add: Hive ransomware
This commit is contained in:
parent
1ebad0e981
commit
69f9110713
8 changed files with 2993 additions and 0 deletions
Binary file not shown.
|
@ -0,0 +1,14 @@
|
||||||
|
analysis:
|
||||||
|
duration_sec: 60
|
||||||
|
timestamp: '2024-07-01T14:50:58.272982+00:00'
|
||||||
|
kunai:
|
||||||
|
args:
|
||||||
|
- --include=all
|
||||||
|
- --send-data-min-len=0
|
||||||
|
version: kunai 0.2.4
|
||||||
|
sample:
|
||||||
|
args: []
|
||||||
|
system:
|
||||||
|
kernel: 5.10.0-30-cloud-amd64
|
||||||
|
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
|
||||||
|
x86_64 GNU/Linux'
|
Binary file not shown.
Binary file not shown.
|
@ -0,0 +1,2 @@
|
||||||
|
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||||
|
[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
|
@ -0,0 +1,16 @@
|
||||||
|
10:05:58 Exporting key
|
||||||
|
10:05:59 +export /Nt3m9vLRLxbSnXg30P9ycMyiGAd777sb7a4yK5fOA4L_.key.ndjmu
|
||||||
|
10:05:59 Removing itself
|
||||||
|
10:05:59 Killing non root processes
|
||||||
|
10:05:59 +kill 516
|
||||||
|
10:05:59 +kill 528
|
||||||
|
10:05:59 +kill 530
|
||||||
|
10:05:59 +kill 1023
|
||||||
|
10:05:59 +kill 1024
|
||||||
|
10:05:59 +kill 1034
|
||||||
|
10:05:59 +kill 1035
|
||||||
|
10:05:59 +kill 1052
|
||||||
|
10:05:59 +kill 1053
|
||||||
|
10:05:59 +kill 1109
|
||||||
|
10:05:59 +kill 1110
|
||||||
|
Connection to localhost closed by remote host.
|
File diff suppressed because it is too large
Load diff
After Width: | Height: | Size: 294 KiB |
Loading…
Reference in a new issue