add thnk
This commit is contained in:
@@ -8,7 +8,7 @@
|
||||
==========================================================
|
||||
Enhanced Linux BPFDoor Detection Script
|
||||
==========================================================
|
||||
Host : rockpi-4c
|
||||
Host : rck
|
||||
Date : 2026-03-27_13-28-27
|
||||
Version: 1.1
|
||||
==========================================================
|
||||
439
bpfdoor_report_thnk_2026-03-31_11-48-45.log
Normal file
439
bpfdoor_report_thnk_2026-03-31_11-48-45.log
Normal file
@@ -0,0 +1,439 @@
|
||||
██████╗ █████╗ ██████╗ ██╗██████╗ ███████╗
|
||||
██╔══██╗██╔══██╗██╔══██╗██║██╔══██╗╚════██║
|
||||
██████╔╝███████║██████╔╝██║██║ ██║ ██╔╝
|
||||
██╔══██╗██╔══██║██╔═══╝ ██║██║ ██║ ██╔╝
|
||||
██║ ██║██║ ██║██║ ██║██████╔╝ ██║
|
||||
╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚═╝
|
||||
M A L W A R E L A B S
|
||||
==========================================================
|
||||
Enhanced Linux BPFDoor Detection Script
|
||||
==========================================================
|
||||
Host : thnk
|
||||
Date : 2026-03-31_11-48-45
|
||||
Version: 1.1
|
||||
==========================================================
|
||||
[2026-03-31 11:48:45] [INFO] [1/12] Checking /var/run for suspicious zero-byte mutex/lock files
|
||||
[2026-03-31 11:48:45] [SUCCESS] [1/12] No known suspicious mutex/lock files found
|
||||
[2026-03-31 11:48:45] [INFO] [2/12] Checking /etc/sysconfig for suspicious auto-start entries
|
||||
[2026-03-31 11:48:45] [WARN] [2/12] /etc/sysconfig not present; skipping
|
||||
[2026-03-31 11:48:45] [INFO] [3/12] Inspecting BPF filters via ss -0pb
|
||||
Netid Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
|
||||
p_dgr 0 0 [34958]:* * users:(("wpa_supplicant",pid=917,fd=12))
|
||||
bpf filter (4): 0x30 0 0 4294963204, 0x15 1 0 3, 0x06 0 0 4294967295, 0x06 0 0 0,
|
||||
p_dgr 0 0 [35085]:wlp61s0 * users:(("wpa_supplicant",pid=917,fd=13))
|
||||
p_dgr 0 0 arp:wlp61s0 * users:(("NetworkManager",pid=908,fd=25))
|
||||
[2026-03-31 11:48:45] [SUCCESS] [3/12] No obvious BPFDoor-like BPF filters found
|
||||
[2026-03-31 11:48:46] [INFO] [4/12] Checking RAW and packet socket usage (SOCK_RAW / SOCK_DGRAM)
|
||||
[2026-03-31 11:48:46] [ALERT] Suspicious Socket detected: PID 908 (/usr/sbin/NetworkManager --no-daemon) -> /usr/sbin/NetworkManager
|
||||
[2026-03-31 11:48:47] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/NetworkManager/1.46.0/libnm-device-plugin-wifi.so (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
000000000000000000000000000000002133000010000000000000000000000000000000
|
||||
-------------------------------
|
||||
[2026-03-31 11:48:48] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/NetworkManager/1.46.0/libnm-device-plugin-wwan.so (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
effff0f1f400083fb02744b4d85f60f8482000000498b0649898424a8000000488d0de00
|
||||
-------------------------------
|
||||
[2026-03-31 11:48:48] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/NetworkManager/1.46.0/libnm-wwan.so (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
88945c8488b05b2b20000f64008200f848200000089d7e8c1adffff4989c44885c00f84a
|
||||
-------------------------------
|
||||
[2026-03-31 11:48:48] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
10f854af8ffffe998feffff4939cc0f84820000000fb69154030000f6c2087576498b442
|
||||
4000048894588e9eef7ffff4939cc0f84820000000fb69154030000f6c2087576498b442
|
||||
b0f8481000000488975b04183fd020f848200000089da83e2018955c483f802740a89d98
|
||||
-------------------------------
|
||||
[2026-03-31 11:48:50] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
492000000488b88900000004885c90f8482000000488b46284883c04048c1e806741d31d
|
||||
a4801c34889dee893f5ffff4885c00f8482000000418b56e8458b46d0498b7ec881e2ff0
|
||||
5c00f848f000000488b78084885ff0f8482000000488d3535710100e8862fffff4c8b558
|
||||
-------------------------------
|
||||
[2026-03-31 11:48:50] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libbluetooth.so.3.19.12 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
406766b410fb645003c0174523c800f8482000000e8c53dffffc7004700000041bcfffff
|
||||
411000000000000071002000000000005110000000000001110020000000000061100000
|
||||
411000000000000e0100200000000001511000000000000eb10020000000000161100000
|
||||
-------------------------------
|
||||
[2026-03-31 11:48:51] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libbrotlicommon.so.1.1.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
35353535363636363737373738383838393939393a3a3a3a3b3b3b3b3c3c3c3c3d3d3d3d
|
||||
3130303031303234313339343030303039393939636f6d6f6dc3a1736573746565737461
|
||||
-------------------------------
|
||||
[2026-03-31 11:48:53] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libc.so.6 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0f0811600000000000002000000000000f270000012001100c08c1400000000008600000
|
||||
0000000000000547300002200110050b51100000000002000000000000000a3740000220
|
||||
1000000000000a56f00001200110050b51100000000002000000000000000e27b0000120
|
||||
-------------------------------
|
||||
[2026-03-31 11:48:59] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
800000085c00f84b200000083f8010f8482000000f6c3107437488d3d1d440000e808f8f
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:00] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.8.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
1498b4518c60300488945884d85f60f8482000000418b86d000000083f8040f844202000
|
||||
b7dc0488b15a58405000fb6073c2f0f84820000003c5c747effd2488b7dc0498986a8040
|
||||
9c6b80000004c8d3c0249837f18000f8482000000498b37498b7c2408e8c5a2feff85c07
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:02] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libdbus-1.so.3.32.4 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
54889e5534889f34883ec084885f60f848200000048393e742d488b5df8b9870c0000488
|
||||
885ff0f84c60000004989f44885f60f84820000004889fb488b7f08e8ae4f0100808b000
|
||||
f1efa554889e5534883ec084885ff0f84820000008b0570b002004889fb3987980000007
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:04] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.3 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
488b402085c074638d50ff89c05d81fa0f270000ba00000000480f43c2c3660f1f440000
|
||||
3d488b402089c285c0745283e8015d3d0f270000b8000000000f43d089d0c30f1f800000
|
||||
741f488b402089c285c0741e83e8013d0f270000410f43d4895324eba90f1f400031d2eb
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:08] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.8000.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0000000000000ef1c010012000e0050d51100000000006202000000000000ade80000120
|
||||
0000000000000631e010012000e0090e5110000000000840000000000000035760000120
|
||||
0000000000000ee14010012000e002025110000000000990000000000000043440000120
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:15] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.8000.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
54885f60f841a0100008b460885c00f84820000000fb677144989fc4989d683f8ff75064
|
||||
000f009c8894304e80affffff85c00f8482000000804b0402488b45e864482b042528000
|
||||
74889dfe8b144feff4989c44885c00f84820000004489e64889dfb90100000029de488d1
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:20] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
2e0f8e830000004883f9627e454881fe511000007e3c660fefc0660fefc9f20f1015aca8
|
||||
6c4983fe2e7e664983fe627e454881fb511000007e3c660fefc0660fefc9f20f10150fa6
|
||||
000048837d10620f8eba0300004981ff511000000f8ead030000660fefc0660fefc9f20f
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:23] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libgnutls.so.30.37.1 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0000000000000f29b000012000f00f045110000000000560700000000000030110000120
|
||||
70b40900000000001a010000000000005572000012000f0040e70d0000000000ad050000
|
||||
e1e00000000000800000000000000f065110000000000e0be1e000000000008000000000
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:30] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.8000.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
201445248050d45170b210210335180c48200000000df000000e00000000000000000000
|
||||
0004889cf4889cbe87a90010085c00f8482000000488b050be303004c89e64589f84c89f
|
||||
d85ed747a4c89e7e84a7a010085c00f8482000000488b73184939f574134c89e7e8e17b0
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:31] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
415c5dc30f1f4000488b7708498bbc2448200000ffd04883f8ff74344c8b63484885c074
|
||||
c24c29e24885d27e7a488b7308498bbe482000004c01e641ffd54883f8ff75d3488b4320
|
||||
a6682000000f11432031d231f6498bbe4820000041ffd54585ff752f31c04883c4085b41
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:32] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
885ff0f848e0000004989f44885f60f8482000000c707000000004989fd4989d64885d20
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:34] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libhogweed.so.6.8 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
2311000011f00e00fe100000330a02005110000001ff0000f00f0000b79c0900920f0000
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:35] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libidn2.so.0.4.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
480000002186201d481000002187a01d48200000201aa01d483000002163a01d48400000
|
||||
50f000002063201d510000002019a01d511000002175a01d51200000202e201d51300000
|
||||
a9a050f000000000105100000028aaa0511000000000105120000028aba0513000000000
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:35] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
8c1e702e8bad9ffff4889c64885c00f84820000004d63e44c8d05243f0200488d0d153f0
|
||||
411000000110000041000000110000005110000011100000500000800000008040100080
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:37] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
84b80000004989c4488b05fa7d0900be48200000bf010000004989442408e8de24ffff48
|
||||
b7d180f1104d0e8735bfcff4885c00f8482000000498b550049894518660fefc04c89e74
|
||||
04983c5084a8b14294885d27463817a048200000075ea488b7a10e8b12efcff498b54240
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:39] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libldap.so.2.0.200 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0f87010100003de7030000766331d23d0f2700000f97c283c20501d34d8b65104d85e474
|
||||
84c89e64c89f7e8b5fbffff83f8050f848200000083f8030f85b70000008d43fe4439e87
|
||||
885f60f848e000000803e004989f60f84820000004989d44885d2747a48c702000000004
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:41] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.5 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
9498957204183fd030f86be110000e9b51100000f1f80000000004d8bb7b0020000418b9
|
||||
08430b4c0a0c07084c0b00002800000048200000f465feff2103000000410e108602430d
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:42] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libm.so.6 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
3e00383f8010f84cb00000083f8020f848200000085c0743eff75d8ff75d0ff75c8ff75c
|
||||
94dc8e8d767ffff4939dc488b4dc80f8482000000660f540522e1050066490f6eccf20f1
|
||||
2f20f58cbf20f59c2f20f58c885d20f848200000066480f6ec0f20f59c8f20f58c1c30f1
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:46] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libmm-glib.so.0.10.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
000000000000079110c00000000000805110000000000080000000000000062110c00000
|
||||
0000010051100000000000800000000000000cdb40b00000
|
||||
000002805110000000000080000000000000064160c00000
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:49] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libmount.so.1.1.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
5b8488b45c04c8b384d89fe4d85ff0f8482000000498b1e4885db747a41f6460c08743b4
|
||||
000031c0e8bf07fdff4189c585c00f8955110000e83f00fdff8b004189c241f7da85c00f
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:50] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libnetplan.so.1 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
603b03000000000026000000000000005110000012000e00b01b03000000000030000000
|
||||
885c00f84b4010000488b384885ff0f8482000000498db424d8000000e856b2ffff85c00
|
||||
5c00f848f000000448b48084585c90f84820000004531e44c8d35d7bd020090488b004c8
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:52] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libnghttp2.so.14.26.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
4920000004989fde86adafeff85c00f848200000089de4c89efe828cbfeff4885c075734
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:54] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.1 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
b19000000000008000000000000000605110000000000c81b19000000000008000000000
|
||||
519000000000008000000000000000e05110000000000902519000000000008000000000
|
||||
000002205110000000000b82519000000000008000000000
|
||||
-------------------------------
|
||||
[2026-03-31 11:49:58] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0000f2ec37c1c412182e514be465b10a9352000000000000000000000000000000000000
|
||||
000000448c408000000400300000022951100000000c17f00000080000100000000c17f0
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:00] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libresolv.so.2 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
d30000003de70300000f86d70000003d0f2700000f86db0000003d9f8601000f86df0000
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:01] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libselinux.so.1 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
000000000000000000000000000000005110000012000f00f07801000000000036000000
|
||||
00f1f0085c90f848b00000083f92d0f848200000083f92e400f94c783f95f410f94c0440
|
||||
04c89e7e8fe41ffff4989c54885c00f84820000004c89e14c89e231f64889c7e84244fff
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:02] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libssh.so.4.9.6 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
4534889fb4883ec184c8b3f4885f60f848200000089ce4189d64189cde8235fffff85c07
|
||||
44d8b6d00c745c4020000004d85ed0f8482000000498b7d08e8fb0efeff4989c64885c00
|
||||
30a00004c8b00b9020000004d85c00f84820000004c895da84c896db04989dd4489e3458
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:04] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libsystemd.so.0.38.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
f000000000f298510ffffff4885f60f84820000004885db0f84a9000000488d45104c8da
|
||||
883ec084885ff746e4889f34885f60f8482000000f6471e1074144883be6001000000743
|
||||
800004889830808000041807e08000f84820000004531ff498bb424a0000000488d48014
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:06] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.3 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0f82f30000004c29f34c8d63014981ff0f2700000f8f64080000b8102700004d01ff4939
|
||||
85c00f844212000066490f6ec541c74548200000000f160523e000004889051ce000000f
|
||||
6b504489635831dbe9d7fcffff488d350f2700004c89e7e89b48ffff85c00f84c3010000
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:07] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libteamdctl.so.0.1.5 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
8020f8f54010000410fb6450184c00f84820000004531edeb184d85ed4d0f44ea410fb64
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:07] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libudev.so.1.7.8 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
800004889830808000041807e08000f84820000004531ff498bb424a0000000488d48014
|
||||
04c89fae89ef9ffff4189c483f8da0f848200000083f8db7c6583f8e7747885c00f8820f
|
||||
7415641554154534883ec184885ff0f84820000004189f4488d35c18100004889fb4989d
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:09] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libunistring.so.5.0.0 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
889fb4989f44889d74d89cf4d85c90f8482000000488d45b04889fe4889cf4889c248894
|
||||
dff4c8b8510fcffff4885c04889c10f8482000000488b8500fcffff488d1c014d85ff742
|
||||
0c30f1f440000f30f1efa8b0685c00f8482000000554889e541544989f453418b5424044
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:13] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libyaml-0.so.2.0.9 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
975c8e86f16ffff488945b84885c00f84820000004889c3488b45c04c8bb0e80000004c8
|
||||
b7d7c85ff0f858c000000837b1c020f8482000000498b8dc0000000498b95c8000000b80
|
||||
34889fb85d20f85fb000000833e080f84820000004531c031c9488d35f46a000031d2e8d
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:14] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libz.so.1.3 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
af81b0000be01000000ffd04885c00f8482000000ba010000004489e148894338d3e2c74
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:15] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.5 (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
9f3488b7dc04839fb730a8b3b393a0f84820000004c39f373080fb73b66393a7465488b7
|
||||
9f3488b7dc04839fb730a8b3b393a0f84820000004c39f373080fb73b66393a7465488b7
|
||||
8470b002c000000a4270000d8c8f8fff511000000450e108602460d06428f034a8e048d0
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:19] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/sbin/NetworkManager (PID: 908)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
000000000000000000000000000000004820000012000000000000000000000000000000
|
||||
d3300000000000800000000000000a0f5110000000000880d33000000000008000000000
|
||||
0000000000000010b516000000000000213300000000000800000000000000e097080000
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:28] [ALERT] Suspicious Socket detected: PID 917 (/usr/sbin/wpa_supplicant -u -s -O DIR=/run/wpa_supplicant GROUP=netdev) -> /usr/sbin/wpa_supplicant
|
||||
[2026-03-31 11:50:28] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
10f854af8ffffe998feffff4939cc0f84820000000fb69154030000f6c2087576498b442
|
||||
4000048894588e9eef7ffff4939cc0f84820000000fb69154030000f6c2087576498b442
|
||||
b0f8481000000488975b04183fd020f848200000089da83e2018955c483f802740a89d98
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:30] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libc.so.6 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0f0811600000000000002000000000000f270000012001100c08c1400000000008600000
|
||||
0000000000000547300002200110050b51100000000002000000000000000a3740000220
|
||||
1000000000000a56f00001200110050b51100000000002000000000000000e27b0000120
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:36] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libdbus-1.so.3.32.4 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
54889e5534889f34883ec084885f60f848200000048393e742d488b5df8b9870c0000488
|
||||
885ff0f84c60000004989f44885f60f84820000004889fb488b7f08e8ae4f0100808b000
|
||||
f1efa554889e5534883ec084885ff0f84820000008b0570b002004889fb3987980000007
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:37] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.3 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
488b402085c074638d50ff89c05d81fa0f270000ba00000000480f43c2c3660f1f440000
|
||||
3d488b402089c285c0745283e8015d3d0f270000b8000000000f43d089d0c30f1f800000
|
||||
741f488b402089c285c0741e83e8013d0f270000410f43d4895324eba90f1f400031d2eb
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:41] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
415c5dc30f1f4000488b7708498bbc2448200000ffd04883f8ff74344c8b63484885c074
|
||||
c24c29e24885d27e7a488b7308498bbe482000004c01e641ffd54883f8ff75d3488b4320
|
||||
a6682000000f11432031d231f6498bbe4820000041ffd54585ff752f31c04883c4085b41
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:42] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.5 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
9498957204183fd030f86be110000e9b51100000f1f80000000004d8bb7b0020000418b9
|
||||
08430b4c0a0c07084c0b00002800000048200000f465feff2103000000410e108602430d
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:43] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libm.so.6 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
3e00383f8010f84cb00000083f8020f848200000085c0743eff75d8ff75d0ff75c8ff75c
|
||||
94dc8e8d767ffff4939dc488b4dc80f8482000000660f540522e1050066490f6eccf20f1
|
||||
2f20f58cbf20f59c2f20f58c885d20f848200000066480f6ec0f20f59c8f20f58c1c30f1
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:46] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
b0a000000000000011000000000000005110000012000e00b0080100000000004b000000
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:47] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libnl-route-3.so.200.26.0 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
f0700000fb7ffe81aaeffff4885c00f8482000000488b7dc8498904244531c04885ff741
|
||||
00f8490000000e89b04feff4885c00f84820000004889c2488d351264010031c04c89e7e
|
||||
0100004989df4d29d74881bd70ebffff0f2700004d8d6f010f8f6b0b000048d1a570ebff
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:49] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libpcsclite.so.1.0.0 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
dc4e8d6eeffff85c07e52f645c6010f84820000004889da4c89e64489efe80aeeffff85c
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:50] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libssl.so.3 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
189c483f8017537498b7d104885ff0f84820000004889dee84a3affff85c00f95c04883c
|
||||
04989c6e82ed0feff4989c54885c00f84820000004c8d251b5b0500498d5424184d85f67
|
||||
049c78424500200002000000085c00f848200000049c784245002000000000000b801000
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:53] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libsystemd.so.0.38.0 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
f000000000f298510ffffff4885f60f84820000004885db0f84a9000000488d45104c8da
|
||||
883ec084885ff746e4889f34885f60f8482000000f6471e1074144883be6001000000743
|
||||
800004889830808000041807e08000f84820000004531ff498bb424a0000000488d48014
|
||||
-------------------------------
|
||||
[2026-03-31 11:50:56] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.5 (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
9f3488b7dc04839fb730a8b3b393a0f84820000004c39f373080fb73b66393a7465488b7
|
||||
9f3488b7dc04839fb730a8b3b393a0f84820000004c39f373080fb73b66393a7465488b7
|
||||
8470b002c000000a4270000d8c8f8fff511000000450e108602460d06428f034a8e048d0
|
||||
-------------------------------
|
||||
[2026-03-31 11:51:00] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/sbin/wpa_supplicant (PID: 917)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
053300000000000800000000000000704820000000000038053300000000000800000000
|
||||
053300000000000800000000000000f04820000000000048053300000000000800000000
|
||||
000000000000005e4a2d000000000050213300000000000800000000000000b19c2e0000
|
||||
-------------------------------
|
||||
[2026-03-31 11:51:09] [INFO] [5/12] Checking for suspicious environment variables
|
||||
[2026-03-31 11:51:11] [SUCCESS] [5/12] No processes with the full suspicious env var set found
|
||||
[2026-03-31 11:51:11] [INFO] [6/12] Checking TCP ports 42391-43390 and 8000
|
||||
[2026-03-31 11:51:11] [SUCCESS] [6/12] No connections on known suspicious BPFDoor ports
|
||||
[2026-03-31 11:51:11] [INFO] [7/12] Checking for masqueraded processes (Verifying true execution paths)
|
||||
[2026-03-31 11:51:24] [CRITICAL] [7/12] Process Masquerading Detected! PID=62 claims to be '[watchdogd]' but is actually executing '/proc/62/exe'
|
||||
[2026-03-31 11:51:31] [CRITICAL] [7/12] Process Masquerading Detected! PID=279 claims to be '/usr/lib/systemd/systemd-journald' but is actually executing '/usr/lib/systemd/systemd-journald'
|
||||
[2026-03-31 11:51:59] [INFO] [8/12] Checking for processes executing deleted binaries (Fileless execution)
|
||||
[2026-03-31 11:51:59] [SUCCESS] [8/12] No critical memory-resident/deleted binary execution found
|
||||
[2026-03-31 11:51:59] [INFO] [9/12] Checking kernel stacks for raw socket blocking (packet_recvmsg/wait_for_more_packets)
|
||||
[2026-03-31 11:51:59] [SUCCESS] [9/12] No processes blocking on suspicious packet socket kernel functions
|
||||
[2026-03-31 11:51:59] [INFO] [11/12] Checking for active connections to known BPFDoor C2 domains
|
||||
[2026-03-31 11:52:00] [CRITICAL] Active Reverse Shell to BPFDoor C2: ntpussl.instanthq.com (204.16.169.54)
|
||||
Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
|
||||
[2026-03-31 11:52:01] [CRITICAL] Active Reverse Shell to BPFDoor C2: ntpd.casacam.net (127.0.0.1)
|
||||
Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
|
||||
[2026-03-31 11:52:01] [CRITICAL] Active Reverse Shell to BPFDoor C2: ntpupdate.ygto.com (127.0.0.1)
|
||||
Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
|
||||
[2026-03-31 11:52:01] [INFO] [12/12] Checking specific processes for hardcoded BPFDoor file signatures
|
||||
[2026-03-31 11:52:01] [SUCCESS] [12/12] No hardcoded process signatures detected
|
||||
[2026-03-31 11:52:01] [INFO] [10/12] Deep scanning candidate binaries (hash, strings, UPX packing)
|
||||
[2026-03-31 11:52:01] [INFO] >>> Analyzing candidate binary: /usr/lib/systemd/systemd-journald
|
||||
[2026-03-31 11:52:01] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/NetworkManager/1.46.0/libnm-device-plugin-wifi.so
|
||||
[2026-03-31 11:52:01] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/NetworkManager/1.46.0/libnm-device-plugin-wwan.so
|
||||
[2026-03-31 11:52:02] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/NetworkManager/1.46.0/libnm-wwan.so
|
||||
[2026-03-31 11:52:02] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
|
||||
[2026-03-31 11:52:02] [ALERT] String match '1234' found in /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
|
||||
[2026-03-31 11:52:02] [CRITICAL] BPFDoor-like string pattern(s) found in /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
|
||||
[2026-03-31 11:52:02] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0
|
||||
[2026-03-31 11:52:02] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libbluetooth.so.3.19.12
|
||||
[2026-03-31 11:52:02] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libbrotlicommon.so.1.1.0
|
||||
[2026-03-31 11:52:03] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libc.so.6
|
||||
[2026-03-31 11:52:03] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
|
||||
[2026-03-31 11:52:03] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.8.0
|
||||
[2026-03-31 11:52:03] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libdbus-1.so.3.32.4
|
||||
[2026-03-31 11:52:04] [ALERT] String match '1234' found in /usr/lib/x86_64-linux-gnu/libdbus-1.so.3.32.4
|
||||
[2026-03-31 11:52:04] [CRITICAL] BPFDoor-like string pattern(s) found in /usr/lib/x86_64-linux-gnu/libdbus-1.so.3.32.4
|
||||
[2026-03-31 11:52:04] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libgcrypt.so.20.4.3
|
||||
[2026-03-31 11:52:04] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libgio-2.0.so.0.8000.0
|
||||
[2026-03-31 11:52:05] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.8000.0
|
||||
[2026-03-31 11:52:05] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0
|
||||
[2026-03-31 11:52:06] [ALERT] String match '1234' found in /usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0
|
||||
[2026-03-31 11:52:06] [CRITICAL] BPFDoor-like string pattern(s) found in /usr/lib/x86_64-linux-gnu/libgmp.so.10.5.0
|
||||
[2026-03-31 11:52:06] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libgnutls.so.30.37.1
|
||||
[2026-03-31 11:52:06] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libgobject-2.0.so.0.8000.0
|
||||
[2026-03-31 11:52:07] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0
|
||||
[2026-03-31 11:52:07] [ALERT] String match '1234' found in /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0
|
||||
[2026-03-31 11:52:07] [CRITICAL] BPFDoor-like string pattern(s) found in /usr/lib/x86_64-linux-gnu/libgpg-error.so.0.34.0
|
||||
[2026-03-31 11:52:07] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libgssapi_krb5.so.2.2
|
||||
[2026-03-31 11:52:07] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libhogweed.so.6.8
|
||||
[2026-03-31 11:52:07] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libidn2.so.0.4.0
|
||||
[2026-03-31 11:52:07] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libk5crypto.so.3.1
|
||||
[2026-03-31 11:52:07] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libkrb5.so.3.3
|
||||
[2026-03-31 11:52:08] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libldap.so.2.0.200
|
||||
[2026-03-31 11:52:08] [ALERT] String match '1234' found in /usr/lib/x86_64-linux-gnu/libldap.so.2.0.200
|
||||
[2026-03-31 11:52:08] [CRITICAL] BPFDoor-like string pattern(s) found in /usr/lib/x86_64-linux-gnu/libldap.so.2.0.200
|
||||
[2026-03-31 11:52:08] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/liblzma.so.5.4.5
|
||||
[2026-03-31 11:52:08] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libm.so.6
|
||||
[2026-03-31 11:52:08] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libmm-glib.so.0.10.0
|
||||
[2026-03-31 11:52:09] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libmount.so.1.1.0
|
||||
[2026-03-31 11:52:09] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libnetplan.so.1
|
||||
[2026-03-31 11:52:09] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libnghttp2.so.14.26.0
|
||||
[2026-03-31 11:52:09] [ALERT] String match '1234' found in /usr/lib/x86_64-linux-gnu/libnghttp2.so.14.26.0
|
||||
[2026-03-31 11:52:09] [CRITICAL] BPFDoor-like string pattern(s) found in /usr/lib/x86_64-linux-gnu/libnghttp2.so.14.26.0
|
||||
[2026-03-31 11:52:09] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libnl-3.so.200.26.0
|
||||
[2026-03-31 11:52:10] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libnl-route-3.so.200.26.0
|
||||
[2026-03-31 11:52:10] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.1
|
||||
[2026-03-31 11:52:10] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2
|
||||
[2026-03-31 11:52:11] [ALERT] String match '1234' found in /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2
|
||||
[2026-03-31 11:52:11] [CRITICAL] BPFDoor-like string pattern(s) found in /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2
|
||||
[2026-03-31 11:52:11] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libpcsclite.so.1.0.0
|
||||
[2026-03-31 11:52:11] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libresolv.so.2
|
||||
[2026-03-31 11:52:11] [ALERT] String match '1234' found in /usr/lib/x86_64-linux-gnu/libresolv.so.2
|
||||
[2026-03-31 11:52:11] [CRITICAL] BPFDoor-like string pattern(s) found in /usr/lib/x86_64-linux-gnu/libresolv.so.2
|
||||
[2026-03-31 11:52:11] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libselinux.so.1
|
||||
[2026-03-31 11:52:11] [ALERT] String match '1234' found in /usr/lib/x86_64-linux-gnu/libselinux.so.1
|
||||
[2026-03-31 11:52:11] [CRITICAL] BPFDoor-like string pattern(s) found in /usr/lib/x86_64-linux-gnu/libselinux.so.1
|
||||
[2026-03-31 11:52:11] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libssh.so.4.9.6
|
||||
[2026-03-31 11:52:11] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libssl.so.3
|
||||
[2026-03-31 11:52:12] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libsystemd.so.0.38.0
|
||||
[2026-03-31 11:52:12] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.3
|
||||
[2026-03-31 11:52:12] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libteamdctl.so.0.1.5
|
||||
[2026-03-31 11:52:12] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libudev.so.1.7.8
|
||||
[2026-03-31 11:52:12] [ALERT] String match '1234' found in /usr/lib/x86_64-linux-gnu/libudev.so.1.7.8
|
||||
[2026-03-31 11:52:12] [CRITICAL] BPFDoor-like string pattern(s) found in /usr/lib/x86_64-linux-gnu/libudev.so.1.7.8
|
||||
[2026-03-31 11:52:12] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libunistring.so.5.0.0
|
||||
[2026-03-31 11:52:13] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libyaml-0.so.2.0.9
|
||||
[2026-03-31 11:52:13] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libz.so.1.3
|
||||
[2026-03-31 11:52:13] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.5
|
||||
[2026-03-31 11:52:14] [INFO] >>> Analyzing candidate binary: /usr/sbin/NetworkManager
|
||||
[2026-03-31 11:52:15] [INFO] >>> Analyzing candidate binary: /usr/sbin/wpa_supplicant
|
||||
[2026-03-31 11:52:16] [INFO] [-] Basic persistence triage (cron, systemd, rc scripts)
|
||||
[2026-03-31 11:52:16] [ALERT] Suspicious pattern in systemd units under /usr/lib/systemd/system
|
||||
Reference in New Issue
Block a user