | tcp | |
| UA | 46.211.232.193:2269 | udp | |
| CA | 54.39.107.165:16481 | udp | |
| US | 35.167.186.212:6881 | udp | |
| IE | 54.194.124.68:6881 | udp | |
| BG | 83.97.64.97:1148 | udp | |
| CN | 121.27.84.81:30406 | udp | |
| RU | 185.141.77.190:16116 | udp | |
| IN | 103.59.75.105:22341 | udp | |
| IN | 110.226.183.10:8809 | udp | |
| CZ | 46.13.217.101:6881 | udp | |
| RU | 5.206.96.55:56416 | tcp | |
| DE | 209.38.196.30:6818 | tcp | |
| FR | 89.89.209.28:6881 | udp | |
| DE | 23.158.56.119:10085 | udp | |
| ID | 182.3.104.193:53981 | udp | |
| PE | 38.25.17.211:48788 | udp | |
| DE | 91.47.100.126:6889 | udp | |
| NL | 159.65.200.220:6813 | tcp | |
| IN | 152.59.34.217:49503 | udp | |
| FR | 176.31.183.98:41109 | udp | |
| US | 52.9.197.152:6881 | udp | |
| US | 18.191.2.28:6881 | udp | |
| JP | 13.114.205.93:6992 | udp | |
| CN | 106.14.195.230:11160 | udp | |
| EG | 105.196.62.186:49383 | udp | |
| MX | 189.195.205.43:56416 | tcp | |
| ID | 110.138.91.197:27304 | udp | |
| DE | 34.107.106.144:6881 | udp | |
| US | 34.57.159.4:6881 | udp | |
| GY | 190.80.34.215:47294 | udp | |
| US | 35.163.251.58:6881 | udp | |
| US | 43.130.56.223:6000 | udp | |
| US | 18.221.7.72:6881 | udp | |
| US | 13.58.27.33:6881 | udp | |
| IE | 54.194.124.68:6882 | udp | |
| CA | 54.39.52.183:18985 | udp | |
| US | 142.171.125.191:6881 | udp | |
| US | 45.59.100.69:6881 | udp | |
| CN | 106.14.195.230:11159 | udp | |
| PL | 54.36.168.18:46075 | udp | |
| SI | 46.122.67.75:56994 | udp | |
| GB | 90.195.112.79:42112 | udp | |
| RU | 77.37.132.206:5222 | udp | |
| NL | 178.162.174.170:28001 | udp | |
| ES | 93.176.180.96:6881 | udp | |
| FI | 65.21.125.170:50000 | udp | |
| FI | 65.21.34.43:50000 | udp | |
| SE | 130.239.18.158:8510 | bttracker.debian.org | udp |
| NL | 178.162.144.51:21183 | udp | |
| CL | 176.52.131.74:6880 | udp | |
| GB | 51.195.223.60:8647 | udp | |
| LT | 78.63.100.13:24803 | udp | |
| NL | 85.17.52.21:62046 | udp | |
| JP | 60.142.201.17:11695 | udp | |
| FR | 163.172.69.72:24242 | udp | |
| US | 34.200.68.90:5133 | udp | |
| US | 97.229.105.93:33699 | udp | |
| US | 157.245.232.159:51413 | udp | |
| CN | 221.229.52.111:6892 | udp | |
| US | 174.179.186.32:6881 | udp | |
| HK | 14.199.244.62:6881 | udp | |
| CA | 139.28.218.3:64259 | udp | |
| PT | 188.37.190.168:56416 | tcp | |
| NL | 213.152.161.25:38000 | udp | |
| NL | 5.79.93.242:61920 | udp | |
| KR | 121.177.206.247:7677 | udp | |
| BE | 195.16.5.111:56646 | udp | |
| KR | 210.96.75.129:61587 | udp | |
| KR | 59.7.247.226:7823 | udp | |
| PH | 129.227.177.22:60020 | udp | |
| RU | 5.142.161.192:49001 | udp | |
| US | 45.33.39.224:6881 | udp | |
| ID | 36.85.110.22:29080 | udp | |
| RU | 5.44.6.177:2079 | udp | |
| CN | 223.109.90.116:6892 | udp | |
| FR | 5.39.89.115:6881 | udp | |
| CN | 60.210.187.151:45779 | udp | |
| US | 71.222.67.201:49679 | udp | |
| RU | 176.49.217.162:6881 | udp | |
| MX | 187.189.95.208:56416 | tcp | |
| RO | 86.125.14.52:26023 | udp | |
| SG | 43.133.45.199:50028 | udp | |
| CA | 184.146.53.50:43375 | udp | |
| KR | 211.237.36.9:40861 | udp | |
| CH | 31.10.155.217:44031 | udp | |
| KR | 175.213.130.196:7739 | udp | |
| JP | 153.192.162.160:6889 | udp |
Files
/var/spool/cron/crontabs/tmp.x7oviY
| MD5 | f359112bebca2e5c3c28232388d11051 |
| SHA1 | d98ecfb84792a2028c28785e8af24a64c80a3289 |
| SHA256 | ba7334f1c35d8eb6b7adab9d5d25b97e17d05ac59cb043e348d0addc30b966a2 |
| SHA512 | d61ebbb8e7b12c0ce97f8c877908ef138c47c703f6d0ea9277aa6cd98578f83d76f0d6b35f5dc57dfb2ce6b711590f02ad8136dd2390b76b93e0598ef3bb301f |
memory/813-1-0x00400000-0x0050a78c-memory.dmp