Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
z0r0.x86
|
ELF 32-bit LSB executable, Intel 80386, version 1 (GNU/Linux), statically linked, stripped
|
initial sample
|
||
/var/cache/man/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/cs/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/cs/index.db.PJqWEW
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/da/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/da/index.db.YsUJSV
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/de/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/de/index.db.0nTKwU
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/es/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/es/index.db.bMpfsT
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/fi/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/fi/index.db.BZXkKV
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/fr.ISO8859-1/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/fr.ISO8859-1/index.db.pcsQIU
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/fr.UTF-8/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/fr.UTF-8/index.db.wwboAS
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/fr/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/fr/index.db.cjnjXU
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/hu/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/hu/index.db.7jZNmV
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/id/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/id/index.db.u9AwOU
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/index.db.3RbErS
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/it/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/it/index.db.iw6zxT
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/ja/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/ja/index.db.nSXPhU
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/ko/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/ko/index.db.JIzmMW
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/nl/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/nl/index.db.uEYHmT
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/pl/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/pl/index.db.15VDtW
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/pt/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/pt/index.db.AJv2IV
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/pt_BR/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/pt_BR/index.db.tktNdV
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/ru/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/ru/index.db.c5YTAS
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/sl/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/sl/index.db.7NCiLU
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/sr/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/sr/index.db.rjgwoT
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/sv/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/sv/index.db.dGjlIV
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/tr/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/tr/index.db.PCmHrT
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/zh_CN/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/zh_CN/index.db.7wRfIU
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/zh_TW/5220
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/man/zh_TW/index.db.MHFjDS
|
GNU dbm 1.x or ndbm database, little endian, 64-bit
|
dropped
|
||
/var/cache/motd-news
|
ASCII text
|
dropped
|
||
/var/lib/logrotate/status.tmp
|
ASCII text
|
dropped
|
||
/var/log/cups/access_log.1.gz
|
gzip compressed data, last modified: Fri Jan 28 23:18:19 2022, from Unix
|
dropped
|
||
/var/log/syslog.1.gz
|
gzip compressed data, last modified: Fri Jan 28 23:18:19 2022, from Unix
|
dropped
|
There are 45 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/sbin/logrotate
|
/usr/sbin/logrotate /etc/logrotate.conf
|
||
/usr/sbin/logrotate
|
n/a
|
||
/bin/gzip
|
/bin/gzip
|
||
/usr/sbin/logrotate
|
n/a
|
||
/bin/sh
|
sh -c "\n\t\tinvoke-rc.d --quiet cups restart > /dev/null\n" logrotate_script "/var/log/cups/*log "
|
||
/bin/sh
|
n/a
|
||
/usr/sbin/invoke-rc.d
|
invoke-rc.d --quiet cups restart
|
||
/usr/sbin/invoke-rc.d
|
n/a
|
||
/sbin/runlevel
|
/sbin/runlevel
|
||
/usr/sbin/invoke-rc.d
|
n/a
|
||
/usr/bin/systemctl
|
systemctl --quiet is-enabled cups.service
|
||
/usr/sbin/invoke-rc.d
|
n/a
|
||
/usr/bin/ls
|
ls /etc/rc[S2345].d/S[0-9][0-9]cups
|
||
/usr/sbin/invoke-rc.d
|
n/a
|
||
/usr/bin/systemctl
|
systemctl --quiet is-active cups.service
|
||
/usr/sbin/logrotate
|
n/a
|
||
/bin/gzip
|
/bin/gzip
|
||
/usr/sbin/logrotate
|
n/a
|
||
/bin/sh
|
sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
|
||
/bin/sh
|
n/a
|
||
/usr/lib/rsyslog/rsyslog-rotate
|
/usr/lib/rsyslog/rsyslog-rotate
|
||
/usr/lib/rsyslog/rsyslog-rotate
|
n/a
|
||
/usr/bin/systemctl
|
systemctl kill -s HUP rsyslog.service
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/bin/install
|
/usr/bin/install -d -o man -g man -m 0755 /var/cache/man
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/bin/find
|
/usr/bin/find /var/cache/man -type f -name *.gz -atime +6 -delete
|
||
/usr/lib/systemd/systemd
|
n/a
|
||
/usr/bin/mandb
|
/usr/bin/mandb --quiet
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cat
|
cat /tmp/tmp.VlKVWwXQF7
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/head
|
head -n 10
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cut
|
cut -c -80
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cat
|
cat /tmp/tmp.VlKVWwXQF7
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/head
|
head -n 10
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cut
|
cut -c -80
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/rm
|
rm -f /tmp/tmp.VlKVWwXQF7 /tmp/tmp.S5JisKxexo /tmp/tmp.GeBGsXKFZD
|
||
/tmp/z0r0.x86
|
/tmp/z0r0.x86
|
||
/tmp/z0r0.x86
|
n/a
|
||
/tmp/z0r0.x86
|
n/a
|
||
/tmp/z0r0.x86
|
n/a
|
||
/tmp/z0r0.x86
|
n/a
|
||
/tmp/z0r0.x86
|
n/a
|
||
/tmp/z0r0.x86
|
n/a
|
||
/usr/bin/xfce4-panel
|
n/a
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray
"Notification Area" "Area where notification icons appear"
|
||
/usr/bin/xfce4-panel
|
n/a
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921
statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
|
||
/usr/bin/xfce4-panel
|
n/a
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8
12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
|
||
/usr/bin/xfce4-panel
|
n/a
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9
12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness
of your display"
|
||
/usr/bin/xfce4-panel
|
n/a
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so
10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
|
||
/usr/bin/xfce4-panel
|
n/a
|
||
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
|
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925
actions "Action Buttons" "Log out, lock or other system actions"
|
||
/usr/bin/dbus-daemon
|
n/a
|
||
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
|
There are 59 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+
|
104.149.206.61
|
||
http://upx.sf.net
|
unknown
|
||
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
||
https://ubuntu.com/blog/microk8s-memory-optimisation
|
unknown
|
||
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
botnet.punisher-stresser.eu
|
78.47.58.57
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
50.181.162.95
|
unknown
|
United States
|
||
197.169.172.181
|
unknown
|
South Africa
|
||
92.100.198.10
|
unknown
|
Russian Federation
|
||
156.92.118.106
|
unknown
|
United States
|
||
75.168.14.254
|
unknown
|
United States
|
||
128.1.181.203
|
unknown
|
United States
|
||
43.18.191.110
|
unknown
|
Japan
|
||
125.140.138.141
|
unknown
|
Korea Republic of
|
||
65.72.176.168
|
unknown
|
United States
|
||
96.119.45.83
|
unknown
|
United States
|
||
115.75.75.217
|
unknown
|
Viet Nam
|
||
156.158.50.81
|
unknown
|
Tanzania United Republic of
|
||
176.221.54.107
|
unknown
|
Ukraine
|
||
197.149.52.178
|
unknown
|
Madagascar
|
||
53.140.88.47
|
unknown
|
Germany
|
||
136.37.83.5
|
unknown
|
United States
|
||
197.202.110.200
|
unknown
|
Algeria
|
||
76.238.67.197
|
unknown
|
United States
|
||
193.68.97.197
|
unknown
|
Bulgaria
|
||
41.53.197.191
|
unknown
|
South Africa
|
||
41.97.15.204
|
unknown
|
Algeria
|
||
84.200.222.104
|
unknown
|
Germany
|
||
156.83.202.20
|
unknown
|
Netherlands
|
||
173.225.253.187
|
unknown
|
Jamaica
|
||
176.180.120.167
|
unknown
|
France
|
||
197.217.236.111
|
unknown
|
Angola
|
||
4.81.105.214
|
unknown
|
United States
|
||
41.240.121.73
|
unknown
|
Sudan
|
||
118.138.25.191
|
unknown
|
Australia
|
||
41.69.166.104
|
unknown
|
Egypt
|
||
49.52.78.43
|
unknown
|
China
|
||
41.188.184.69
|
unknown
|
Tanzania United Republic of
|
||
197.0.78.200
|
unknown
|
Tunisia
|
||
41.108.83.63
|
unknown
|
Algeria
|
||
156.72.230.178
|
unknown
|
United States
|
||
197.73.219.49
|
unknown
|
South Africa
|
||
90.47.216.176
|
unknown
|
France
|
||
9.221.26.165
|
unknown
|
United States
|
||
156.56.101.208
|
unknown
|
United States
|
||
38.89.204.185
|
unknown
|
United States
|
||
168.55.91.18
|
unknown
|
United States
|
||
132.63.145.245
|
unknown
|
United States
|
||
49.29.178.107
|
unknown
|
Korea Republic of
|
||
220.241.36.15
|
unknown
|
Hong Kong
|
||
165.119.251.47
|
unknown
|
United States
|
||
197.220.189.16
|
unknown
|
Ghana
|
||
222.111.11.164
|
unknown
|
Korea Republic of
|
||
76.17.80.137
|
unknown
|
United States
|
||
178.40.197.78
|
unknown
|
Slovakia (SLOVAK Republic)
|
||
156.182.145.25
|
unknown
|
Egypt
|
||
96.212.9.184
|
unknown
|
United States
|
||
156.89.9.156
|
unknown
|
United States
|
||
41.143.204.140
|
unknown
|
Morocco
|
||
122.141.255.42
|
unknown
|
China
|
||
207.94.133.255
|
unknown
|
United States
|
||
31.16.120.163
|
unknown
|
Germany
|
||
68.215.154.109
|
unknown
|
United States
|
||
41.138.189.47
|
unknown
|
Nigeria
|
||
73.32.177.127
|
unknown
|
United States
|
||
156.208.176.31
|
unknown
|
Egypt
|
||
166.7.141.227
|
unknown
|
United States
|
||
197.217.101.191
|
unknown
|
Angola
|
||
66.186.77.212
|
unknown
|
Canada
|
||
76.170.239.11
|
unknown
|
United States
|
||
41.127.111.254
|
unknown
|
South Africa
|
||
156.58.162.97
|
unknown
|
Austria
|
||
66.207.229.176
|
unknown
|
United States
|
||
44.171.139.242
|
unknown
|
United States
|
||
124.87.251.45
|
unknown
|
Japan
|
||
62.172.94.176
|
unknown
|
United Kingdom
|
||
156.190.100.171
|
unknown
|
Egypt
|
||
18.146.208.68
|
unknown
|
United States
|
||
84.185.121.95
|
unknown
|
Germany
|
||
106.13.224.214
|
unknown
|
China
|
||
206.10.80.221
|
unknown
|
United States
|
||
197.96.225.179
|
unknown
|
South Africa
|
||
147.8.60.244
|
unknown
|
Hong Kong
|
||
132.30.220.68
|
unknown
|
United States
|
||
209.15.177.54
|
unknown
|
Canada
|
||
41.123.62.217
|
unknown
|
South Africa
|
||
41.160.135.141
|
unknown
|
South Africa
|
||
179.192.226.37
|
unknown
|
Brazil
|
||
4.90.40.253
|
unknown
|
United States
|
||
172.114.72.193
|
unknown
|
United States
|
||
181.43.42.92
|
unknown
|
Chile
|
||
126.109.252.246
|
unknown
|
Japan
|
||
221.213.77.169
|
unknown
|
China
|
||
190.20.147.200
|
unknown
|
Chile
|
||
8.32.64.58
|
unknown
|
United States
|
||
122.71.101.88
|
unknown
|
China
|
||
4.251.198.187
|
unknown
|
United States
|
||
50.70.203.81
|
unknown
|
Canada
|
||
14.116.97.206
|
unknown
|
China
|
||
156.141.177.84
|
unknown
|
United States
|
||
203.190.131.47
|
unknown
|
India
|
||
191.181.205.151
|
unknown
|
Brazil
|
||
197.173.74.81
|
unknown
|
South Africa
|
||
168.169.255.193
|
unknown
|
United States
|
||
156.48.59.165
|
unknown
|
United Kingdom
|
||
132.164.250.209
|
unknown
|
Reserved
|
There are 90 hidden IPs, click here to show them.