Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/botnet.spc.elf
|
/tmp/botnet.spc.elf
|
||
|
/tmp/botnet.spc.elf
|
-
|
||
|
/bin/sh
|
sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/botnet.spc.elf bin/systemd; chmod 777 bin/systemd"
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/rm
|
rm -rf bin/systemd
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mkdir
|
mkdir bin
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/mv
|
mv /tmp/botnet.spc.elf bin/systemd
|
||
|
/bin/sh
|
-
|
||
|
/usr/bin/chmod
|
chmod 777 bin/systemd
|
||
|
/tmp/botnet.spc.elf
|
-
|
||
|
/tmp/botnet.spc.elf
|
-
|
There are 3 hidden processes, click here to show them.
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
170.66.217.97
|
unknown
|
Brazil
|
||
|
62.67.141.40
|
unknown
|
United Kingdom
|
||
|
223.84.206.117
|
unknown
|
China
|
||
|
221.209.74.255
|
unknown
|
China
|
||
|
14.0.148.1
|
unknown
|
Hong Kong
|
||
|
216.64.133.168
|
unknown
|
United States
|
||
|
12.3.217.232
|
unknown
|
United States
|
||
|
122.115.144.121
|
unknown
|
China
|
||
|
61.163.196.142
|
unknown
|
China
|
||
|
152.137.232.84
|
unknown
|
United States
|
||
|
156.6.251.92
|
unknown
|
United States
|
||
|
155.15.159.184
|
unknown
|
Canada
|
||
|
164.242.33.99
|
unknown
|
United States
|
||
|
118.245.96.165
|
unknown
|
China
|
||
|
192.231.16.78
|
unknown
|
United States
|
||
|
145.122.114.170
|
unknown
|
Netherlands
|
||
|
81.32.155.103
|
unknown
|
Spain
|
||
|
103.147.32.44
|
unknown
|
unknown
|
||
|
172.212.78.170
|
unknown
|
United States
|
||
|
39.205.24.40
|
unknown
|
Indonesia
|
||
|
193.2.192.118
|
unknown
|
Slovenia
|
||
|
181.206.116.200
|
unknown
|
Colombia
|
||
|
133.97.175.103
|
unknown
|
Japan
|
||
|
142.246.223.125
|
unknown
|
Canada
|
||
|
102.209.9.225
|
unknown
|
unknown
|
||
|
187.55.95.125
|
unknown
|
Brazil
|
||
|
60.50.250.16
|
unknown
|
Malaysia
|
||
|
172.54.117.68
|
unknown
|
United States
|
||
|
129.251.187.32
|
unknown
|
United States
|
||
|
113.71.101.13
|
unknown
|
China
|
||
|
198.216.25.231
|
unknown
|
United States
|
||
|
198.111.4.228
|
unknown
|
United States
|
||
|
81.174.123.124
|
unknown
|
Italy
|
||
|
219.158.199.211
|
unknown
|
China
|
||
|
76.236.195.164
|
unknown
|
United States
|
||
|
213.128.252.245
|
unknown
|
United Kingdom
|
||
|
38.247.92.173
|
unknown
|
United States
|
||
|
205.198.60.210
|
unknown
|
United States
|
||
|
143.249.63.234
|
unknown
|
United States
|
||
|
117.159.133.119
|
unknown
|
China
|
||
|
50.156.229.135
|
unknown
|
United States
|
||
|
167.238.3.170
|
unknown
|
United States
|
||
|
217.162.64.180
|
unknown
|
Switzerland
|
||
|
49.224.212.93
|
unknown
|
New Zealand
|
||
|
37.120.192.49
|
unknown
|
Romania
|
||
|
193.210.182.10
|
unknown
|
Finland
|
||
|
189.203.132.253
|
unknown
|
Mexico
|
||
|
50.163.196.130
|
unknown
|
United States
|
||
|
47.49.169.53
|
unknown
|
United States
|
||
|
53.111.158.23
|
unknown
|
Germany
|
||
|
75.215.63.156
|
unknown
|
United States
|
||
|
200.50.65.213
|
unknown
|
Barbados
|
||
|
13.192.127.228
|
unknown
|
United States
|
||
|
102.171.34.243
|
unknown
|
Tunisia
|
||
|
167.236.102.184
|
unknown
|
United States
|
||
|
205.167.189.125
|
unknown
|
United States
|
||
|
104.42.226.23
|
unknown
|
United States
|
||
|
72.242.215.117
|
unknown
|
United States
|
||
|
31.58.72.216
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
|
136.112.152.1
|
unknown
|
United States
|
||
|
97.124.33.190
|
unknown
|
United States
|
||
|
129.104.140.92
|
unknown
|
France
|
||
|
126.204.118.53
|
unknown
|
Japan
|
||
|
178.122.154.9
|
unknown
|
Belarus
|
||
|
114.189.90.63
|
unknown
|
Japan
|
||
|
102.183.193.164
|
unknown
|
Liberia
|
||
|
62.18.128.82
|
unknown
|
Italy
|
||
|
13.228.165.201
|
unknown
|
United States
|
||
|
81.17.208.38
|
unknown
|
Germany
|
||
|
135.158.112.194
|
unknown
|
United States
|
||
|
194.74.33.252
|
unknown
|
United Kingdom
|
||
|
169.122.153.99
|
unknown
|
United States
|
||
|
41.152.208.107
|
unknown
|
Egypt
|
||
|
207.233.196.250
|
unknown
|
United States
|
||
|
67.35.224.247
|
unknown
|
United States
|
||
|
144.130.142.37
|
unknown
|
Australia
|
||
|
197.96.14.166
|
unknown
|
South Africa
|
||
|
148.72.164.193
|
unknown
|
United States
|
||
|
177.232.254.56
|
unknown
|
Mexico
|
||
|
160.233.238.60
|
unknown
|
Japan
|
||
|
157.127.157.182
|
unknown
|
United States
|
||
|
75.43.169.30
|
unknown
|
United States
|
||
|
223.94.206.217
|
unknown
|
China
|
||
|
70.176.240.3
|
unknown
|
United States
|
||
|
97.123.103.164
|
unknown
|
United States
|
||
|
196.161.90.8
|
unknown
|
South Africa
|
||
|
137.229.73.73
|
unknown
|
United States
|
||
|
156.10.120.140
|
unknown
|
Finland
|
||
|
68.146.122.140
|
unknown
|
Canada
|
||
|
157.74.76.42
|
unknown
|
Japan
|
||
|
159.131.65.11
|
unknown
|
United States
|
||
|
133.130.7.157
|
unknown
|
Japan
|
||
|
142.80.170.35
|
unknown
|
Canada
|
||
|
203.138.252.22
|
unknown
|
Japan
|
||
|
107.216.2.7
|
unknown
|
United States
|
||
|
156.87.87.235
|
unknown
|
United States
|
||
|
193.236.12.143
|
unknown
|
Portugal
|
||
|
203.143.16.200
|
unknown
|
Sri Lanka
|
||
|
159.46.232.247
|
unknown
|
Netherlands
|
||
|
37.159.201.170
|
unknown
|
Italy
|
There are 90 hidden IPs, click here to show them.
Memdumps
|
Base Address
|
Regiontype
|
Protect
|
Malicious
|
|
|---|---|---|---|---|
|
7fc6f0026000
|
page execute read
|
 |
||
|
7fc7f6768000
|
page read and write
|
|||
|
7fc7f69f7000
|
page read and write
|
|||
|
557bccf13000
|
page read and write
|
|||
|
7fc7f7129000
|
page read and write
|
|||
|
7fc7f5f57000
|
page read and write
|
|||
|
7fc7f0000000
|
page read and write
|
|||
|
557bcd91a000
|
page read and write
|
|||
|
7ffe433db000
|
page execute read
|
|||
|
7fc7f7252000
|
page read and write
|
|||
|
557bccefc000
|
page execute and read and write
|
|||
|
7ffe43242000
|
page read and write
|
|||
|
7fc6f0036000
|
page read and write
|
|||
|
557bcacc7000
|
page execute read
|
|||
|
7fc7f729f000
|
page read and write
|
|||
|
7fc7f675a000
|
page read and write
|
|||
|
557bcaef5000
|
page read and write
|
|||
|
7fc7f725a000
|
page read and write
|
|||
|
557bcaefe000
|
page read and write
|
|||
|
7fc6f0039000
|
page read and write
|
|||
|
7fc7f6dde000
|
page read and write
|
|||
|
7fc7f6db9000
|
page read and write
|
|||
|
7fc7f0021000
|
page read and write
|
There are 13 hidden memdumps, click here to show them.