← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Backup from 03-28-24 - Systemd dump, malicious ssh and sshd files, libsystemd-vore libsystemd-shared plus supporting php files
WHITE Chinese Speaking Merkd1904 2024-04-15 Modified: 2024-04-23
321
IOCs
HIGH VOLUME
Ignoring the yara and eicar files - I was able to recover a partition use for backups from 03/25/24-03/29/24; the day of the XZ supply chain disclosure. This is a preliminary dump with accompanying analysis and sha1, and 256's of my /usr/lib/systemd directory which housed multiple suspect ssh sub directories plus malicous libsystemd-shared and libsystemd-core binaries, and all supporting config, dev, service, and binaries. Dig in.
fireeyecopyrightbase64dotnettojscriptgadgettojscriptinvokeclientinvokeserverreadhost entercommandrothnextronsandwormdetects sshgrant allprivileges onto mysqldbcreate userg rootsandworm pythonimportphpsploithostuserpasserrorestablishpecl oci8connstrcharsetfalseminertexthtmlmodulesend customswisskyclassserviceipserviceportservicedatae binshinitservice portdetectscve202140444targettargetmodejeremy brownwindows cvems officemodified rulerpermwpermpathsepstringrwxrxrxfile typesunixloginautenticationdisableldapconnectversionauthenticationldaplistnullpathelemsexecutebackdoorkingdee oayunxingkongb6oacode executionkingdee cloudstarry skyotherwisefilesetsmartdatefreadnameforcebase64decodedatasubstrarrayreaddirgetownergetgroupgetsizeforce optionfwritepermissioncheckmodediraccessfileaccessrealpathstatimmutableposixgetpwuidposixgetgrgidexplodeetcpasswdglobglobonlydiroracleloginportservicenameconnectorbasequery typemssqlfetcharraymssqlassocsolsockettimeoutrangeportminportmaxsocketcreateafinetsockstreamopentypetruetcp connectiontcp shellinputlhostnetcatlportshelldllimportpythonbackforepfinetstdoutthiswin32ldapsearchselectmysqliassocselect databasesendnewfiledns stubthird partysee manexito pipefailv systemctldevnullunknown verblicensegnu lessergeneral publicfree softwarefoundationunitslicecpuweight100tasks slicecpuweight30capev2capecuckoo websetupgreplimitnofileinstallreturnexecstartstartdescriptionruntimeroncalendardailyserviceprevent ratedelay startm poetrysigkilldescriptioncapeef usercapeg capeallowisolateyestypedbussocketmessage buslistenstreamtypenotifydescriptionuserharald sittersitterkcrashdrkonqiacceptyesdisable triggertodopreventspathpathexistsglobruntimemaxsec31runtimemaxsec30restartnodescriptionexitenvironmentfileotheroptssoundfontdescriptiongcrsshauthsockdescriptionglibpriority6killmodeprocessproxysocketmode0600apache softwarenotice fileapache licenseunlessas isbasisor conditionsapple fileconduit monitordescriptionjackjackoptions ddriver ddevicemedia transferindexer daemonmemorymemoryhigh512msystem socketsa userconditionuserdbus menusplasmaphaseworkspace coreexit statusx11 connectiontimeoutstopsec5disable restarttimeoutsec40sectypeoneshotdavid edmundsondavidedmundsonosd serviceportalauto restartdbusxembed systemlogging systemsocketmode0660all containersrestart policylogging startexecstopbinsh cloggingx11 pluginssession slicetypeforkingetc userrootgrouprootonbootsec15minplacetemporaryvolatile filesthunarsession managerwireplumberservice filexdg autostartuser dirdescriptionxfcesandboxmalwareanalysisonlinesubmitvxstreamsampledownloadtrojanaptmemoryfile scanansibpf programindicatorbpf firewallingpcappcap processingbpffallowmultibpf devicedatesuspicioushybridcryptocloseclickaprilstringsfebruarymiddleexploitgameovercontactscopethomas kochgpl v2imsmibftrulediribftrulesattrsystemd rulehannes reineckesuse labsipibftinterfacekernelconfigfiletypesimpleapparmorgrouparchaudithardeningumask077persistenttrueenable debugnetworkmanagertracewait onlineeditnotereloadcapdacoverridedhcp etcmdadmscanmdadmdelaymdadmmailmdadmprogrammdadmconfigmdadmsendmailp runsysconfiguserrootsssdwrite accessneeded sometimestatedirectoryaccountsservicevarloglastlogbridge daemonalsa cardcard staterequiredanother autonice daemonmemorymax64mfilter systemmountrebootclocklogging servicerequiresbeforepleaseexit codesprocdescriptionrunsexecstartsh cswitchtoggleignoreonisolateterm typeidlewithoutany warrantymerchantabilityfitnessa particularvartmpwants typepreparationwatchdogsec10filesystemtimer daemonoptionsenvironmentpreventreadwritepathssecuritycertainprotectsystembindpathslower cpunice19manageruserccelerydnodesinfochaddevopsaaron brightonclam antivirusjon krieldistributionscriptsanesecuritysecuriteinfomalwarepatroloitcfile locationremembertypeexec user9 cntlmgenerate colorprofilesremoveipctruedevptsauthorsany kindusercouchdbrestartsec5volumesserver socketuser209daemondarkstatifacereloadconfigwatchdogsec3minprivatetmpyesprotectprocincreasedescriptiontimedate servicedebugging onlyignoresigpipenounset localefile systemqueue filewhatmqueueoptionsnosuidpf rundhclientraterequiresdirmngrcapfownercapsetpcapdhcpdns serverstartlimitlimitsdelegateyesdescriptionpassruntimemaxsec5mountainmetadata checkall filesystemsonline metadatasundayoncalendarsunonline ext4sigterm signaljava processpiddirstandardoutputelasticsearchlimitnproc4096limitasinfinitysendsighupyesmapper daemonmainpidquitlistenstream79radius serverd etcraddbprotecthomeondefaultsystemserviceefiefi bootefiafinet afinet6afunix afinetoncalendar 0000privatetmptruegeoip legacygeoip2instanceusergitscdconfignoticedevinputmice tdescriptiongpssystemsock refclockgpsdoptionsdevicesdaemon sockets2947bindipv6onlyyesusbautousrbingpsdctlgps daemonafterdevgvmddatavarlibgssproxynonewprivilegesprivatetmpprotecthomeieeeetchostapdkillmodemixedfcopyuncommentuse sigtermsigkill i2pdsendsigkillyeslimitnofile8192systemdanalogshutting downiodineextip piodineport piodineusertuniptopdomainguessmainpidyesm nodewantsinitiatornameio drivertypeexecc etckcptunusernobodyrequireskeyboxdstatic devicenoforkrestartalwayslinker cachehackuse wantsraisetasksmaxtasksmax32768limitmemlock64mremoveonstopyesip sockettls ipconflictsgettyaftergettybusmodulesqabrhwmonmoduleslocal fileprivatenetworklvm2initializationautoboot codes delegatetruedescriptionpidfilerunlxclynis serviceadjust pathlynis binarylynis timertell systemdlynis securitypersistentfalsecontainer slicerecovervarcachemanregenerate manuserroot nice19mysqldoptsmysqldsafetimezonecorerestartusersbacklog150listenstreamsservicemariadbmechanismmariadbmulti instancevariablesbindirmdadmgnu generalpublic licensereshapeonactivesec30oncalendarwantedbymonitorallow mdmontakeoverk nonec devnulld runinitramfsp runmongodblimitnproc32000limitmemlock5device serverrequiredbydevd devdescriptionrealextraoptsrestartsec30validfifoprioritybatchnice0partoftracking daemonhelperfor testingonlyrestrictgrantcapsysptracecapkillcapipclockenvironcapsysresourcecapsyslogdescriptionnameservice cachesysvlsbdescriptionhostnetwork namegroup nameu ntptime servicet hibernatesoftwareotherthe softwaredaemon initsoftware isprovidedfcnvmewantsmodprobeaftermodprobedescriptionallnbftnvmeofconnectargsunit filedescriptionnvmfred hatwithout anywarrantycard daemonsocketmode0666suite resultkexec screenoncalendarsatboot screentimeoutsec20power offruntime datadescriptionholdtimeoutsec0sandboxingexecstopcolin waltersupgradeupgrade outputumask0077transport agentdescriptionmakedescriptionpppwhatnfsdfile formatsautomount pointautomountsetuid nobodysetgid nobodysetconsyslogrestartonaborthalt screenreboot screenpgrootpostgresqloom killeradditionalfy nice19endless osfoundation llcrestartsec0system quotasrabbitmqprotecthometrueetcratholeguessmainpidnoh etcrdnssdreflectorafinet6 afunixumask177remote filenfs clientnfsv23 lockingmake surerpc netconfigdescriptionfastusing sshso letbootrealtimekitrwhodoptsdisplay managerspecifyinterval lloginterval fbindstodevalwaysusrbingrpck rslapdoptionsu ldapslapdurlssmartpciusbmididaemonoptssnmptrap daemong snortdescriptionsudohibernatesvnserveargswhatfusectlwhatconfigfswhatdebugfswhattracefsbest waysee httpsunits serviceservice sliceoffline systemupdatewall directorytimeoutsec90sdescriptionmarkcurrent bootloader entryany systemunitsloader randomloader updateservice socketdump socketoptionallyroot deviceafalg afinetexecstophomectlhome areanamed pipesink servicesink socketupload servicedynamicuseryessigkilleddevlogtimestampingusnamespacesendbuffer8mkernel commandnetlink socketstoragedescriptionwaitnetworkmakedeviceallowreservekiller socketroot filemeasurementpcr policytpm pcrcodeconfigurationmachine idbarrierquota checksystem quotaafterrandom seedkernel filegpt partitionkill switchnvmetcptriggersaturdaypersistentyessystem updatekernel timecapsystimentp serviceturnfilesdevice nodessrk setupdevice eventsbootshutdownchangemanager socketdescriptiontincproxy serverlinrunnerdescriptiontlptor servicef etctortorrctpm devicedescriptionudptcpicmpudpetcudp2rawdebugswapapi fileprivatedeviceshomerootrunuserlinux controlgroupsgroupafnetlinklocked memorylimitmemlock0usb gadgetapplesliceuserdescriptionuuidcompatibilitytyperpcpipefsvmsvgahypervisorusr1mgmt appuserdac permissionselinuxxxx someoneqemumachine toolsvmware toolspidfilerunvpncwacomiface ddspeed uifacedescriptionwpaoraclereservedwongemailaddrtunnel protocoll2tpispsrussia useipsecd optxplicob sqlitedescriptionxrdpxrdpoptionsprocesssesmanoptionszpoolimportoptsan ot scrubusrbinzpoolzfs volumedescriptionzfsf restartalwaysremainafterexitnmbdoptionssmbdoptionssuccessactionwinbindoptionsck idhybrid analysismitre attmalicioussdshared ansidefault undfunc globalfunc localobject localgeneralshow techniqueck matrixtasksmax33empty fileproxycommandcheckhostipafunixafvsockallowr tablechkbootcheckgplv2 sourcechkbootstylesetcissuepartitionminimizebestmit nomatchlinknamepolicykeepethernet linkkindveth namevekindveth namevbkeepmasteryesdhcpv4kindsit name6rdipv4llipv6lldhcpipv6radhcpv6typeetherdhcpyesusetimezoneyestypewlantuntapnatdhcpkindtun namevtkindoriginalnamedefinedbypeersopeergroupsdbus protocoldbus nameexechup signalsighupdnssecsessionidseatidsleepleaderjobresultcoredumppidcoredumpcommjunitna zapuskmikrasiekundenhedmikrosekunderopstartjobida rendszerezredmsodperceta rendszernapluser managersmacklunitstatoil processoil sistemastatale processusnotez quejedinicazapamtite danovajednostkaprosz zauwayzwykle wskazujejesto processoprocessoissoinicializaojournalsizelimituseridprozessspeicherabbildhinweis aufprogrammfehlerfehler demdie systemzeitrealtime
MITRE ATT&CK & Malware Families
ATT&CK TECHNIQUES
MALWARE FAMILIES
RemainAfterExit NMBDOPTIONS SMBDOPTIONS SuccessAction WINBINDOPTIONS
Indicators of Compromise (321)
All FileHash-MD5 YARA CVE FileHash-SHA1 FileHash-SHA256 domain URL email hostname CIDR
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 7af24305a409a2b8f83ece27bb0f7900 2024-04-15
YARA afcc2efb164ed48d42cbfc5b53824c905b69f32f This file may enclude a Base64 encoded .NET executable. This technique is used by the project DotNetToJScript which is used by many malware families including GadgetToJScript. 2024-04-15
YARA d780d827df07e0e8a1dc681d2d18cc1f64ebdb8f 2024-04-15
CVE CVE-2019-10149 2024-04-15
FileHash-MD5 23c718c2baca1f7b43304ec378d3da75 MD5 of c025008463fdbf44b2f845f2d82702805d931771aea4b506573b83c8f58bccca 2024-04-15
FileHash-MD5 92d078d05e89c55b7bb7187fd1c53bdd MD5 of dc074464e50502459038ac127b50b8c68ed52817a61c2f97f0add33447c8f730 2024-04-15
FileHash-MD5 aa12bb20db6a891e04a3933006db8d24 MD5 of abfa83cf54db8fa548942acd845b4f34acc94c46d4e1fb5ce7e97cc0c6596676 2024-04-15
FileHash-MD5 d61d598106b04520a018dfa58e707ab2 MD5 of 538d713cb47a6b5ec6a3416404e0fc1ebcbc219a127315529f519f936420c80e 2024-04-15
FileHash-SHA1 0088262ccbf6a3f3710f6b80952c37ab14e211ea SHA1 of dc074464e50502459038ac127b50b8c68ed52817a61c2f97f0add33447c8f730 2024-04-15
FileHash-SHA1 70427d9f70306cd4e6f48ca95b786a44e237a543 SHA1 of c025008463fdbf44b2f845f2d82702805d931771aea4b506573b83c8f58bccca 2024-04-15
FileHash-SHA1 a32b6a75f20f0a54076e1ecdf82889d60ef75207 SHA1 of 538d713cb47a6b5ec6a3416404e0fc1ebcbc219a127315529f519f936420c80e 2024-04-15
FileHash-SHA1 a60815382b152318ca94ff8dc839e14041eb7478 SHA1 of abfa83cf54db8fa548942acd845b4f34acc94c46d4e1fb5ce7e97cc0c6596676 2024-04-15
FileHash-SHA256 538d713cb47a6b5ec6a3416404e0fc1ebcbc219a127315529f519f936420c80e 2024-04-15
FileHash-SHA256 abfa83cf54db8fa548942acd845b4f34acc94c46d4e1fb5ce7e97cc0c6596676 2024-04-15
FileHash-SHA256 c025008463fdbf44b2f845f2d82702805d931771aea4b506573b83c8f58bccca 2024-04-15
FileHash-SHA256 dc074464e50502459038ac127b50b8c68ed52817a61c2f97f0add33447c8f730 2024-04-15
YARA 09074c918550fa39955e159be55f9a2d86bc4f30 Detects mysql init script used by Sandworm on compromised machines 2024-04-15
YARA 20120260a181deccdae1a455d2ab11f46e0d2a97 Detects commands used by Sandworm group to exploit critical vulernability CVE-2019-10149 in Exim 2024-04-15
YARA 314dfc646758738fdadb7fade661afc595b48d00 Detects SSH key used by Sandworm on exploited machines 2024-04-15
YARA 3dc9e8e22cc3146831785b5c80d710849282ca22 Detects Sandworm Python loader 2024-04-15
YARA 736366de9ac3c5c594d878d60a36f59f96b07958 Detects GIF header PHP webshell used by Sandworm on compromised machines 2024-04-15
YARA 759425a84ebfc3aea77b39f12e2f651f635bb665 Detects ssh config entry inserted by Sandworm on compromised machines 2024-04-15
YARA 873626e4a09e9e8a8b16a3bb9f013b14ede43a8f Detects user added by Sandworm on compromised machines 2024-04-15
YARA 973ed40b724177211360730ede5eab01ed1edde1 Detects Sandworm Python loader 2024-04-15
YARA f78e4f40d3e54f8acbf6b3377088e72b2e180b94 Detects shell script used by Sandworm in attack against Exim mail server 2024-04-15
domain cryptominer.name 2024-04-15
domain logging.info 2024-04-15
domain requester.do 2024-04-15
CVE CVE-2021-40444 2024-04-15
FileHash-MD5 41dacae2a33ee717abcc8011b705f2cb MD5 of 84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69 2024-04-15
FileHash-MD5 f24455c158f188a82ab239d7e9a8bb63 MD5 of 13de9f39b1ad232e704b5e0b5051800fcd844e9f661185ace8287a23e9b3868e 2024-04-15
FileHash-SHA1 4b35d14a2eab2b3a7e0b40b71955cdd36e06b4b9 SHA1 of 84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69 2024-04-15
FileHash-SHA1 c52ce8962faa34fac6c5c9fb3453ce9d0880f7ab SHA1 of 13de9f39b1ad232e704b5e0b5051800fcd844e9f661185ace8287a23e9b3868e 2024-04-15
FileHash-SHA256 13de9f39b1ad232e704b5e0b5051800fcd844e9f661185ace8287a23e9b3868e 2024-04-15
FileHash-SHA256 84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69 2024-04-15
YARA 1cfed45d5cdec65bd32a9c998b1a3abd1ee44dc0 Detects suspicious office reference files including an obfuscated MHTML reference exploiting CVE-2021-40444 2024-04-15
YARA 584dec4f72aeb210c8d1647e440c05e4f9feff3a Detects suspicious encodings in fields used in reference files found in weaponized MS Office documents 2024-04-15
YARA 89f178d62accd6b3a34a1799e4519ab3460408eb Detects suspicious encodings in fields used in reference files found in weaponized MS Office documents 2024-04-15
YARA 8a640c91ae25db0fd48660ca28ae9ff91b55a99d Detects indicators found in weaponized documents that exploit CVE-2021-40444 2024-04-15
YARA a5afc966cc587fb1e84f70ef17f4c7390676c7ac Detects possible CVE-2021-40444 with no encoding, HTML/XML entity (and hex notation) encoding, or all 3 2024-04-15
FileHash-MD5 922c64590222798bb761d5b6d8e72950 2024-04-15
URL https://commixproject.com 2024-04-15
domain commixproject.com 2024-04-15
domain settings.shell 2024-04-15
domain settings.target 2024-04-15
domain settings.win 2024-04-15
domain socket.af 2024-04-15
domain subprocess.call 2024-04-15
domain paths.target 2024-04-15
domain sockets.target 2024-04-15
domain timers.target 2024-04-15
domain network-online.target 2024-04-15
domain multi-user.target 2024-04-15
domain network.target 2024-04-15
domain syslog.target 2024-04-15
domain basic.target 2024-04-15
domain default.target 2024-04-15
domain shutdown.target 2024-04-15
domain graphical-session.target 2024-04-15
domain plasma-core.target 2024-04-15
email sitter@kde.org 2024-04-15
domain sound.target 2024-04-15
domain local-fs.target 2024-04-15
domain graphical-session-pre.target 2024-04-15
email davidedmundson@kde.org 2024-04-15
domain xdg-desktop-autostart.target 2024-04-15
domain plasma-workspace.target 2024-04-15
domain gnome-session-x11.target 2024-04-15
URL https://redmine.openinfosecfoundation.org/projects/suricata/wiki 2024-04-15
hostname redmine.openinfosecfoundation.org 2024-04-15
CVE CVE-2023-2640 2024-04-15
CVE CVE-2023-32629 2024-04-15
FileHash-MD5 16408417d89c6804a59879ea1f76aa5c 2024-04-15
FileHash-MD5 55138a70d2c17eb9cbe9d4df19d6cb96 MD5 of e596592ce9b8a8652864f9a4d330729353157351e17fcc66fe5c3af2258ffc04 2024-04-15
FileHash-MD5 6e262c096efc1c149fa5eb7cfc804045 MD5 of 671ec7ec2dafbdcb6b24cbf64263cd4dbf659bef41c575560dda74975ddc4f04 2024-04-15
FileHash-MD5 8d02db4dad1522baa10f9ca03f224dba MD5 of 26e52d1fc06b80300f2af61e3bb6856c96a2c6d786966bbf1289d2c4b633ce83 2024-04-15
FileHash-MD5 c576b0155333483c088e62c1c2be4e5d MD5 of ebad322fd9bb8b74861fe36131eb1166fb0a8ba24cc0a0f7db62b86bb461d9cf 2024-04-15
FileHash-MD5 c9be56f5efc5fb4802c1d640694dde75 MD5 of 689819cfb0e30bbcd623c007313355bf442361dfda168b818f1a3b453691e19e 2024-04-15
FileHash-SHA1 3a8df73672b3178d1f1583720e84144dee22c0d8 SHA1 of e596592ce9b8a8652864f9a4d330729353157351e17fcc66fe5c3af2258ffc04 2024-04-15
FileHash-SHA1 50bf1607953ea79d1546874fce4e7e24868db3c7 SHA1 of 26e52d1fc06b80300f2af61e3bb6856c96a2c6d786966bbf1289d2c4b633ce83 2024-04-15
FileHash-SHA1 8deb90f11f3596dbbfadeaa05fd5b40567a6d60a 2024-04-15
FileHash-SHA1 b396b5de3aa5d1802e8986f4ad3a5f10d2378997 SHA1 of 671ec7ec2dafbdcb6b24cbf64263cd4dbf659bef41c575560dda74975ddc4f04 2024-04-15
FileHash-SHA1 c4350ff9b23d454ef43a70125dce4bc1b01b19c8 2024-04-15
FileHash-SHA1 d5f9c69de4d7b5705e557bac75832daa3470e636 SHA1 of 689819cfb0e30bbcd623c007313355bf442361dfda168b818f1a3b453691e19e 2024-04-15
FileHash-SHA1 fc6e054d6b8a17fbdcf3bad83a7c4fa7202bbd38 SHA1 of ebad322fd9bb8b74861fe36131eb1166fb0a8ba24cc0a0f7db62b86bb461d9cf 2024-04-15
FileHash-SHA256 26e52d1fc06b80300f2af61e3bb6856c96a2c6d786966bbf1289d2c4b633ce83 2024-04-15
FileHash-SHA256 671ec7ec2dafbdcb6b24cbf64263cd4dbf659bef41c575560dda74975ddc4f04 2024-04-15
FileHash-SHA256 689819cfb0e30bbcd623c007313355bf442361dfda168b818f1a3b453691e19e 2024-04-15
FileHash-SHA256 b1a9e5be43c028442c07071e202f44f33e3a2df167822c5cfed8f998e01fe169 2024-04-15
FileHash-SHA256 e596592ce9b8a8652864f9a4d330729353157351e17fcc66fe5c3af2258ffc04 2024-04-15
FileHash-SHA256 ebad322fd9bb8b74861fe36131eb1166fb0a8ba24cc0a0f7db62b86bb461d9cf 2024-04-15
email abusecomplaints@markmonitor.com 2024-04-15
domain zfs-import.target 2024-04-15
domain exit.target 2024-04-15
domain halt.target 2024-04-15
domain kexec.target 2024-04-15
domain machines.target 2024-04-15
domain poweroff.target 2024-04-15
domain reboot.target 2024-04-15
domain remote-cryptsetup.target 2024-04-15
domain remote-fs.target 2024-04-15
domain rescue.target 2024-04-15
domain sysinit.target 2024-04-15
domain network-pre.target 2024-04-15
domain nss-lookup.target 2024-04-15
domain graphical.target 2024-04-15
domain nss-user-lookup.target 2024-04-15
domain sleep.target 2024-04-15
domain getty-pre.target 2024-04-15
domain getty.target 2024-04-15
domain slices.target 2024-04-15
URL https://bettercap.org 2024-04-15
domain bettercap.org 2024-04-15
domain suspend.target 2024-04-15
domain umount.target 2024-04-15
domain bluetooth.target 2024-04-15
domain extremeshok.com 2024-04-15
email admin@extremeshok.com 2024-04-15
URL https://containerd.io 2024-04-15
domain containerd.io 2024-04-15
domain time-sync.target 2024-04-15
domain cryptsetup.target 2024-04-15
domain ctrl-alt-del.target 2024-04-15
domain printer.target 2024-04-15
domain local-fs-pre.target 2024-04-15
domain time-set.target 2024-04-15
URL https://networkradius.com/freeradius-documentation/ 2024-04-15
domain networkradius.com 2024-04-15
URL https://fwupd.org/ 2024-04-15
domain fwupd.org 2024-04-15
domain system-update-pre.target 2024-04-15
domain system-update.target 2024-04-15
domain emergency.target 2024-04-15
domain initrd-fs.target 2024-04-15
domain initrd-root-device.target 2024-04-15
domain initrd-root-fs.target 2024-04-15
domain initrd-usr-fs.target 2024-04-15
domain initrd-switch-root.target 2024-04-15
domain initrd.target 2024-04-15
domain integritysetup.target 2024-04-15
domain remote-fs-pre.target 2024-04-15
domain virt-guest-shutdown.target 2024-04-15
URL https://cisofy.com/docs/ 2024-04-15
domain cisofy.com 2024-04-15
URL https://systemd.io/NETWORK_ONLINE 2024-04-15
domain systemd.io 2024-04-15
domain nfs-client.target 2024-04-15
domain pipefs.target 2024-04-15
domain nfs-utils.target 2024-04-15
domain nvmf-connect.target 2024-04-15
email walters@verbum.org 2024-04-15
domain boot-complete.target 2024-04-15
domain final.target 2024-04-15
domain cryptsetup-pre.target 2024-04-15
domain veritysetup-pre.target 2024-04-15
domain rpcbind.target 2024-04-15
domain swap.target 2024-04-15
domain first-boot-complete.target 2024-04-15
domain soft-reboot.target 2024-04-15
domain network.link 2024-04-15
domain network.network 2024-04-15
domain tpm2.target 2024-04-15
domain network.search 2024-04-15
domain runlevel1.target 2024-04-15
domain runlevel2.target 2024-04-15
domain runlevel3.target 2024-04-15
domain runlevel4.target 2024-04-15
domain runlevel5.target 2024-04-15
URL http://tinc-vpn.org/docs/ 2024-04-15
domain tinc-vpn.org 2024-04-15
URL https://linrunner.de/tlp 2024-04-15
domain linrunner.de 2024-04-15
URL https://systemd.io/TEMPORARY_DIRECTORIES 2024-04-15
domain veritysetup.target 2024-04-15
domain wg-quick.target 2024-04-15
domain zfs-volumes.target 2024-04-15
FileHash-MD5 0a01080bd0e8989baa4072a3c59dc3a3 2024-04-15
FileHash-MD5 10f66102da0845d333c4d7babec29de9 MD5 of 03abad346c58d3670d064e5f61595367ef393f0a70ee933c21ad8b45fe37d84b 2024-04-15
FileHash-MD5 2cfc36fcd7fe7c7d02ee0d5824248e3e MD5 of 480a42e823456e5c78348a3f85beec0d02581bbfd255dad5cb208c16862f3995 2024-04-15
FileHash-MD5 4830a2614bb8ce1ce732653c1d0a0868 MD5 of 8569772611abe3f25fe4f5d5422aad894d29705c6f97bc2a7978a1d1c1fe9b82 2024-04-15
FileHash-MD5 cd3ccbd6e4226c52b3f59056b35d4bbe MD5 of f556f38690b8b551ec8215bc38d2d1fc02895acf9ff54f9fa140ae568d296dfe 2024-04-15
FileHash-MD5 ce193452508f1eca2072d1a44dccceab MD5 of 514d739ef92e844a370bc555e0f56381f1301992908aab936038a7a7b65f2472 2024-04-15
FileHash-SHA1 00683fb98414fbe79ca5b0bf6c912083b2e8e852 SHA1 of 514d739ef92e844a370bc555e0f56381f1301992908aab936038a7a7b65f2472 2024-04-15
FileHash-SHA1 3a616cacddba89ab74e97e3c01efabc5222bee58 SHA1 of 8569772611abe3f25fe4f5d5422aad894d29705c6f97bc2a7978a1d1c1fe9b82 2024-04-15
FileHash-SHA1 4861ab61e56d8afa9185724a2444cd22598736b2 2024-04-15
FileHash-SHA1 95132175fef6f09950fb8567cebaac79139fac02 SHA1 of 03abad346c58d3670d064e5f61595367ef393f0a70ee933c21ad8b45fe37d84b 2024-04-15
FileHash-SHA1 9bb260bfec660ffb000760a61ec35e33f1664d87 2024-04-15
FileHash-SHA1 da29ceebbacf7183b7f8118528052a1e8a01d96d SHA1 of 480a42e823456e5c78348a3f85beec0d02581bbfd255dad5cb208c16862f3995 2024-04-15
FileHash-SHA1 fd64c5bf3243ccdf61ff85427d366c7f73e65b2d SHA1 of f556f38690b8b551ec8215bc38d2d1fc02895acf9ff54f9fa140ae568d296dfe 2024-04-15
FileHash-SHA256 03abad346c58d3670d064e5f61595367ef393f0a70ee933c21ad8b45fe37d84b 2024-04-15
FileHash-SHA256 480a42e823456e5c78348a3f85beec0d02581bbfd255dad5cb208c16862f3995 2024-04-15
FileHash-SHA256 514d739ef92e844a370bc555e0f56381f1301992908aab936038a7a7b65f2472 2024-04-15
FileHash-SHA256 8569772611abe3f25fe4f5d5422aad894d29705c6f97bc2a7978a1d1c1fe9b82 2024-04-15
FileHash-SHA256 f556f38690b8b551ec8215bc38d2d1fc02895acf9ff54f9fa140ae568d296dfe 2024-04-15
FileHash-SHA256 ff42428f0fcc346cc56e2b00d4b5c4bd43b55f3465b4ccab0efba9c88f4a1c03 2024-04-15
domain snapcraftcontent.com 2024-04-15
email whoisrequest@markmonitor.com 2024-04-15
hostname canonical-bos01.cdn.snapcraftcontent.com 2024-04-15
FileHash-MD5 091f51a7a1c3a4504a224cc081ce9cee 2024-04-15
FileHash-MD5 3b5074b1b5d032e5620f69f9f700ff0e 2024-04-15
FileHash-MD5 3c293bdf2a25c07559b560ba86debc77 2024-04-15
FileHash-MD5 65005c9d9ae0f0ebeaf22c210571d482 2024-04-15
FileHash-MD5 7dcce5b76c8b17472d024758970a406b 2024-04-15
FileHash-MD5 bd0bf25947d4a37404f0424edf4db9ad 2024-04-15
FileHash-MD5 d92e946ff47c9993f543dfc097ff3d05 2024-04-15
FileHash-SHA1 9cc99cc689d03040023590fe66a7d08ca1fd7e5e 2024-04-15
FileHash-SHA1 e80bf88fd7ed5d2fdf43c7edeb712134e0843641 2024-04-15
FileHash-SHA256 9613dee39157b5f9935436b36647047e267b7c10fa4c7ab1fd995db681e58c12 2024-04-15
domain ssh-access.target 2024-04-15
email whoisrelay@markmonitor.com 2024-04-15
hostname note.gnu.property 2024-04-15
FileHash-MD5 1dabf390f0623a6bfd99a89c7a5f336e 2024-04-15
FileHash-MD5 1fc1c530fdab845a0a2b05d0b5335bcb 2024-04-15
FileHash-MD5 36f7277af969a6947a61ae0b815907a1 2024-04-15
FileHash-SHA1 65a85288336c6de176163748aab8fe9ccd5515b7 2024-04-15
FileHash-SHA1 bce2485dc99480b7319e809001b40588c0e8baf0 2024-04-15
FileHash-SHA256 479a0170df010c5eb742ff1b8740a2ccf381df44c8a919c95d6e38685278e78a 2024-04-15
hostname io.systemd.network 2024-04-15
CIDR 0.0.0.0/28 2024-04-15
CIDR 0.0.0.0/24 2024-04-15
FileHash-MD5 199d4300277f495f84ba4028c984214c 2024-04-15
FileHash-MD5 6fa70fa776044fa28be7a21daf42a108 2024-04-15
FileHash-MD5 8af3357071af4153af414daae07d38e7 2024-04-15
FileHash-MD5 b209c0d9d1764ab38d13b8e00d1784d6 2024-04-15
FileHash-SHA1 28b5ba2aa0f55d80adb2624564ed2b170c19519e 2024-04-15
FileHash-MD5 0ce0fa61d1a9433dabd67417f6b8e535 2024-04-15
FileHash-MD5 24dc708d9e6a4226a3efe2033bb744de 2024-04-15
FileHash-MD5 7fc63312330b479bb32e598d47cef1a8 2024-04-15
FileHash-MD5 a0fa58cafd6f4f0c8d003d16ccf9e797 2024-04-15
FileHash-MD5 c8c6cde1c488439aba371a664353d9d8 2024-04-15
FileHash-MD5 ee9799dab1e24d81b7bee7759a543e1b 2024-04-15
FileHash-MD5 f15d2347662d483ea9bcd8aa1a691d28 2024-04-15
FileHash-MD5 0027229ca0644181a76c4e92458afa2e 2024-04-15
FileHash-MD5 1675d7f172174098b1108bf8c7dc8f5d 2024-04-15
FileHash-MD5 1dee0369c7fc4736b7099b38ecb46ee7 2024-04-15
FileHash-MD5 24d8d4452573402496068381a6312df2 2024-04-15
FileHash-MD5 3354939424b4456d9802ca8333ed424a 2024-04-15
FileHash-MD5 36db2dfa5a9045e1bd4af5f93e1cf057 2024-04-15
FileHash-MD5 39f53479d3a045ac8e11786248231fbf 2024-04-15
FileHash-MD5 45f82f4aef7a4bbf942ce861d1f20990 2024-04-15
FileHash-MD5 4d4408cfd0d144859184d1e65d7c8a65 2024-04-15
FileHash-MD5 58432bd3bace477cb514b56381b8a758 2024-04-15
FileHash-MD5 641257651c1b4ec9a8624d7a40a9e1e7 2024-04-15
FileHash-MD5 6bbd95ee977941e497c48be27c254128 2024-04-15
FileHash-MD5 7b05ebc668384222baa8881179cfda54 2024-04-15
FileHash-MD5 7d4958e842da4a758f6c1cdc7b36dcc5 2024-04-15
FileHash-MD5 8811e6df2a8e40f58a94cea26f8ebf14 2024-04-15
FileHash-MD5 8d45620c1a4348dbb17410da57c60c66 2024-04-15
FileHash-MD5 98268866d1d54a499c4e98921d93bc40 2024-04-15
FileHash-MD5 9d1aaa27d60140bd96365438aad20286 2024-04-15
FileHash-MD5 a596d6fe7bfa4994828e72309e95d61e 2024-04-15
FileHash-MD5 b07a249cd024414a82dd00cd181378ff 2024-04-15
FileHash-MD5 be02cf6855d2428ba40df7e9d022f03d 2024-04-15
FileHash-MD5 c7a787079b354eaaa9e77b371893cd27 2024-04-15
FileHash-MD5 d34d037fff1847e6ae669a370e694725 2024-04-15
FileHash-MD5 d93fb3c9c24d451a97cea615ce59c00b 2024-04-15
FileHash-MD5 de5b426a63be47a7b6ac3eaac82e2f6f 2024-04-15
FileHash-MD5 e7852bfe46784ed0accde04bc864c2d5 2024-04-15
FileHash-MD5 e9bf28e6e834481bb6f48f548ad13606 2024-04-15
FileHash-MD5 ec387f577b844b8fa948f33cad9a75e6 2024-04-15
FileHash-MD5 f77379a8490b408bbe5f6940505a777b 2024-04-15
FileHash-MD5 fc2e22bc6ee647b6b90729ab34a250b1 2024-04-15
FileHash-MD5 fcbefc5da23d428093f97c82a9290f7b 2024-04-15
FileHash-MD5 0e4284a0caca4bfc81c0bb6786972673 2024-04-15
FileHash-MD5 1b3bb94037f04bbf81028e135a12d293 2024-04-15
FileHash-MD5 1c0454c1bd2241e0ac6fefb4bc631433 2024-04-15
FileHash-MD5 50876a9db00f4c40bde1a2ad381c3a1b 2024-04-15
FileHash-MD5 5aadd8e954dc4b1a8c954d63fd9e1137 2024-04-15
FileHash-MD5 5eb03494b6584870a536b337290809b3 2024-04-15
FileHash-MD5 7ad2d189f7e94e70a38c781354912448 2024-04-15
FileHash-MD5 7c8a41f37b764941a0e1780b1be2f037 2024-04-15
FileHash-MD5 98e322203f7a4ed290d09fe03c09fe15 2024-04-15
FileHash-MD5 ae8f7b866b0347b9af31fe1c80b127c0 2024-04-15
FileHash-MD5 b480325f9c394a7b802c231e51a2752c 2024-04-15
FileHash-MD5 b61fdac612e94b9182285b998843061f 2024-04-15
FileHash-MD5 c14aaf76ec284a5fa1f105f88dfb061c 2024-04-15
FileHash-MD5 d9b373ed55a64feb8242e02dbe79a49c 2024-04-15
FileHash-MD5 eed00a68ffd84e31882105fd973abdd1 2024-04-15
FileHash-MD5 fe6faa94e7774663a0da52717891d8ef 2024-04-15
URL https://systemd.io/UIDS-GIDS 2024-04-15
URL https://systemd.io/USER_NAMES 2024-04-15
email ash@kambanaria.org 2024-04-15
FileHash-MD5 0e54470984ac419689743d957a119e2e 2024-04-15
FileHash-MD5 187c62eb1e7f463bb530394f52cb090f 2024-04-15
FileHash-MD5 267437d33fdd41099ad76221cc24a335 2024-04-15
FileHash-MD5 2ed18d4f78ca47f0a9bc25271c26adb4 2024-04-15
FileHash-MD5 38e8b1e039ad469291b18b44c553a5b7 2024-04-15
FileHash-MD5 3a73a98baf5b4b199929e3226c0be783 2024-04-15
FileHash-MD5 3ed0163e868a4417ab8b9e210407a96c 2024-04-15
FileHash-MD5 3f7d5ef3e54f4302b4f0b143bb270cab 2024-04-15
FileHash-MD5 42695b500df048298bee37159caa9f2e 2024-04-15
FileHash-MD5 4ac7566d4d7548f4981f629a28f0f829 2024-04-15
FileHash-MD5 56b1cd96f24246c5b607666fda952356 2024-04-15
FileHash-MD5 59288af523be43a28d494e41e26e4510 2024-04-15
FileHash-MD5 5addb3a06a734d3396b794bf98fb2d01 2024-04-15
FileHash-MD5 5c9e98de4ab94c6a9d04d0ad793bd903 2024-04-15
FileHash-MD5 5e6f1f5e4db64a0eaee3368249d20b94 2024-04-15
FileHash-MD5 5ed836f1766f4a8a9fc5da45aae23b29 2024-04-15
FileHash-MD5 645c735537634ae0a32b15a7c6cba7d4 2024-04-15
FileHash-MD5 658a67adc1c940b3b3316e7e8628834a 2024-04-15
FileHash-MD5 689b4fcc97b4486ea5da92db69c9e314 2024-04-15
FileHash-MD5 6a40fbfbd2ba4b8db02fb40c9cd090d7 2024-04-15
FileHash-MD5 76c5c754d628490d8ecba4c9d042112b 2024-04-15
FileHash-MD5 79e05b67bc4545d1922fe47107ee60c5 2024-04-15
FileHash-MD5 7db73c8af0d94eeb822ae04323fe6ab6 2024-04-15
FileHash-MD5 83f84b35ee264f74a3896a9717af34cb 2024-04-15
FileHash-MD5 872729b47dbe473eb768ccecd477beda 2024-04-15
FileHash-MD5 a8fa8dacdb1d443e9503b8be367a6adb 2024-04-15
FileHash-MD5 af55a6f75b544431b72649f36ff6d62c 2024-04-15
FileHash-MD5 bfc2430724ab44499735b4f94cca9295 2024-04-15
FileHash-MD5 d18e0339efb24a068d9c1060221048c2 2024-04-15
FileHash-MD5 d67fa9f847aa4b048a2ae33535331adb 2024-04-15
FileHash-MD5 d9ec5e95e4b646aaaea2fd05214edbda 2024-04-15
FileHash-MD5 dbb136b10ef4457ba47a795d62f108c9 2024-04-15
FileHash-MD5 e6f456bd92004d9580160b2207555186 2024-04-15
FileHash-MD5 ed158c2df8884fa584eead2d902c1032 2024-04-15
FileHash-MD5 f9b0be465ad540d0850ad32172d57c21 2024-04-15
URL https://systemd.io/PORTABLE_SERVICES/ 2024-04-15
email dpark@posteo.net 2024-04-15
URL https://files.local10.com 2024-04-23
URL http://files.local10.com 2024-04-23
References (984)
↗ Hunting_B64Engine_DotNetToJScript_Dos.yar ↗ APT_Backdoor_PS1_BASICPIPESHELL_1.yar ↗ apt_sandworm_exim_expl.yar.002 ↗ apt_sandworm_exim_expl.yar.001 ↗ apt_sandworm_exim_expl.yar ↗ connect.php ↗ connect.php.002 ↗ connect.php.001 ↗ crypto-miner.js ↗ eicar ↗ eicar.001 ↗ eicar.002 ↗ custom.py ↗ eicar.txt ↗ expl_cve_2021_40444.yar.001 ↗ expl_cve_2021_40444.yar.002 ↗ getPerms.php ↗ input.pcap ↗ list.php ↗ parent.php ↗ payload.php ↗ payload.php.001 ↗ kingdee-erp-rce.yaml ↗ payload.php.003 ↗ payload.php.002 ↗ payload.php.004 ↗ payload.php.005 ↗ payload.php.006 ↗ payload.php.007 ↗ payload.php.008 ↗ payload.php.010 ↗ payload.php.011 ↗ payload.php.009 ↗ payload.php.012 ↗ payload.php.013 ↗ payload.php.015 ↗ payload.php.016 ↗ payload.php.017 ↗ reverse_tcp.py ↗ scanner.php ↗ search.php ↗ setdb.php ↗ payload.php.014 ↗ setdb.php.001 ↗ reader.php ↗ single.php ↗ resolv.conf ↗ systemd-update-helper ↗ 90-systemd.preset ↗ 60-flatpak ↗ app.slice ↗ background.slice ↗ README.md ↗ bluetooth.target ↗ basic.target ↗ borgmatic-user.timer ↗ borgmatic-user.service ↗ cape.service ↗ cape-dist.service ↗ cape-processor.service ↗ cape-rooter.service ↗ capsule@.target ↗ cape-web.service ↗ clash.service ↗ colord-session.service ↗ dbus.socket ↗ cape-fstab.service ↗ dbus.service ↗ dbus-broker.service ↗ dconf.service ↗ dirmngr.service ↗ default.target ↗ drkonqi-coredump-cleanup.service ↗ dirmngr.socket ↗ drkonqi-coredump-cleanup.timer ↗ drkonqi-coredump-launcher.socket ↗ drkonqi-sentry-postman.path ↗ drkonqi-coredump-pickup.service ↗ drkonqi-sentry-postman.service ↗ drkonqi-sentry-postman.timer ↗ drkonqi-coredump-launcher@.service ↗ dunst.service ↗ flatpak-oci-authenticator.service ↗ filter-chain.service ↗ exit.target ↗ flatpak-session-helper.service ↗ fluidsynth.service ↗ gcr-ssh-agent.socket ↗ flatpak-portal.service ↗ gcr-ssh-agent.service ↗ gnome-keyring-daemon.service ↗ glib-pacrunner.service ↗ gnome-keyring-daemon.socket ↗ gpg-agent-ssh.socket ↗ gnome-terminal-server.service ↗ gpg-agent-extra.socket ↗ gpg-agent.service ↗ gpg-agent.socket ↗ gpg-agent-browser.socket ↗ graphical-session-pre.target ↗ graphical-session.target ↗ gssuserproxy.socket ↗ guacd.service ↗ gvfs-gphoto2-volume-monitor.service ↗ gvfs-daemon.service ↗ gssuserproxy.service ↗ gvfs-afc-volume-monitor.service ↗ gvfs-metadata.service ↗ jack@.service ↗ guac-web.service ↗ gvfs-udisks2-volume-monitor.service ↗ gvfs-mtp-volume-monitor.service ↗ kde-baloo.service ↗ keyboxd.service ↗ kio-fuse.service ↗ keyboxd.socket ↗ p11-kit-server.service ↗ p11-kit-server.socket ↗ paths.target ↗ pipewire.socket ↗ pipewire-pulse.service ↗ plasma-gmenudbusmenuproxy.service ↗ pipewire-pulse.socket ↗ plasma-baloorunner.service ↗ plasma-kcminit.service ↗ plasma-dolphin.service ↗ plasma-kcminit-phase1.service ↗ plasma-core.target ↗ plasma-kded.service ↗ pipewire.service ↗ plasma-kded6.service ↗ plasma-kglobalaccel.service ↗ at-spi-dbus-bus.service ↗ plasma-krunner.service ↗ plasma-kscreen.service ↗ plasma-kscreen-osd.service ↗ plasma-ksmserver.service ↗ plasma-ksplash.service ↗ plasma-ksplash-ready.service ↗ plasma-ksystemstats.service ↗ plasma-kwallet-pam.service ↗ plasma-kwin_wayland.service ↗ plasma-kwin_x11.service ↗ plasma-plasmashell.service ↗ plasma-polkit-agent.service ↗ plasma-powerdevil.service ↗ plasma-powerprofile-osd.service ↗ plasma-restoresession.service ↗ plasma-workspace.target ↗ plasma-workspace-wayland.target ↗ plasma-workspace-x11.target ↗ plasma-xdg-desktop-portal-kde.service ↗ plasma-xembedsniproxy.service ↗ podman.service ↗ podman.socket ↗ podman-auto-update.service ↗ podman-auto-update.timer ↗ podman-kube@.service ↗ podman-restart.service ↗ printer.target ↗ pulseaudio.service ↗ pulseaudio.socket ↗ pulseaudio-x11.service ↗ session.slice ↗ shutdown.target ↗ smartcard.target ↗ sockets.target ↗ sound.target ↗ ssh-agent.service ↗ suricata.service ↗ suricata-update.service ↗ suricata-update.timer ↗ systemd-exit.service ↗ systemd-tmpfiles-clean.service ↗ systemd-tmpfiles-clean.timer ↗ systemd-tmpfiles-setup.service ↗ thunar.service ↗ timers.target ↗ tracker-xdg-portal-3.service ↗ tumblerd.service ↗ wireplumber.service ↗ wireplumber@.service ↗ xdg-desktop-autostart.target ↗ xdg-desktop-portal.service ↗ xdg-desktop-portal-gtk.service ↗ xdg-desktop-portal-hyprland.service ↗ xdg-desktop-portal-rewrite-launchers.service ↗ xdg-desktop-portal-xapp.service ↗ xdg-permission-store.service ↗ xdg-user-dirs-update.service ↗ xfce4-notifyd.service ↗ xsettingsd.service ↗ xdg-document-portal.service ↗ https://hybrid-analysis.com/sample/b1a9e5be43c028442c07071e202f44f33e3a2df167822c5cfed8f998e01fe169/661da09794b343782806018e ↗ defaults.conf ↗ apparmor.conf ↗ nvidia ↗ tlp ↗ fwupd.shutdown ↗ mdadm.shutdown ↗ 99-default.preset ↗ 50-zfs.preset ↗ ibft-rule-generator ↗ 10-arch ↗ 60-flatpak-system-only ↗ 3proxy.service ↗ apache-tika.service ↗ apparmor.service ↗ arch-audit.service ↗ arch-audit.timer ↗ NetworkManager-dispatcher.service ↗ NetworkManager-wait-online.service ↗ NetworkManager.service ↗ SUSE-mdadm_env.sh ↗ ModemManager.service ↗ 3proxy.conf ↗ archlinux-keyring-wkd-sync.service ↗ adsl.service ↗ accounts-daemon.service ↗ adb.service ↗ alsa-restore.service ↗ alsa-state.service ↗ archlinux-keyring-wkd-sync.timer ↗ ananicy-cpp.service ↗ arcolinux-graphical-target.service ↗ atftpd.service ↗ audit-rules.service ↗ auditd.service ↗ auth-rpcgss-module.service ↗ autorandr.service ↗ autorandr-lid-listener.service ↗ autovt@.service ↗ avahi-daemon.service ↗ avahi-daemon.socket ↗ avahi-dnsconfd.service ↗ bettercap.service ↗ betterlockscreen@.service ↗ blk-availability.service ↗ blockdev@.target ↗ bluetooth.service ↗ bmc-watchdog.service ↗ bolt.service ↗ boot-complete.target ↗ borgmatic.service ↗ borgmatic.timer ↗ bpftune.service ↗ btrfs-scrub@.service ↗ btrfs-scrub@.timer ↗ canberra-system-bootup.service ↗ canberra-system-shutdown.service ↗ canberra-system-shutdown-reboot.service ↗ capsule.slice ↗ capsule@.service ↗ celery2@.service ↗ celery@.service ↗ chkboot.service ↗ clamav-clamonacc.service ↗ clamav-daemon.service ↗ clamav-daemon.socket ↗ clamav-freshclam.service ↗ clamav-freshclam-once.service ↗ clamav-freshclam-once.timer ↗ clamav-unofficial-sigs.service ↗ clamav-unofficial-sigs.timer ↗ clash@.service ↗ cntlm.service ↗ colord.service ↗ configure-printer@.service ↗ console-getty.service ↗ container-getty@.service ↗ containerd.service ↗ couchdb.service ↗ cpupower.service ↗ create_ap.service ↗ cronie.service ↗ cryptsetup.target ↗ cryptsetup-pre.target ↗ ctrl-alt-del.target ↗ cups.path ↗ cups.service ↗ cups.socket ↗ cups-lpd.socket ↗ cups-lpd@.service ↗ cxl-monitor.service ↗ darkstat.service ↗ daxdev-reconfigure@.service ↗ dbus-org.freedesktop.hostname1.service ↗ dbus-org.freedesktop.import1.service ↗ dbus-org.freedesktop.locale1.service ↗ dbus-org.freedesktop.login1.service ↗ dbus-org.freedesktop.machine1.service ↗ dbus-org.freedesktop.portable1.service ↗ dbus-org.freedesktop.timedate1.service ↗ debug-shell.service ↗ dev-hugepages.mount ↗ dev-mqueue.mount ↗ dhclient@.service ↗ dhcpd4.service ↗ dhcpd6.service ↗ dirmngr@.service ↗ dirmngr@.socket ↗ dm-event.service ↗ dm-event.socket ↗ dmraid.service ↗ dnscrypt-proxy.service ↗ dnsmasq.service ↗ docker.service ↗ docker.socket ↗ drkonqi-coredump-processor@.service ↗ e2scrub@.service ↗ e2scrub_all.service ↗ e2scrub_all.timer ↗ e2scrub_fail@.service ↗ e2scrub_reap.service ↗ ead.service ↗ elasticsearch.service ↗ elasticsearch-keystore.service ↗ elasticsearch-keystore@.service ↗ elasticsearch@.service ↗ emergency.service ↗ emergency.target ↗ epmd.service ↗ epmd.socket ↗ exabgp.service ↗ factory-reset.target ↗ fancontrol.service ↗ fastnetmon.service ↗ final.target ↗ finger.socket ↗ finger@.service ↗ first-boot-complete.target ↗ flatpak-system-helper.service ↗ freeradius.service ↗ fsidd.service ↗ fstrim.service ↗ fstrim.timer ↗ ftpd.service ↗ fwupd.service ↗ fwupd-offline-update.service ↗ fwupd-refresh.service ↗ fwupd-refresh.timer ↗ geoclue.service ↗ geoipupdate.service ↗ geoipupdate.timer ↗ getty.target ↗ getty-pre.target ↗ getty@.service ↗ git-daemon.socket ↗ git-daemon@.service ↗ gnupg-pkcs11-scd-proxy.service ↗ gpg-agent-browser@.socket ↗ gpg-agent-extra@.socket ↗ gpg-agent-ssh@.socket ↗ gpg-agent@.service ↗ gpg-agent@.socket ↗ gpm.path ↗ gpm.service ↗ gpsd.service ↗ gpsd.socket ↗ gpsdctl@.service ↗ graphical.target ↗ greenbone-certdata-sync.service ↗ greenbone-certdata-sync.timer ↗ greenbone-feed-sync.service ↗ greenbone-feed-sync.timer ↗ greenbone-nvt-sync.service ↗ greenbone-nvt-sync.timer ↗ greenbone-scapdata-sync.service ↗ greenbone-scapdata-sync.timer ↗ gssproxy.service ↗ gvmd.service ↗ halt.target ↗ healthd.service ↗ hibernate.target ↗ hostapd.service ↗ hostapd@.service ↗ httpd.service ↗ hv_fcopy_daemon.service ↗ hv_kvp_daemon.service ↗ hv_vss_daemon.service ↗ hybrid-sleep.target ↗ i2pd.service ↗ iiod.service ↗ initrd.target ↗ initrd-cleanup.service ↗ initrd-fs.target ↗ initrd-parse-etc.service ↗ initrd-root-device.target ↗ initrd-root-fs.target ↗ initrd-switch-root.service ↗ initrd-switch-root.target ↗ initrd-udevadm-cleanup-db.service ↗ initrd-usr-fs.target ↗ integritysetup.target ↗ integritysetup-pre.target ↗ iodined.service ↗ iodined.socket ↗ ip2clued.service ↗ ip6tables.service ↗ ipmidetectd.service ↗ ipmiseld.service ↗ iptables.service ↗ iscsi.service ↗ iscsi-init.service ↗ iscsid.service ↗ iscsid.socket ↗ iscsiuio.service ↗ iscsiuio.socket ↗ isnsd.service ↗ isnsd.socket ↗ iwd.service ↗ kcptun-server@.service ↗ kcptun@.service ↗ kexec.target ↗ keyboxd@.service ↗ keyboxd@.socket ↗ kmod-static-nodes.service ↗ krb5-kadmind.service ↗ krb5-kdc.service ↗ krb5-kpropd.service ↗ krb5-kpropd.socket ↗ krb5-kpropd@.service ↗ lastlog2-import.service ↗ ldconfig.service ↗ libvirt-guests.service ↗ libvirtd.service ↗ libvirtd.socket ↗ libvirtd-admin.socket ↗ libvirtd-ro.socket ↗ libvirtd-tcp.socket ↗ libvirtd-tls.socket ↗ lightdm.service ↗ lm_sensors.service ↗ local-fs.target ↗ local-fs-pre.target ↗ logrotate.service ↗ logrotate.timer ↗ lvm2-lvmpolld.service ↗ lvm2-lvmpolld.socket ↗ lvm2-monitor.service ↗ lxc.service ↗ lxc-auto.service ↗ lxc-monitord.service ↗ lxc-net.service ↗ lxc@.service ↗ lxdm.service ↗ ly.service ↗ lynis.service ↗ lynis.timer ↗ machine.slice ↗ machines.target ↗ man-db.service ↗ man-db.timer ↗ mariadb.service ↗ mariadb.socket ↗ mariadb-extra.socket ↗ mariadb-extra@.socket ↗ mariadb@.service ↗ mariadb@.socket ↗ mdadm-grow-continue@.service ↗ mdadm-last-resort@.service ↗ mdadm-last-resort@.timer ↗ mdcheck_continue.service ↗ mdcheck_continue.timer ↗ mdcheck_start.service ↗ mdcheck_start.timer ↗ mdmon@.service ↗ mdmonitor.service ↗ mdmonitor-oneshot.service ↗ mdmonitor-oneshot.timer ↗ memavaild.service ↗ mkinitcpio-generate-shutdown-ramfs.service ↗ modprobe@.service ↗ mongodb.service ↗ multi-user.target ↗ mysql.service ↗ mysqld.service ↗ named.service ↗ nbd.service ↗ nbd@.service ↗ ndctl-monitor.service ↗ neo4j.service ↗ netavark-dhcp-proxy.service ↗ netavark-dhcp-proxy.socket ↗ netdata.service ↗ network.target ↗ network-online.target ↗ network-pre.target ↗ nfs-blkmap.service ↗ nfs-client.target ↗ nfs-idmapd.service ↗ nfs-mountd.service ↗ nfs-server.service ↗ nfs-utils.service ↗ nfsdcld.service ↗ nfsv4-exportd.service ↗ nfsv4-server.service ↗ nftables.service ↗ nm-priv-helper.service ↗ nmb.service ↗ nohang.service ↗ nohang-desktop.service ↗ nscd.service ↗ nss-lookup.target ↗ nss-user-lookup.target ↗ ntpd.service ↗ ntpdate.service ↗ nvidia-hibernate.service ↗ nvidia-persistenced.service ↗ nvidia-powerd.service ↗ nvidia-resume.service ↗ nvidia-suspend.service ↗ nvmefc-boot-connections.service ↗ nvmf-autoconnect.service ↗ nvmf-connect.target ↗ nvmf-connect-nbft.service ↗ nvmf-connect@.service ↗ pacrunner.service ↗ ostree-boot-complete.service ↗ pacman-filesdb-refresh.timer ↗ pcscd.service ↗ passim.service ↗ pcscd.socket ↗ packagekit-offline-update.service ↗ phoronix-result-server.service ↗ paccache.timer ↗ plymouth-kexec.service ↗ pamac-cleancache.timer ↗ plymouth-quit.service ↗ partimaged.service ↗ plymouth-poweroff.service ↗ plymouth-read-write.service ↗ plymouth-quit-wait.service ↗ paccache.service ↗ plymouth-switch-root-initramfs.service ↗ ostree-remount.service ↗ plymouth-switch-root.service ↗ openvpn-client@.service ↗ podman-clean-transient.service ↗ pamac-offline-upgrade.service ↗ polkit.service ↗ postfix.service ↗ pam_namespace.service ↗ poweroff.target ↗ ppp@.service ↗ opensnitchd.service ↗ proc-fs-nfsd.mount ↗ proc-sys-fs-binfmt_misc.automount ↗ proc-sys-fs-binfmt_misc.mount ↗ phoromatic-server.service ↗ ptunnel.service ↗ openvpn-server@.service ↗ plymouth-halt.service ↗ pamac-cleancache.service ↗ plymouth-reboot.service ↗ ostree-state-overlay@.service ↗ ostree-finalize-staged.service ↗ postgresql.service ↗ phoromatic-client.service ↗ pamac-daemon.service ↗ pacman-filesdb-refresh.service ↗ packagekit.service ↗ pkgfile-update.service ↗ pkgfile-update.timer ↗ plymouth-start.service ↗ ostree-prepare-root.service ↗ ostree-finalize-staged.path ↗ privoxy.service ↗ ostree-finalize-staged-hold.service ↗ qemu-guest-agent.service ↗ quotaon.service ↗ quotaon-root.service ↗ quotaon@.service ↗ rabbitmq.service ↗ ras-mc-ctl.service ↗ rasdaemon.service ↗ rathole@.service ↗ ratholec@.service ↗ ratholes@.service ↗ rc-local.service ↗ rdnssd@.service ↗ reboot.target ↗ redis.service ↗ redis-sentinel.service ↗ reflector.service ↗ reflector.timer ↗ remote-cryptsetup.target ↗ remote-fs.target ↗ remote-fs-pre.target ↗ remote-veritysetup.target ↗ rescue.service ↗ rescue.target ↗ rfkill-block@.service ↗ rfkill-unblock@.service ↗ rlogin.socket ↗ rlogin@.service ↗ rpc-gssd.service ↗ rpc-statd.service ↗ rpc-statd-notify.service ↗ rpc_pipefs.target ↗ rpcbind.service ↗ rpcbind.socket ↗ rpcbind.target ↗ rsh.socket ↗ rsh@.service ↗ rsyncd.service ↗ rsyncd.socket ↗ rsyncd@.service ↗ rtkit-daemon.service ↗ runlevel0.target ↗ runlevel1.target ↗ runlevel2.target ↗ runlevel3.target ↗ runlevel4.target ↗ runlevel5.target ↗ runlevel6.target ↗ rwhod.service ↗ samba.service ↗ sddm.service ↗ seatd.service ↗ sensord.service ↗ serial-getty@.service ↗ shadow.service ↗ shadow.timer ↗ sigpwr.target ↗ slapd.service ↗ sleep.target ↗ slices.target ↗ smartd.service ↗ smb.service ↗ sndiod.service ↗ snmpd.service ↗ snmptrapd.service ↗ snort@.service ↗ snort@1000.service ↗ soft-reboot.target ↗ ssh-access.target ↗ sshd.service ↗ sshdgenkeys.service ↗ sshuttle.service ↗ sslh.service ↗ sslh-fork.service ↗ sslh-select.service ↗ storage-target-mode.target ↗ stunnel.service ↗ sudo_logsrvd.service ↗ suspend.target ↗ suspend-then-hibernate.target ↗ svnserve.service ↗ swap.target ↗ sys-fs-fuse-connections.mount ↗ sys-kernel-config.mount ↗ sys-kernel-debug.mount ↗ sys-kernel-tracing.mount ↗ sysinit.target ↗ syslog.socket ↗ system-systemd\x2dcryptsetup.slice ↗ system-systemd\x2dveritysetup.slice ↗ system-update.target ↗ system-update-cleanup.service ↗ system-update-pre.target ↗ systemd-ask-password-console.path ↗ systemd-ask-password-console.service ↗ systemd-ask-password-plymouth.path ↗ systemd-ask-password-plymouth.service ↗ systemd-ask-password-wall.path ↗ systemd-ask-password-wall.service ↗ systemd-backlight@.service ↗ systemd-battery-check.service ↗ systemd-binfmt.service ↗ systemd-bless-boot.service ↗ systemd-boot-check-no-failures.service ↗ systemd-boot-random-seed.service ↗ systemd-boot-update.service ↗ systemd-bootctl.socket ↗ systemd-bootctl@.service ↗ systemd-bsod.service ↗ systemd-confext.service ↗ systemd-coredump.socket ↗ systemd-coredump@.service ↗ systemd-creds.socket ↗ systemd-creds@.service ↗ systemd-firstboot.service ↗ systemd-fsck-root.service ↗ systemd-fsck@.service ↗ systemd-growfs-root.service ↗ systemd-growfs@.service ↗ systemd-halt.service ↗ systemd-hibernate.service ↗ systemd-hibernate-resume.service ↗ systemd-homed.service ↗ systemd-homed-activate.service ↗ systemd-homed-firstboot.service ↗ systemd-hostnamed.service ↗ systemd-hostnamed.socket ↗ systemd-hwdb-update.service ↗ systemd-hybrid-sleep.service ↗ systemd-importd.service ↗ systemd-initctl.service ↗ systemd-initctl.socket ↗ systemd-journal-catalog-update.service ↗ systemd-journal-flush.service ↗ systemd-journal-gatewayd.service ↗ systemd-journal-gatewayd.socket ↗ systemd-journal-remote.service ↗ systemd-journal-remote.socket ↗ systemd-journal-upload.service ↗ systemd-journald.service ↗ systemd-journald.socket ↗ systemd-journald-audit.socket ↗ systemd-journald-dev-log.socket ↗ systemd-journald-varlink@.socket ↗ systemd-journald@.service ↗ systemd-journald@.socket ↗ systemd-kexec.service ↗ systemd-localed.service ↗ systemd-logind.service ↗ systemd-machine-id-commit.service ↗ systemd-machined.service ↗ systemd-modules-load.service ↗ systemd-network-generator.service ↗ systemd-networkd.service ↗ systemd-networkd.socket ↗ systemd-networkd-persistent-storage.service ↗ systemd-networkd-wait-online.service ↗ systemd-networkd-wait-online@.service ↗ systemd-nspawn@.service ↗ systemd-oomd.service ↗ systemd-oomd.socket ↗ systemd-pcrextend.socket ↗ systemd-pcrextend@.service ↗ systemd-pcrfs-root.service ↗ systemd-pcrfs@.service ↗ systemd-pcrlock.socket ↗ systemd-pcrlock-file-system.service ↗ systemd-pcrlock-firmware-code.service ↗ systemd-pcrlock-firmware-config.service ↗ systemd-pcrlock-machine-id.service ↗ systemd-pcrlock-make-policy.service ↗ systemd-pcrlock-secureboot-authority.service ↗ systemd-pcrlock-secureboot-policy.service ↗ systemd-pcrlock@.service ↗ systemd-pcrmachine.service ↗ systemd-pcrphase.service ↗ systemd-pcrphase-initrd.service ↗ systemd-pcrphase-sysinit.service ↗ systemd-portabled.service ↗ systemd-poweroff.service ↗ systemd-pstore.service ↗ systemd-quotacheck.service ↗ systemd-quotacheck-root.service ↗ systemd-quotacheck@.service ↗ systemd-random-seed.service ↗ systemd-reboot.service ↗ systemd-remount-fs.service ↗ systemd-repart.service ↗ systemd-resolved.service ↗ systemd-rfkill.service ↗ systemd-rfkill.socket ↗ systemd-soft-reboot.service ↗ systemd-storagetm.service ↗ systemd-suspend.service ↗ systemd-suspend-then-hibernate.service ↗ systemd-sysctl.service ↗ systemd-sysext.service ↗ systemd-sysext.socket ↗ systemd-sysext@.service ↗ systemd-sysupdate.service ↗ systemd-sysupdate.timer ↗ systemd-sysupdate-reboot.service ↗ systemd-sysupdate-reboot.timer ↗ systemd-sysusers.service ↗ systemd-time-wait-sync.service ↗ systemd-timedated.service ↗ systemd-timesyncd.service ↗ systemd-tmpfiles-setup-dev.service ↗ systemd-tmpfiles-setup-dev-early.service ↗ systemd-tpm2-setup.service ↗ systemd-tpm2-setup-early.service ↗ systemd-udev-trigger.service ↗ systemd-udevd.service ↗ systemd-udevd-control.socket ↗ systemd-udevd-kernel.socket ↗ systemd-update-done.service ↗ systemd-update-utmp.service ↗ systemd-update-utmp-runlevel.service ↗ systemd-user-sessions.service ↗ systemd-userdbd.service ↗ systemd-userdbd.socket ↗ systemd-vconsole-setup.service ↗ systemd-vmspawn@.service ↗ systemd-volatile-root.service ↗ systemd-zram-setup@.service ↗ talk.service ↗ talk.socket ↗ teamd@.service ↗ telnet.socket ↗ telnet@.service ↗ time-set.target ↗ time-sync.target ↗ tinc.service ↗ tinc@.service ↗ tinyproxy.service ↗ tlp.service ↗ tmp.mount ↗ tor.service ↗ tpm2.target ↗ udisks2.service ↗ udp2raw@.service ↗ ufw.service ↗ uksmd.service ↗ umount.target ↗ unbound.service ↗ updatedb.service ↗ updatedb.timer ↗ upower.service ↗ usb-gadget.target ↗ usb_modeswitch@.service ↗ usbipd.service ↗ usbmuxd.service ↗ user.slice ↗ user-runtime-dir@.service ↗ user@.service ↗ uuidd.service ↗ uuidd.socket ↗ var-lib-machines.mount ↗ var-lib-nfs-rpc_pipefs.mount ↗ vboxdrmclient.path ↗ vboxdrmclient.service ↗ vboxservice.service ↗ veritysetup.target ↗ veritysetup-pre.target ↗ virt-guest-shutdown.target ↗ virtchd.service ↗ virtchd.socket ↗ virtchd-admin.socket ↗ virtchd-ro.socket ↗ virtinterfaced.service ↗ virtinterfaced.socket ↗ virtinterfaced-admin.socket ↗ virtinterfaced-ro.socket ↗ virtlockd.service ↗ virtlockd.socket ↗ virtlockd-admin.socket ↗ virtlogd.service ↗ virtlogd.socket ↗ virtlogd-admin.socket ↗ virtlxcd.service ↗ virtlxcd.socket ↗ virtlxcd-admin.socket ↗ virtlxcd-ro.socket ↗ virtnetworkd.service ↗ virtnetworkd.socket ↗ virtnetworkd-admin.socket ↗ virtnetworkd-ro.socket ↗ virtnodedevd.service ↗ virtnodedevd.socket ↗ virtnodedevd-admin.socket ↗ virtnodedevd-ro.socket ↗ virtnwfilterd.service ↗ virtnwfilterd.socket ↗ virtnwfilterd-admin.socket ↗ virtnwfilterd-ro.socket ↗ virtproxyd.service ↗ virtproxyd.socket ↗ virtproxyd-admin.socket ↗ virtproxyd-ro.socket ↗ virtproxyd-tcp.socket ↗ virtproxyd-tls.socket ↗ virtqemud.service ↗ virtqemud.socket ↗ virtqemud-admin.socket ↗ virtqemud-ro.socket ↗ virtsecretd.service ↗ virtsecretd.socket ↗ virtsecretd-admin.socket ↗ virtsecretd-ro.socket ↗ virtstoraged.service ↗ virtstoraged.socket ↗ virtstoraged-admin.socket ↗ virtstoraged-ro.socket ↗ virtvboxd.service ↗ virtvboxd.socket ↗ virtvboxd-admin.socket ↗ virtvboxd-ro.socket ↗ vmtoolsd.service ↗ vmware-vmblock-fuse.service ↗ vpnc@.service ↗ wacom-inputattach@.service ↗ wg-quick.target ↗ wg-quick@.service ↗ winbind.service ↗ wondershaper.service ↗ wpa_supplicant.service ↗ wpa_supplicant-nl80211@.service ↗ wpa_supplicant-wired@.service ↗ wpa_supplicant@.service ↗ xfs_scrub@.service ↗ xfs_scrub_all.service ↗ xfs_scrub_all.timer ↗ xfs_scrub_fail@.service ↗ xl2tpd.service ↗ xplico.service ↗ xrdp.service ↗ xrdp-sesman.service ↗ yate.service ↗ zfs.target ↗ zfs-import.service ↗ zfs-import.target ↗ zfs-import-cache.service ↗ zfs-import-scan.service ↗ zfs-load-key.service ↗ zfs-mount.service ↗ zfs-scrub-monthly@.timer ↗ zfs-scrub-weekly@.timer ↗ zfs-scrub@.service ↗ zfs-share.service ↗ zfs-trim-monthly@.timer ↗ zfs-trim-weekly@.timer ↗ zfs-trim@.service ↗ zfs-volume-wait.service ↗ zfs-volumes.target ↗ zfs-zed.service ↗ plymouth.conf ↗ gpg-agent-ssh@etc-pacman.d-gnupg.socket ↗ keyboxd@etc-pacman.d-gnupg.socket ↗ dirmngr@etc-pacman.d-gnupg.socket ↗ gpg-agent-browser@etc-pacman.d-gnupg.socket ↗ gpg-agent-extra@etc-pacman.d-gnupg.socket ↗ gpg-agent@etc-pacman.d-gnupg.socket ↗ https://hybrid-analysis.com/sample/ff42428f0fcc346cc56e2b00d4b5c4bd43b55f3465b4ccab0efba9c88f4a1c03/661da0b063c895fc2d0a78dc ↗ https://hybrid-analysis.com/sample/9613dee39157b5f9935436b36647047e267b7c10fa4c7ab1fd995db681e58c12/661da5b202eaca78740cf4ed ↗ https://hybrid-analysis.com/sample/479a0170df010c5eb742ff1b8740a2ccf381df44c8a919c95d6e38685278e78a/661da5c768340c1e25092cb2 ↗ 50-rc_keymap.conf ↗ 10-defaults.conf ↗ 10-login-barrier.conf ↗ 20-systemd-userdb.conf ↗ 20-systemd-ssh-proxy.conf ↗ iptables-flush ↗ cpupower ↗ chkboot-bootcheck ↗ 10-root.conf ↗ 30-root-verity-sig.conf ↗ 20-root-verity.conf ↗ 80-systemd-timesync.list ↗ 80-6rd-tunnel.link ↗ 80-container-ve.network ↗ 80-container-vb.network ↗ 80-container-vz.link ↗ 80-6rd-tunnel.network ↗ 80-container-vz.network ↗ 80-auto-link-local.network.example ↗ 80-ethernet.network.example ↗ 80-container-host0.network ↗ 80-iwd.link ↗ 80-container-vb.link ↗ 80-vm-vt.link ↗ 80-vm-vt.network ↗ 80-wifi-adhoc.network ↗ 80-wifi-ap.network.example ↗ 80-wifi-station.network.example ↗ 80-container-ve.link ↗ 89-ethernet.network.example ↗ 99-default.link ↗ dbus-broker.catalog ↗ dbus-broker-launch.catalog ↗ systemd.be.catalog ↗ systemd.be@latin.catalog ↗ systemd.da.catalog ↗ systemd.bg.catalog ↗ systemd.hu.catalog ↗ systemd.catalog ↗ systemd.it.catalog ↗ systemd.fr.catalog ↗ systemd.ko.catalog ↗ systemd.hr.catalog ↗ systemd.pl.catalog ↗ systemd.pt_BR.catalog ↗ systemd.ru.catalog ↗ systemd.sr.catalog ↗ systemd.zh_CN.catalog ↗ systemd.de.catalog ↗ systemd.zh_TW.catalog ↗ expl_cve_2021_40444.yar