Техническая информация
Вредоносные функции:
Запускает процессы:
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
- touch /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.gpg
- apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
- rm -f /tmp/apt-key-gpghome.yHPaEtN5ax/pubring.gpg
- cp -a /tmp/apt-key-gpghome.yHPaEtN5ax/pubring.gpg /tmp/apt-key-gpghome.yHPaEtN5ax/pubring.orig.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
- mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
- touch /tmp/apt-key-gpghome.yHPaEtN5ax/pubring.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
- /usr/lib/apt/methods/store
- readlink -f /tmp/apt-key-gpghome.Kuq6mLGlW9
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
- apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
- gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
- readlink -f /etc/apt/trusted.gpg.d/
- rm -rf /tmp/apt-key-gpghome.Kuq6mLGlW9
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
- apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
- chmod 700 /tmp/apt-key-gpghome.Kuq6mLGlW9
- /usr/lib/apt/methods/https
- apt-config shell GPGV Apt::Key::gpgvcommand
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
- cp -a /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.gpg /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.orig.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
- gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end
- /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.Ibqzbb /tmp/apt.data.h61ET8
- apt-get update
- apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
- apt-get --fix-broken install
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
- find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )
- rm -f /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.gpg
- /usr/bin/dpkg --print-foreign-architectures
- sort
- gpgv --homedir /tmp/apt-key-gpghome.Kuq6mLGlW9 --keyring /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.XtjBV8 /tmp/apt.data.u9QX1c
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
- apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
- readlink -f /tmp/apt-key-gpghome.yHPaEtN5ax
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
- chmod 700 /tmp/apt-key-gpghome.yHPaEtN5ax
- /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.XtjBV8 /tmp/apt.data.u9QX1c
- apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
- sed -e s#\x27#\x27\x22\x27\x22\x27#g
- gpgconf --kill all
- apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
- gpg-connect-agent --no-autostart KILLAGENT
- /usr/lib/apt/methods/http
- /usr/lib/apt/methods/gpgv
Завершает следующие процессы:
- http
- gpgv
- store
Выполняет операции с файловой системой:
Модифицирует права доступа к файлам:
- /var/cache/apt/archives/partial
- /var/lib/apt/lists/auxfiles
- /var/lib/apt/lists/partial
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /tmp/apt-key-gpghome.Kuq6mLGlW9
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.6BhChx
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.hbXcvy
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.jN2Lnv
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
- /tmp/apt-key-gpghome.yHPaEtN5ax
Модифицирует владельца файлов:
- /var/cache/apt/archives/partial
- /var/lib/apt/lists/auxfiles
- /var/lib/apt/lists/partial
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
Создает папки:
- /tmp/apt-key-gpghome.Kuq6mLGlW9
- /tmp/apt-key-gpghome.yHPaEtN5ax
Удаляет папки:
- /tmp/apt-key-gpghome.Kuq6mLGlW9
Создает или модифицирует файлы:
- /tmp/#130834 (deleted)
- /var/lib/dpkg/lock-frontend
- /var/lib/dpkg/lock
- /var/cache/apt/archives/lock
- /var/lib/apt/lists/lock
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.dBLrwc
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.Da2Zud
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.uJmQIc
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.OMobyd
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /tmp/apt.conf.L4ou19
- /tmp/apt.sig.XtjBV8
- /tmp/apt.data.u9QX1c
- /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.gpg
- /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.orig.gpg
- /tmp/apt-key-gpghome.Kuq6mLGlW9/gpg.1.sh
- /tmp/#130829 (deleted)
- /tmp/apt.conf.zzXaf9
- /tmp/apt.sig.Ibqzbb
- /tmp/apt.data.h61ET8
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.6BhChx
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.hbXcvy
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.jN2Lnv
- /tmp/apt-key-gpghome.yHPaEtN5ax/pubring.gpg
- /tmp/apt-key-gpghome.yHPaEtN5ax/pubring.orig.gpg
Удаляет файлы:
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.dBLrwc
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.Da2Zud
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.uJmQIc
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.OMobyd
- /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.orig.gpg
- /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.gpg
- /tmp/apt-key-gpghome.Kuq6mLGlW9/gpg.1.sh
- /tmp/apt.conf.L4ou19
- /tmp/apt.sig.XtjBV8
- /tmp/apt.data.u9QX1c
Изменяет время создания/доступа/модификации файлов:
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.gpg
- /tmp/apt-key-gpghome.Kuq6mLGlW9/pubring.orig.gpg
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
- /tmp/apt-key-gpghome.yHPaEtN5ax/pubring.gpg
- /tmp/apt-key-gpghome.yHPaEtN5ax/pubring.orig.gpg
Сетевая активность:
Ожидает входящих соединений на портах:
- 127.0.0.1:9999
Устанавливает соединение:
- 45.##.28.202:5111
- 8.#.8.8:53
- 14#.##.118.132:80
- [2#####e42:8d::644]:80
- 3.###.206.102:443
- (e##val)
- 3.###.206.39:443
- 3.###.206.5:443
- 3.###.206.93:443
- [2##########78f:b200:3:db06:4200:93a1]:443
- [2##########78f:8400:3:db06:4200:93a1]:443
- [2##########78f:ae00:3:db06:4200:93a1]:443
- [2##########78f:3200:3:db06:4200:93a1]:443
- [2##########78f:3400:3:db06:4200:93a1]:443
- [2##########78f:8c00:3:db06:4200:93a1]:443
- [2##########78f:7800:3:db06:4200:93a1]:443
- [2##########78f:a400:3:db06:4200:93a1]:443
DNS ASK:
- _h###.###p.security.debian.org
- _h####.##cp.download.docker.com
- _h###.##cp.deb.debian.org
- de####.#ap.fastlydns.net
- do####ad.docker.com
Посылает данные следующим серверам:
- 14#.##.118.132:80
- 3.###.206.102:443
Получает данные от следующих серверов:
- 14#.##.118.132:80
- 3.###.206.102:443
