Analysis
-
max time kernel
149s -
max time network
131s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20250307-en -
resource tags
-
submitted
27/03/2025, 04:17
General
-
Target
WQW6HU4YD5
-
Size
692KB
-
MD5
646ca225a9bfa980b143fde9845f32b7
-
SHA1
5ada0fd44beef0e3b8d0bfb3889b0337d67dccac
-
SHA256
81eb62b4d44a816986434bcf657286b7adee416e480b27fc313a8e8cd8461cf1
-
SHA512
542b86e7a0558620927608a55cf0f651879d1c8d5041d013d8d3be205808fcf885c580fe90a7e97bc0a622730b498661539062591e5864a868b7179f6bea9657
-
SSDEEP
12288:rI4+9t5TIh1UDUggLNTvVOUjqCl2vG9y0tpVufz/p49Dc/s5HVY81:rZAt5TIbUy5jqCeQDepYDysZ1
Score
10/10
Malware Config
Extracted
Path
/run/initramfs/readme_unlock.html
Ransom Note
文件加密信息
警告:请妥善保管此文件,密钥丢失将导致无法解密文件! 1.我们对您的文件没有任何兴趣,您的文件对我们没有任何价值,我们只想获得我们工作的报酬! 2.如果您需要解密文件,请通过[email protected]邮箱联系我们,解密过程非常的简单,最快五分钟即可获取到解密工具! 3.我们可以提供免费的解密测试,可以在邮件中发送需要解密的测试文件,测试文件只能是没有价值的文件! 4.我们对在一周内联系并且付款的用户提供%50的优惠价格! 5.加密后的文件在这个世界上只有我们能完成解密,任何宣称能完成解密的机构均为中间商,他们会在我们的售价基础上收取昂贵的差价! 6.目前解密工具的售价仅为800USDT,请尽快联系我们完成解密 。邮箱 :[email protected] 7.发送邮件联系我们时请带上下方的加密密钥,我们收到货款后会为您根据密钥定制解密工具!
Warning: Please keep this file safe. Loss of the key will result in inability to decrypt files! 1. We have no interest in your files, your files have no value to us, we only want to receive payment for our work! 2. If you need to decrypt files, please contact us via email at [email protected]. The decryption process is very simple, and you can get the decryption tool in as fast as five minutes! 3. We can provide free decryption tests. You can send test files that need to be decrypted in the email, but test files must be files without value! 4. We offer a 50% discount for users who contact and pay within one week! 5. In this world, only we can decrypt the encrypted files. Any organization claiming to be able to decrypt them are intermediaries who will charge expensive markups on top of our selling price! 6. Currently, the decryption tool is priced at only 800 USDT. Please contact us as soon as possible to complete the decryption. Email: [email protected] 7. When sending an email to contact us, please include the encryption key below. After receiving payment, we will customize the decryption tool according to your key!
加密密钥:
MjY5MjYsMTMzNDI0LDEzNTA3OSw0MjgxNSwyNjkyNiwxMzM0MjQsOTQ2NzEsNDI4MTUsNTQxOTksMTQ1MTYsNDI4MTUsMjUxMTIsMjUxMTIsMjIxOTUsNDI4MTUsMjY5MjYsMTM1MDc5LDk0NjcxLDQyODE1LDIyMTk1LDcyOTkxLDQyODE1LDI2OTI2LDI2OTI2LDEzMjk5LDQyODE1LDIyMTk1LDIyMTk1LDQyODE1LDI2OTI2LDEzNTA3OSwxMzM0MjQsNDI4MTUsMTM1MDc5LDEzNTA3OSw0MjgxNSwyNjkyNiwyNjkyNiwyNTExMiw0MjgxNSwyNTExMiwxMzM0MjQsMTMyOTksNDI4MTUsMjY5MjYsMTQ1MTYsNzI5OTEsNDI4MTUsMjUxMTIsNDI4MTUsMTM1MDc5LDU0MTk5LDQyODE1LDI2OTI2LDEzMzQyNCwyNTExMiw0MjgxNSwyNTExMiwxMzI5OSw0MjgxNSwxNDUxNiwyMjE5NSw0MjgxNSwyNTExMiwyNjkyNiw3Mjk5MSw0MjgxNSwyNTExMiw5NDY3MSwxMzM0MjQsNDI4MTUsMjUxMTIsNzI5OTEsNDI4MTUsMjY5MjYsNDI4MTUsMjY5MjYsMTM1MDc5LDIyMTk1LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDI2OTI2LDI1MTEyLDI1MTEyLDQyODE1LDI2OTI2LDcyOTkxLDcyOTkxLDQyODE1LDI1MTEyLDI1MTEyLDI2OTI2LDQyODE1LDI1MTEyLDEzMzQyNCwyNjkyNiw0MjgxNSw1NDE5OSw0MjgxNSwyMjE5NSwxNDUxNiw0MjgxNSwyNjkyNiw5NDY3MSwyNjkyNiw0MjgxNSw= 复制成功! 加密时间: 2025-03-27 04:19:00
function copyKey() {
var keyText = document.getElementById('key-text').innerText;
navigator.clipboard.writeText(keyText).then(function() {
var successMsg = document.getElementById('copySuccess');
successMsg.style.display = 'inline';
setTimeout(function() {
successMsg.style.display = 'none';
}, 2000);
}).catch(function(err) {
// 如果clipboard API不可用,使用传统方法
var textArea = document.createElement('textarea');
textArea.value = keyText;
document.body.appendChild(textArea);
textArea.select();
try {
document.execCommand('copy');
var successMsg = document.getElementById('copySuccess');
successMsg.style.display = 'inline';
setTimeout(function() {
successMsg.style.display = 'none';
}, 2000);
} catch (err) {
alert('复制失败,请手动复制');
}
document.body.removeChild(textArea);
});
}
Emails
Extracted
Path
/run/initramfs/readme_unlock.html
Ransom Note
文件加密信息
警告:请妥善保管此文件,密钥丢失将导致无法解密文件! 1.我们对您的文件没有任何兴趣,您的文件对我们没有任何价值,我们只想获得我们工作的报酬! 2.如果您需要解密文件,请通过[email protected]邮箱联系我们,解密过程非常的简单,最快五分钟即可获取到解密工具! 3.我们可以提供免费的解密测试,可以在邮件中发送需要解密的测试文件,测试文件只能是没有价值的文件! 4.我们对在一周内联系并且付款的用户提供%50的优惠价格! 5.加密后的文件在这个世界上只有我们能完成解密,任何宣称能完成解密的机构均为中间商,他们会在我们的售价基础上收取昂贵的差价! 6.目前解密工具的售价仅为800USDT,请尽快联系我们完成解密 。邮箱 :[email protected] 7.发送邮件联系我们时请带上下方的加密密钥,我们收到货款后会为您根据密钥定制解密工具!
Warning: Please keep this file safe. Loss of the key will result in inability to decrypt files! 1. We have no interest in your files, your files have no value to us, we only want to receive payment for our work! 2. If you need to decrypt files, please contact us via email at [email protected]. The decryption process is very simple, and you can get the decryption tool in as fast as five minutes! 3. We can provide free decryption tests. You can send test files that need to be decrypted in the email, but test files must be files without value! 4. We offer a 50% discount for users who contact and pay within one week! 5. In this world, only we can decrypt the encrypted files. Any organization claiming to be able to decrypt them are intermediaries who will charge expensive markups on top of our selling price! 6. Currently, the decryption tool is priced at only 800 USDT. Please contact us as soon as possible to complete the decryption. Email: [email protected] 7. When sending an email to contact us, please include the encryption key below. After receiving payment, we will customize the decryption tool according to your key!
加密密钥:
MjY5MjYsMTMzNDI0LDEzNTA3OSw0MjgxNSwyNjkyNiwxMzM0MjQsOTQ2NzEsNDI4MTUsNTQxOTksMTQ1MTYsNDI4MTUsMjUxMTIsMjUxMTIsMjIxOTUsNDI4MTUsMjY5MjYsMTM1MDc5LDk0NjcxLDQyODE1LDIyMTk1LDcyOTkxLDQyODE1LDI2OTI2LDI2OTI2LDEzMjk5LDQyODE1LDIyMTk1LDIyMTk1LDQyODE1LDI2OTI2LDEzNTA3OSwxMzM0MjQsNDI4MTUsMTM1MDc5LDEzNTA3OSw0MjgxNSwyNjkyNiwyNjkyNiwyNTExMiw0MjgxNSwyNTExMiwxMzM0MjQsMTMyOTksNDI4MTUsMjY5MjYsMTQ1MTYsNzI5OTEsNDI4MTUsMjUxMTIsNDI4MTUsMTM1MDc5LDU0MTk5LDQyODE1LDI2OTI2LDEzMzQyNCwyNTExMiw0MjgxNSwyNTExMiwxMzI5OSw0MjgxNSwxNDUxNiwyMjE5NSw0MjgxNSwyNTExMiwyNjkyNiw3Mjk5MSw0MjgxNSwyNTExMiw5NDY3MSwxMzM0MjQsNDI4MTUsMjUxMTIsNzI5OTEsNDI4MTUsMjY5MjYsNDI4MTUsMjY5MjYsMTM1MDc5LDIyMTk1LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDI2OTI2LDI1MTEyLDI1MTEyLDQyODE1LDI2OTI2LDcyOTkxLDcyOTkxLDQyODE1LDI1MTEyLDI1MTEyLDI2OTI2LDQyODE1LDI1MTEyLDEzMzQyNCwyNjkyNiw0MjgxNSw1NDE5OSw0MjgxNSwyMjE5NSwxNDUxNiw0MjgxNSwyNjkyNiw5NDY3MSwyNjkyNiw0MjgxNSw= 复制成功! 加密时间: 2025-03-27 04:19:30
function copyKey() {
var keyText = document.getElementById('key-text').innerText;
navigator.clipboard.writeText(keyText).then(function() {
var successMsg = document.getElementById('copySuccess');
successMsg.style.display = 'inline';
setTimeout(function() {
successMsg.style.display = 'none';
}, 2000);
}).catch(function(err) {
// 如果clipboard API不可用,使用传统方法
var textArea = document.createElement('textarea');
textArea.value = keyText;
document.body.appendChild(textArea);
textArea.select();
try {
document.execCommand('copy');
var successMsg = document.getElementById('copySuccess');
successMsg.style.display = 'inline';
setTimeout(function() {
successMsg.style.display = 'none';
}, 2000);
} catch (err) {
alert('复制失败,请手动复制');
}
document.body.removeChild(textArea);
});
}
Emails
Extracted
Path
/run/udev/data/readme_unlock.html
Ransom Note
文件加密信息
警告:请妥善保管此文件,密钥丢失将导致无法解密文件! 1.我们对您的文件没有任何兴趣,您的文件对我们没有任何价值,我们只想获得我们工作的报酬! 2.如果您需要解密文件,请通过[email protected]邮箱联系我们,解密过程非常的简单,最快五分钟即可获取到解密工具! 3.我们可以提供免费的解密测试,可以在邮件中发送需要解密的测试文件,测试文件只能是没有价值的文件! 4.我们对在一周内联系并且付款的用户提供%50的优惠价格! 5.加密后的文件在这个世界上只有我们能完成解密,任何宣称能完成解密的机构均为中间商,他们会在我们的售价基础上收取昂贵的差价! 6.目前解密工具的售价仅为800USDT,请尽快联系我们完成解密 。邮箱 :[email protected] 7.发送邮件联系我们时请带上下方的加密密钥,我们收到货款后会为您根据密钥定制解密工具!
Warning: Please keep this file safe. Loss of the key will result in inability to decrypt files! 1. We have no interest in your files, your files have no value to us, we only want to receive payment for our work! 2. If you need to decrypt files, please contact us via email at [email protected]. The decryption process is very simple, and you can get the decryption tool in as fast as five minutes! 3. We can provide free decryption tests. You can send test files that need to be decrypted in the email, but test files must be files without value! 4. We offer a 50% discount for users who contact and pay within one week! 5. In this world, only we can decrypt the encrypted files. Any organization claiming to be able to decrypt them are intermediaries who will charge expensive markups on top of our selling price! 6. Currently, the decryption tool is priced at only 800 USDT. Please contact us as soon as possible to complete the decryption. Email: [email protected] 7. When sending an email to contact us, please include the encryption key below. After receiving payment, we will customize the decryption tool according to your key!
加密密钥:
MjY5MjYsMTMzNDI0LDEzNTA3OSw0MjgxNSwyNjkyNiwxMzM0MjQsOTQ2NzEsNDI4MTUsNTQxOTksMTQ1MTYsNDI4MTUsMjUxMTIsMjUxMTIsMjIxOTUsNDI4MTUsMjY5MjYsMTM1MDc5LDk0NjcxLDQyODE1LDIyMTk1LDcyOTkxLDQyODE1LDI2OTI2LDI2OTI2LDEzMjk5LDQyODE1LDIyMTk1LDIyMTk1LDQyODE1LDI2OTI2LDEzNTA3OSwxMzM0MjQsNDI4MTUsMTM1MDc5LDEzNTA3OSw0MjgxNSwyNjkyNiwyNjkyNiwyNTExMiw0MjgxNSwyNTExMiwxMzM0MjQsMTMyOTksNDI4MTUsMjY5MjYsMTQ1MTYsNzI5OTEsNDI4MTUsMjUxMTIsNDI4MTUsMTM1MDc5LDU0MTk5LDQyODE1LDI2OTI2LDEzMzQyNCwyNTExMiw0MjgxNSwyNTExMiwxMzI5OSw0MjgxNSwxNDUxNiwyMjE5NSw0MjgxNSwyNTExMiwyNjkyNiw3Mjk5MSw0MjgxNSwyNTExMiw5NDY3MSwxMzM0MjQsNDI4MTUsMjUxMTIsNzI5OTEsNDI4MTUsMjY5MjYsNDI4MTUsMjY5MjYsMTM1MDc5LDIyMTk1LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDcyOTkxLDEzMjk5LDQyODE1LDI2OTI2LDI1MTEyLDI1MTEyLDQyODE1LDI2OTI2LDcyOTkxLDcyOTkxLDQyODE1LDI1MTEyLDI1MTEyLDI2OTI2LDQyODE1LDI1MTEyLDEzMzQyNCwyNjkyNiw0MjgxNSw1NDE5OSw0MjgxNSwyMjE5NSwxNDUxNiw0MjgxNSwyNjkyNiw5NDY3MSwyNjkyNiw0MjgxNSw= 复制成功! 加密时间: 2025-03-27 04:19:29
function copyKey() {
var keyText = document.getElementById('key-text').innerText;
navigator.clipboard.writeText(keyText).then(function() {
var successMsg = document.getElementById('copySuccess');
successMsg.style.display = 'inline';
setTimeout(function() {
successMsg.style.display = 'none';
}, 2000);
}).catch(function(err) {
// 如果clipboard API不可用,使用传统方法
var textArea = document.createElement('textarea');
textArea.value = keyText;
document.body.appendChild(textArea);
textArea.select();
try {
document.execCommand('copy');
var successMsg = document.getElementById('copySuccess');
successMsg.style.display = 'inline';
setTimeout(function() {
successMsg.style.display = 'none';
}, 2000);
} catch (err) {
alert('复制失败,请手动复制');
}
document.body.removeChild(textArea);
});
}
Emails
Signatures
-
Modifies user home skeleton directory 4 IoCs
Modifies skeleton of initial home directory of newly added system users.
-
Reads user data of web browsers 3 TTPs 28 IoCs
Reads stored browser data which can include saved credentials.
-
Reads AppArmor ptrace settings 1 TTPs 1 IoCs
Discovery of allowed ptrace capabilities by AppArmor.
-
Creates/modifies Cron job 1 TTPs 10 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables 1 TTPs 6 IoCs
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads hardware information 1 TTPs 1 IoCs
Accesses system info like serial numbers, manufacturer names etc.
-
Reads network interface configuration 2 TTPs 12 IoCs
Fetches information about one or more active network interfaces.
-
Modifies Bash startup script 2 TTPs 6 IoCs
-
Security Software Discovery 1 TTPs 32 IoCs
Adversaries may attempt to discover installed security software and its configurations.
-
Checks CPU configuration 1 TTPs 32 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Creates .desktop file 2 TTPs 41 IoCs
Linux desktops like GNOME require .desktop files to register applications. Sometimes abused by malware for persistence.
-
Reads CPU attributes 1 TTPs 47 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 64 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Process Discovery 1 TTPs 32 IoCs
Adversaries may try to discover information about running processes.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/WQW6HU4YD5/tmp/WQW6HU4YD51⤵
- Modifies user home skeleton directory
- Reads user data of web browsers
- Reads AppArmor ptrace settings
- Creates/modifies Cron job
- Creates/modifies environment variables
- Reads hardware information
- Reads network interface configuration
- Modifies Bash startup script
- Creates .desktop file
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/etc/apparmor.d/usr.lib.snapd.snap-confine.real\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/grepgrep -v grep3⤵
-
-
/usr/bin/grepgrep //snap/snapd/23545/etc/apparmor.d/usr.lib.snapd.snap-confine.real3⤵
-
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/etc/apparmor.d/usr.lib.snapd.snap-confine.real\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/etc/apparmor.d/usr.lib.snapd.snap-confine.real3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/etc/apparmor.d/usr.lib.snapd.snap-confine.real\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/etc/apparmor.d/usr.lib.snapd.snap-confine.real3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/etc/xdg/autostart/snap-userd-autostart.desktop\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/etc/xdg/autostart/snap-userd-autostart.desktop3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/etc/xdg/autostart/snap-userd-autostart.desktop\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
/usr/bin/grepgrep //snap/snapd/23545/etc/xdg/autostart/snap-userd-autostart.desktop3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/etc/xdg/autostart/snap-userd-autostart.desktop\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/etc/xdg/autostart/snap-userd-autostart.desktop3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/meta/snap.yaml\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/meta/snap.yaml3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/meta/snap.yaml\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/grepgrep //snap/snapd/23545/meta/snap.yaml3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/meta/snap.yaml\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/meta/snap.yaml3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/snap/manifest.yaml\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/snap/manifest.yaml3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/snap/manifest.yaml\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/snap/manifest.yaml3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/snap/manifest.yaml\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/snap/manifest.yaml3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/snap/snapcraft.yaml\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/snap/snapcraft.yaml3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/snap/snapcraft.yaml\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
/usr/bin/grepgrep //snap/snapd/23545/snap/snapcraft.yaml3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/snap/snapcraft.yaml\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/grepgrep //snap/snapd/23545/snap/snapcraft.yaml3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-outoftree-network\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-outoftree-network3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-outoftree-network\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-outoftree-network3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-outoftree-network\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-outoftree-network3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-vanilla\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-vanilla3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-vanilla\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-vanilla3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-vanilla\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/abi/kernel-5.4-vanilla3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/abstractions/freedesktop.org\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/abstractions/freedesktop.org3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/abstractions/freedesktop.org\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/abstractions/freedesktop.org3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/abstractions/freedesktop.org\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/abstractions/freedesktop.org3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/home.d/site.local\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/home.d/site.local3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/home.d/site.local\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/home.d/site.local3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/home.d/site.local\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/home.d/site.local3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/multiarch.d/site.local\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/multiarch.d/site.local3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/multiarch.d/site.local\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/multiarch.d/site.local3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/multiarch.d/site.local\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/multiarch.d/site.local3⤵
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/xdg-user-dirs.d/site.local\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/xdg-user-dirs.d/site.local3⤵
-
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
- Reads runtime system information
-
-
/usr/bin/grepgrep -v grep3⤵
-
-
-
/bin/shsh -c -- "ps aux | grep \"//snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/xdg-user-dirs.d/site.local\" | grep -v grep"2⤵
- Security Software Discovery
-
/usr/bin/grepgrep -v grep3⤵
-
-
/usr/bin/psps aux3⤵
- Checks CPU configuration
- Reads CPU attributes
- Process Discovery
-
-
/usr/bin/grepgrep //snap/snapd/23545/usr/lib/snapd/apparmor.d/tunables/xdg-user-dirs.d/site.local3⤵
-
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Defense Evasion
Hijack Execution Flow
1Path Interception by PATH Environment Variable
1Virtualization/Sandbox Evasion
1System Checks
1Discovery
Browser Information Discovery
1Process Discovery
1Software Discovery
1Security Software Discovery
1System Information Discovery
4System Network Configuration Discovery
1System Network Connections Discovery
1Virtualization/Sandbox Evasion
1System Checks
1Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
6KB
MD538940d2f62dd2a4809ea4b6dcd27037f
SHA1847741c22841a589828c31d6f3ee16602ccf864f
SHA256f04448d4fad00f42f696526f064946d1e10909a81b968c10cb4867963f2acd11
SHA51248a30257256685381a3705e70a2a1cdd89a688000e9d8243957496e661f3b080ff88c0127e9aeb487bc8bd769076142aceec77993658c90ee2c63605ac7023ee
-
Filesize
6KB
MD58a4c1e191ff37a9fdcc27fc3b1e24022
SHA146a923f6a5b43580a5768199c4dae7cfff4392fc
SHA256323f6d064f93d3b6da238c37aae64f5e97a211c4794ec76bdc0928565af235da
SHA5129dba480e447c9f98ffe0fa78fc51831392fb2fdd940c70cce7bfabf5fe79f587cb403a1cb644bf482786c0a029ea6d5525218314f3ece12a6b13a6eaa8fd2dd4
-
Filesize
6KB
MD560d375296698d594962f7849ea7973dd
SHA1357a1d4f997b6f3817b875eb1a622416ea36aea2
SHA256448add3e29b7480e96fb20bec9ff872f93d432f3f89df2d9ff91923d1c33d820
SHA512fb299c4df25f7356b2256116ee8853b09cfcd473637faeed966d5bef22ff90a5fae555e897f59cbcb8e203b45f6e78d30b6ed4fe823f5ac26ff5b74eaa290876