IOC Report

loading gif

Files

File Path
Type
Category
Malicious
phantom.arm7
ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, stripped
initial sample
malicious
/var/cache/motd-news
ASCII text
dropped
clean
/var/lib/logrotate/status.tmp
ASCII text
dropped
clean
/var/log/cups/access_log.1.gz
gzip compressed data, last modified: Fri Jan 14 23:29:42 2022, from Unix
dropped
clean
/var/log/syslog.1.gz
gzip compressed data, last modified: Fri Jan 14 23:29:42 2022, from Unix
dropped
clean

Processes

Path
Cmdline
Malicious
/usr/lib/systemd/systemd
n/a
clean
/usr/sbin/logrotate
/usr/sbin/logrotate /etc/logrotate.conf
clean
/usr/sbin/logrotate
n/a
clean
/bin/gzip
/bin/gzip
clean
/usr/sbin/logrotate
n/a
clean
/bin/sh
sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
clean
/bin/sh
n/a
clean
/usr/sbin/invoke-rc.d
invoke-rc.d --quiet cups restart
clean
/usr/sbin/invoke-rc.d
n/a
clean
/sbin/runlevel
/sbin/runlevel
clean
/usr/sbin/invoke-rc.d
n/a
clean
/usr/bin/systemctl
systemctl --quiet is-enabled cups.service
clean
/usr/sbin/invoke-rc.d
n/a
clean
/usr/bin/ls
ls /etc/rc[S2345].d/S[0-9][0-9]cups
clean
/usr/sbin/invoke-rc.d
n/a
clean
/usr/bin/systemctl
systemctl --quiet is-active cups.service
clean
/usr/sbin/logrotate
n/a
clean
/bin/gzip
/bin/gzip
clean
/usr/sbin/logrotate
n/a
clean
/bin/sh
sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
clean
/bin/sh
n/a
clean
/usr/lib/rsyslog/rsyslog-rotate
/usr/lib/rsyslog/rsyslog-rotate
clean
/usr/lib/rsyslog/rsyslog-rotate
n/a
clean
/usr/bin/systemctl
systemctl kill -s HUP rsyslog.service
clean
/usr/bin/dash
n/a
clean
/usr/bin/cat
cat /tmp/tmp.Qx6sCqhUAx
clean
/usr/bin/dash
n/a
clean
/usr/bin/head
head -n 10
clean
/usr/bin/dash
n/a
clean
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
clean
/usr/bin/dash
n/a
clean
/usr/bin/cut
cut -c -80
clean
/usr/bin/dash
n/a
clean
/usr/bin/cat
cat /tmp/tmp.Qx6sCqhUAx
clean
/usr/bin/dash
n/a
clean
/usr/bin/head
head -n 10
clean
/usr/bin/dash
n/a
clean
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
clean
/usr/bin/dash
n/a
clean
/usr/bin/cut
cut -c -80
clean
/usr/bin/dash
n/a
clean
/usr/bin/rm
rm -f /tmp/tmp.Qx6sCqhUAx /tmp/tmp.ChPykC47j2 /tmp/tmp.PTIO2VlqDw
clean
/tmp/phantom.arm7
/tmp/phantom.arm7
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
/tmp/phantom.arm7
n/a
clean
There are 48 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://upx.sf.net
unknown
clean
https://ubuntu.com/blog/microk8s-memory-optimisation
unknown
clean

IPs

IP
Domain
Country
Malicious
218.213.98.248
unknown
Hong Kong
clean
87.111.199.128
unknown
Spain
clean
163.160.133.44
unknown
United Kingdom
clean
152.10.14.188
unknown
United States
clean
197.70.12.24
unknown
South Africa
clean
145.143.210.214
unknown
Netherlands
clean
241.177.126.73
unknown
Reserved
clean
182.67.158.210
unknown
India
clean
139.182.20.199
unknown
United States
clean
118.80.234.154
unknown
China
clean
207.135.123.77
unknown
United States
clean
106.202.148.185
unknown
India
clean
248.232.208.138
unknown
Reserved
clean
34.143.68.120
unknown
United States
clean
42.114.32.124
unknown
Viet Nam
clean
247.246.111.236
unknown
Reserved
clean
27.104.18.65
unknown
Singapore
clean
100.228.177.57
unknown
United States
clean
147.124.15.85
unknown
United States
clean
123.122.220.188
unknown
China
clean
171.219.208.110
unknown
China
clean
44.25.148.226
unknown
United States
clean
167.113.139.135
unknown
United States
clean
195.104.188.105
unknown
United Kingdom
clean
203.125.134.199
unknown
Singapore
clean
246.238.233.170
unknown
Reserved
clean
2.227.70.25
unknown
Italy
clean
27.185.59.55
unknown
China
clean
23.82.106.101
unknown
United States
clean
255.145.102.246
unknown
Reserved
clean
70.30.247.34
unknown
Canada
clean
17.243.187.78
unknown
United States
clean
105.150.165.56
unknown
Morocco
clean
4.108.122.175
unknown
United States
clean
86.186.121.58
unknown
United Kingdom
clean
149.134.125.106
unknown
Belgium
clean
38.81.126.131
unknown
United States
clean
1.206.2.195
unknown
China
clean
19.111.105.77
unknown
United States
clean
27.214.161.154
unknown
China
clean
209.21.92.209
unknown
United States
clean
36.184.46.4
unknown
China
clean
2.153.134.156
unknown
Spain
clean
157.124.15.220
unknown
Finland
clean
177.25.67.243
unknown
Brazil
clean
160.240.28.119
unknown
Japan
clean
97.95.115.29
unknown
United States
clean
36.17.156.161
unknown
China
clean
153.224.15.50
unknown
Japan
clean
159.47.76.226
unknown
United States
clean
149.92.222.11
unknown
United States
clean
183.55.130.56
unknown
China
clean
186.113.231.59
unknown
Colombia
clean
190.124.135.26
unknown
Argentina
clean
219.93.199.32
unknown
Malaysia
clean
213.51.243.83
unknown
Netherlands
clean
253.90.162.142
unknown
Reserved
clean
168.215.50.177
unknown
United States
clean
86.138.188.94
unknown
United Kingdom
clean
171.119.45.227
unknown
China
clean
220.42.223.49
unknown
Japan
clean
244.3.44.78
unknown
Reserved
clean
111.252.250.102
unknown
Taiwan; Republic of China (ROC)
clean
75.207.220.233
unknown
United States
clean
78.115.208.204
unknown
France
clean
208.141.122.111
unknown
United States
clean
27.67.23.1
unknown
Viet Nam
clean
2.58.237.116
unknown
Netherlands
clean
209.238.137.147
unknown
United States
clean
4.223.21.141
unknown
United States
clean
90.209.130.88
unknown
United Kingdom
clean
199.3.75.179
unknown
United States
clean
222.49.53.116
unknown
China
clean
79.171.185.102
unknown
Czech Republic
clean
177.38.177.10
unknown
Brazil
clean
105.69.125.167
unknown
Morocco
clean
223.58.255.34
unknown
Korea Republic of
clean
142.72.37.179
unknown
Canada
clean
102.187.214.3
unknown
Egypt
clean
240.133.219.93
unknown
Reserved
clean
89.87.195.142
unknown
France
clean
136.46.33.110
unknown
United States
clean
244.128.218.41
unknown
Reserved
clean
169.106.137.22
unknown
United States
clean
254.123.59.154
unknown
Reserved
clean
125.73.206.208
unknown
China
clean
146.3.52.165
unknown
Luxembourg
clean
209.67.241.170
unknown
United States
clean
209.148.121.224
unknown
United States
clean
4.226.238.82
unknown
United States
clean
165.112.68.14
unknown
United States
clean
97.202.183.182
unknown
United States
clean
146.125.98.63
unknown
United States
clean
107.245.3.121
unknown
United States
clean
241.52.133.129
unknown
Reserved
clean
169.247.53.223
unknown
United States
clean
197.248.19.130
unknown
Kenya
clean
101.127.49.33
unknown
Singapore
clean
187.189.24.246
unknown
Mexico
clean
66.157.27.184
unknown
United States
clean
There are 90 hidden IPs, click here to show them.