Files
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/na.elf
|
/tmp/na.elf
|
||
|
/tmp/na.elf
|
-
|
||
|
/bin/sh
|
sh -c "pgrep na.elf"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/pgrep
|
pgrep na.elf
|
||
|
/tmp/na.elf
|
-
|
||
|
/bin/sh
|
sh -c "pgrep uplugplay"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/pgrep
|
pgrep uplugplay
|
||
|
/tmp/na.elf
|
-
|
||
|
/bin/sh
|
sh -c "pidof uplugplay"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/pidof
|
pidof uplugplay
|
||
|
/tmp/na.elf
|
-
|
||
|
/bin/sh
|
sh -c "pgrep upnpsetup"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/pgrep
|
pgrep upnpsetup
|
||
|
/tmp/na.elf
|
-
|
||
|
/bin/sh
|
sh -c "pidof upnpsetup"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/pidof
|
pidof upnpsetup
|
||
|
/tmp/na.elf
|
-
|
||
|
/bin/sh
|
sh -c "systemctl daemon-reload"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/systemctl
|
systemctl daemon-reload
|
||
|
/tmp/na.elf
|
-
|
||
|
/bin/sh
|
sh -c "systemctl enable uplugplay.service"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/systemctl
|
systemctl enable uplugplay.service
|
||
|
/tmp/na.elf
|
-
|
||
|
/bin/sh
|
sh -c "systemctl start uplugplay.service"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/systemctl
|
systemctl start uplugplay.service
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/system-environment-generators/snapd-env-generator
|
/usr/lib/systemd/system-environment-generators/snapd-env-generator
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/lib/systemd/system-environment-generators/snapd-env-generator
|
/usr/lib/systemd/system-environment-generators/snapd-env-generator
|
||
|
/usr/lib/systemd/systemd
|
-
|
||
|
/usr/sbin/uplugplay
|
/usr/sbin/uplugplay
|
||
|
/usr/sbin/uplugplay
|
-
|
||
|
/usr/sbin/uplugplay
|
-
|
||
|
/bin/sh
|
sh -c "/usr/sbin/uplugplay -Dcomsvc"
|
||
|
/bin/sh
|
-
|
||
|
/usr/sbin/uplugplay
|
/usr/sbin/uplugplay -Dcomsvc
|
||
|
/usr/sbin/uplugplay
|
-
|
||
|
/bin/sh
|
sh -c "nslookup p3.feefreepool.net 8.8.8.8"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/nslookup
|
nslookup p3.feefreepool.net 8.8.8.8
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.m5dSB2970R /tmp/tmp.YrBvcwmsHN /tmp/tmp.WJbxXbs2va
|
||
|
/usr/bin/dash
|
-
|
||
|
/usr/bin/rm
|
rm -f /tmp/tmp.m5dSB2970R /tmp/tmp.YrBvcwmsHN /tmp/tmp.WJbxXbs2va
|
There are 42 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://p3.feefreepool.net/cgi-bin/prometei.cgihttp://dummy.zero/cgi-bin/prometei.cgihttps://gb7ni5rg
|
unknown
|
||
|
https://bugs.launchpad.net/ubuntu/
|
unknown
|
||
|
http://mkhkjxgchtfgu7uhofxzgoawntfzrkdccymveektqgpxrpjb72oq.b32.i2p/cgi-bin/prometei.cgi
|
unknown
|
||
|
http://p3.feefreepool.net/cgi-bin/prometei.cgi
|
unknown
|
||
|
https://gb7ni5rgeexdcncj.onion/cgi-bin/prometei.cgi
|
unknown
|
||
|
http://%s/cgi-bin/prometei.cgi
|
unknown
|
||
|
http://%s/cgi-bin/prometei.cgi?r=0&auth=hash&i=%s&enckey=%shttp://%s/cgi-bin/prometei.cgi%m%d%yxinch
|
unknown
|
||
|
https://http:///:.onion.i2p.zeroGET
|
unknown
|
||
|
http://dummy.zero/cgi-bin/prometei.cgi
|
unknown
|
||
|
http://%s/cgi-bin/prometei.cgi?r=0&auth=hash&i=%s&enckey=%s
|
unknown
|
Domains
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
p3.feefreepool.net
|
88.198.246.242
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
88.198.246.242
|
p3.feefreepool.net
|
Germany
|
||
|
34.249.145.219
|
unknown
|
United States
|
||
|
109.202.202.202
|
unknown
|
Switzerland
|
||
|
91.189.91.43
|
unknown
|
United Kingdom
|
||
|
91.189.91.42
|
unknown
|
United Kingdom
|
Memdumps
There are 55 hidden memdumps, click here to show them.