Files
|
File Path
|
Type
|
Category
|
Malicious
|
|
|---|---|---|---|---|
|
QtNnZoNz75
|
ELF 32-bit MSB executable, SPARC, version 1 (SYSV), statically linked, stripped
|
initial sample
|
 |
|
|
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-sink
|
ASCII text
|
dropped
|
 |
|
|
/home/saturnino/.config/pulse/ee49dfd4fa47433baee88884e2d7de7c-default-source
|
ASCII text
|
dropped
|
|
|
|
/proc/5611/oom_score_adj
|
ASCII text
|
dropped
|
|
|
|
/run/sshd.pid
|
ASCII text
|
dropped
|
|
|
|
/run/systemd/inhibit/.#4vGW7qo
|
ASCII text
|
dropped
|
|
|
|
/run/systemd/resolve/.#resolv.confH13lrd
|
ASCII text
|
dropped
|
|
|
|
/run/systemd/resolve/.#stub-resolv.confXxZgNf
|
ASCII text
|
dropped
|
|
|
|
/run/systemd/seats/.#seat0U9R6fq
|
ASCII text
|
dropped
|
|
|
|
/run/user/1000/pulse/pid
|
ASCII text
|
dropped
|
|
Processes
|
Path
|
Cmdline
|
Malicious
|
|
|---|---|---|---|
|
/tmp/QtNnZoNz75
|
/tmp/QtNnZoNz75
|
|
|
|
/tmp/QtNnZoNz75
|
n/a
|
|
|
|
/tmp/QtNnZoNz75
|
n/a
|
|
|
|
/tmp/QtNnZoNz75
|
n/a
|
|
|
|
/tmp/QtNnZoNz75
|
n/a
|
|
|
|
/tmp/QtNnZoNz75
|
n/a
|
|
|
|
/tmp/QtNnZoNz75
|
n/a
|
|
|
|
/tmp/QtNnZoNz75
|
n/a
|
|
|
|
/tmp/QtNnZoNz75
|
n/a
|
|
|
|
/tmp/QtNnZoNz75
|
n/a
|
|
|
|
/usr/lib/systemd/systemd
|
n/a
|
|
|
|
/usr/sbin/sshd
|
/usr/sbin/sshd -t
|
|
|
|
/usr/lib/systemd/systemd
|
n/a
|
|
|
|
/lib/systemd/systemd-resolved
|
/lib/systemd/systemd-resolved
|
|
|
|
/usr/lib/systemd/systemd
|
n/a
|
|
|
|
/lib/systemd/systemd-logind
|
/lib/systemd/systemd-logind
|
|
|
|
/usr/lib/systemd/systemd
|
n/a
|
|
|
|
/usr/sbin/sshd
|
/usr/sbin/sshd -D
|
|
|
|
/usr/sbin/gdm3
|
n/a
|
|
|
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
|
|
|
/usr/sbin/gdm3
|
n/a
|
|
|
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
|
|
|
/usr/bin/xfce4-session
|
n/a
|
|
|
|
/usr/bin/rm
|
rm -f /home/saturnino/.cache/sessions/Thunar-2ec9153f1-6fa0-4067-96b1-e5fe875b1e51
|
|
|
|
/usr/lib/systemd/systemd
|
n/a
|
|
|
|
/usr/sbin/sshd
|
/usr/sbin/sshd -t
|
|
|
|
/usr/lib/systemd/systemd
|
n/a
|
|
|
|
/usr/sbin/sshd
|
/usr/sbin/sshd -t
|
|
|
|
/usr/lib/systemd/systemd
|
n/a
|
|
|
|
/usr/sbin/sshd
|
/usr/sbin/sshd -t
|
|
|
|
/usr/lib/systemd/systemd
|
n/a
|
|
|
|
/usr/sbin/sshd
|
/usr/sbin/sshd -t
|
|
|
|
/usr/sbin/gdm3
|
n/a
|
|
|
|
/etc/gdm3/PrimeOff/Default
|
/etc/gdm3/PrimeOff/Default
|
|
|
|
/usr/bin/xfce4-session
|
n/a
|
|
|
|
/usr/bin/xfwm4
|
xfwm4 --display :1.0 --sm-client-id 2389ab8d9-421f-49fc-90ad-c6cc4c15ac4c
|
|
|
|
/usr/bin/xfce4-session
|
n/a
|
|
|
|
/usr/bin/xfce4-panel
|
xfce4-panel --display :1.0 --sm-client-id 2b4cc744e-8b9d-436f-9a4a-312b40faa2ec
|
|
|
|
/usr/lib/systemd/systemd
|
n/a
|
|
|
|
/usr/bin/pulseaudio
|
/usr/bin/pulseaudio --daemonize=no --log-target=journal
|
|
There are 30 hidden processes, click here to show them.
URLs
|
Name
|
IP
|
Malicious
|
|
|---|---|---|---|
|
http://23.94.37.59/bins/Tsunami.mips;
|
unknown
|
|
|
|
http://23.94.37.59/bins/Tsunami.x86
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/soap/encoding//%22%3E
|
unknown
|
|
|
|
http://23.94.37.59/bin
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/soap/encoding/
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/soap/envelope//
|
unknown
|
|
|
|
http://23.94.37.59/zyxel.sh;
|
unknown
|
|
|
|
http://schemas.xmlsoap.org/soap/envelope/
|
unknown
|
|
IPs
|
IP
|
Domain
|
Country
|
Malicious
|
|
|---|---|---|---|---|
|
212.181.200.45
|
unknown
|
Sweden
|
|
|
|
172.48.184.69
|
unknown
|
United States
|
|
|
|
95.38.199.78
|
unknown
|
Iran (ISLAMIC Republic Of)
|
|
|
|
62.69.53.237
|
unknown
|
United Kingdom
|
|
|
|
85.11.217.242
|
unknown
|
Sweden
|
|
|
|
95.182.199.211
|
unknown
|
Belgium
|
|
|
|
62.105.232.171
|
unknown
|
Netherlands
|
|
|
|
79.132.155.90
|
unknown
|
Germany
|
|
|
|
62.16.140.4
|
unknown
|
Norway
|
|
|
|
98.188.105.37
|
unknown
|
United States
|
|
|
|
197.203.165.197
|
unknown
|
Algeria
|
|
|
|
184.165.67.232
|
unknown
|
United States
|
|
|
|
31.126.79.2
|
unknown
|
United Kingdom
|
|
|
|
109.24.240.206
|
unknown
|
France
|
|
|
|
85.120.111.194
|
unknown
|
Romania
|
|
|
|
184.225.235.113
|
unknown
|
United States
|
|
|
|
210.147.65.78
|
unknown
|
Japan
|
|
|
|
41.187.177.10
|
unknown
|
Egypt
|
|
|
|
31.25.124.180
|
unknown
|
Switzerland
|
|
|
|
197.56.218.254
|
unknown
|
Egypt
|
|
|
|
31.211.232.97
|
unknown
|
Sweden
|
|
|
|
5.44.126.217
|
unknown
|
Switzerland
|
|
|
|
31.251.56.63
|
unknown
|
Germany
|
|
|
|
95.116.116.148
|
unknown
|
Germany
|
|
|
|
94.101.162.38
|
unknown
|
United Kingdom
|
|
|
|
98.250.124.94
|
unknown
|
United States
|
|
|
|
85.3.66.122
|
unknown
|
Switzerland
|
|
|
|
95.107.112.137
|
unknown
|
Russian Federation
|
|
|
|
62.28.166.138
|
unknown
|
Portugal
|
|
|
|
2.134.216.76
|
unknown
|
Kazakhstan
|
|
|
|
5.170.86.3
|
unknown
|
Italy
|
|
|
|
112.157.171.161
|
unknown
|
Korea Republic of
|
|
|
|
31.100.75.13
|
unknown
|
United Kingdom
|
|
|
|
98.247.137.234
|
unknown
|
United States
|
|
|
|
172.203.238.149
|
unknown
|
United States
|
|
|
|
184.116.8.78
|
unknown
|
United States
|
|
|
|
95.144.231.152
|
unknown
|
United Kingdom
|
|
|
|
98.95.4.45
|
unknown
|
United States
|
|
|
|
184.102.107.234
|
unknown
|
United States
|
|
|
|
197.179.206.127
|
unknown
|
Kenya
|
|
|
|
197.131.22.46
|
unknown
|
Morocco
|
|
|
|
172.176.216.186
|
unknown
|
United States
|
|
|
|
95.18.93.133
|
unknown
|
Spain
|
|
|
|
2.209.223.77
|
unknown
|
Germany
|
|
|
|
178.253.26.126
|
unknown
|
Iran (ISLAMIC Republic Of)
|
|
|
|
94.144.155.70
|
unknown
|
Denmark
|
|
|
|
95.193.205.56
|
unknown
|
Sweden
|
|
|
|
172.239.185.221
|
unknown
|
United States
|
|
|
|
184.110.63.159
|
unknown
|
United States
|
|
|
|
79.47.183.43
|
unknown
|
Italy
|
|
|
|
197.70.244.246
|
unknown
|
South Africa
|
|
|
|
184.173.22.236
|
unknown
|
United States
|
|
|
|
5.66.172.125
|
unknown
|
United Kingdom
|
|
|
|
85.144.200.240
|
unknown
|
Netherlands
|
|
|
|
184.207.33.128
|
unknown
|
United States
|
|
|
|
2.127.239.49
|
unknown
|
United Kingdom
|
|
|
|
98.114.59.243
|
unknown
|
United States
|
|
|
|
95.131.237.190
|
unknown
|
Malta
|
|
|
|
98.60.253.119
|
unknown
|
United States
|
|
|
|
94.146.57.77
|
unknown
|
Denmark
|
|
|
|
31.232.160.24
|
unknown
|
Germany
|
|
|
|
62.51.196.155
|
unknown
|
European Union
|
|
|
|
112.148.105.93
|
unknown
|
Korea Republic of
|
|
|
|
172.48.155.181
|
unknown
|
United States
|
|
|
|
95.169.14.70
|
unknown
|
Canada
|
|
|
|
62.24.111.82
|
unknown
|
Kenya
|
|
|
|
98.105.187.55
|
unknown
|
United States
|
|
|
|
98.62.2.56
|
unknown
|
United States
|
|
|
|
197.207.242.240
|
unknown
|
Algeria
|
|
|
|
62.184.167.195
|
unknown
|
European Union
|
|
|
|
31.223.213.245
|
unknown
|
Bosnia and Herzegowina
|
|
|
|
98.60.168.2
|
unknown
|
United States
|
|
|
|
85.211.146.68
|
unknown
|
United Kingdom
|
|
|
|
95.58.131.8
|
unknown
|
Kazakhstan
|
|
|
|
62.1.27.147
|
unknown
|
Greece
|
|
|
|
95.71.147.158
|
unknown
|
Russian Federation
|
|
|
|
85.136.244.35
|
unknown
|
Spain
|
|
|
|
85.22.207.206
|
unknown
|
Germany
|
|
|
|
184.167.73.179
|
unknown
|
United States
|
|
|
|
197.187.71.28
|
unknown
|
Tanzania United Republic of
|
|
|
|
172.36.83.93
|
unknown
|
United States
|
|
|
|
94.3.251.65
|
unknown
|
United Kingdom
|
|
|
|
172.211.100.124
|
unknown
|
United States
|
|
|
|
85.56.103.10
|
unknown
|
Spain
|
|
|
|
98.108.222.166
|
unknown
|
United States
|
|
|
|
98.119.14.31
|
unknown
|
United States
|
|
|
|
5.107.68.173
|
unknown
|
United Arab Emirates
|
|
|
|
172.206.179.201
|
unknown
|
United States
|
|
|
|
184.82.217.184
|
unknown
|
Thailand
|
|
|
|
94.252.43.143
|
unknown
|
Luxembourg
|
|
|
|
85.130.194.40
|
unknown
|
Israel
|
|
|
|
5.141.203.182
|
unknown
|
Russian Federation
|
|
|
|
31.225.15.194
|
unknown
|
Germany
|
|
|
|
184.45.199.248
|
unknown
|
United States
|
|
|
|
197.69.172.170
|
unknown
|
South Africa
|
|
|
|
112.161.236.248
|
unknown
|
Korea Republic of
|
|
|
|
94.25.27.81
|
unknown
|
Russian Federation
|
|
|
|
41.22.234.51
|
unknown
|
South Africa
|
|
|
|
184.118.189.159
|
unknown
|
United States
|
|
|
|
31.24.164.137
|
unknown
|
Netherlands
|
|
There are 90 hidden IPs, click here to show them.