IOC Report
mips.elf

loading gif

Processes

Path
Cmdline
Malicious
/tmp/mips.elf
/tmp/mips.elf
/tmp/mips.elf
-
/bin/sh
sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/mips.elf bin/watchdog; chmod 777 bin/watchdog"
/bin/sh
-
/usr/bin/rm
rm -rf bin/watchdog
/bin/sh
-
/usr/bin/mkdir
mkdir bin
/bin/sh
-
/usr/bin/mv
mv /tmp/mips.elf bin/watchdog
/bin/sh
-
/usr/bin/chmod
chmod 777 bin/watchdog
/tmp/mips.elf
-
/tmp/mips.elf
-
/tmp/mips.elf
-
There are 4 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://schemas.xmlsoap.org/soap/encoding/
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

Domains

Name
IP
Malicious
net.tiktoka.cc
81.161.238.2
 malicious

IPs

IP
Domain
Country
Malicious
197.28.210.159
unknown
Tunisia
malicious
190.173.78.52
unknown
Argentina
malicious
197.86.191.195
unknown
South Africa
157.222.216.74
unknown
United States
157.3.199.155
unknown
Japan
41.102.161.63
unknown
Algeria
157.240.37.36
unknown
United States
197.0.2.59
unknown
Tunisia
59.158.171.15
unknown
Japan
197.10.101.76
unknown
Tunisia
42.29.89.82
unknown
Korea Republic of
118.123.10.180
unknown
China
197.53.106.91
unknown
Egypt
41.40.138.120
unknown
Egypt
157.37.190.52
unknown
India
197.81.146.223
unknown
South Africa
197.207.242.219
unknown
Algeria
197.126.206.157
unknown
Egypt
157.215.239.61
unknown
United States
41.51.146.164
unknown
South Africa
41.134.159.195
unknown
South Africa
157.9.138.189
unknown
Japan
157.146.250.110
unknown
United States
60.66.153.74
unknown
Japan
157.63.106.202
unknown
Japan
41.216.98.152
unknown
Mauritius
197.170.47.2
unknown
South Africa
157.35.115.12
unknown
India
197.78.70.189
unknown
South Africa
96.43.213.119
unknown
United States
41.196.116.158
unknown
Egypt
197.81.146.235
unknown
South Africa
157.133.26.159
unknown
United States
60.77.250.216
unknown
Japan
41.85.100.13
unknown
South Africa
81.104.122.38
unknown
United Kingdom
41.12.1.13
unknown
South Africa
157.191.234.98
unknown
United States
222.160.117.217
unknown
China
197.51.4.228
unknown
Egypt
41.102.161.88
unknown
Algeria
197.102.85.206
unknown
South Africa
157.135.242.112
unknown
United States
41.8.195.171
unknown
South Africa
197.53.143.25
unknown
Egypt
121.42.24.63
unknown
China
213.220.10.117
unknown
Spain
197.48.170.216
unknown
Egypt
41.189.99.54
unknown
unknown
197.93.232.124
unknown
South Africa
197.193.220.63
unknown
Egypt
41.182.70.109
unknown
Namibia
157.158.200.101
unknown
Poland
197.60.144.64
unknown
Egypt
41.27.15.47
unknown
South Africa
80.189.232.15
unknown
United Kingdom
157.112.173.20
unknown
Japan
109.141.247.2
unknown
Belgium
157.182.44.124
unknown
United States
41.166.29.136
unknown
South Africa
157.128.62.205
unknown
Australia
157.212.14.253
unknown
United States
197.96.225.188
unknown
South Africa
157.90.191.234
unknown
United States
41.8.25.63
unknown
South Africa
157.200.138.11
unknown
Finland
41.133.169.247
unknown
South Africa
41.186.134.46
unknown
Rwanda
41.175.162.160
unknown
South Africa
197.89.159.96
unknown
South Africa
197.69.172.132
unknown
South Africa
158.219.62.100
unknown
United States
197.231.126.216
unknown
Gabon
103.187.127.142
unknown
unknown
41.76.243.152
unknown
Botswana
41.18.170.131
unknown
South Africa
41.195.173.26
unknown
South Africa
41.209.107.9
unknown
Sudan
157.53.212.186
unknown
United States
197.162.72.178
unknown
Egypt
157.7.0.222
unknown
Japan
157.232.147.220
unknown
United States
157.88.251.153
unknown
Spain
157.182.68.33
unknown
United States
197.96.136.44
unknown
South Africa
157.22.239.174
unknown
United States
41.236.54.226
unknown
Egypt
191.184.146.233
unknown
Brazil
157.94.185.86
unknown
Finland
157.78.157.54
unknown
Japan
41.182.22.240
unknown
Namibia
197.73.232.58
unknown
South Africa
41.74.5.104
unknown
Benin
197.137.250.230
unknown
Kenya
197.223.159.174
unknown
Egypt
41.111.4.118
unknown
Algeria
41.130.176.239
unknown
Egypt
197.211.126.35
unknown
Malawi
197.184.187.199
unknown
South Africa
41.248.245.56
unknown
Morocco
There are 90 hidden IPs, click here to show them.

Memdumps

Base Address
Regiontype
Protect
Malicious
7f81b0414000
page execute read
 malicious
555ea539c000
page read and write
555ea9321000
page read and write
555ea5114000
page execute read
555ea73a4000
page execute and read and write
7f8235fb1000
page read and write
7f8236322000
page read and write
7f823514a000
page read and write
7f8235960000
page read and write
7f8236503000
page read and write
7f823662c000
page read and write
7f8230000000
page read and write
555ea53a6000
page read and write
7f8235fd4000
page read and write
7f8235952000
page read and write
7f8235c10000
page read and write
7f8235ff1000
page read and write
7f8230021000
page read and write
7ffcef251000
page read and write
7f81b0457000
page read and write
7ffcef347000
page execute read
7f81b0455000
page read and write
7f8236634000
page read and write
7f8236679000
page read and write
555ea73bb000
page read and write
There are 15 hidden memdumps, click here to show them.