add spk
This commit is contained in:
260
bpfdoor_report_spk_2026-03-27_12-55-37.log
Normal file
260
bpfdoor_report_spk_2026-03-27_12-55-37.log
Normal file
@@ -0,0 +1,260 @@
|
||||
██████╗ █████╗ ██████╗ ██╗██████╗ ███████╗
|
||||
██╔══██╗██╔══██╗██╔══██╗██║██╔══██╗╚════██║
|
||||
██████╔╝███████║██████╔╝██║██║ ██║ ██╔╝
|
||||
██╔══██╗██╔══██║██╔═══╝ ██║██║ ██║ ██╔╝
|
||||
██║ ██║██║ ██║██║ ██║██████╔╝ ██║
|
||||
╚═╝ ╚═╝╚═╝ ╚═╝╚═╝ ╚═╝╚═════╝ ╚═╝
|
||||
M A L W A R E L A B S
|
||||
==========================================================
|
||||
Enhanced Linux BPFDoor Detection Script
|
||||
==========================================================
|
||||
Host : spk
|
||||
Date : 2026-03-27_12-55-37
|
||||
Version: 1.1
|
||||
==========================================================
|
||||
[2026-03-27 12:55:37] [INFO] [1/12] Checking /var/run for suspicious zero-byte mutex/lock files
|
||||
[2026-03-27 12:55:37] [SUCCESS] [1/12] No known suspicious mutex/lock files found
|
||||
[2026-03-27 12:55:37] [INFO] [2/12] Checking /etc/sysconfig for suspicious auto-start entries
|
||||
[2026-03-27 12:55:37] [WARN] [2/12] /etc/sysconfig not present; skipping
|
||||
[2026-03-27 12:55:37] [INFO] [3/12] Inspecting BPF filters via ss -0pb
|
||||
Netid Recv-Q Send-Q Local Address:Port Peer Address:PortProcess
|
||||
p_raw 0 0 LLDP:ens4 * users:(("systemd-network",pid=329,fd=27))
|
||||
bpf filter (12): 0x20 0 0 0, 0x15 1 0 25215488, 0x06 0 0 0, 0x28 0 0 4, 0x15 3 0 0, 0x15 2 0 3, 0x15 1 0 14, 0x06 0 0 0, 0x28 0 0 12, 0x15 1 0 35020, 0x06 0 0 0, 0x06 0 0 4294967295,
|
||||
p_dgr 0 0 arp:* * users:(("charon-systemd",pid=232103,fd=7))
|
||||
bpf filter (12): 0x28 0 0 2, 0x15 0 9 2048, 0x30 0 0 4, 0x15 0 7 6, 0x30 0 0 5, 0x15 0 5 4, 0x28 0 0 6, 0x15 0 3 1, 0x80 0 0 0, 0x35 0 1 28, 0x06 0 0 28, 0x06 0 0 0,
|
||||
p_dgr 0 0 ip:* * users:(("charon-systemd",pid=232103,fd=22))
|
||||
bpf filter (19): 0x30 0 0 9, 0x15 0 16 17, 0x28 0 0 20, 0x15 0 14 67, 0x28 0 0 22, 0x15 2 0 68, 0x15 1 0 67, 0x05 0 0 10, 0x30 0 0 28, 0x15 0 8 2, 0x30 0 0 29, 0x15 0 6 1, 0x30 0 0 30, 0x15 0 4 6, 0x20 0 0 264, 0x15 0 2 1669485411, 0x80 0 0 0, 0x16 0 0 0, 0x06 0 0 0,
|
||||
p_dgr 0 0 ip:* * users:(("charon-systemd",pid=232103,fd=23))
|
||||
bpf filter (12): 0x30 0 0 4294963220, 0x15 0 2 0, 0x30 0 0 4294963208, 0x15 0 5 2, 0x20 0 0 16, 0x15 4 0 176422914, 0x15 3 0 4294967295, 0x54 0 0 4026531840, 0x15 1 0 3758096384, 0x06 0 0 0, 0x80 0 0 0, 0x16 0 0 0,
|
||||
[2026-03-27 12:55:37] [SUCCESS] [3/12] No obvious BPFDoor-like BPF filters found
|
||||
[2026-03-27 12:55:37] [INFO] [4/12] Checking RAW and packet socket usage (SOCK_RAW / SOCK_DGRAM)
|
||||
[2026-03-27 12:55:37] [ALERT] Suspicious Socket detected: PID 232103 (/usr/sbin/charon-systemd) -> /usr/sbin/charon-systemd
|
||||
[2026-03-27 12:55:37] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/ipsec/libcharon.so.0.0.0 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
b83980100004889c7ff50104885c00f8482000000836804014889c57429488b838001000
|
||||
100004c89e741ff542430663df4010f84820000004c89ef41ff5530663df40174754889d
|
||||
0084889c7ff5048f683ac010000020f84820000008b836c010000f30f6f83580100008b9
|
||||
-------------------------------
|
||||
[2026-03-27 12:55:43] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/ipsec/libstrongswan.so.0.0.0 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
b30e880e2fcff488b54243883f8ff0f84820000004c89efbeffffffffe815d8fcff488b3
|
||||
48830c24004881ece800000048898c244820000089fd4889f34c898424502000004c898c
|
||||
302550a0e08460b500e08001c000000d48200000014fdff3600000000450e108302550a0
|
||||
-------------------------------
|
||||
[2026-03-27 12:55:47] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/ipsec/libtnccs.so.0.0.0 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
f85400000000000008000000000000002133000000000000005500000000000008000000
|
||||
03000000000000000000000000000000213300000000000025330000000000002a330000
|
||||
-------------------------------
|
||||
[2026-03-27 12:55:47] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/ipsec/plugins/libstrongswan-connmark.so (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
1142684883c408c390f30f1efa488d0555110000c30f1f4000f30f1efa488d0555300000
|
||||
-------------------------------
|
||||
[2026-03-27 12:55:47] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/ipsec/plugins/libstrongswan-forecast.so (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0498b47200f1184249000000048c7842482000000756470004889c7ff50304189c5498b4
|
||||
-------------------------------
|
||||
[2026-03-27 12:55:48] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/ipsec/plugins/libstrongswan-vici.so (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
88d35051701004889dfff5308488d8c24820000004889ea31c0488d35f31601004889dff
|
||||
e0fdfeff14000000000000001000000048200000ecfdfeff140000000000000010000000
|
||||
-------------------------------
|
||||
[2026-03-27 12:55:49] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/ipsec/plugins/libstrongswan-x509.so (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
9c54889c731c0ff55004189c484c00f8482000000488b04244889e64889ef4989450031c
|
||||
-------------------------------
|
||||
[2026-03-27 12:55:50] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
04885c0740f0fb64004c0e8043c020f8482000000f60571a60200017579488b04244885c
|
||||
15d415e415fc30fb61631c04885d20f84820000000fb6450184c00f84cc00000048c1e20
|
||||
d75cf83fa020f858b0000004084ed0f84820000004183fa0477bd0f1f8000000000418db
|
||||
-------------------------------
|
||||
[2026-03-27 12:55:51] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
d100000e7100000f8100000ff100000051100000d110000161100001e110000241100002
|
||||
-------------------------------
|
||||
[2026-03-27 12:55:53] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
800000085c00f84b300000083f8010f8482000000f6c3107437488d3d0e460000e8e9f7f
|
||||
-------------------------------
|
||||
[2026-03-27 12:55:53] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libc.so.6 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
000000000000001255000022000f00b0511000000000001e00000000000000c819000012
|
||||
00000000000001559000012000f00e02511000000000022000000000000004f7e0000120
|
||||
00000000000001b45000012000f0050051100000000002100000000000000f86b0000120
|
||||
-------------------------------
|
||||
[2026-03-27 12:56:08] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libip4tc.so.2.0.0 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
00000000000000000000000000000006482000000000000eb00000000000000000000000
|
||||
-------------------------------
|
||||
[2026-03-27 12:56:09] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libm.so.6 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
fffffd9eedb6c2430dbe9ddd97a0a0f8482000000ddd8eb06ddd80f1f4000d97c240edb6
|
||||
9d10f828f000000488b0c244809d10f848200000048be000000000000ff7fb902c0ffff4
|
||||
f0424660fefc9e84b8205004885c00f8482000000bf000c0000e8c8c7fdff660f6f4c244
|
||||
-------------------------------
|
||||
[2026-03-27 12:56:16] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0405010420440922106890004000000051100000000a1d00000048801226011004806448
|
||||
208608000000000045000000000000004820000012000d0080ee0400000000003a000000
|
||||
0000000000000d0fe10000000000000051100000000000800000000000000d0fe1000000
|
||||
-------------------------------
|
||||
[2026-03-27 12:56:25] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libz.so.1.3.1 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
30000000f1181a00000004183f80b0f84820000000f1181b00000004183f80c74750f118
|
||||
b4129c84a8d3c1a4b8d741d0039c80f8482000000418d48ff4489c083f90676204a8b141
|
||||
984249c00000066034424406644898424820000004189f0668984249e00000031c085f67
|
||||
-------------------------------
|
||||
[2026-03-27 12:56:26] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7 (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0000080f9030f84a100000080f9010f848200000048c7c1ffffffff4084f6740c420fb64
|
||||
-------------------------------
|
||||
[2026-03-27 12:56:32] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so (PID: 232103)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
04889eee8b694ffff4889c34885c00f84820000004c8920498b7538488d4838488d50304
|
||||
-------------------------------
|
||||
[2026-03-27 12:56:33] [ALERT] Suspicious Socket detected: PID 329 (/usr/lib/systemd/systemd-networkd) -> /usr/lib/systemd/systemd-networkd
|
||||
[2026-03-27 12:56:33] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/locale/aa_DJ.utf8/LC_COLLATE (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
3e0b48000000003e0b48100000003e0b48200000003e0b48300000003e0b48400000003e
|
||||
3e0a48000000003e0a48100000003e0a48200000003e0a48300000003e0a48400000003e
|
||||
0000002d48000000002d48100000002d48200000002d48300000002d48400000002d4850
|
||||
-------------------------------
|
||||
[2026-03-27 12:56:52] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/locale/aa_DJ.utf8/LC_CTYPE (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
40200000422000004420000046200000482000004a2000004c2000004e20000050200000
|
||||
7a3100007c3100007e31000080310000823100008431000086310000883100008a310000
|
||||
44200000000000004720000000000000482000000000000049200000000000004a200000
|
||||
-------------------------------
|
||||
[2026-03-27 12:56:55] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/systemd/systemd-networkd (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
000000000000000000000000000000000f27000012000000000000000000000000000000
|
||||
f1500000000000800000000000000b0e511000000000060cf15000000000008000000000
|
||||
a16000000000008000000000000004ff5110000000000400a16000000000008000000000
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:09] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
04885c0740f0fb64004c0e8043c020f8482000000f60571a60200017579488b04244885c
|
||||
15d415e415fc30fb61631c04885d20f84820000000fb6450184c00f84cc00000048c1e20
|
||||
d75cf83fa020f858b0000004084ed0f84820000004183fa0477bd0f1f8000000000418db
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:11] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
d100000e7100000f8100000ff100000051100000d110000161100001e110000241100002
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:12] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
9000200a541a60d1400000024000000b511000008000000aa11000000000000010000000
|
||||
400000024000000c011000008000000b511000000000000010000000b0002009112a60d1
|
||||
01000064488b042528000000488984244820000031c048c74424200000000048c7442428
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:15] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libbpf.so.1.5.0 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
04889df4889c6e89405ffff4885c00f84820000004989c44889e5eb170f1f004c89f2488
|
||||
8ffff31c0b9001000004889ef4c8d8c2482000000ba01000000be001000004c8d058a060
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:18] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
800000085c00f84b300000083f8010f8482000000f6c3107437488d3d0e460000e8e9f7f
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:19] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libc.so.6 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
000000000000001255000022000f00b0511000000000001e00000000000000c819000012
|
||||
00000000000001559000012000f00e02511000000000022000000000000004f7e0000120
|
||||
00000000000001b45000012000f0050051100000000002100000000000000f86b0000120
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:34] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libelf-0.192.so (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
f81f0000409bffff20200000c09bffff48200000909cffff78200000909dffffa8200000
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:35] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libmount.so.1.1.0 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
9e6e80ec4fcff85c00f88c60000000f84820000004c8b7424104d85f60f84c2000000498
|
||||
74989f4e84ef1fbff4989c64885db0f84820000004c8b2b4989df31ed4c89ef4d85ed750
|
||||
00a0e18410e10420e08430b28000000b48200000028fdffc401000000450e108602410e1
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:39] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libm.so.6 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
fffffd9eedb6c2430dbe9ddd97a0a0f8482000000ddd8eb06ddd80f1f4000d97c240edb6
|
||||
9d10f828f000000488b0c244809d10f848200000048be000000000000ff7fb902c0ffff4
|
||||
f0424660fefc9e84b8205004885c00f8482000000bf000c0000e8c8c7fdff660f6f4c244
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:46] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
c000000e947e9ffff4c8b7c2428c70424820000004c8bb424800000004983c702e908cff
|
||||
fff488b4424388078010a8b44240c0f84820000004139c50f8d7ba2ffff83c3014983c40
|
||||
f1f84000000000066900fb61084d20f84820000008d4a9080f921770d0fb6c948630c8e4
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:52] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
8c7402800000000488b7f184885ff0f8482000000488b064885c074d2448b0feb1266662
|
||||
8c7402800000000488b7f184885ff0f8482000000488b064885c074d2448b4f04eb11666
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:53] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libz.so.1.3.1 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
30000000f1181a00000004183f80b0f84820000000f1181b00000004183f80c74750f118
|
||||
b4129c84a8d3c1a4b8d741d0039c80f8482000000418d48ff4489c083f90676204a8b141
|
||||
984249c00000066034424406644898424820000004189f0668984249e00000031c085f67
|
||||
-------------------------------
|
||||
[2026-03-27 12:57:54] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7 (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
0000080f9030f84a100000080f9010f848200000048c7c1ffffffff4084f6740c420fb64
|
||||
-------------------------------
|
||||
[2026-03-27 12:58:01] [CRITICAL] Little-Endian Magic Bytes found in mapped file: /usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-257.so (PID: 329)
|
||||
------- HEXDUMP CONTEXT -------
|
||||
000000004f10000000000000501000005110000052100000531000005510000056100000
|
||||
4f1100005011000051110000531100005511000000000000561100000000000000000000
|
||||
000000080110000821100008311000085110000000000000000000087110000000000000
|
||||
-------------------------------
|
||||
[2026-03-27 12:58:33] [INFO] [5/12] Checking for suspicious environment variables
|
||||
[2026-03-27 12:58:34] [SUCCESS] [5/12] No processes with the full suspicious env var set found
|
||||
[2026-03-27 12:58:34] [INFO] [6/12] Checking TCP ports 42391-43390 and 8000
|
||||
[2026-03-27 12:58:34] [ALERT] [6/12] Potentially suspicious connections on historical BPFDoor ports:
|
||||
tcp 0 0 10.132.0.2:43230 74.125.206.95:443 ESTABLISHED 659/google_guest_ag
|
||||
|
||||
[2026-03-27 12:58:34] [INFO] [7/12] Checking for masqueraded processes (Verifying true execution paths)
|
||||
[2026-03-27 12:58:38] [CRITICAL] [7/12] Process Masquerading Detected! PID=264 claims to be '/usr/lib/systemd/systemd-journald' but is actually executing '/usr/lib/systemd/systemd-journald'
|
||||
[2026-03-27 12:58:39] [CRITICAL] [7/12] Process Masquerading Detected! PID=615 claims to be '/sbin/agetty -o -- \u --noreset --noclear - linux' but is actually executing '/usr/sbin/agetty'
|
||||
[2026-03-27 12:58:39] [CRITICAL] [7/12] Process Masquerading Detected! PID=616 claims to be '/sbin/agetty -o -- \u --noreset --noclear --keep-baud 115200,57600,38400,9600 - vt220' but is actually executing '/usr/sbin/agetty'
|
||||
[2026-03-27 12:58:41] [INFO] [8/12] Checking for processes executing deleted binaries (Fileless execution)
|
||||
[2026-03-27 12:58:41] [SUCCESS] [8/12] No critical memory-resident/deleted binary execution found
|
||||
[2026-03-27 12:58:41] [INFO] [9/12] Checking kernel stacks for raw socket blocking (packet_recvmsg/wait_for_more_packets)
|
||||
[2026-03-27 12:58:41] [SUCCESS] [9/12] No processes blocking on suspicious packet socket kernel functions
|
||||
[2026-03-27 12:58:41] [INFO] [11/12] Checking for active connections to known BPFDoor C2 domains
|
||||
[2026-03-27 12:58:42] [WARN] [11/12] 'dig' or 'ss' missing; skipping C2 connection checks.
|
||||
[2026-03-27 12:58:42] [INFO] [12/12] Checking specific processes for hardcoded BPFDoor file signatures
|
||||
[2026-03-27 12:58:42] [SUCCESS] [12/12] No hardcoded process signatures detected
|
||||
[2026-03-27 12:58:42] [INFO] [10/12] Deep scanning candidate binaries (hash, strings, UPX packing)
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/bin/google_guest_agent_manager
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/ipsec/libcharon.so.0.0.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/ipsec/libstrongswan.so.0.0.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/ipsec/libtnccs.so.0.0.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/ipsec/plugins/libstrongswan-connmark.so
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/ipsec/plugins/libstrongswan-forecast.so
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/ipsec/plugins/libstrongswan-vici.so
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/ipsec/plugins/libstrongswan-x509.so
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/locale/aa_DJ.utf8/LC_COLLATE
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/locale/aa_DJ.utf8/LC_CTYPE
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/systemd/systemd-journald
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/systemd/systemd-networkd
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libaudit.so.1.0.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libblkid.so.1.1.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libbpf.so.1.5.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libcap-ng.so.0.0.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libc.so.6
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libelf-0.192.so
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libip4tc.so.2.0.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libmount.so.1.1.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libm.so.6
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.14.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libseccomp.so.2.6.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libsystemd.so.0.40.0
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libz.so.1.3.1
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/libzstd.so.1.5.7
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/ossl-modules/legacy.so
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/lib/x86_64-linux-gnu/systemd/libsystemd-shared-257.so
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/sbin/agetty
|
||||
[2026-03-27 12:58:42] [INFO] >>> Analyzing candidate binary: /usr/sbin/charon-systemd
|
||||
[2026-03-27 12:58:42] [INFO] [-] Basic persistence triage (cron, systemd, rc scripts)
|
||||
[2026-03-27 12:58:42] [ALERT] Suspicious pattern in systemd units under /usr/lib/systemd/system
|
||||
Reference in New Issue
Block a user