Техническая информация
Вредоносные функции:
Запускает процессы:
- /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.cqH0Xj /tmp/apt.data.ZHrntj
- rm -f /tmp/apt-key-gpghome.vY472KjWUC/pubring.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
- rm -rf /tmp/apt-key-gpghome.78oTWZITlV
- apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
- chmod 700 /tmp/apt-key-gpghome.vY472KjWUC
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
- mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
- cp -a /tmp/apt-key-gpghome.78oTWZITlV/pubring.gpg /tmp/apt-key-gpghome.78oTWZITlV/pubring.orig.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
- /usr/lib/apt/methods/store
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
- apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
- gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
- readlink -f /etc/apt/trusted.gpg.d/
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
- apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
- chmod 700 /tmp/apt-key-gpghome.78oTWZITlV
- touch /tmp/apt-key-gpghome.vY472KjWUC/pubring.gpg
- cp -a /tmp/apt-key-gpghome.vY472KjWUC/pubring.gpg /tmp/apt-key-gpghome.vY472KjWUC/pubring.orig.gpg
- /usr/lib/apt/methods/https
- apt-config shell GPGV Apt::Key::gpgvcommand
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
- rm -f /tmp/apt-key-gpghome.78oTWZITlV/pubring.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
- gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end
- apt-get update
- apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
- gpgv --homedir /tmp/apt-key-gpghome.78oTWZITlV --keyring /tmp/apt-key-gpghome.78oTWZITlV/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.045B6V /tmp/apt.data.zG4s5V
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
- find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )
- /usr/bin/dpkg --print-foreign-architectures
- sort
- /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.045B6V /tmp/apt.data.zG4s5V
- /usr/lib/apt/methods/gpgv
- apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
- readlink -f /tmp/apt-key-gpghome.vY472KjWUC
- touch /tmp/apt-key-gpghome.78oTWZITlV/pubring.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
- apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
- sed -e s#\x27#\x27\x22\x27\x22\x27#g
- gpgconf --kill all
- apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
- gpg-connect-agent --no-autostart KILLAGENT
- /usr/lib/apt/methods/http
- readlink -f /tmp/apt-key-gpghome.78oTWZITlV
- sudo apt-get update
Завершает следующие процессы:
- http
- gpgv
- store
Выполняет операции с файловой системой:
Модифицирует права доступа к файлам:
- /var/lib/apt/lists/partial
- /var/lib/apt/lists/auxfiles
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /tmp/apt-key-gpghome.78oTWZITlV
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.Myh2yS
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.PFGLRU
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.HtBpIV
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
- /tmp/apt-key-gpghome.vY472KjWUC
Модифицирует владельца файлов:
- /var/lib/apt/lists/partial
- /var/lib/apt/lists/auxfiles
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
Создает папки:
- /tmp/apt-key-gpghome.78oTWZITlV
- /tmp/apt-key-gpghome.vY472KjWUC
Удаляет папки:
- /tmp/apt-key-gpghome.78oTWZITlV
Создает или модифицирует файлы:
- /tmp/#130834 (deleted)
- /var/lib/apt/lists/lock
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.3niKbH
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.GPDzSC
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.0Yi3dG
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.eTx7IF
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /tmp/apt.conf.wqlMXY
- /tmp/apt.sig.045B6V
- /tmp/apt.data.zG4s5V
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /tmp/apt-key-gpghome.78oTWZITlV/pubring.gpg
- /tmp/apt-key-gpghome.78oTWZITlV/pubring.orig.gpg
- /tmp/apt-key-gpghome.78oTWZITlV/gpg.1.sh
- /tmp/#130829 (deleted)
- /tmp/apt.conf.3T3Fgh
- /tmp/apt.sig.cqH0Xj
- /tmp/apt.data.ZHrntj
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.Myh2yS
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.PFGLRU
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.HtBpIV
- /tmp/apt-key-gpghome.vY472KjWUC/pubring.gpg
- /tmp/apt-key-gpghome.vY472KjWUC/pubring.orig.gpg
Удаляет файлы:
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.3niKbH
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.GPDzSC
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.0Yi3dG
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.eTx7IF
- /tmp/apt-key-gpghome.78oTWZITlV/pubring.orig.gpg
- /tmp/apt-key-gpghome.78oTWZITlV/pubring.gpg
- /tmp/apt-key-gpghome.78oTWZITlV/gpg.1.sh
- /tmp/apt.conf.wqlMXY
- /tmp/apt.sig.045B6V
- /tmp/apt.data.zG4s5V
Изменяет время создания/доступа/модификации файлов:
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /tmp/apt-key-gpghome.78oTWZITlV/pubring.gpg
- /tmp/apt-key-gpghome.78oTWZITlV/pubring.orig.gpg
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
- /tmp/apt-key-gpghome.vY472KjWUC/pubring.gpg
- /tmp/apt-key-gpghome.vY472KjWUC/pubring.orig.gpg
Сетевая активность:
Ожидает входящих соединений на портах:
- 127.0.0.1:9999
Устанавливает соединение:
- 45.##.28.202:5111
- 8.#.8.8:53
- 14#.##.118.132:80
- [2#####e42:8d::644]:80
- [2##########36e:e800:3:db06:4200:93a1]:443
- (e##val)
- [2##########36e:e00:3:db06:4200:93a1]:443
- [2##########36e:d600:3:db06:4200:93a1]:443
- [2##########240:2e00:3:db06:4200:93a1]:443
- [2##########36e:1000:3:db06:4200:93a1]:443
- [2##########36e:9200:3:db06:4200:93a1]:443
- [2##########36e:dc00:3:db06:4200:93a1]:443
- [2##########240:6400:3:db06:4200:93a1]:443
- 13.##.121.35:443
- 13.##.121.29:443
- 13.##.121.111:443
- 13.##.121.78:443
DNS ASK:
- _h####.##cp.download.docker.com
- _h###.###p.security.debian.org
- _h###.##cp.deb.debian.org
- de####.#ap.fastlydns.net
- do####ad.docker.com
Посылает данные следующим серверам:
- 14#.##.118.132:80
- 13.##.121.35:443
Получает данные от следующих серверов:
- 14#.##.118.132:80
- 13.##.121.35:443
