Files
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/tmp/na.elf
|
/tmp/na.elf
|
||
/tmp/na.elf
|
-
|
||
/bin/sh
|
sh -c "pgrep na.elf"
|
||
/bin/sh
|
-
|
||
/usr/bin/pgrep
|
pgrep na.elf
|
||
/tmp/na.elf
|
-
|
||
/bin/sh
|
sh -c "pgrep uplugplay"
|
||
/bin/sh
|
-
|
||
/usr/bin/pgrep
|
pgrep uplugplay
|
||
/tmp/na.elf
|
-
|
||
/bin/sh
|
sh -c "pidof uplugplay"
|
||
/bin/sh
|
-
|
||
/usr/bin/pidof
|
pidof uplugplay
|
||
/tmp/na.elf
|
-
|
||
/bin/sh
|
sh -c "pgrep upnpsetup"
|
||
/bin/sh
|
-
|
||
/usr/bin/pgrep
|
pgrep upnpsetup
|
||
/tmp/na.elf
|
-
|
||
/bin/sh
|
sh -c "pidof upnpsetup"
|
||
/bin/sh
|
-
|
||
/usr/bin/pidof
|
pidof upnpsetup
|
||
/tmp/na.elf
|
-
|
||
/bin/sh
|
sh -c "systemctl daemon-reload"
|
||
/bin/sh
|
-
|
||
/usr/bin/systemctl
|
systemctl daemon-reload
|
||
/tmp/na.elf
|
-
|
||
/bin/sh
|
sh -c "systemctl enable uplugplay.service"
|
||
/bin/sh
|
-
|
||
/usr/bin/systemctl
|
systemctl enable uplugplay.service
|
||
/tmp/na.elf
|
-
|
||
/bin/sh
|
sh -c "systemctl start uplugplay.service"
|
||
/bin/sh
|
-
|
||
/usr/bin/systemctl
|
systemctl start uplugplay.service
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/systemd/system-environment-generators/snapd-env-generator
|
/usr/lib/systemd/system-environment-generators/snapd-env-generator
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/lib/systemd/system-environment-generators/snapd-env-generator
|
/usr/lib/systemd/system-environment-generators/snapd-env-generator
|
||
/usr/lib/systemd/systemd
|
-
|
||
/usr/sbin/uplugplay
|
/usr/sbin/uplugplay
|
||
/usr/sbin/uplugplay
|
-
|
||
/usr/sbin/uplugplay
|
-
|
||
/bin/sh
|
sh -c "/usr/sbin/uplugplay -Dcomsvc"
|
||
/bin/sh
|
-
|
||
/usr/sbin/uplugplay
|
/usr/sbin/uplugplay -Dcomsvc
|
||
/usr/sbin/uplugplay
|
-
|
||
/bin/sh
|
sh -c hostnamectl
|
||
/bin/sh
|
-
|
||
/usr/bin/hostnamectl
|
hostnamectl
|
||
/usr/sbin/uplugplay
|
-
|
||
/bin/sh
|
sh -c hostnamectl
|
||
/bin/sh
|
-
|
||
/usr/bin/hostnamectl
|
hostnamectl
|
||
/usr/sbin/uplugplay
|
-
|
||
/bin/sh
|
sh -c "dmidecode --type baseboard"
|
||
/bin/sh
|
-
|
||
/usr/sbin/dmidecode
|
dmidecode --type baseboard
|
||
/usr/sbin/uplugplay
|
-
|
||
/bin/sh
|
sh -c uptime
|
||
/bin/sh
|
-
|
||
/usr/bin/uptime
|
uptime
|
||
/usr/sbin/uplugplay
|
-
|
||
/bin/sh
|
sh -c "uname -a"
|
||
/bin/sh
|
-
|
||
/usr/bin/uname
|
uname -a
|
||
/usr/sbin/uplugplay
|
-
|
||
/bin/sh
|
sh -c dmidecode
|
||
/bin/sh
|
-
|
||
/usr/sbin/dmidecode
|
dmidecode
|
||
/usr/sbin/uplugplay
|
-
|
||
/bin/sh
|
sh -c uptime
|
||
/bin/sh
|
-
|
||
/usr/bin/uptime
|
uptime
|
||
/usr/sbin/uplugplay
|
-
|
||
/bin/sh
|
sh -c "uname -a"
|
||
/bin/sh
|
-
|
||
/usr/bin/uname
|
uname -a
|
||
/usr/lib/systemd/systemd
|
-
|
||
/lib/systemd/systemd-hostnamed
|
/lib/systemd/systemd-hostnamed
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/rm
|
rm -f /tmp/tmp.S1wY9tGCVt /tmp/tmp.TWgSy8Ra8I /tmp/tmp.0XNgtrCFs6
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/cat
|
cat /tmp/tmp.S1wY9tGCVt
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/head
|
head -n 10
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/cut
|
cut -c -80
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/cat
|
cat /tmp/tmp.S1wY9tGCVt
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/head
|
head -n 10
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/cut
|
cut -c -80
|
||
/usr/bin/dash
|
-
|
||
/usr/bin/rm
|
rm -f /tmp/tmp.S1wY9tGCVt /tmp/tmp.TWgSy8Ra8I /tmp/tmp.0XNgtrCFs6
|
There are 88 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://152.36.128.18/cgi-bin/p.cgi?r=9&i=Y1B3N2Y000JM5I0P
|
152.36.128.18
|
||
http://152.36.128.18/cgi-bin/p.cgi?add=aW5mbyB7DQp2NC4wMlZfVW5peDY0DQpnYWxhc3NpYQ0KDQoyeCBJbnRlbChSKSBYZW9uKFIpIFNpbHZlciA0MjEwIENQVSBAIDIuMjBHSHoNCjMwNjQyOTYga0INCnZtd2FyZQ0KDQoNCg0KVWJ1bnR1ICYgMjAuMDQuMiBMVFMgKEZvY2FsIEZvc3NhKSAgJiBidWxsc2V5ZS9zaWQgJiANCg0KL3Vzci9zYmluLw0KIDIzOjUwOjEzIHVwIDEgbWluLCAgMSB1c2VyLCAgbG9hZCBhdmVyYWdlOiAyLjI4LCAwLjk3LCAwLjM2fDE3NDUwMzgyMTMNCiMgZG1pZGVjb2RlIDMuMg0KfQ0K&i=Y1B3N2Y000JM5I0P&h=galassia&enckey=boW+shuEvBzdGZVCvYY9lRTTCxrm/Cj7mmSqy4KvsFg5n3m2cLX0KXuQRzb+8/Y5loqot/LW9Or5C7RGOkL/fdxyXk5BpgxLRKLSovweJMs0eucp8UpyCeVNwroKzt6ngx8bR8F46BcKNNf64tHbtgxjFZrVnSQP9EVk3yn+anM=
|
152.36.128.18
|
||
http://152.36.128.18/cgi-bin/p.cgihttp://dummy.zero/cgi-bin/prometei.cgihttps://gb7ni5rgeexdcncj.oni
|
unknown
|
||
http://xinbicfea.org/cgi-bin/p.cgi?r=0&auth=hash&i=Y1B3N2Y000JM5I0P&enckey=boW-shuEvBzdGZVCvYY9lRTTCxrm/Cj7mmSqy4KvsFg5n3m2cLX0KXuQRzb-8/Y5loqot/LW9Or5C7RGOkL/fdxyXk5BpgxLRKLSovweJMs0eucp8UpyCeVNwroKzt6ngx8bR8F46BcKNNf64tHbtgxjFZrVnSQP9EVk3yn-anM_
|
85.214.228.140
|
||
http://xinchaobicfea.net/cgi-bin/p.cgi?r=0&auth=hash&i=Y1B3N2Y000JM5I0P&enckey=boW-shuEvBzdGZVCvYY9lRTTCxrm/Cj7mmSqy4KvsFg5n3m2cLX0KXuQRzb-8/Y5loqot/LW9Or5C7RGOkL/fdxyXk5BpgxLRKLSovweJMs0eucp8UpyCeVNwroKzt6ngx8bR8F46BcKNNf64tHbtgxjFZrVnSQP9EVk3yn-anM_
|
54.170.242.139
|
||
http://upx.sf.net
|
unknown
|
||
http://mkhkjxgchtfgu7uhofxzgoawntfzrkdccymveektqgpxrpjb72oq.b32.i2p/cgi-bin/prometei.cgi
|
unknown
|
||
https://gb7ni5rgeexdcncj.onion/cgi-bin/prometei.cgi
|
unknown
|
||
http://152.36.128.18/cgi-bin/p.cgi
|
unknown
|
||
http://dummy.zero/cgi-bin/prometei.cgi
|
unknown
|
||
http://152.36.128
|
unknown
|
There are 1 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
xinbicfea.org
|
85.214.228.140
|
||
xinchaobicfea.net
|
54.170.242.139
|
||
xinchaobicfea.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
152.36.128.18
|
unknown
|
United States
|
||
54.171.230.55
|
unknown
|
United States
|
||
54.170.242.139
|
xinchaobicfea.net
|
United States
|
||
85.214.228.140
|
xinbicfea.org
|
Germany
|
||
185.125.190.26
|
unknown
|
United Kingdom
|
Memdumps
There are 6 hidden memdumps, click here to show them.