IOC Report

loading gif

Files

File Path
Type
Category
Malicious
phantom.arm
ELF 32-bit LSB executable, ARM, version 1 (ARM), statically linked, stripped
initial sample
 malicious
/var/cache/man/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/cs/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/cs/index.db.SgJE7x
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/da/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/da/index.db.EUT07v
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/de/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/de/index.db.fXKEpz
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/es/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/es/index.db.UTEXBx
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fi/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fi/index.db.fOaZPw
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.ISO8859-1/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.ISO8859-1/index.db.HKIjOv
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.UTF-8/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr.UTF-8/index.db.ikZH2u
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/fr/index.db.KQh0Yw
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/hu/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/hu/index.db.61E1bw
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/id/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/id/index.db.HtmhPx
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/index.db.mhGs2u
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/it/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/it/index.db.R8zEHv
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ja/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ja/index.db.ktFkKy
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ko/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ko/index.db.ewHoqv
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/nl/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/nl/index.db.34Tc8y
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pl/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pl/index.db.4XPZrx
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt/index.db.dOdnOw
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt_BR/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/pt_BR/index.db.JSylzx
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ru/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/ru/index.db.TxxvJy
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sl/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sl/index.db.q1uxQy
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sr/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sr/index.db.nfRT4x
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sv/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/sv/index.db.jaf6By
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/tr/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/tr/index.db.2g2V4u
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_CN/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_CN/index.db.aq5CEy
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_TW/5215
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/cache/man/zh_TW/index.db.P4ussx
GNU dbm 1.x or ndbm database, little endian, 64-bit
dropped
 clean
/var/lib/logrotate/status.tmp
ASCII text
dropped
 clean
/var/log/cups/access_log.1.gz
gzip compressed data, last modified: Fri Jan 14 23:17:46 2022, from Unix
dropped
 clean
/var/log/syslog.1.gz
gzip compressed data, last modified: Fri Jan 14 23:17:47 2022, from Unix
dropped
 clean
There are 44 hidden files, click here to show them.

Processes

Path
Cmdline
Malicious
/usr/lib/systemd/systemd
n/a
 clean
/usr/sbin/logrotate
/usr/sbin/logrotate /etc/logrotate.conf
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/gzip
/bin/gzip
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/sh
sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
 clean
/bin/sh
n/a
 clean
/usr/sbin/invoke-rc.d
invoke-rc.d --quiet cups restart
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/sbin/runlevel
/sbin/runlevel
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/systemctl
systemctl --quiet is-enabled cups.service
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/ls
ls /etc/rc[S2345].d/S[0-9][0-9]cups
 clean
/usr/sbin/invoke-rc.d
n/a
 clean
/usr/bin/systemctl
systemctl --quiet is-active cups.service
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/gzip
/bin/gzip
 clean
/usr/sbin/logrotate
n/a
 clean
/bin/sh
sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
 clean
/bin/sh
n/a
 clean
/usr/lib/rsyslog/rsyslog-rotate
/usr/lib/rsyslog/rsyslog-rotate
 clean
/usr/lib/rsyslog/rsyslog-rotate
n/a
 clean
/usr/bin/systemctl
systemctl kill -s HUP rsyslog.service
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/install
/usr/bin/install -d -o man -g man -m 0755 /var/cache/man
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/find
/usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
 clean
/usr/lib/systemd/systemd
n/a
 clean
/usr/bin/mandb
/usr/bin/mandb --quiet
 clean
/tmp/phantom.arm
/tmp/phantom.arm
 clean
/tmp/phantom.arm
n/a
 clean
/tmp/phantom.arm
n/a
 clean
/tmp/phantom.arm
n/a
 clean
/tmp/phantom.arm
n/a
 clean
/tmp/phantom.arm
n/a
 clean
/tmp/phantom.arm
n/a
 clean
/usr/bin/dash
n/a
 clean
/usr/bin/rm
rm -f /tmp/tmp.6bzhR9it8a /tmp/tmp.11SQvYZQLl /tmp/tmp.GrXK897oec
 clean
There are 29 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://upx.sf.net
unknown
 clean

IPs

IP
Domain
Country
Malicious
98.196.198.5
unknown
United States
clean
67.42.243.154
unknown
United States
clean
253.76.147.63
unknown
Reserved
clean
67.39.173.227
unknown
United States
clean
23.178.238.191
unknown
Reserved
clean
145.181.81.212
unknown
Netherlands
clean
168.178.38.192
unknown
United States
clean
35.6.22.108
unknown
United States
clean
217.217.10.173
unknown
Spain
clean
195.133.109.240
unknown
Spain
clean
254.144.49.2
unknown
Reserved
clean
102.63.32.20
unknown
Egypt
clean
108.34.112.166
unknown
United States
clean
116.173.160.149
unknown
China
clean
118.31.165.107
unknown
China
clean
219.70.209.44
unknown
Taiwan; Republic of China (ROC)
clean
41.167.147.102
unknown
South Africa
clean
213.254.174.248
unknown
United Kingdom
clean
182.80.52.104
unknown
China
clean
181.185.9.172
unknown
Venezuela
clean
199.1.204.161
unknown
United States
clean
5.94.208.32
unknown
Italy
clean
143.9.175.190
unknown
United States
clean
70.66.117.178
unknown
Canada
clean
130.176.213.93
unknown
United States
clean
117.34.26.40
unknown
China
clean
126.140.54.47
unknown
Japan
clean
14.185.47.159
unknown
Viet Nam
clean
246.135.253.149
unknown
Reserved
clean
197.224.88.168
unknown
Mauritius
clean
102.104.170.152
unknown
Tunisia
clean
48.180.175.228
unknown
United States
clean
179.126.40.109
unknown
Brazil
clean
196.169.213.247
unknown
Togo
clean
111.149.193.200
unknown
China
clean
187.14.209.251
unknown
Brazil
clean
89.82.138.26
unknown
France
clean
109.173.243.182
unknown
Poland
clean
179.24.36.95
unknown
Uruguay
clean
18.59.14.216
unknown
United States
clean
66.177.114.55
unknown
United States
clean
119.65.100.128
unknown
Korea Republic of
clean
146.212.171.232
unknown
Slovenia
clean
192.81.70.57
unknown
Canada
clean
92.36.229.157
unknown
Bosnia and Herzegowina
clean
193.36.15.196
unknown
United Kingdom
clean
254.234.130.105
unknown
Reserved
clean
80.178.27.85
unknown
Israel
clean
122.28.24.103
unknown
Japan
clean
8.58.37.212
unknown
United States
clean
18.27.150.246
unknown
United States
clean
5.200.97.48
unknown
Iran (ISLAMIC Republic Of)
clean
169.28.182.234
unknown
United States
clean
240.29.36.45
unknown
Reserved
clean
180.185.88.163
unknown
China
clean
88.127.155.211
unknown
France
clean
18.167.172.122
unknown
United States
clean
150.84.99.168
unknown
Japan
clean
122.15.97.222
unknown
India
clean
219.172.229.79
unknown
Japan
clean
133.138.59.201
unknown
Japan
clean
23.54.203.199
unknown
United States
clean
166.57.27.188
unknown
United States
clean
18.48.67.67
unknown
United States
clean
170.247.58.162
unknown
Argentina
clean
13.101.177.30
unknown
United States
clean
165.66.87.119
unknown
United States
clean
183.90.245.192
unknown
Japan
clean
9.48.187.190
unknown
United States
clean
210.16.114.235
unknown
India
clean
4.95.190.201
unknown
United States
clean
175.245.99.245
unknown
Korea Republic of
clean
196.69.36.249
unknown
Morocco
clean
53.158.65.111
unknown
Germany
clean
63.13.146.4
unknown
United States
clean
168.115.142.128
unknown
Korea Republic of
clean
4.99.173.133
unknown
United States
clean
72.224.118.238
unknown
United States
clean
69.246.173.178
unknown
United States
clean
98.202.3.84
unknown
United States
clean
165.41.215.49
unknown
United States
clean
242.182.235.150
unknown
Reserved
clean
125.190.221.250
unknown
Korea Republic of
clean
37.90.138.60
unknown
Germany
clean
86.5.90.165
unknown
United Kingdom
clean
31.150.239.192
unknown
Germany
clean
4.63.108.168
unknown
United States
clean
207.104.139.112
unknown
United States
clean
114.46.72.82
unknown
Taiwan; Republic of China (ROC)
clean
103.223.116.62
unknown
China
clean
38.43.226.98
unknown
United States
clean
13.86.248.21
unknown
United States
clean
203.39.108.8
unknown
Australia
clean
58.207.174.118
unknown
China
clean
68.147.12.48
unknown
Canada
clean
247.27.240.30
unknown
Reserved
clean
93.173.184.25
unknown
Israel
clean
208.186.107.189
unknown
United States
clean
247.233.100.157
unknown
Reserved
clean
251.28.159.229
unknown
Reserved
clean
There are 90 hidden IPs, click here to show them.