Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
phantom.arm7
|
ELF 32-bit LSB executable, ARM, EABI4 version 1 (GNU/Linux), statically linked, stripped
|
initial sample
|
||
/var/cache/motd-news
|
ASCII text
|
dropped
|
||
/var/lib/logrotate/status.tmp
|
ASCII text
|
dropped
|
||
/var/log/cups/access_log.1.gz
|
gzip compressed data, last modified: Fri Jan 14 23:29:42 2022, from Unix
|
dropped
|
||
/var/log/syslog.1.gz
|
gzip compressed data, last modified: Fri Jan 14 23:29:42 2022, from Unix
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/sbin/logrotate
|
/usr/sbin/logrotate /etc/logrotate.conf
|
||
/usr/sbin/logrotate
|
n/a
|
||
/bin/gzip
|
/bin/gzip
|
||
/usr/sbin/logrotate
|
n/a
|
||
/bin/sh
|
sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
|
||
/bin/sh
|
n/a
|
||
/usr/sbin/invoke-rc.d
|
invoke-rc.d --quiet cups restart
|
||
/usr/sbin/invoke-rc.d
|
n/a
|
||
/sbin/runlevel
|
/sbin/runlevel
|
||
/usr/sbin/invoke-rc.d
|
n/a
|
||
/usr/bin/systemctl
|
systemctl --quiet is-enabled cups.service
|
||
/usr/sbin/invoke-rc.d
|
n/a
|
||
/usr/bin/ls
|
ls /etc/rc[S2345].d/S[0-9][0-9]cups
|
||
/usr/sbin/invoke-rc.d
|
n/a
|
||
/usr/bin/systemctl
|
systemctl --quiet is-active cups.service
|
||
/usr/sbin/logrotate
|
n/a
|
||
/bin/gzip
|
/bin/gzip
|
||
/usr/sbin/logrotate
|
n/a
|
||
/bin/sh
|
sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
|
||
/bin/sh
|
n/a
|
||
/usr/lib/rsyslog/rsyslog-rotate
|
/usr/lib/rsyslog/rsyslog-rotate
|
||
/usr/lib/rsyslog/rsyslog-rotate
|
n/a
|
||
/usr/bin/systemctl
|
systemctl kill -s HUP rsyslog.service
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cat
|
cat /tmp/tmp.Qx6sCqhUAx
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/head
|
head -n 10
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cut
|
cut -c -80
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cat
|
cat /tmp/tmp.Qx6sCqhUAx
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/head
|
head -n 10
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cut
|
cut -c -80
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/rm
|
rm -f /tmp/tmp.Qx6sCqhUAx /tmp/tmp.ChPykC47j2 /tmp/tmp.PTIO2VlqDw
|
||
/tmp/phantom.arm7
|
/tmp/phantom.arm7
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
||
/tmp/phantom.arm7
|
n/a
|
There are 48 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://upx.sf.net
|
unknown
|
||
https://ubuntu.com/blog/microk8s-memory-optimisation
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
218.213.98.248
|
unknown
|
Hong Kong
|
||
87.111.199.128
|
unknown
|
Spain
|
||
163.160.133.44
|
unknown
|
United Kingdom
|
||
152.10.14.188
|
unknown
|
United States
|
||
197.70.12.24
|
unknown
|
South Africa
|
||
145.143.210.214
|
unknown
|
Netherlands
|
||
241.177.126.73
|
unknown
|
Reserved
|
||
182.67.158.210
|
unknown
|
India
|
||
139.182.20.199
|
unknown
|
United States
|
||
118.80.234.154
|
unknown
|
China
|
||
207.135.123.77
|
unknown
|
United States
|
||
106.202.148.185
|
unknown
|
India
|
||
248.232.208.138
|
unknown
|
Reserved
|
||
34.143.68.120
|
unknown
|
United States
|
||
42.114.32.124
|
unknown
|
Viet Nam
|
||
247.246.111.236
|
unknown
|
Reserved
|
||
27.104.18.65
|
unknown
|
Singapore
|
||
100.228.177.57
|
unknown
|
United States
|
||
147.124.15.85
|
unknown
|
United States
|
||
123.122.220.188
|
unknown
|
China
|
||
171.219.208.110
|
unknown
|
China
|
||
44.25.148.226
|
unknown
|
United States
|
||
167.113.139.135
|
unknown
|
United States
|
||
195.104.188.105
|
unknown
|
United Kingdom
|
||
203.125.134.199
|
unknown
|
Singapore
|
||
246.238.233.170
|
unknown
|
Reserved
|
||
2.227.70.25
|
unknown
|
Italy
|
||
27.185.59.55
|
unknown
|
China
|
||
23.82.106.101
|
unknown
|
United States
|
||
255.145.102.246
|
unknown
|
Reserved
|
||
70.30.247.34
|
unknown
|
Canada
|
||
17.243.187.78
|
unknown
|
United States
|
||
105.150.165.56
|
unknown
|
Morocco
|
||
4.108.122.175
|
unknown
|
United States
|
||
86.186.121.58
|
unknown
|
United Kingdom
|
||
149.134.125.106
|
unknown
|
Belgium
|
||
38.81.126.131
|
unknown
|
United States
|
||
1.206.2.195
|
unknown
|
China
|
||
19.111.105.77
|
unknown
|
United States
|
||
27.214.161.154
|
unknown
|
China
|
||
209.21.92.209
|
unknown
|
United States
|
||
36.184.46.4
|
unknown
|
China
|
||
2.153.134.156
|
unknown
|
Spain
|
||
157.124.15.220
|
unknown
|
Finland
|
||
177.25.67.243
|
unknown
|
Brazil
|
||
160.240.28.119
|
unknown
|
Japan
|
||
97.95.115.29
|
unknown
|
United States
|
||
36.17.156.161
|
unknown
|
China
|
||
153.224.15.50
|
unknown
|
Japan
|
||
159.47.76.226
|
unknown
|
United States
|
||
149.92.222.11
|
unknown
|
United States
|
||
183.55.130.56
|
unknown
|
China
|
||
186.113.231.59
|
unknown
|
Colombia
|
||
190.124.135.26
|
unknown
|
Argentina
|
||
219.93.199.32
|
unknown
|
Malaysia
|
||
213.51.243.83
|
unknown
|
Netherlands
|
||
253.90.162.142
|
unknown
|
Reserved
|
||
168.215.50.177
|
unknown
|
United States
|
||
86.138.188.94
|
unknown
|
United Kingdom
|
||
171.119.45.227
|
unknown
|
China
|
||
220.42.223.49
|
unknown
|
Japan
|
||
244.3.44.78
|
unknown
|
Reserved
|
||
111.252.250.102
|
unknown
|
Taiwan; Republic of China (ROC)
|
||
75.207.220.233
|
unknown
|
United States
|
||
78.115.208.204
|
unknown
|
France
|
||
208.141.122.111
|
unknown
|
United States
|
||
27.67.23.1
|
unknown
|
Viet Nam
|
||
2.58.237.116
|
unknown
|
Netherlands
|
||
209.238.137.147
|
unknown
|
United States
|
||
4.223.21.141
|
unknown
|
United States
|
||
90.209.130.88
|
unknown
|
United Kingdom
|
||
199.3.75.179
|
unknown
|
United States
|
||
222.49.53.116
|
unknown
|
China
|
||
79.171.185.102
|
unknown
|
Czech Republic
|
||
177.38.177.10
|
unknown
|
Brazil
|
||
105.69.125.167
|
unknown
|
Morocco
|
||
223.58.255.34
|
unknown
|
Korea Republic of
|
||
142.72.37.179
|
unknown
|
Canada
|
||
102.187.214.3
|
unknown
|
Egypt
|
||
240.133.219.93
|
unknown
|
Reserved
|
||
89.87.195.142
|
unknown
|
France
|
||
136.46.33.110
|
unknown
|
United States
|
||
244.128.218.41
|
unknown
|
Reserved
|
||
169.106.137.22
|
unknown
|
United States
|
||
254.123.59.154
|
unknown
|
Reserved
|
||
125.73.206.208
|
unknown
|
China
|
||
146.3.52.165
|
unknown
|
Luxembourg
|
||
209.67.241.170
|
unknown
|
United States
|
||
209.148.121.224
|
unknown
|
United States
|
||
4.226.238.82
|
unknown
|
United States
|
||
165.112.68.14
|
unknown
|
United States
|
||
97.202.183.182
|
unknown
|
United States
|
||
146.125.98.63
|
unknown
|
United States
|
||
107.245.3.121
|
unknown
|
United States
|
||
241.52.133.129
|
unknown
|
Reserved
|
||
169.247.53.223
|
unknown
|
United States
|
||
197.248.19.130
|
unknown
|
Kenya
|
||
101.127.49.33
|
unknown
|
Singapore
|
||
187.189.24.246
|
unknown
|
Mexico
|
||
66.157.27.184
|
unknown
|
United States
|
There are 90 hidden IPs, click here to show them.