hxxps://github[.]com/topics/hacking

Analysis

max time kernel
157s
max time network
535s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-es
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-eskernel:6.8.0-31-genericlocale:es-esos:ubuntu-24.04-amd64system
submitted
14-10-2024 08:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/topics/hacking

Score

6^/10

discovery

Malware Config

Signatures

Reads AppArmor ptrace settings 1 TTPs 1 IoCs

Discovery of allowed ptrace capabilities by AppArmor.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/kernel/security/apparmor/features/ptrace	firefox

Legitimate hosting services abused for malware hosting/C2 1 TTPs 17 IoCs

Web Service

T1102

flow	ioc
177	camo.githubusercontent.com
179	camo.githubusercontent.com
181	camo.githubusercontent.com
184	raw.githubusercontent.com
186	raw.githubusercontent.com
195	camo.githubusercontent.com
197	camo.githubusercontent.com
266	camo.githubusercontent.com
182	camo.githubusercontent.com
183	camo.githubusercontent.com
185	raw.githubusercontent.com
260	camo.githubusercontent.com
176	camo.githubusercontent.com
178	camo.githubusercontent.com
180	camo.githubusercontent.com
189	camo.githubusercontent.com
261	camo.githubusercontent.com

Changes its process name 3 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	pool-spawner	2613	gsettings
Changes the process name, possibly in an attempt to hide itself	gmain	2614	gsettings
Changes the process name, possibly in an attempt to hide itself	dconf worker	2615	gsettings

Enumerates kernel/hardware configuration 1 TTPs 19 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/kernel/security/apparmor/features/file	firefox
File opened for reading	/sys/kernel/security/apparmor/features/query	firefox
File opened for reading	/sys/kernel/security/apparmor/features/signal	firefox
File opened for reading	/sys/module/apparmor/parameters/enabled	dbus-daemon
File opened for reading	/sys/kernel/security/apparmor/features/dbus/mask	dbus-daemon
File opened for reading	/sys/kernel/security/apparmor/features/network	firefox
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	snap-seccomp
File opened for reading	/sys/kernel/security/apparmor/features/caps	firefox
File opened for reading	/sys/kernel/security/apparmor/features/dbus	firefox
File opened for reading	/sys/kernel/security/apparmor/features/domain	firefox
File opened for reading	/sys/kernel/security/apparmor/features/io_uring	firefox
File opened for reading	/sys/kernel/security/apparmor/features/ipc	firefox
File opened for reading	/sys/kernel/security/apparmor/features/mount	firefox
File opened for reading	/sys/kernel/security/apparmor/features/namespaces	firefox
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	firefox
File opened for reading	/sys/kernel/security/apparmor/features	firefox
File opened for reading	/sys/kernel/security/apparmor/features/rlimit	firefox
File opened for reading	/sys/kernel/security/apparmor/features/network_v8	firefox
File opened for reading	/sys/kernel/security/apparmor/features/policy	firefox

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/sys/kernel/cap_last_cap	dbus-daemon
File opened for reading	/proc/self/fd	dbus-daemon
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/filesystems	gsettings
File opened for reading	/proc/filesystems	dbus-daemon
File opened for reading	/proc/self/fd	dbus-send
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/sys/kernel/random/uuid	firefox
File opened for reading	/proc/2493/cmdline	dbus-daemon
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/cgroups	firefox
File opened for reading	/proc/cmdline	firefox
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/filesystems	gsettings
File opened for reading	/proc/2472/cmdline	dbus-daemon
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/mountinfo	firefox
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/2548/cmdline	dbus-daemon
File opened for reading	/proc/2558/cmdline	dbus-daemon
File opened for reading	/proc/self/fd	dbus-send
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/filesystems	gsettings
File opened for reading	/proc/2546/cgroup	firefox
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd	dbus-send
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/mounts	firefox
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/self/fd	dbus-send
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/fd	dbus-launch
File opened for reading	/proc/2477/status	dbus-daemon
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/sys/kernel/seccomp/actions_avail	firefox
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/self/maps	grep
File opened for reading	/proc/mounts	dbus-daemon
File opened for reading	/proc/2477/attr/apparmor/current	dbus-daemon

/usr/bin/xdg-open
xdg-open https://github.com/topics/hacking
1⤵
PID:2470
- /usr/bin/dbus-send
  dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
  2⤵
  - Reads runtime system information
  PID:2472
- - /usr/bin/dbus-launch
    dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr
    3⤵
    - Reads runtime system information
    PID:2473
  - - /usr/bin/dbus-daemon
      /usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session
      4⤵
      Enumerates kernel/hardware configuration
      Reads runtime system information
      PID:2475
- /usr/bin/xprop
  xprop -root _DT_SAVE_MODE
  2⤵
  PID:2478
- /usr/bin/grep
  grep " = \\\"xfce4\\\"\$"
  2⤵
  - Reads runtime system information
  PID:2479
- /usr/bin/xprop
  xprop -root
  2⤵
  PID:2480
- /usr/bin/grep
  grep -i "^xfce_desktop_window"
  2⤵
  - Reads runtime system information
  PID:2481
- /usr/bin/grep
  grep -q "^Enlightenment"
  2⤵
  - Reads runtime system information
  PID:2483
- /usr/bin/uname
  uname
  2⤵
  PID:2484
- /usr/bin/grep
  grep -q "^file://"
  2⤵
  - Reads runtime system information
  PID:2486
- /usr/bin/egrep
  egrep -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:2488
- /usr/local/sbin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:2488
- /usr/local/bin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:2488
- /usr/sbin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  PID:2488
- /usr/bin/grep
  grep -E -q "^[[:alpha:]+\\.\\-]+:"
  2⤵
  - Reads runtime system information
  PID:2488
- /usr/bin/sed
  sed -n "s/\$^[[:alnum:]+\\.-]*\$:.*\$/\\1/p"
  2⤵
  - Reads runtime system information
  PID:2491
- /usr/bin/xdg-mime
  xdg-mime query default x-scheme-handler/https
  2⤵
  PID:2492
- - /usr/bin/dbus-send
    dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
    3⤵
    - Reads runtime system information
    PID:2493
  - - /usr/bin/dbus-launch
      dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr
      4⤵
      PID:2494
- - /usr/bin/xprop
    xprop -root _DT_SAVE_MODE
    3⤵
    PID:2495
- - /usr/bin/grep
    grep " = \\\"xfce4\\\"\$"
    3⤵
    - Reads runtime system information
    PID:2496
- - /usr/bin/grep
    grep -i "^xfce_desktop_window"
    3⤵
    - Reads runtime system information
    PID:2498
- - /usr/bin/xprop
    xprop -root
    3⤵
    PID:2497
- - /usr/bin/grep
    grep -q "^Enlightenment"
    3⤵
    - Reads runtime system information
    PID:2500
- - /usr/bin/uname
    uname
    3⤵
    PID:2501
- - /usr/bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:2504
- - /usr/bin/grep
    grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
    3⤵
    - Reads runtime system information
    PID:2506
- - /usr/bin/head
    head -n 1
    3⤵
    PID:2507
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:2508
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:2509
- - /usr/bin/grep
    grep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
    3⤵
    - Reads runtime system information
    PID:2511
- - /usr/bin/head
    head -n 1
    3⤵
    PID:2512
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:2513
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:2514
- - /usr/bin/grep
    grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
    3⤵
    - Reads runtime system information
    PID:2516
- - /usr/bin/head
    head -n 1
    3⤵
    PID:2517
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:2518
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:2519
- - /usr/bin/grep
    grep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
    3⤵
    - Reads runtime system information
    PID:2521
- - /usr/bin/head
    head -n 1
    3⤵
    PID:2522
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:2523
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:2524
- - /usr/bin/grep
    grep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
    3⤵
    - Reads runtime system information
    PID:2526
- - /usr/bin/head
    head -n 1
    3⤵
    PID:2527
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:2528
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:2529
- - /usr/bin/grep
    grep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
    3⤵
    - Reads runtime system information
    PID:2531
- - /usr/bin/head
    head -n 1
    3⤵
    PID:2532
- - /usr/bin/cut
    cut -d "=" -f 2
    3⤵
    PID:2533
- - /usr/bin/cut
    cut -d ";" -f 1
    3⤵
    PID:2534
- - /usr/bin/sed
    sed "s/:/ /g"
    3⤵
    - Reads runtime system information
    PID:2537
- - /usr/bin/grep
    grep -l "x-scheme-handler/https;" "/.local/share/applications/*.desktop"
    3⤵
    - Reads runtime system information
    PID:2539
- - /usr/bin/grep
    grep -l "x-scheme-handler/https;" "/usr/local/share//applications/*.desktop"
    3⤵
    - Reads runtime system information
    PID:2541
- - /usr/bin/grep
    grep -l "x-scheme-handler/https;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop
    3⤵
    - Reads runtime system information
    PID:2543
- /usr/bin/grep
  grep -q "%s"
  2⤵
  - Reads runtime system information
  PID:2545
- /usr/bin/x-www-browser
  x-www-browser https://github.com/topics/hacking
  2⤵
  PID:2546
- - /usr/bin/xdg-settings
    xdg-settings get default-web-browser
    3⤵
    PID:2547
  - - /usr/bin/dbus-send
      dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
      4⤵
      Reads runtime system information
      PID:2548
    - - /usr/bin/dbus-launch
        
        dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr
        5⤵
        
        PID:2549
  - - /usr/bin/xprop
      xprop -root _DT_SAVE_MODE
      4⤵
      PID:2550
  - - /usr/bin/grep
      grep " = \\\"xfce4\\\"\$"
      4⤵
      Reads runtime system information
      PID:2551
  - - /usr/bin/xprop
      xprop -root
      4⤵
      PID:2552
  - - /usr/bin/grep
      grep -i "^xfce_desktop_window"
      4⤵
      Reads runtime system information
      PID:2553
  - - /usr/bin/grep
      grep -q "^Enlightenment"
      4⤵
      Reads runtime system information
      PID:2555
  - - /usr/bin/uname
      uname
      4⤵
      PID:2556
  - - /usr/bin/xdg-mime
      xdg-mime query default x-scheme-handler/http
      4⤵
      PID:2557
    - - /usr/bin/dbus-send
        
        dbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager
        5⤵
        Reads runtime system information
        
        PID:2558
      - /usr/bin/dbus-launch
        
        dbus-launch --autolaunch 36e6eb39a6fa405996e79cad2731865d --binary-syntax --close-stderr
        6⤵
        
        PID:2559
    - - /usr/bin/xprop
        
        xprop -root _DT_SAVE_MODE
        5⤵
        
        PID:2560
    - - /usr/bin/grep
        
        grep " = \\\"xfce4\\\"\$"
        5⤵
        Reads runtime system information
        
        PID:2561
    - - /usr/bin/xprop
        
        xprop -root
        5⤵
        
        PID:2562
    - - /usr/bin/grep
        
        grep -i "^xfce_desktop_window"
        5⤵
        
        PID:2563
    - - /usr/bin/grep
        
        grep -q "^Enlightenment"
        5⤵
        Reads runtime system information
        
        PID:2565
    - - /usr/bin/uname
        
        uname
        5⤵
        
        PID:2566
    - - /usr/bin/sed
        
        sed "s/:/ /g"
        5⤵
        Reads runtime system information
        
        PID:2569
    - - /usr/bin/grep
        
        grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
        5⤵
        Reads runtime system information
        
        PID:2571
    - - /usr/bin/head
        
        head -n 1
        5⤵
        
        PID:2572
    - - /usr/bin/cut
        
        cut -d "=" -f 2
        5⤵
        
        PID:2573
    - - /usr/bin/cut
        
        cut -d ";" -f 1
        5⤵
        
        PID:2574
    - - /usr/bin/head
        
        head -n 1
        5⤵
        
        PID:2578
    - - /usr/bin/grep
        
        grep "x-scheme-handler/http=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache
        5⤵
        Reads runtime system information
        
        PID:2577
    - - /usr/bin/cut
        
        cut -d "=" -f 2
        5⤵
        
        PID:2579
    - - /usr/bin/cut
        
        cut -d ";" -f 1
        5⤵
        
        PID:2580
    - - /usr/bin/grep
        
        grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
        5⤵
        Reads runtime system information
        
        PID:2583
    - - /usr/bin/head
        
        head -n 1
        5⤵
        
        PID:2584
    - - /usr/bin/cut
        
        cut -d "=" -f 2
        5⤵
        
        PID:2585
    - - /usr/bin/cut
        
        cut -d ";" -f 1
        5⤵
        
        PID:2586
    - - /usr/bin/grep
        
        grep "x-scheme-handler/http=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache
        5⤵
        Reads runtime system information
        
        PID:2589
    - - /usr/bin/head
        
        head -n 1
        5⤵
        
        PID:2590
    - - /usr/bin/cut
        
        cut -d "=" -f 2
        5⤵
        
        PID:2591
    - - /usr/bin/cut
        
        cut -d ";" -f 1
        5⤵
        
        PID:2592
    - - /usr/bin/head
        
        head -n 1
        5⤵
        
        PID:2595
    - - /usr/bin/grep
        
        grep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
        5⤵
        Reads runtime system information
        
        PID:2594
    - - /usr/bin/cut
        
        cut -d "=" -f 2
        5⤵
        
        PID:2596
    - - /usr/bin/cut
        
        cut -d ";" -f 1
        5⤵
        
        PID:2597
    - - /usr/bin/grep
        
        grep "x-scheme-handler/http=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache
        5⤵
        Reads runtime system information
        
        PID:2599
    - - /usr/bin/head
        
        head -n 1
        5⤵
        
        PID:2600
    - - /usr/bin/cut
        
        cut -d "=" -f 2
        5⤵
        
        PID:2601
    - - /usr/bin/cut
        
        cut -d ";" -f 1
        5⤵
        
        PID:2602
    - - /usr/bin/sed
        
        sed "s/:/ /g"
        5⤵
        Reads runtime system information
        
        PID:2605
    - - /usr/bin/grep
        
        grep -l "x-scheme-handler/http;" "/.local/share/applications/*.desktop"
        5⤵
        Reads runtime system information
        
        PID:2607
    - - /usr/bin/grep
        
        grep -l "x-scheme-handler/http;" "/usr/local/share//applications/*.desktop"
        5⤵
        Reads runtime system information
        
        PID:2609
    - - /usr/bin/grep
        
        grep -l "x-scheme-handler/http;" /usr/share//applications/apport-gtk.desktop /usr/share//applications/bluetooth-sendto.desktop /usr/share//applications/display-im6.q16.desktop /usr/share//applications/gcr-prompter.desktop /usr/share//applications/gcr-viewer.desktop /usr/share//applications/geoclue-demo-agent.desktop /usr/share//applications/gkbd-keyboard-display.desktop /usr/share//applications/gnome-about-panel.desktop /usr/share//applications/gnome-applications-panel.desktop /usr/share//applications/gnome-background-panel.desktop /usr/share//applications/gnome-bluetooth-panel.desktop /usr/share//applications/gnome-color-panel.desktop /usr/share//applications/gnome-datetime-panel.desktop /usr/share//applications/gnome-disk-image-mounter.desktop /usr/share//applications/gnome-disk-image-writer.desktop /usr/share//applications/gnome-display-panel.desktop /usr/share//applications/gnome-initial-setup.desktop /usr/share//applications/gnome-keyboard-panel.desktop /usr/share//applications/gnome-language-selector.desktop /usr/share//applications/gnome-mouse-panel.desktop /usr/share//applications/gnome-multitasking-panel.desktop /usr/share//applications/gnome-network-panel.desktop /usr/share//applications/gnome-notifications-panel.desktop /usr/share//applications/gnome-online-accounts-panel.desktop /usr/share//applications/gnome-power-panel.desktop /usr/share//applications/gnome-printers-panel.desktop /usr/share//applications/gnome-privacy-panel.desktop /usr/share//applications/gnome-region-panel.desktop /usr/share//applications/gnome-search-panel.desktop /usr/share//applications/gnome-session-properties.desktop /usr/share//applications/gnome-sharing-panel.desktop /usr/share//applications/gnome-sound-panel.desktop /usr/share//applications/gnome-system-monitor-kde.desktop /usr/share//applications/gnome-system-panel.desktop /usr/share//applications/gnome-ubuntu-panel.desktop /usr/share//applications/gnome-universal-access-panel.desktop /usr/share//applications/gnome-users-panel.desktop /usr/share//applications/gnome-wacom-panel.desktop /usr/share//applications/gnome-wifi-panel.desktop /usr/share//applications/gnome-wwan-panel.desktop /usr/share//applications/hplj1020.desktop /usr/share//applications/ibus-setup-table.desktop /usr/share//applications/im-config.desktop /usr/share//applications/io.snapcraft.SessionAgent.desktop /usr/share//applications/libreoffice-calc.desktop /usr/share//applications/libreoffice-draw.desktop /usr/share//applications/libreoffice-impress.desktop /usr/share//applications/libreoffice-math.desktop /usr/share//applications/libreoffice-startcenter.desktop /usr/share//applications/libreoffice-writer.desktop /usr/share//applications/libreoffice-xsltfilter.desktop /usr/share//applications/nautilus-autorun-software.desktop /usr/share//applications/nm-applet.desktop /usr/share//applications/nm-connection-editor.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Emojier.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Extension.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Panel.Wayland.Gtk3.desktop /usr/share//applications/org.freedesktop.IBus.Setup.desktop /usr/share//applications/org.freedesktop.Xwayland.desktop /usr/share//applications/org.gnome.Calculator.desktop /usr/share//applications/org.gnome.Calendar.desktop /usr/share//applications/org.gnome.Characters.desktop /usr/share//applications/org.gnome.DejaDup.desktop /usr/share//applications/org.gnome.DiskUtility.desktop /usr/share//applications/org.gnome.Evince-previewer.desktop /usr/share//applications/org.gnome.Evince.desktop /usr/share//applications/org.gnome.Evolution-alarm-notify.desktop /usr/share//applications/org.gnome.FileRoller.desktop /usr/share//applications/org.gnome.Logs.desktop /usr/share//applications/org.gnome.Nautilus.desktop /usr/share//applications/org.gnome.OnlineAccounts.OAuth2.desktop /usr/share//applications/org.gnome.PowerStats.desktop /usr/share//applications/org.gnome.RemoteDesktop.Handover.desktop /usr/share//applications/org.gnome.Rhythmbox3.desktop /usr/share//applications/org.gnome.Rhythmbox3.device.desktop /usr/share//applications/org.gnome.Settings.desktop /usr/share//applications/org.gnome.Shell.Extensions.desktop /usr/share//applications/org.gnome.Shell.PortalHelper.desktop /usr/share//applications/org.gnome.Shell.desktop /usr/share//applications/org.gnome.Shotwell-Viewer.desktop /usr/share//applications/org.gnome.Shotwell.Auth.desktop /usr/share//applications/org.gnome.Shotwell.desktop /usr/share//applications/org.gnome.Snapshot.desktop /usr/share//applications/org.gnome.SystemMonitor.desktop /usr/share//applications/org.gnome.Tecla.desktop /usr/share//applications/org.gnome.Terminal.Preferences.desktop /usr/share//applications/org.gnome.Terminal.desktop /usr/share//applications/org.gnome.TextEditor.desktop /usr/share//applications/org.gnome.Totem.desktop /usr/share//applications/org.gnome.Zenity.desktop /usr/share//applications/org.gnome.baobab.desktop /usr/share//applications/org.gnome.clocks.desktop /usr/share//applications/org.gnome.eog.desktop /usr/share//applications/org.gnome.evolution-data-server.OAuth2-handler.desktop /usr/share//applications/org.gnome.font-viewer.desktop /usr/share//applications/org.gnome.seahorse.Application.desktop /usr/share//applications/org.remmina.Remmina-file.desktop /usr/share//applications/org.remmina.Remmina.desktop /usr/share//applications/python3.12.desktop /usr/share//applications/remmina-gnome.desktop /usr/share//applications/rygel.desktop /usr/share//applications/simple-scan.desktop /usr/share//applications/snap-handle-link.desktop /usr/share//applications/software-properties-drivers.desktop /usr/share//applications/software-properties-gtk.desktop /usr/share//applications/software-properties-livepatch.desktop /usr/share//applications/thunderbird.desktop /usr/share//applications/transmission-gtk.desktop /usr/share//applications/update-manager.desktop /usr/share//applications/usb-creator-gtk.desktop /usr/share//applications/xdg-desktop-portal-gnome.desktop /usr/share//applications/xdg-desktop-portal-gtk.desktop /usr/share//applications/yelp.desktop
        5⤵
        Reads runtime system information
        
        PID:2611
- - /usr/bin/gsettings
    gsettings get org.gnome.shell favorite-apps
    3⤵
    - Changes its process name
    - Reads runtime system information
    PID:2612
- - /usr/bin/grep
    grep -q "'firefox.desktop'"
    3⤵
    - Reads runtime system information
    PID:2617
- - /usr/bin/gsettings
    gsettings get com.canonical.Unity.Launcher favorites
    3⤵
    - Reads runtime system information
    PID:2618
- - /usr/bin/grep
    grep -q "'application://firefox.desktop'"
    3⤵
    - Reads runtime system information
    PID:2620
- - /usr/bin/gsettings
    gsettings get org.mate.panel object-id-list
    3⤵
    - Reads runtime system information
    PID:2621
- - /usr/bin/which
    which qdbus
    3⤵
    PID:2622
- /snap/bin/firefox
  /snap/bin/firefox https://github.com/topics/hacking
  2⤵
  - Reads AppArmor ptrace settings
  - Enumerates kernel/hardware configuration
  - Reads runtime system information
  PID:2546
- - /usr/lib/snapd/snap-seccomp
    /usr/lib/snapd/snap-seccomp version-info
    3⤵
    - Enumerates kernel/hardware configuration
    PID:2626
- /usr/lib/snapd/snap-confine
  /usr/lib/snapd/snap-confine --base core22 snap.firefox.firefox /usr/lib/snapd/snap-exec firefox https://github.com/topics/hacking
  2⤵
  PID:2631

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads