Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/bot.x86.elf
|
/tmp/bot.x86.elf
|
||
|
/tmp/bot.x86.elf
|
-
|
||
|
/bin/sh
|
sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/bot.x86.elf bin/watchdog; chmod 777 bin/watchdog"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/rm
|
rm -rf bin/watchdog
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mkdir
|
mkdir bin
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mv
|
mv /tmp/bot.x86.elf bin/watchdog
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/chmod
|
chmod 777 bin/watchdog
|
||
|
/tmp/bot.x86.elf
|
-
|
||
|
/tmp/bot.x86.elf
|
-
|
||
|
/tmp/bot.x86.elf
|
-
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.b5Wv15YX0x /tmp/tmp.0KMjnFjb9Z /tmp/tmp.5S47IrwHi8
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.b5Wv15YX0x /tmp/tmp.0KMjnFjb9Z /tmp/tmp.5S47IrwHi8
|
There are 8 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
ok.ditmemost.click
|
103.237.87.24
|
 |
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
41.216.137.237
|
unknown
|
South Africa
|
|
|
|
157.157.170.176
|
unknown
|
Iceland
|
|
|
|
41.22.130.101
|
unknown
|
South Africa
|
||
|
197.219.152.197
|
unknown
|
Mozambique
|
||
|
41.140.45.247
|
unknown
|
Morocco
|
||
|
157.9.174.20
|
unknown
|
Japan
|
||
|
41.71.210.62
|
unknown
|
Nigeria
|
||
|
197.243.124.179
|
unknown
|
Rwanda
|
||
|
186.44.38.167
|
unknown
|
Trinidad and Tobago
|
||
|
41.251.165.152
|
unknown
|
Morocco
|
||
|
197.191.86.148
|
unknown
|
Ghana
|
||
|
157.8.236.252
|
unknown
|
Japan
|
||
|
41.185.54.177
|
unknown
|
South Africa
|
||
|
89.73.79.136
|
unknown
|
Poland
|
||
|
41.108.235.56
|
unknown
|
Algeria
|
||
|
41.102.197.116
|
unknown
|
Algeria
|
||
|
221.227.176.217
|
unknown
|
China
|
||
|
197.159.106.140
|
unknown
|
Kenya
|
||
|
41.248.235.151
|
unknown
|
Morocco
|
||
|
41.199.109.176
|
unknown
|
Egypt
|
||
|
157.87.184.70
|
unknown
|
United States
|
||
|
157.202.72.221
|
unknown
|
United States
|
||
|
118.55.100.92
|
unknown
|
Korea Republic of
|
||
|
138.204.96.28
|
unknown
|
Brazil
|
||
|
157.94.161.85
|
unknown
|
Finland
|
||
|
179.4.212.204
|
unknown
|
Chile
|
||
|
41.94.175.44
|
unknown
|
Mozambique
|
||
|
157.28.126.12
|
unknown
|
Italy
|
||
|
157.1.101.105
|
unknown
|
Japan
|
||
|
157.86.247.161
|
unknown
|
Brazil
|
||
|
157.145.56.65
|
unknown
|
United States
|
||
|
93.217.205.87
|
unknown
|
Germany
|
||
|
81.176.91.3
|
unknown
|
Russian Federation
|
||
|
41.239.14.72
|
unknown
|
Egypt
|
||
|
195.164.92.210
|
unknown
|
Poland
|
||
|
157.27.184.201
|
unknown
|
Italy
|
||
|
41.239.14.66
|
unknown
|
Egypt
|
||
|
94.169.120.4
|
unknown
|
Netherlands
|
||
|
197.104.43.250
|
unknown
|
South Africa
|
||
|
41.72.45.56
|
unknown
|
Angola
|
||
|
157.157.27.83
|
unknown
|
Iceland
|
||
|
41.254.158.169
|
unknown
|
Libyan Arab Jamahiriya
|
||
|
157.202.164.75
|
unknown
|
United States
|
||
|
197.105.164.190
|
unknown
|
South Africa
|
||
|
197.208.36.231
|
unknown
|
Sudan
|
||
|
41.229.61.101
|
unknown
|
Tunisia
|
||
|
197.96.112.92
|
unknown
|
South Africa
|
||
|
157.188.96.193
|
unknown
|
United States
|
||
|
41.152.180.67
|
unknown
|
Egypt
|
||
|
86.136.102.65
|
unknown
|
United Kingdom
|
||
|
197.234.120.187
|
unknown
|
Namibia
|
||
|
188.46.17.155
|
unknown
|
Germany
|
||
|
41.22.177.104
|
unknown
|
South Africa
|
||
|
197.240.178.147
|
unknown
|
unknown
|
||
|
157.169.23.65
|
unknown
|
France
|
||
|
63.183.112.7
|
unknown
|
United States
|
||
|
41.108.211.64
|
unknown
|
Algeria
|
||
|
174.87.145.212
|
unknown
|
United States
|
||
|
197.116.172.196
|
unknown
|
Algeria
|
||
|
175.240.178.141
|
unknown
|
Korea Republic of
|
||
|
41.115.224.92
|
unknown
|
South Africa
|
||
|
157.203.74.44
|
unknown
|
United Kingdom
|
||
|
122.22.148.4
|
unknown
|
Japan
|
||
|
197.242.182.176
|
unknown
|
Central African Republic
|
||
|
142.91.37.65
|
unknown
|
United States
|
||
|
197.254.144.39
|
unknown
|
Lesotho
|
||
|
41.12.183.243
|
unknown
|
South Africa
|
||
|
41.172.244.62
|
unknown
|
South Africa
|
||
|
197.163.51.148
|
unknown
|
Egypt
|
||
|
41.230.163.216
|
unknown
|
Tunisia
|
||
|
42.23.124.174
|
unknown
|
Korea Republic of
|
||
|
157.69.28.214
|
unknown
|
Japan
|
||
|
41.43.19.122
|
unknown
|
Egypt
|
||
|
170.213.42.79
|
unknown
|
United States
|
||
|
218.108.146.71
|
unknown
|
China
|
||
|
41.50.13.193
|
unknown
|
South Africa
|
||
|
41.203.238.19
|
unknown
|
Burkina Faso
|
||
|
197.187.29.175
|
unknown
|
Tanzania United Republic of
|
||
|
41.206.119.136
|
unknown
|
Mauritius
|
||
|
197.26.118.163
|
unknown
|
Tunisia
|
||
|
157.13.100.124
|
unknown
|
Japan
|
||
|
157.98.109.173
|
unknown
|
United States
|
||
|
157.88.251.144
|
unknown
|
Spain
|
||
|
41.216.51.187
|
unknown
|
Benin
|
||
|
157.209.241.252
|
unknown
|
United States
|
||
|
157.62.205.19
|
unknown
|
United States
|
||
|
197.61.182.143
|
unknown
|
Egypt
|
||
|
157.105.172.20
|
unknown
|
Japan
|
||
|
197.87.109.48
|
unknown
|
South Africa
|
||
|
149.64.42.65
|
unknown
|
United States
|
||
|
41.132.61.250
|
unknown
|
South Africa
|
||
|
157.89.141.208
|
unknown
|
United States
|
||
|
157.115.142.143
|
unknown
|
Japan
|
||
|
157.236.254.189
|
unknown
|
United Kingdom
|
||
|
197.180.107.73
|
unknown
|
Kenya
|
||
|
41.171.143.191
|
unknown
|
South Africa
|
||
|
197.230.184.221
|
unknown
|
Morocco
|
||
|
75.183.204.30
|
unknown
|
United States
|
||
|
197.224.173.231
|
unknown
|
Mauritius
|
||
|
223.175.95.38
|
unknown
|
Korea Republic of
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
805a000
|
page execute read
|
|
||
|
805f000
|
page read and write
|
|||
|
f7f9e000
|
page execute read
|
|||
|
ffa06000
|
page read and write
|
|||
|
831a000
|
page read and write
|
|||
|
8064000
|
page read and write
|