Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
EKXxSJDt9M
|
ELF 32-bit LSB executable, ARM, EABI4 version 1 (SYSV), statically linked, with debug_info, not stripped
|
initial sample
|
||
/tmp/tmp.KNItEUZoGw
|
UTF-8 Unicode text
|
dropped
|
||
/tmp/tmp.prLdOPAcfV
|
ASCII text
|
dropped
|
||
/var/cache/motd-news
|
ASCII text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/usr/bin/python3.8
|
n/a
|
||
/usr/bin/uname
|
uname -p
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cut
|
cut -c -40 /tmp/tmp.cnYNqYQvB7
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/tr
|
tr -c -d [:alnum:]
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/wget
|
wget --timeout 60 -U "wget/1.20.3-1ubuntu1 Ubuntu/20.04.2/LTS GNU/Linux/5.4.0-72-generic/x86_64 Intel(R)/Xeon(R)/Silver/4210/CPU/@/2.20GHz
cloud_id/none" -O- --content-on-error https://motd.ubuntu.com
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cat
|
cat /tmp/tmp.prLdOPAcfV
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/head
|
head -n 10
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cut
|
cut -c -80
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cat
|
cat /tmp/tmp.prLdOPAcfV
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/head
|
head -n 10
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cut
|
cut -c -80
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/rm
|
rm -f /tmp/tmp.prLdOPAcfV /tmp/tmp.KNItEUZoGw /tmp/tmp.cnYNqYQvB7
|
||
/tmp/EKXxSJDt9M
|
/tmp/EKXxSJDt9M
|
||
/tmp/EKXxSJDt9M
|
n/a
|
||
/tmp/EKXxSJDt9M
|
n/a
|
||
/tmp/EKXxSJDt9M
|
n/a
|
||
/tmp/EKXxSJDt9M
|
n/a
|
||
/tmp/EKXxSJDt9M
|
n/a
|
||
/tmp/EKXxSJDt9M
|
n/a
|
||
/tmp/EKXxSJDt9M
|
n/a
|
||
/tmp/EKXxSJDt9M
|
n/a
|
||
/tmp/EKXxSJDt9M
|
n/a
|
There are 26 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://45.95.55.16/bins/x86
|
unknown
|
||
http://45.95.55.16/8UsA.sh;
|
unknown
|
||
https://motd.ubuntu.com/
|
unknown
|
||
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
https://ubuntu.com/blog/microk8s-memory-optimisation
|
unknown
|
||
http://192.168.0.14:80/cgi-bin/ViewLog.asp
|
94.225.64.185
|
||
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
85.121.58.170
|
unknown
|
Romania
|
||
197.128.22.105
|
unknown
|
Morocco
|
||
85.33.66.110
|
unknown
|
Italy
|
||
43.4.184.91
|
unknown
|
Japan
|
||
197.51.4.207
|
unknown
|
Egypt
|
||
126.75.102.71
|
unknown
|
Japan
|
||
153.130.47.171
|
unknown
|
Japan
|
||
31.253.231.50
|
unknown
|
Germany
|
||
112.143.42.6
|
unknown
|
Thailand
|
||
94.122.216.129
|
unknown
|
Turkey
|
||
95.6.137.22
|
unknown
|
Turkey
|
||
146.164.151.1
|
unknown
|
Brazil
|
||
188.83.219.191
|
unknown
|
Portugal
|
||
31.162.185.176
|
unknown
|
Russian Federation
|
||
94.227.247.148
|
unknown
|
Belgium
|
||
85.83.182.117
|
unknown
|
Denmark
|
||
95.38.211.227
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
94.122.78.77
|
unknown
|
Turkey
|
||
149.170.166.38
|
unknown
|
United Kingdom
|
||
85.128.224.42
|
unknown
|
Poland
|
||
95.145.60.14
|
unknown
|
United Kingdom
|
||
41.8.13.30
|
unknown
|
South Africa
|
||
157.214.20.155
|
unknown
|
United States
|
||
88.44.61.8
|
unknown
|
Italy
|
||
41.115.200.82
|
unknown
|
South Africa
|
||
45.226.115.216
|
unknown
|
Colombia
|
||
41.187.159.160
|
unknown
|
Egypt
|
||
95.134.40.0
|
unknown
|
Ukraine
|
||
94.194.150.71
|
unknown
|
United Kingdom
|
||
216.65.83.159
|
unknown
|
Canada
|
||
95.156.28.251
|
unknown
|
Macedonia
|
||
94.25.52.49
|
unknown
|
Russian Federation
|
||
95.38.211.212
|
unknown
|
Iran (ISLAMIC Republic Of)
|
||
85.182.60.121
|
unknown
|
Germany
|
||
94.224.166.168
|
unknown
|
Belgium
|
||
94.70.94.45
|
unknown
|
Greece
|
||
94.66.233.224
|
unknown
|
Greece
|
||
112.156.19.193
|
unknown
|
Korea Republic of
|
||
182.235.150.172
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
41.248.235.166
|
unknown
|
Morocco
|
||
85.173.96.238
|
unknown
|
Russian Federation
|
||
62.132.39.167
|
unknown
|
Germany
|
||
95.239.40.24
|
unknown
|
Italy
|
||
222.165.249.249
|
unknown
|
Indonesia
|
||
85.43.244.63
|
unknown
|
Italy
|
||
85.83.182.136
|
unknown
|
Denmark
|
||
74.240.110.141
|
unknown
|
United States
|
||
31.77.234.29
|
unknown
|
United Kingdom
|
||
94.207.100.149
|
unknown
|
United Arab Emirates
|
||
193.191.207.96
|
unknown
|
Belgium
|
||
31.86.186.144
|
unknown
|
United Kingdom
|
||
173.111.92.200
|
unknown
|
United States
|
||
141.178.220.6
|
unknown
|
Japan
|
||
31.238.25.133
|
unknown
|
Germany
|
||
174.237.27.187
|
unknown
|
United States
|
||
94.50.19.46
|
unknown
|
Russian Federation
|
||
57.43.145.45
|
unknown
|
Belgium
|
||
158.164.209.206
|
unknown
|
United States
|
||
94.152.96.255
|
unknown
|
Poland
|
||
95.81.253.241
|
unknown
|
Russian Federation
|
||
95.170.15.63
|
unknown
|
France
|
||
94.66.233.253
|
unknown
|
Greece
|
||
95.137.253.36
|
unknown
|
Georgia
|
||
85.170.165.157
|
unknown
|
France
|
||
31.126.1.104
|
unknown
|
United Kingdom
|
||
95.58.131.1
|
unknown
|
Kazakhstan
|
||
31.121.22.173
|
unknown
|
United Kingdom
|
||
85.48.206.173
|
unknown
|
Spain
|
||
94.25.27.88
|
unknown
|
Russian Federation
|
||
94.87.6.232
|
unknown
|
Italy
|
||
197.143.201.68
|
unknown
|
Algeria
|
||
157.186.91.146
|
unknown
|
Russian Federation
|
||
94.94.61.18
|
unknown
|
Italy
|
||
94.227.194.44
|
unknown
|
Belgium
|
||
95.4.134.166
|
unknown
|
Turkey
|
||
31.2.120.29
|
unknown
|
Poland
|
||
58.234.32.241
|
unknown
|
Korea Republic of
|
||
94.98.191.255
|
unknown
|
Saudi Arabia
|
||
31.188.224.161
|
unknown
|
Italy
|
||
9.119.160.211
|
unknown
|
United States
|
||
94.174.22.211
|
unknown
|
United Kingdom
|
||
48.53.83.172
|
unknown
|
United States
|
||
25.131.234.44
|
unknown
|
United Kingdom
|
||
62.195.46.116
|
unknown
|
Netherlands
|
||
218.115.38.100
|
unknown
|
Japan
|
||
157.0.158.246
|
unknown
|
China
|
||
88.78.23.228
|
unknown
|
Germany
|
||
31.73.32.211
|
unknown
|
United Kingdom
|
||
112.205.62.158
|
unknown
|
Philippines
|
||
88.89.194.49
|
unknown
|
Norway
|
||
31.137.99.239
|
unknown
|
Netherlands
|
||
112.27.76.184
|
unknown
|
China
|
||
197.185.70.91
|
unknown
|
South Africa
|
||
95.236.91.112
|
unknown
|
Italy
|
||
85.169.238.230
|
unknown
|
France
|
||
31.144.92.39
|
unknown
|
Ukraine
|
||
85.218.215.97
|
unknown
|
Denmark
|
||
31.63.4.119
|
unknown
|
Poland
|
||
42.67.255.118
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
157.190.234.161
|
unknown
|
Ireland
|
There are 90 hidden IPs, click here to show them.