Техническая информация
Вредоносные функции:
Запускает процессы:
- cp -a /tmp/apt-key-gpghome.tnA8j9SkEO/pubring.gpg /tmp/apt-key-gpghome.tnA8j9SkEO/pubring.orig.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
- touch /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.gpg
- apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
- /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.7B0ogH /tmp/apt.data.GazPLJ
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
- mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
- /usr/lib/apt/methods/store
- cp -a /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.gpg /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.orig.gpg
- rm -f /tmp/apt-key-gpghome.tnA8j9SkEO/pubring.gpg
- rm -f /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
- apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
- gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
- readlink -f /etc/apt/trusted.gpg.d/
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
- readlink -f /tmp/apt-key-gpghome.tnA8j9SkEO
- gpgv --homedir /tmp/apt-key-gpghome.tnA8j9SkEO --keyring /tmp/apt-key-gpghome.tnA8j9SkEO/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.20sN33 /tmp/apt.data.Wnkyg6
- rm -rf /tmp/apt-key-gpghome.tnA8j9SkEO
- apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
- touch /tmp/apt-key-gpghome.tnA8j9SkEO/pubring.gpg
- /usr/lib/apt/methods/https
- apt-config shell GPGV Apt::Key::gpgvcommand
- chmod 700 /tmp/apt-key-gpghome.tnA8j9SkEO
- chmod 700 /tmp/apt-key-gpghome.wQY2Ftw0OX
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
- gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end
- apt-get update
- apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
- find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )
- /usr/bin/dpkg --print-foreign-architectures
- sort
- rm -rf /tmp/apt-key-gpghome.wQY2Ftw0OX
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
- apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
- /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.20sN33 /tmp/apt.data.Wnkyg6
- gpgv --homedir /tmp/apt-key-gpghome.wQY2Ftw0OX --keyring /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.7B0ogH /tmp/apt.data.GazPLJ
- readlink -f /tmp/apt-key-gpghome.wQY2Ftw0OX
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
- apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
- sed -e s#\x27#\x27\x22\x27\x22\x27#g
- gpgconf --kill all
- apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
- gpg-connect-agent --no-autostart KILLAGENT
- /usr/lib/apt/methods/http
- /usr/lib/apt/methods/gpgv
- sudo apt-get update
Завершает следующие процессы:
- http
- gpgv
- store
Выполняет операции с файловой системой:
Модифицирует права доступа к файлам:
- /var/lib/apt/lists/partial
- /var/lib/apt/lists/auxfiles
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /tmp/apt-key-gpghome.wQY2Ftw0OX
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.yMrKnA
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.1NHEBz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.w4yUkC
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
- /tmp/apt-key-gpghome.tnA8j9SkEO
Модифицирует владельца файлов:
- /var/lib/apt/lists/partial
- /var/lib/apt/lists/auxfiles
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
Создает папки:
- /tmp/apt-key-gpghome.wQY2Ftw0OX
- /tmp/apt-key-gpghome.tnA8j9SkEO
Удаляет папки:
- /tmp/apt-key-gpghome.wQY2Ftw0OX
Создает или модифицирует файлы:
- /tmp/#130834 (deleted)
- /var/lib/apt/lists/lock
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.KCh3rD
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.7Vr5aF
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.sMEPGF
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.4uJybF
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /tmp/apt.conf.SAHDYH
- /tmp/apt.sig.7B0ogH
- /tmp/apt.data.GazPLJ
- /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.gpg
- /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.orig.gpg
- /tmp/apt-key-gpghome.wQY2Ftw0OX/gpg.1.sh
- /tmp/#130829 (deleted)
- /tmp/apt.conf.wo3mA3
- /tmp/apt.sig.20sN33
- /tmp/apt.data.Wnkyg6
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.yMrKnA
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.1NHEBz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.w4yUkC
- /tmp/apt-key-gpghome.tnA8j9SkEO/pubring.gpg
- /tmp/apt-key-gpghome.tnA8j9SkEO/pubring.orig.gpg
- /tmp/apt-key-gpghome.tnA8j9SkEO/gpg.1.sh
Удаляет файлы:
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.KCh3rD
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.7Vr5aF
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.sMEPGF
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.4uJybF
- /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.orig.gpg
- /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.gpg
- /tmp/apt-key-gpghome.wQY2Ftw0OX/gpg.1.sh
- /tmp/apt.conf.SAHDYH
- /tmp/apt.sig.7B0ogH
- /tmp/apt.data.GazPLJ
- /tmp/apt-key-gpghome.tnA8j9SkEO/pubring.orig.gpg
Изменяет время создания/доступа/модификации файлов:
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.gpg
- /tmp/apt-key-gpghome.wQY2Ftw0OX/pubring.orig.gpg
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
- /tmp/apt-key-gpghome.tnA8j9SkEO/pubring.gpg
- /tmp/apt-key-gpghome.tnA8j9SkEO/pubring.orig.gpg
Сетевая активность:
Ожидает входящих соединений на портах:
- 127.0.0.1:9999
Устанавливает соединение:
- 45.##.28.202:5111
- 8.#.8.8:53
- [2##########240:f200:3:db06:4200:93a1]:443
- (e##val)
- [2##########36e:c400:3:db06:4200:93a1]:443
- [2##########36e:2a00:3:db06:4200:93a1]:443
- [2##########36e:5800:3:db06:4200:93a1]:443
- [2##########36e:b200:3:db06:4200:93a1]:443
- [2##########240:a600:3:db06:4200:93a1]:443
- [2##########240:4600:3:db06:4200:93a1]:443
- [2##########240:a00:3:db06:4200:93a1]:443
- 13.##.121.29:443
- 13.##.121.35:443
- 13.##.121.78:443
- 13.##.121.111:443
- 14#.##.118.132:80
- [2#####e42:8d::644]:80
DNS ASK:
- _h###.###p.security.debian.org
- _h###.##cp.deb.debian.org
- _h####.##cp.download.docker.com
- de####.#ap.fastlydns.net
- do####ad.docker.com
Посылает данные следующим серверам:
- 14#.##.118.132:80
- 13.##.121.29:443
Получает данные от следующих серверов:
- 13.##.121.29:443
- 14#.##.118.132:80
