Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/botnet.sh4.elf
|
/tmp/botnet.sh4.elf
|
||
|
/tmp/botnet.sh4.elf
|
-
|
||
|
/bin/sh
|
sh -c "rm -rf bin/watchdog && mkdir bin; >bin/watchdog && mv /tmp/botnet.sh4.elf bin/watchdog; chmod 777 bin/watchdog"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/rm
|
rm -rf bin/watchdog
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mkdir
|
mkdir bin
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mv
|
mv /tmp/botnet.sh4.elf bin/watchdog
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/chmod
|
chmod 777 bin/watchdog
|
||
|
/tmp/botnet.sh4.elf
|
-
|
||
|
/tmp/botnet.sh4.elf
|
-
|
There are 3 hidden processes, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
138.63.125.11
|
unknown
|
France
|
||
|
119.205.45.79
|
unknown
|
Korea Republic of
|
||
|
142.87.23.195
|
unknown
|
Canada
|
||
|
150.238.200.240
|
unknown
|
United States
|
||
|
163.200.173.140
|
unknown
|
South Africa
|
||
|
176.58.114.161
|
unknown
|
United Kingdom
|
||
|
80.164.68.250
|
unknown
|
Denmark
|
||
|
122.30.188.169
|
unknown
|
Japan
|
||
|
18.213.127.0
|
unknown
|
United States
|
||
|
75.227.87.52
|
unknown
|
United States
|
||
|
76.75.107.206
|
unknown
|
Canada
|
||
|
63.41.223.109
|
unknown
|
United States
|
||
|
169.67.233.184
|
unknown
|
United States
|
||
|
135.131.117.107
|
unknown
|
United States
|
||
|
94.99.145.12
|
unknown
|
Saudi Arabia
|
||
|
43.237.1.167
|
unknown
|
China
|
||
|
94.205.84.252
|
unknown
|
United Arab Emirates
|
||
|
25.212.211.73
|
unknown
|
United Kingdom
|
||
|
151.24.144.99
|
unknown
|
Italy
|
||
|
114.73.83.200
|
unknown
|
Australia
|
||
|
5.95.141.135
|
unknown
|
Italy
|
||
|
153.105.55.66
|
unknown
|
United States
|
||
|
67.109.70.43
|
unknown
|
United States
|
||
|
43.159.230.50
|
unknown
|
Japan
|
||
|
129.186.49.251
|
unknown
|
United States
|
||
|
95.153.100.167
|
unknown
|
Moldova Republic of
|
||
|
200.17.105.133
|
unknown
|
Brazil
|
||
|
160.54.128.194
|
unknown
|
Germany
|
||
|
108.216.17.223
|
unknown
|
United States
|
||
|
189.195.108.191
|
unknown
|
Mexico
|
||
|
193.113.141.60
|
unknown
|
United Kingdom
|
||
|
85.112.35.24
|
unknown
|
Russian Federation
|
||
|
100.50.152.236
|
unknown
|
United States
|
||
|
91.163.182.24
|
unknown
|
France
|
||
|
110.15.90.163
|
unknown
|
Korea Republic of
|
||
|
185.132.88.111
|
unknown
|
Spain
|
||
|
165.195.13.52
|
unknown
|
United States
|
||
|
213.81.108.104
|
unknown
|
United Kingdom
|
||
|
161.52.160.11
|
unknown
|
Sweden
|
||
|
221.196.253.124
|
unknown
|
China
|
||
|
31.136.25.50
|
unknown
|
Netherlands
|
||
|
139.126.233.194
|
unknown
|
United States
|
||
|
74.106.250.30
|
unknown
|
United States
|
||
|
159.238.149.208
|
unknown
|
United States
|
||
|
12.224.217.200
|
unknown
|
United States
|
||
|
18.36.184.138
|
unknown
|
United States
|
||
|
42.45.38.1
|
unknown
|
Korea Republic of
|
||
|
8.214.119.92
|
unknown
|
Singapore
|
||
|
69.115.11.130
|
unknown
|
United States
|
||
|
217.101.122.87
|
unknown
|
Netherlands
|
||
|
86.124.0.13
|
unknown
|
Romania
|
||
|
51.14.57.174
|
unknown
|
United Kingdom
|
||
|
19.172.30.38
|
unknown
|
United States
|
||
|
113.78.206.70
|
unknown
|
China
|
||
|
90.176.122.88
|
unknown
|
Czech Republic
|
||
|
4.204.173.40
|
unknown
|
United States
|
||
|
87.176.167.172
|
unknown
|
Germany
|
||
|
142.29.42.175
|
unknown
|
Canada
|
||
|
80.137.246.136
|
unknown
|
Germany
|
||
|
18.185.59.10
|
unknown
|
United States
|
||
|
63.93.193.113
|
unknown
|
United States
|
||
|
137.86.74.231
|
unknown
|
United States
|
||
|
67.128.225.80
|
unknown
|
United States
|
||
|
115.151.251.164
|
unknown
|
China
|
||
|
71.139.63.99
|
unknown
|
United States
|
||
|
218.248.52.211
|
unknown
|
India
|
||
|
119.123.85.43
|
unknown
|
China
|
||
|
97.48.244.139
|
unknown
|
United States
|
||
|
88.223.59.31
|
unknown
|
Lithuania
|
||
|
2.62.215.176
|
unknown
|
Russian Federation
|
||
|
194.70.178.158
|
unknown
|
United Kingdom
|
||
|
62.18.206.129
|
unknown
|
Italy
|
||
|
140.216.161.162
|
unknown
|
United States
|
||
|
86.179.119.21
|
unknown
|
United Kingdom
|
||
|
138.193.9.10
|
unknown
|
United States
|
||
|
13.119.99.73
|
unknown
|
United States
|
||
|
50.8.141.84
|
unknown
|
United States
|
||
|
77.207.34.248
|
unknown
|
France
|
||
|
184.19.32.177
|
unknown
|
United States
|
||
|
36.199.186.124
|
unknown
|
China
|
||
|
182.56.36.7
|
unknown
|
India
|
||
|
137.196.218.118
|
unknown
|
Malawi
|
||
|
73.58.99.140
|
unknown
|
United States
|
||
|
81.30.69.154
|
unknown
|
Netherlands
|
||
|
145.74.230.177
|
unknown
|
Netherlands
|
||
|
83.8.145.162
|
unknown
|
Poland
|
||
|
32.218.26.170
|
unknown
|
United States
|
||
|
95.86.79.96
|
unknown
|
Israel
|
||
|
201.111.54.93
|
unknown
|
Mexico
|
||
|
47.148.178.12
|
unknown
|
United States
|
||
|
130.52.116.206
|
unknown
|
United States
|
||
|
12.111.67.45
|
unknown
|
United States
|
||
|
108.20.244.91
|
unknown
|
United States
|
||
|
52.7.231.169
|
unknown
|
United States
|
||
|
220.47.115.208
|
unknown
|
Japan
|
||
|
101.124.183.187
|
unknown
|
China
|
||
|
202.134.23.87
|
unknown
|
Viet Nam
|
||
|
60.185.65.156
|
unknown
|
China
|
||
|
35.47.220.99
|
unknown
|
United States
|
||
|
174.29.230.196
|
unknown
|
United States
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7f6e18412000
|
page execute read
|
 |
||
|
55af7d2bc000
|
page read and write
|
|||
|
7f6e9cbe4000
|
page read and write
|
|||
|
7f6e9d6dc000
|
page read and write
|
|||
|
7f6e9c3e1000
|
page read and write
|
|||
|
7f6e18425000
|
page read and write
|
|||
|
55af80fc7000
|
page read and write
|
|||
|
7f6e9d243000
|
page read and write
|
|||
|
7f6e98021000
|
page read and write
|
|||
|
7f6e98000000
|
page read and write
|
|||
|
55af7d09e000
|
page execute read
|
|||
|
7fffc2960000
|
page read and write
|
|||
|
55af7d2b4000
|
page read and write
|
|||
|
55af7f2d1000
|
page read and write
|
|||
|
7f6e9d5b3000
|
page read and write
|
|||
|
55af7f2ba000
|
page execute and read and write
|
|||
|
7f6e9d729000
|
page read and write
|
|||
|
7f6e18422000
|
page read and write
|
|||
|
7f6e9ce81000
|
page read and write
|
|||
|
7fffc29b5000
|
page execute read
|
|||
|
7f6e9d6e4000
|
page read and write
|
|||
|
7f6e9cbf2000
|
page read and write
|
|||
|
7f6e9d268000
|
page read and write
|
There are 13 hidden memdumps, click here to show them.