IOC Report
tftp.elf

loading gifProcessesIPsMemdumps20102Label

Processes

Path
Cmdline
Malicious
/tmp/tftp.elf
/tmp/tftp.elf
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.OGgumjUYWx /tmp/tmp.4dxlHcGEqS /tmp/tmp.pynADpsMy4
/usr/bin/dash
-
/usr/bin/rm
rm -f /tmp/tmp.OGgumjUYWx /tmp/tmp.4dxlHcGEqS /tmp/tmp.pynADpsMy4

IPs

IP
Domain
Country
Malicious
34.249.145.219
unknown
United States
109.202.202.202
unknown
Switzerland
91.189.91.43
unknown
United Kingdom
91.189.91.42
unknown
United Kingdom

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
7ff96007c000
page read and write
7fff6efb4000
page execute read
7ffa67950000
page read and write
7ffa68e32000
page read and write
7ffa60021000
page read and write
7ffa68b28000
page read and write
7ff960072000
page execute read
5560ec619000
page execute read
7ffa687b7000
page read and write
7ffa687da000
page read and write
7ffa68d09000
page read and write
7ffa6854c000
page read and write
7ffa681ea000
page read and write
5560ee888000
page read and write
7ffa68e9b000
page read and write
7ffa68158000
page read and write
7ffa68946000
page read and write
7fff6ef89000
page read and write
5560ec873000
page read and write
5560ec86a000
page read and write
7ff960088000
page read and write
5560eea69000
page read and write
7ffa68e56000
page read and write
5560ee872000
page execute and read and write
There are 14 hidden memdumps, click here to show them.