Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
x-3.2-.SNOOPY
|
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, not stripped
|
initial sample
|
||
/tmp/tmp.1y2FR6QFox
|
UTF-8 Unicode text
|
dropped
|
||
/tmp/tmp.hDXKGVsUIR
|
ASCII text
|
dropped
|
||
/var/cache/motd-news
|
ASCII text
|
dropped
|
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
/usr/sbin/logrotate
|
n/a
|
||
/bin/sh
|
sh -c /usr/lib/rsyslog/rsyslog-rotate logrotate_script /var/log/syslog
|
||
/bin/sh
|
n/a
|
||
/usr/lib/rsyslog/rsyslog-rotate
|
/usr/lib/rsyslog/rsyslog-rotate
|
||
/usr/lib/rsyslog/rsyslog-rotate
|
n/a
|
||
/usr/bin/systemctl
|
systemctl kill -s HUP rsyslog.service
|
||
/usr/bin/python3.8
|
n/a
|
||
/usr/bin/uname
|
uname -p
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cut
|
cut -c -40 /tmp/tmp.5piRJmkiY5
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/tr
|
tr -c -d [:alnum:]
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/wget
|
wget --timeout 60 -U "wget/1.20.3-1ubuntu1 Ubuntu/20.04.2/LTS GNU/Linux/5.4.0-72-generic/x86_64 Intel(R)/Xeon(R)/Silver/4210/CPU/@/2.20GHz
cloud_id/none" -O- --content-on-error https://motd.ubuntu.com
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cat
|
cat /tmp/tmp.hDXKGVsUIR
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/head
|
head -n 10
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cut
|
cut -c -80
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cat
|
cat /tmp/tmp.hDXKGVsUIR
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/head
|
head -n 10
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/tr
|
tr -d \\000-\\011\\013\\014\\016-\\037
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/cut
|
cut -c -80
|
||
/usr/bin/dash
|
n/a
|
||
/usr/bin/rm
|
rm -f /tmp/tmp.hDXKGVsUIR /tmp/tmp.1y2FR6QFox /tmp/tmp.5piRJmkiY5
|
||
/tmp/x-3.2-.SNOOPY
|
/tmp/x-3.2-.SNOOPY
|
||
/tmp/x-3.2-.SNOOPY
|
n/a
|
||
/tmp/x-3.2-.SNOOPY
|
n/a
|
There are 25 hidden processes, click here to show them.
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://motd.ubuntu.com/
|
unknown
|
||
https://ubuntu.com/blog/microk8s-memory-optimisation
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
163.123.143.81
|
unknown
|
Reserved
|
||
109.202.202.202
|
unknown
|
Switzerland
|
||
91.189.91.43
|
unknown
|
United Kingdom
|
||
91.189.91.42
|
unknown
|
United Kingdom
|