NGSOTI/malware-dataset
4
1
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

New samples from malware bazaar

Browse source
This commit is contained in:
Quentin JEROME 2024-06-24 14:50:22 +02:00
parent cf210906d0
commit 8478e173ab
Signed by: qjerome
SSH key fingerprint: SHA256:OQtDLu0eOg5WcidNQCaVrZiOANoA9Rp7H5aASBrNtPk
24 changed files with 298 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

BIN
linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05 Normal file
View file

Binary file not shown.

14
linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/analysis.yaml Executable file
View file

@ -0,0 +1,14 @@
analysis:
duration_sec: 60
timestamp: '2024-06-24T12:18:52.479745+00:00'
kunai:
args:
- --include=all
- --send-data-min-len=0
version: kunai 0.2.3
sample:
args: []
system:
kernel: 5.10.0-30-cloud-amd64
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
x86_64 GNU/Linux'

BIN
linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/dump.pcap Executable file
View file

Binary file not shown.

BIN
linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/kunai.jsonl.gz Executable file
View file

Binary file not shown.

2
linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/kunai.stderr Executable file
View file

@ -0,0 +1,2 @@
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0

0
linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.stderr Executable file
View file

1
linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.stdout Executable file
View file

@ -0,0 +1 @@
[+] Stage 2

62
linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/analysis/sample.svg Executable file
View file

@ -0,0 +1,62 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<!-- Generated by graphviz version 2.43.0 (0)
-->
<!-- Title: %3 Pages: 1 -->
<svg width="182pt" height="319pt"
viewBox="0.00 0.00 182.00 319.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 315)">
<title>%3</title>
<polygon fill="white" stroke="transparent" points="-4,4 -4,-315 178,-315 178,4 -4,4"/>
<!-- guuid=7f31842b&#45;0b00&#45;0000&#45;8cf8&#45;69ff59040000 pid=1113 -->
<g id="node1" class="node">
<title>guuid=7f31842b&#45;0b00&#45;0000&#45;8cf8&#45;69ff59040000 pid=1113</title>
<path fill="white" stroke="black" d="M52,-274.5C52,-274.5 122,-274.5 122,-274.5 128,-274.5 134,-280.5 134,-286.5 134,-286.5 134,-298.5 134,-298.5 134,-304.5 128,-310.5 122,-310.5 122,-310.5 52,-310.5 52,-310.5 46,-310.5 40,-304.5 40,-298.5 40,-298.5 40,-286.5 40,-286.5 40,-280.5 46,-274.5 52,-274.5"/>
<text text-anchor="middle" x="87" y="-288.8" font-family="Arial" font-size="14.00">/usr/bin/sudo</text>
</g>
<!-- guuid=3de8402c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5a040000 pid=1114 -->
<g id="node2" class="node">
<title>guuid=3de8402c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5a040000 pid=1114</title>
<path fill="white" stroke="black" d="M42.5,-186.5C42.5,-186.5 131.5,-186.5 131.5,-186.5 137.5,-186.5 143.5,-192.5 143.5,-198.5 143.5,-198.5 143.5,-210.5 143.5,-210.5 143.5,-216.5 137.5,-222.5 131.5,-222.5 131.5,-222.5 42.5,-222.5 42.5,-222.5 36.5,-222.5 30.5,-216.5 30.5,-210.5 30.5,-210.5 30.5,-198.5 30.5,-198.5 30.5,-192.5 36.5,-186.5 42.5,-186.5"/>
<text text-anchor="middle" x="87" y="-200.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
</g>
<!-- guuid=7f31842b&#45;0b00&#45;0000&#45;8cf8&#45;69ff59040000 pid=1113&#45;&gt;guuid=3de8402c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5a040000 pid=1114 -->
<g id="edge1" class="edge">
<title>guuid=7f31842b&#45;0b00&#45;0000&#45;8cf8&#45;69ff59040000 pid=1113&#45;&gt;guuid=3de8402c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5a040000 pid=1114</title>
<path fill="none" stroke="black" d="M87,-274.1C87,-262.25 87,-246.32 87,-232.79"/>
<polygon fill="black" stroke="black" points="90.5,-232.58 87,-222.58 83.5,-232.58 90.5,-232.58"/>
<text text-anchor="middle" x="108.5" y="-244.8" font-family="Arial" font-size="14.00">execve</text>
</g>
<!-- guuid=b54c522c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5b040000 pid=1115 -->
<g id="node3" class="node">
<title>guuid=b54c522c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5b040000 pid=1115</title>
<path fill="#3b5741" stroke="black" d="M12,-88.5C12,-88.5 162,-88.5 162,-88.5 168,-88.5 174,-94.5 174,-100.5 174,-100.5 174,-122.5 174,-122.5 174,-128.5 168,-134.5 162,-134.5 162,-134.5 12,-134.5 12,-134.5 6,-134.5 0,-128.5 0,-122.5 0,-122.5 0,-100.5 0,-100.5 0,-94.5 6,-88.5 12,-88.5"/>
<text text-anchor="middle" x="56.5" y="-119.3" font-family="Arial" font-size="14.00" fill="#fff000">/tmp/sample.bin</text>
<polyline fill="none" stroke="black" points="0,-111.5 113,-111.5 "/>
<text text-anchor="middle" x="56.5" y="-96.3" font-family="Arial" font-size="14.00" fill="#fff000">net</text>
<polyline fill="none" stroke="black" points="113,-88.5 113,-134.5 "/>
<text text-anchor="middle" x="143.5" y="-107.8" font-family="Arial" font-size="14.00" fill="#fff000">zombie</text>
</g>
<!-- guuid=3de8402c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5a040000 pid=1114&#45;&gt;guuid=b54c522c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5b040000 pid=1115 -->
<g id="edge2" class="edge">
<title>guuid=3de8402c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5a040000 pid=1114&#45;&gt;guuid=b54c522c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5b040000 pid=1115</title>
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M87,-186.38C87,-174.73 87,-158.95 87,-144.96"/>
<polygon fill="black" stroke="black" points="90.5,-144.71 87,-134.71 83.5,-144.71 90.5,-144.71"/>
<text text-anchor="middle" x="103.5" y="-156.8" font-family="Arial" font-size="14.00">clone</text>
</g>
<!-- 110.41.14.58 -->
<g id="node4" class="node">
<title>110.41.14.58</title>
<path fill="grey" stroke="black" d="M51.5,-0.5C51.5,-0.5 122.5,-0.5 122.5,-0.5 128.5,-0.5 134.5,-6.5 134.5,-12.5 134.5,-12.5 134.5,-24.5 134.5,-24.5 134.5,-30.5 128.5,-36.5 122.5,-36.5 122.5,-36.5 51.5,-36.5 51.5,-36.5 45.5,-36.5 39.5,-30.5 39.5,-24.5 39.5,-24.5 39.5,-12.5 39.5,-12.5 39.5,-6.5 45.5,-0.5 51.5,-0.5"/>
<text text-anchor="middle" x="87" y="-14.8" font-family="Arial" font-size="14.00" fill="white">110.41.14.58</text>
</g>
<!-- guuid=b54c522c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5b040000 pid=1115&#45;&gt;110.41.14.58 -->
<g id="edge3" class="edge">
<title>guuid=b54c522c&#45;0b00&#45;0000&#45;8cf8&#45;69ff5b040000 pid=1115&#45;&gt;110.41.14.58</title>
<path fill="none" stroke="red" stroke-dasharray="5,2" d="M87,-88.47C87,-75.94 87,-60.13 87,-46.81"/>
<polygon fill="red" stroke="red" points="90.5,-46.77 87,-36.77 83.5,-46.77 90.5,-46.77"/>
<text text-anchor="middle" x="98" y="-58.8" font-family="Arial" font-size="14.00" fill="red">con</text>
</g>
</g>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 5 KiB

14
linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/analysis.yaml Executable file
View file

@ -0,0 +1,14 @@
analysis:
duration_sec: 60
timestamp: '2024-06-24T12:47:57.124357+00:00'
kunai:
args:
- --include=all
- --send-data-min-len=0
version: kunai 0.2.3
sample:
args: []
system:
kernel: 5.10.0-30-cloud-amd64
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
x86_64 GNU/Linux'

BIN
linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/dump.pcap Executable file
View file

Binary file not shown.

BIN
linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/kunai.jsonl.gz Executable file
View file

Binary file not shown.

2
linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/kunai.stderr Executable file
View file

@ -0,0 +1,2 @@
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0

0
linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/sample.stderr Executable file
View file

0
linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/sample.stdout Executable file
View file

108
linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/analysis/sample.svg Executable file
View file

@ -0,0 +1,108 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<!-- Generated by graphviz version 2.43.0 (0)
-->
<!-- Title: %3 Pages: 1 -->
<svg width="603pt" height="329pt"
viewBox="0.00 0.00 602.50 329.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 325)">
<title>%3</title>
<polygon fill="white" stroke="transparent" points="-4,4 -4,-325 598.5,-325 598.5,4 -4,4"/>
<!-- guuid=bd280644&#45;0b00&#45;0000&#45;e216&#45;e78358040000 pid=1112 -->
<g id="node1" class="node">
<title>guuid=bd280644&#45;0b00&#45;0000&#45;e216&#45;e78358040000 pid=1112</title>
<path fill="white" stroke="black" d="M241,-284.5C241,-284.5 311,-284.5 311,-284.5 317,-284.5 323,-290.5 323,-296.5 323,-296.5 323,-308.5 323,-308.5 323,-314.5 317,-320.5 311,-320.5 311,-320.5 241,-320.5 241,-320.5 235,-320.5 229,-314.5 229,-308.5 229,-308.5 229,-296.5 229,-296.5 229,-290.5 235,-284.5 241,-284.5"/>
<text text-anchor="middle" x="276" y="-298.8" font-family="Arial" font-size="14.00">/usr/bin/sudo</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113 -->
<g id="node2" class="node">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113</title>
<path fill="#ffbfbf" stroke="black" d="M231.5,-186.5C231.5,-186.5 320.5,-186.5 320.5,-186.5 326.5,-186.5 332.5,-192.5 332.5,-198.5 332.5,-198.5 332.5,-220.5 332.5,-220.5 332.5,-226.5 326.5,-232.5 320.5,-232.5 320.5,-232.5 231.5,-232.5 231.5,-232.5 225.5,-232.5 219.5,-226.5 219.5,-220.5 219.5,-220.5 219.5,-198.5 219.5,-198.5 219.5,-192.5 225.5,-186.5 231.5,-186.5"/>
<text text-anchor="middle" x="276" y="-217.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
<polyline fill="none" stroke="black" points="219.5,-209.5 332.5,-209.5 "/>
<text text-anchor="middle" x="276" y="-194.3" font-family="Arial" font-size="14.00">net</text>
</g>
<!-- guuid=bd280644&#45;0b00&#45;0000&#45;e216&#45;e78358040000 pid=1112&#45;&gt;guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113 -->
<g id="edge1" class="edge">
<title>guuid=bd280644&#45;0b00&#45;0000&#45;e216&#45;e78358040000 pid=1112&#45;&gt;guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113</title>
<path fill="none" stroke="black" d="M276,-284.38C276,-272.73 276,-256.95 276,-242.96"/>
<polygon fill="black" stroke="black" points="279.5,-242.71 276,-232.71 272.5,-242.71 279.5,-242.71"/>
<text text-anchor="middle" x="297.5" y="-254.8" font-family="Arial" font-size="14.00">execve</text>
</g>
<!-- 4c2c6f21&#45;1ae9&#45;583d&#45;aa53&#45;0dce680082ed -->
<g id="node3" class="node">
<title>4c2c6f21&#45;1ae9&#45;583d&#45;aa53&#45;0dce680082ed</title>
<path fill="grey" stroke="black" d="M12,-0.5C12,-0.5 116,-0.5 116,-0.5 122,-0.5 128,-6.5 128,-12.5 128,-12.5 128,-24.5 128,-24.5 128,-30.5 122,-36.5 116,-36.5 116,-36.5 12,-36.5 12,-36.5 6,-36.5 0,-30.5 0,-24.5 0,-24.5 0,-12.5 0,-12.5 0,-6.5 6,-0.5 12,-0.5"/>
<text text-anchor="middle" x="64" y="-14.8" font-family="Arial" font-size="14.00" fill="white">2a12:5940:7116::2</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113&#45;&gt;4c2c6f21&#45;1ae9&#45;583d&#45;aa53&#45;0dce680082ed -->
<g id="edge2" class="edge">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113&#45;&gt;4c2c6f21&#45;1ae9&#45;583d&#45;aa53&#45;0dce680082ed</title>
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M219.08,-206.91C167.33,-202.08 93.65,-185.95 57,-135 38.55,-109.34 45.42,-71.6 53.46,-46.32"/>
<polygon fill="green" stroke="green" points="56.84,-47.23 56.78,-36.64 50.22,-44.96 56.84,-47.23"/>
<text text-anchor="middle" x="68" y="-107.8" font-family="Arial" font-size="14.00" fill="green">con</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1114 -->
<g id="node4" class="node">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1114</title>
<path fill="white" stroke="black" d="M100.5,-93.5C100.5,-93.5 189.5,-93.5 189.5,-93.5 195.5,-93.5 201.5,-99.5 201.5,-105.5 201.5,-105.5 201.5,-117.5 201.5,-117.5 201.5,-123.5 195.5,-129.5 189.5,-129.5 189.5,-129.5 100.5,-129.5 100.5,-129.5 94.5,-129.5 88.5,-123.5 88.5,-117.5 88.5,-117.5 88.5,-105.5 88.5,-105.5 88.5,-99.5 94.5,-93.5 100.5,-93.5"/>
<text text-anchor="middle" x="145" y="-107.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113&#45;&gt;guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1114 -->
<g id="edge3" class="edge">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113&#45;&gt;guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1114</title>
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M245.95,-186.48C225.23,-171.3 197.75,-151.16 176.69,-135.72"/>
<polygon fill="black" stroke="black" points="178.52,-132.73 168.39,-129.64 174.38,-138.37 178.52,-132.73"/>
<text text-anchor="middle" x="235.5" y="-156.8" font-family="Arial" font-size="14.00">clone</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1115 -->
<g id="node5" class="node">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1115</title>
<path fill="white" stroke="black" d="M231.5,-93.5C231.5,-93.5 320.5,-93.5 320.5,-93.5 326.5,-93.5 332.5,-99.5 332.5,-105.5 332.5,-105.5 332.5,-117.5 332.5,-117.5 332.5,-123.5 326.5,-129.5 320.5,-129.5 320.5,-129.5 231.5,-129.5 231.5,-129.5 225.5,-129.5 219.5,-123.5 219.5,-117.5 219.5,-117.5 219.5,-105.5 219.5,-105.5 219.5,-99.5 225.5,-93.5 231.5,-93.5"/>
<text text-anchor="middle" x="276" y="-107.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113&#45;&gt;guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1115 -->
<g id="edge4" class="edge">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113&#45;&gt;guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1115</title>
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M276,-186.23C276,-172.33 276,-154.33 276,-139.6"/>
<polygon fill="black" stroke="black" points="279.5,-139.55 276,-129.55 272.5,-139.55 279.5,-139.55"/>
<text text-anchor="middle" x="292.5" y="-156.8" font-family="Arial" font-size="14.00">clone</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1116 -->
<g id="node6" class="node">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1116</title>
<path fill="white" stroke="black" d="M362.5,-93.5C362.5,-93.5 451.5,-93.5 451.5,-93.5 457.5,-93.5 463.5,-99.5 463.5,-105.5 463.5,-105.5 463.5,-117.5 463.5,-117.5 463.5,-123.5 457.5,-129.5 451.5,-129.5 451.5,-129.5 362.5,-129.5 362.5,-129.5 356.5,-129.5 350.5,-123.5 350.5,-117.5 350.5,-117.5 350.5,-105.5 350.5,-105.5 350.5,-99.5 356.5,-93.5 362.5,-93.5"/>
<text text-anchor="middle" x="407" y="-107.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113&#45;&gt;guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1116 -->
<g id="edge5" class="edge">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113&#45;&gt;guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1116</title>
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M306.05,-186.48C326.77,-171.3 354.25,-151.16 375.31,-135.72"/>
<polygon fill="black" stroke="black" points="377.62,-138.37 383.61,-129.64 373.48,-132.73 377.62,-138.37"/>
<text text-anchor="middle" x="366.5" y="-156.8" font-family="Arial" font-size="14.00">clone</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1117 -->
<g id="node7" class="node">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1117</title>
<path fill="#ffbfbf" stroke="black" d="M493.5,-88.5C493.5,-88.5 582.5,-88.5 582.5,-88.5 588.5,-88.5 594.5,-94.5 594.5,-100.5 594.5,-100.5 594.5,-122.5 594.5,-122.5 594.5,-128.5 588.5,-134.5 582.5,-134.5 582.5,-134.5 493.5,-134.5 493.5,-134.5 487.5,-134.5 481.5,-128.5 481.5,-122.5 481.5,-122.5 481.5,-100.5 481.5,-100.5 481.5,-94.5 487.5,-88.5 493.5,-88.5"/>
<text text-anchor="middle" x="538" y="-119.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
<polyline fill="none" stroke="black" points="481.5,-111.5 594.5,-111.5 "/>
<text text-anchor="middle" x="538" y="-96.3" font-family="Arial" font-size="14.00">net</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113&#45;&gt;guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1117 -->
<g id="edge6" class="edge">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1113&#45;&gt;guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1117</title>
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M332.76,-187.82C350.17,-181.47 369.37,-174.45 387,-168 414.8,-157.82 445.46,-146.56 471.85,-136.85"/>
<polygon fill="black" stroke="black" points="473.19,-140.09 481.36,-133.35 470.77,-133.52 473.19,-140.09"/>
<text text-anchor="middle" x="440.5" y="-156.8" font-family="Arial" font-size="14.00">clone</text>
</g>
<!-- guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1117&#45;&gt;4c2c6f21&#45;1ae9&#45;583d&#45;aa53&#45;0dce680082ed -->
<g id="edge7" class="edge">
<title>guuid=b541e645&#45;0b00&#45;0000&#45;e216&#45;e78359040000 pid=1117&#45;&gt;4c2c6f21&#45;1ae9&#45;583d&#45;aa53&#45;0dce680082ed</title>
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M481.45,-90.3C478.6,-89.48 475.78,-88.71 473,-88 357.64,-58.59 220.67,-38.6 138.13,-28.12"/>
<polygon fill="green" stroke="green" points="138.45,-24.64 128.1,-26.86 137.58,-31.58 138.45,-24.64"/>
<text text-anchor="middle" x="395" y="-58.8" font-family="Arial" font-size="14.00" fill="green">con</text>
</g>
</g>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 9.8 KiB

BIN
linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161 Normal file
View file

Binary file not shown.

14
linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/analysis.yaml Executable file
View file

@ -0,0 +1,14 @@
analysis:
duration_sec: 60
timestamp: '2024-06-24T12:15:23.575880+00:00'
kunai:
args:
- --include=all
- --send-data-min-len=0
version: kunai 0.2.3
sample:
args: []
system:
kernel: 5.10.0-30-cloud-amd64
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
x86_64 GNU/Linux'

BIN
linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/dump.pcap Executable file
View file

Binary file not shown.

BIN
linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/kunai.jsonl.gz Executable file
View file

Binary file not shown.

2
linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/kunai.stderr Executable file
View file

@ -0,0 +1,2 @@
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0

0
linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/sample.stderr Executable file
View file

0
linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/sample.stdout Executable file
View file

79
linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/analysis/sample.svg Executable file
View file

@ -0,0 +1,79 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
<!-- Generated by graphviz version 2.43.0 (0)
-->
<!-- Title: %3 Pages: 1 -->
<svg width="210pt" height="365pt"
viewBox="0.00 0.00 209.50 365.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 361)">
<title>%3</title>
<polygon fill="white" stroke="transparent" points="-4,4 -4,-361 205.5,-361 205.5,4 -4,4"/>
<!-- guuid=a0c9fb2d&#45;0b00&#45;0000&#45;ba64&#45;d1ba59040000 pid=1113 -->
<g id="node1" class="node">
<title>guuid=a0c9fb2d&#45;0b00&#45;0000&#45;ba64&#45;d1ba59040000 pid=1113</title>
<path fill="white" stroke="black" d="M52.5,-320.5C52.5,-320.5 122.5,-320.5 122.5,-320.5 128.5,-320.5 134.5,-326.5 134.5,-332.5 134.5,-332.5 134.5,-344.5 134.5,-344.5 134.5,-350.5 128.5,-356.5 122.5,-356.5 122.5,-356.5 52.5,-356.5 52.5,-356.5 46.5,-356.5 40.5,-350.5 40.5,-344.5 40.5,-344.5 40.5,-332.5 40.5,-332.5 40.5,-326.5 46.5,-320.5 52.5,-320.5"/>
<text text-anchor="middle" x="87.5" y="-334.8" font-family="Arial" font-size="14.00">/usr/bin/sudo</text>
</g>
<!-- guuid=837bc42e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5a040000 pid=1114 -->
<g id="node2" class="node">
<title>guuid=837bc42e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5a040000 pid=1114</title>
<path fill="white" stroke="black" d="M43,-232.5C43,-232.5 132,-232.5 132,-232.5 138,-232.5 144,-238.5 144,-244.5 144,-244.5 144,-256.5 144,-256.5 144,-262.5 138,-268.5 132,-268.5 132,-268.5 43,-268.5 43,-268.5 37,-268.5 31,-262.5 31,-256.5 31,-256.5 31,-244.5 31,-244.5 31,-238.5 37,-232.5 43,-232.5"/>
<text text-anchor="middle" x="87.5" y="-246.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
</g>
<!-- guuid=a0c9fb2d&#45;0b00&#45;0000&#45;ba64&#45;d1ba59040000 pid=1113&#45;&gt;guuid=837bc42e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5a040000 pid=1114 -->
<g id="edge1" class="edge">
<title>guuid=a0c9fb2d&#45;0b00&#45;0000&#45;ba64&#45;d1ba59040000 pid=1113&#45;&gt;guuid=837bc42e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5a040000 pid=1114</title>
<path fill="none" stroke="black" d="M87.5,-320.1C87.5,-308.25 87.5,-292.32 87.5,-278.79"/>
<polygon fill="black" stroke="black" points="91,-278.58 87.5,-268.58 84,-278.58 91,-278.58"/>
<text text-anchor="middle" x="109" y="-290.8" font-family="Arial" font-size="14.00">execve</text>
</g>
<!-- guuid=8b77dc2e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5b040000 pid=1115 -->
<g id="node3" class="node">
<title>guuid=8b77dc2e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5b040000 pid=1115</title>
<path fill="#3b5741" stroke="black" d="M12.5,-88.5C12.5,-88.5 162.5,-88.5 162.5,-88.5 168.5,-88.5 174.5,-94.5 174.5,-100.5 174.5,-100.5 174.5,-168.5 174.5,-168.5 174.5,-174.5 168.5,-180.5 162.5,-180.5 162.5,-180.5 12.5,-180.5 12.5,-180.5 6.5,-180.5 0.5,-174.5 0.5,-168.5 0.5,-168.5 0.5,-100.5 0.5,-100.5 0.5,-94.5 6.5,-88.5 12.5,-88.5"/>
<text text-anchor="middle" x="57" y="-165.3" font-family="Arial" font-size="14.00" fill="#fff000">/tmp/sample.bin</text>
<polyline fill="none" stroke="black" points="0.5,-157.5 113.5,-157.5 "/>
<text text-anchor="middle" x="57" y="-142.3" font-family="Arial" font-size="14.00" fill="#fff000">dns</text>
<polyline fill="none" stroke="black" points="0.5,-134.5 113.5,-134.5 "/>
<text text-anchor="middle" x="57" y="-119.3" font-family="Arial" font-size="14.00" fill="#fff000">net</text>
<polyline fill="none" stroke="black" points="0.5,-111.5 113.5,-111.5 "/>
<text text-anchor="middle" x="57" y="-96.3" font-family="Arial" font-size="14.00" fill="#fff000">send&#45;data</text>
<polyline fill="none" stroke="black" points="113.5,-88.5 113.5,-180.5 "/>
<text text-anchor="middle" x="144" y="-130.8" font-family="Arial" font-size="14.00" fill="#fff000">zombie</text>
</g>
<!-- guuid=837bc42e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5a040000 pid=1114&#45;&gt;guuid=8b77dc2e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5b040000 pid=1115 -->
<g id="edge2" class="edge">
<title>guuid=837bc42e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5a040000 pid=1114&#45;&gt;guuid=8b77dc2e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5b040000 pid=1115</title>
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M87.5,-232.19C87.5,-221.05 87.5,-205.91 87.5,-190.91"/>
<polygon fill="black" stroke="black" points="91,-190.6 87.5,-180.6 84,-190.6 91,-190.6"/>
<text text-anchor="middle" x="104" y="-202.8" font-family="Arial" font-size="14.00">clone</text>
</g>
<!-- 10.0.2.3 -->
<g id="node4" class="node">
<title>10.0.2.3</title>
<path fill="grey" stroke="black" d="M12,-0.5C12,-0.5 53,-0.5 53,-0.5 59,-0.5 65,-6.5 65,-12.5 65,-12.5 65,-24.5 65,-24.5 65,-30.5 59,-36.5 53,-36.5 53,-36.5 12,-36.5 12,-36.5 6,-36.5 0,-30.5 0,-24.5 0,-24.5 0,-12.5 0,-12.5 0,-6.5 6,-0.5 12,-0.5"/>
<text text-anchor="middle" x="32.5" y="-14.8" font-family="Arial" font-size="14.00" fill="white">10.0.2.3</text>
</g>
<!-- guuid=8b77dc2e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5b040000 pid=1115&#45;&gt;10.0.2.3 -->
<g id="edge3" class="edge">
<title>guuid=8b77dc2e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5b040000 pid=1115&#45;&gt;10.0.2.3</title>
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M65.76,-88.44C58.78,-73.96 51.27,-58.4 45.16,-45.74"/>
<polygon fill="blue" stroke="blue" points="48.29,-44.17 40.79,-36.68 41.98,-47.21 48.29,-44.17"/>
<text text-anchor="middle" x="88" y="-58.8" font-family="Arial" font-size="14.00" fill="blue">send: 66B</text>
</g>
<!-- 108.181.160.104 -->
<g id="node5" class="node">
<title>108.181.160.104</title>
<path fill="grey" stroke="black" d="M95.5,-0.5C95.5,-0.5 189.5,-0.5 189.5,-0.5 195.5,-0.5 201.5,-6.5 201.5,-12.5 201.5,-12.5 201.5,-24.5 201.5,-24.5 201.5,-30.5 195.5,-36.5 189.5,-36.5 189.5,-36.5 95.5,-36.5 95.5,-36.5 89.5,-36.5 83.5,-30.5 83.5,-24.5 83.5,-24.5 83.5,-12.5 83.5,-12.5 83.5,-6.5 89.5,-0.5 95.5,-0.5"/>
<text text-anchor="middle" x="142.5" y="-14.8" font-family="Arial" font-size="14.00" fill="white">108.181.160.104</text>
</g>
<!-- guuid=8b77dc2e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5b040000 pid=1115&#45;&gt;108.181.160.104 -->
<g id="edge4" class="edge">
<title>guuid=8b77dc2e&#45;0b00&#45;0000&#45;ba64&#45;d1ba5b040000 pid=1115&#45;&gt;108.181.160.104</title>
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M111.49,-88.25C114.59,-82.15 117.67,-75.94 120.5,-70 124.15,-62.35 127.91,-53.95 131.26,-46.23"/>
<polygon fill="green" stroke="green" points="134.53,-47.5 135.26,-36.93 128.09,-44.74 134.53,-47.5"/>
<text text-anchor="middle" x="137.5" y="-58.8" font-family="Arial" font-size="14.00" fill="green">con</text>
</g>
</g>
</svg>
Side by side

After

Width:  |  Height:  |  Size: 6.5 KiB

BIN
linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b Normal file
View file

Binary file not shown.