IOC Report
bot.mips.elf

loading gif

Processes

Path
Cmdline
Malicious
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.fJbKUjLhZK /tmp/tmp.jITdQkyDi6 /tmp/tmp.ezyJVGdGlK
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.fJbKUjLhZK
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/cat
cat /tmp/tmp.fJbKUjLhZK
/usr/bin/dash
-
/usr/bin/head
head -n 10
/usr/bin/dash
-
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
-
/usr/bin/cut
cut -c -80
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.fJbKUjLhZK /tmp/tmp.jITdQkyDi6 /tmp/tmp.ezyJVGdGlK
/tmp/bot.mips.elf
/tmp/bot.mips.elf
/tmp/bot.mips.elf
-
/bin/sh
sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/bot.mips.elf bin/systemd; chmod 777 bin/systemd"
/bin/sh
-
/usr/bin/rm
rm -rf bin/systemd
/bin/sh
-
/usr/bin/mkdir
mkdir bin
/bin/sh
-
/usr/bin/mv
mv /tmp/bot.mips.elf bin/systemd
/bin/sh
-
/usr/bin/chmod
chmod 777 bin/systemd
/tmp/bot.mips.elf
-
/tmp/bot.mips.elf
-
/tmp/bot.mips.elf
-
There are 24 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

Domains

Name
IP
Malicious
ok.ditmemost.click
103.237.87.24
 malicious

IPs

IP
Domain
Country
Malicious
197.79.206.144
unknown
South Africa
malicious
197.181.194.135
unknown
Kenya
malicious
41.219.178.141
unknown
Nigeria
malicious
197.66.231.29
unknown
South Africa
malicious
41.83.192.168
unknown
Senegal
malicious
197.206.175.80
unknown
Algeria
90.251.5.237
unknown
United Kingdom
157.68.151.178
unknown
Japan
58.49.78.186
unknown
China
41.234.146.131
unknown
Egypt
197.190.59.216
unknown
Ghana
197.12.117.144
unknown
Tunisia
197.186.231.232
unknown
Tanzania United Republic of
222.150.8.32
unknown
Japan
41.152.179.67
unknown
Egypt
185.45.42.45
unknown
San Marino
51.80.94.232
unknown
United States
181.201.196.55
unknown
Chile
157.85.122.36
unknown
Australia
41.77.4.244
unknown
Zambia
41.47.77.51
unknown
Egypt
157.49.25.116
unknown
India
157.0.158.210
unknown
China
41.57.220.65
unknown
Ghana
98.245.240.144
unknown
United States
41.12.1.18
unknown
South Africa
157.229.130.125
unknown
United States
157.134.251.65
unknown
United States
51.14.57.168
unknown
United Kingdom
41.187.159.137
unknown
Egypt
125.35.6.75
unknown
China
41.207.194.4
unknown
Cote D'ivoire
197.255.209.186
unknown
Nigeria
41.97.63.140
unknown
Algeria
41.92.113.30
unknown
Morocco
4.244.51.161
unknown
United States
197.15.63.191
unknown
Tunisia
157.117.69.108
unknown
Japan
88.130.201.26
unknown
Germany
41.175.162.109
unknown
South Africa
197.89.48.95
unknown
South Africa
197.191.9.239
unknown
Ghana
197.251.226.253
unknown
Ghana
71.6.145.27
unknown
United States
91.111.112.200
unknown
United Kingdom
36.139.185.201
unknown
China
157.232.65.248
unknown
United States
157.239.195.247
unknown
Singapore
157.118.211.34
unknown
Japan
122.137.247.254
unknown
China
197.85.129.166
unknown
South Africa
197.219.251.79
unknown
Mozambique
81.158.88.113
unknown
United Kingdom
197.123.112.50
unknown
Egypt
41.204.140.232
unknown
Tanzania United Republic of
157.222.204.47
unknown
United States
41.195.136.96
unknown
South Africa
41.219.218.250
unknown
unknown
197.74.23.156
unknown
South Africa
41.1.2.8
unknown
South Africa
157.159.2.54
unknown
France
41.45.188.7
unknown
Egypt
157.107.251.187
unknown
Japan
41.192.181.176
unknown
South Africa
41.226.180.48
unknown
Tunisia
41.188.135.90
unknown
Tanzania United Republic of
1.230.139.87
unknown
Korea Republic of
41.125.20.243
unknown
South Africa
157.91.133.212
unknown
United States
108.86.69.50
unknown
United States
157.196.121.237
unknown
United States
80.135.84.122
unknown
Germany
197.37.36.129
unknown
Egypt
197.131.5.147
unknown
Morocco
118.233.65.178
unknown
Taiwan; Republic of China (ROC)
41.136.251.147
unknown
Mauritius
197.165.205.132
unknown
Egypt
197.204.9.251
unknown
Algeria
39.48.17.203
unknown
Pakistan
157.240.97.159
unknown
United States
156.66.230.5
unknown
United States
161.37.249.147
unknown
Spain
197.244.44.243
unknown
unknown
197.10.37.116
unknown
Tunisia
41.165.255.17
unknown
South Africa
197.168.180.97
unknown
South Africa
197.186.143.237
unknown
Tanzania United Republic of
157.194.241.231
unknown
United States
41.141.184.225
unknown
Morocco
197.92.3.182
unknown
South Africa
211.145.197.187
unknown
China
177.111.39.28
unknown
Brazil
41.0.245.231
unknown
South Africa
157.194.241.235
unknown
United States
197.69.172.124
unknown
South Africa
197.23.201.15
unknown
Tunisia
41.117.2.45
unknown
South Africa
197.102.171.144
unknown
South Africa
102.69.223.41
unknown
Ghana
47.182.85.180
unknown
United States
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7f0c74427000
page execute read
 malicious
7f0cf4021000
page read and write
7f0cf8e40000
page read and write
7f0cfa018000
page read and write
7f0cfa322000
page read and write
7f0cfa32a000
page read and write
55c457d62000
page execute and read and write
55c455d5a000
page read and write
7f0c7446d000
page read and write
7f0c74472000
page read and write
7f0cf9906000
page read and write
7f0cfa36f000
page read and write
55c455ad2000
page execute read
7ffcc88a4000
page read and write
7f0cf9ca7000
page read and write
7ffcc8989000
page execute read
7f0cf9656000
page read and write
55c457d79000
page read and write
7f0cf9cca000
page read and write
7f0cf4000000
page read and write
55c458c79000
page read and write
7f0cf9ce7000
page read and write
7f0cfa1f9000
page read and write
55c455d64000
page read and write
7f0cf9648000
page read and write
There are 15 hidden memdumps, click here to show them.