diff --git a/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05 b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05 new file mode 100644 index 0000000..bdc7606 Binary files /dev/null and b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05 differ diff --git a/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/analysis.yaml b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/analysis.yaml new file mode 100755 index 0000000..116ef64 --- /dev/null +++ b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/analysis.yaml @@ -0,0 +1,14 @@ +analysis: + duration_sec: 60 + timestamp: '2024-06-24T12:18:52.479745+00:00' +kunai: + args: + - --include=all + - --send-data-min-len=0 + version: kunai 0.2.3 +sample: + args: [] +system: + kernel: 5.10.0-30-cloud-amd64 + uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01) + x86_64 GNU/Linux' diff --git a/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/dump.pcap b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/dump.pcap new file mode 100755 index 0000000..1f42f39 Binary files /dev/null and b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/dump.pcap differ diff --git a/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/kunai.jsonl.gz b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/kunai.jsonl.gz new file mode 100755 index 0000000..3405ad0 Binary files /dev/null and b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/kunai.jsonl.gz differ diff --git a/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/kunai.stderr b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/kunai.stderr new file mode 100755 index 0000000..d61efcd --- /dev/null +++ b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/kunai.stderr @@ -0,0 +1,2 @@ +[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0 +[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0 diff --git a/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.stderr b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.stderr new file mode 100755 index 0000000..e69de29 diff --git a/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.stdout b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.stdout new file mode 100755 index 0000000..711bd7d --- /dev/null +++ b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.stdout @@ -0,0 +1 @@ +[+] Stage 2 diff --git a/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.svg b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.svg new file mode 100755 index 0000000..c81b7c7 --- /dev/null +++ b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.svg @@ -0,0 +1,62 @@ + + + + + + +%3 + + + +guuid=7f31842b-0b00-0000-8cf8-69ff59040000 pid=1113 + +/usr/bin/sudo + + + +guuid=3de8402c-0b00-0000-8cf8-69ff5a040000 pid=1114 + +/tmp/sample.bin + + + +guuid=7f31842b-0b00-0000-8cf8-69ff59040000 pid=1113->guuid=3de8402c-0b00-0000-8cf8-69ff5a040000 pid=1114 + + +execve + + + +guuid=b54c522c-0b00-0000-8cf8-69ff5b040000 pid=1115 + +/tmp/sample.bin + +net + +zombie + + + +guuid=3de8402c-0b00-0000-8cf8-69ff5a040000 pid=1114->guuid=b54c522c-0b00-0000-8cf8-69ff5b040000 pid=1115 + + +clone + + + +110.41.14.58 + +110.41.14.58 + + + +guuid=b54c522c-0b00-0000-8cf8-69ff5b040000 pid=1115->110.41.14.58 + + +con + + + diff --git a/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/analysis.yaml b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/analysis.yaml new file mode 100755 index 0000000..03b0e8b --- /dev/null +++ b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/analysis.yaml @@ -0,0 +1,14 @@ +analysis: + duration_sec: 60 + timestamp: '2024-06-24T12:47:57.124357+00:00' +kunai: + args: + - --include=all + - --send-data-min-len=0 + version: kunai 0.2.3 +sample: + args: [] +system: + kernel: 5.10.0-30-cloud-amd64 + uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01) + x86_64 GNU/Linux' diff --git a/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/dump.pcap b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/dump.pcap new file mode 100755 index 0000000..21c4391 Binary files /dev/null and b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/dump.pcap differ diff --git a/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/kunai.jsonl.gz b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/kunai.jsonl.gz new file mode 100755 index 0000000..8c937c6 Binary files /dev/null and b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/kunai.jsonl.gz differ diff --git a/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/kunai.stderr b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/kunai.stderr new file mode 100755 index 0000000..d61efcd --- /dev/null +++ b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/kunai.stderr @@ -0,0 +1,2 @@ +[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0 +[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0 diff --git a/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/sample.stderr b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/sample.stderr new file mode 100755 index 0000000..e69de29 diff --git a/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/sample.stdout b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/sample.stdout new file mode 100755 index 0000000..e69de29 diff --git a/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/sample.svg b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/sample.svg new file mode 100755 index 0000000..d63a9d8 --- /dev/null +++ b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/sample.svg @@ -0,0 +1,108 @@ + + + + + + +%3 + + + +guuid=bd280644-0b00-0000-e216-e78358040000 pid=1112 + +/usr/bin/sudo + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1113 + +/tmp/sample.bin + +net + + + +guuid=bd280644-0b00-0000-e216-e78358040000 pid=1112->guuid=b541e645-0b00-0000-e216-e78359040000 pid=1113 + + +execve + + + +4c2c6f21-1ae9-583d-aa53-0dce680082ed + +2a12:5940:7116::2 + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1113->4c2c6f21-1ae9-583d-aa53-0dce680082ed + + +con + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1114 + +/tmp/sample.bin + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1113->guuid=b541e645-0b00-0000-e216-e78359040000 pid=1114 + + +clone + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1115 + +/tmp/sample.bin + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1113->guuid=b541e645-0b00-0000-e216-e78359040000 pid=1115 + + +clone + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1116 + +/tmp/sample.bin + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1113->guuid=b541e645-0b00-0000-e216-e78359040000 pid=1116 + + +clone + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1117 + +/tmp/sample.bin + +net + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1113->guuid=b541e645-0b00-0000-e216-e78359040000 pid=1117 + + +clone + + + +guuid=b541e645-0b00-0000-e216-e78359040000 pid=1117->4c2c6f21-1ae9-583d-aa53-0dce680082ed + + +con + + + diff --git a/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161 b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161 new file mode 100644 index 0000000..b18a973 Binary files /dev/null and b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161 differ diff --git a/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/analysis.yaml b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/analysis.yaml new file mode 100755 index 0000000..7b429b1 --- /dev/null +++ b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/analysis.yaml @@ -0,0 +1,14 @@ +analysis: + duration_sec: 60 + timestamp: '2024-06-24T12:15:23.575880+00:00' +kunai: + args: + - --include=all + - --send-data-min-len=0 + version: kunai 0.2.3 +sample: + args: [] +system: + kernel: 5.10.0-30-cloud-amd64 + uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01) + x86_64 GNU/Linux' diff --git a/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/dump.pcap b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/dump.pcap new file mode 100755 index 0000000..2d5be9e Binary files /dev/null and b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/dump.pcap differ diff --git a/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/kunai.jsonl.gz b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/kunai.jsonl.gz new file mode 100755 index 0000000..358cd2e Binary files /dev/null and b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/kunai.jsonl.gz differ diff --git a/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/kunai.stderr b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/kunai.stderr new file mode 100755 index 0000000..d61efcd --- /dev/null +++ b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/kunai.stderr @@ -0,0 +1,2 @@ +[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0 +[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0 diff --git a/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/sample.stderr b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/sample.stderr new file mode 100755 index 0000000..e69de29 diff --git a/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/sample.stdout b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/sample.stdout new file mode 100755 index 0000000..e69de29 diff --git a/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/sample.svg b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/sample.svg new file mode 100755 index 0000000..8396a56 --- /dev/null +++ b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/sample.svg @@ -0,0 +1,79 @@ + + + + + + +%3 + + + +guuid=a0c9fb2d-0b00-0000-ba64-d1ba59040000 pid=1113 + +/usr/bin/sudo + + + +guuid=837bc42e-0b00-0000-ba64-d1ba5a040000 pid=1114 + +/tmp/sample.bin + + + +guuid=a0c9fb2d-0b00-0000-ba64-d1ba59040000 pid=1113->guuid=837bc42e-0b00-0000-ba64-d1ba5a040000 pid=1114 + + +execve + + + +guuid=8b77dc2e-0b00-0000-ba64-d1ba5b040000 pid=1115 + +/tmp/sample.bin + +dns + +net + +send-data + +zombie + + + +guuid=837bc42e-0b00-0000-ba64-d1ba5a040000 pid=1114->guuid=8b77dc2e-0b00-0000-ba64-d1ba5b040000 pid=1115 + + +clone + + + +10.0.2.3 + +10.0.2.3 + + + +guuid=8b77dc2e-0b00-0000-ba64-d1ba5b040000 pid=1115->10.0.2.3 + + +send: 66B + + + +108.181.160.104 + +108.181.160.104 + + + +guuid=8b77dc2e-0b00-0000-ba64-d1ba5b040000 pid=1115->108.181.160.104 + + +con + + + diff --git a/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b new file mode 100644 index 0000000..6665aef Binary files /dev/null and b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b differ