repository re-org + sample analysis #1
76 changed files with 3943 additions and 0 deletions
|
|
@ -0,0 +1,14 @@
|
|||
analysis:
|
||||
duration_sec: 60
|
||||
timestamp: '2024-06-19T14:34:43.803337+00:00'
|
||||
kunai:
|
||||
args:
|
||||
- --include=all
|
||||
- --send-data-min-len=0
|
||||
version: kunai 0.2.3
|
||||
sample:
|
||||
args: []
|
||||
system:
|
||||
kernel: 5.10.0-30-cloud-amd64
|
||||
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
|
||||
x86_64 GNU/Linux'
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,2 @@
|
|||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
Binary file not shown.
|
|
@ -0,0 +1,195 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.43.0 (0)
|
||||
-->
|
||||
<!-- Title: %3 Pages: 1 -->
|
||||
<svg width="786pt" height="474pt"
|
||||
viewBox="0.00 0.00 785.76 474.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 470)">
|
||||
<title>%3</title>
|
||||
<polygon fill="white" stroke="transparent" points="-4,4 -4,-470 781.76,-470 781.76,4 -4,4"/>
|
||||
<!-- guuid=32bea02a-0b00-0000-482e-ff2759040000 pid=1113 -->
|
||||
<g id="node1" class="node">
|
||||
<title>guuid=32bea02a-0b00-0000-482e-ff2759040000 pid=1113</title>
|
||||
<path fill="white" stroke="black" d="M105.76,-429.5C105.76,-429.5 175.76,-429.5 175.76,-429.5 181.76,-429.5 187.76,-435.5 187.76,-441.5 187.76,-441.5 187.76,-453.5 187.76,-453.5 187.76,-459.5 181.76,-465.5 175.76,-465.5 175.76,-465.5 105.76,-465.5 105.76,-465.5 99.76,-465.5 93.76,-459.5 93.76,-453.5 93.76,-453.5 93.76,-441.5 93.76,-441.5 93.76,-435.5 99.76,-429.5 105.76,-429.5"/>
|
||||
<text text-anchor="middle" x="140.76" y="-443.8" font-family="Arial" font-size="14.00">/usr/bin/sudo</text>
|
||||
</g>
|
||||
<!-- guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114 -->
|
||||
<g id="node2" class="node">
|
||||
<title>guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114</title>
|
||||
<path fill="#ffbfbf" stroke="black" d="M96.26,-331.5C96.26,-331.5 185.26,-331.5 185.26,-331.5 191.26,-331.5 197.26,-337.5 197.26,-343.5 197.26,-343.5 197.26,-365.5 197.26,-365.5 197.26,-371.5 191.26,-377.5 185.26,-377.5 185.26,-377.5 96.26,-377.5 96.26,-377.5 90.26,-377.5 84.26,-371.5 84.26,-365.5 84.26,-365.5 84.26,-343.5 84.26,-343.5 84.26,-337.5 90.26,-331.5 96.26,-331.5"/>
|
||||
<text text-anchor="middle" x="140.76" y="-362.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="84.26,-354.5 197.26,-354.5 "/>
|
||||
<text text-anchor="middle" x="140.76" y="-339.3" font-family="Arial" font-size="14.00">net</text>
|
||||
</g>
|
||||
<!-- guuid=32bea02a-0b00-0000-482e-ff2759040000 pid=1113->guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114 -->
|
||||
<g id="edge1" class="edge">
|
||||
<title>guuid=32bea02a-0b00-0000-482e-ff2759040000 pid=1113->guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114</title>
|
||||
<path fill="none" stroke="black" d="M140.76,-429.38C140.76,-417.73 140.76,-401.95 140.76,-387.96"/>
|
||||
<polygon fill="black" stroke="black" points="144.26,-387.71 140.76,-377.71 137.26,-387.71 144.26,-387.71"/>
|
||||
<text text-anchor="middle" x="162.26" y="-399.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- 8.8.8.8 -->
|
||||
<g id="node3" class="node">
|
||||
<title>8.8.8.8</title>
|
||||
<path fill="grey" stroke="black" d="M114.76,-1C114.76,-1 148.76,-1 148.76,-1 154.76,-1 160.76,-7 160.76,-13 160.76,-13 160.76,-25 160.76,-25 160.76,-31 154.76,-37 148.76,-37 148.76,-37 114.76,-37 114.76,-37 108.76,-37 102.76,-31 102.76,-25 102.76,-25 102.76,-13 102.76,-13 102.76,-7 108.76,-1 114.76,-1"/>
|
||||
<text text-anchor="middle" x="131.76" y="-15.3" font-family="Arial" font-size="14.00" fill="white">8.8.8.8</text>
|
||||
</g>
|
||||
<!-- guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114->8.8.8.8 -->
|
||||
<g id="edge2" class="edge">
|
||||
<title>guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114->8.8.8.8</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M84.21,-336.87C56.6,-325.58 25.91,-307.57 9.76,-280 -18.47,-231.79 21.22,-134.95 50.76,-89 62.42,-70.87 80.27,-54.94 96.25,-42.96"/>
|
||||
<polygon fill="green" stroke="green" points="98.35,-45.76 104.4,-37.07 94.25,-40.09 98.35,-45.76"/>
|
||||
<text text-anchor="middle" x="15.76" y="-203.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- guuid=43756c2b-0b00-0000-482e-ff275b040000 pid=1115 -->
|
||||
<g id="node4" class="node">
|
||||
<title>guuid=43756c2b-0b00-0000-482e-ff275b040000 pid=1115</title>
|
||||
<path fill="white" stroke="black" d="M31.26,-238.5C31.26,-238.5 120.26,-238.5 120.26,-238.5 126.26,-238.5 132.26,-244.5 132.26,-250.5 132.26,-250.5 132.26,-262.5 132.26,-262.5 132.26,-268.5 126.26,-274.5 120.26,-274.5 120.26,-274.5 31.26,-274.5 31.26,-274.5 25.26,-274.5 19.26,-268.5 19.26,-262.5 19.26,-262.5 19.26,-250.5 19.26,-250.5 19.26,-244.5 25.26,-238.5 31.26,-238.5"/>
|
||||
<text text-anchor="middle" x="75.76" y="-252.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114->guuid=43756c2b-0b00-0000-482e-ff275b040000 pid=1115 -->
|
||||
<g id="edge3" class="edge">
|
||||
<title>guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114->guuid=43756c2b-0b00-0000-482e-ff275b040000 pid=1115</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M125.69,-331.23C115.91,-316.79 103.14,-297.93 92.96,-282.9"/>
|
||||
<polygon fill="black" stroke="black" points="95.81,-280.87 87.31,-274.55 90.02,-284.8 95.81,-280.87"/>
|
||||
<text text-anchor="middle" x="129.26" y="-301.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=365a6d2b-0b00-0000-482e-ff275c040000 pid=1116 -->
|
||||
<g id="node5" class="node">
|
||||
<title>guuid=365a6d2b-0b00-0000-482e-ff275c040000 pid=1116</title>
|
||||
<path fill="white" stroke="black" d="M162.26,-238.5C162.26,-238.5 251.26,-238.5 251.26,-238.5 257.26,-238.5 263.26,-244.5 263.26,-250.5 263.26,-250.5 263.26,-262.5 263.26,-262.5 263.26,-268.5 257.26,-274.5 251.26,-274.5 251.26,-274.5 162.26,-274.5 162.26,-274.5 156.26,-274.5 150.26,-268.5 150.26,-262.5 150.26,-262.5 150.26,-250.5 150.26,-250.5 150.26,-244.5 156.26,-238.5 162.26,-238.5"/>
|
||||
<text text-anchor="middle" x="206.76" y="-252.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114->guuid=365a6d2b-0b00-0000-482e-ff275c040000 pid=1116 -->
|
||||
<g id="edge4" class="edge">
|
||||
<title>guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114->guuid=365a6d2b-0b00-0000-482e-ff275c040000 pid=1116</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M156.07,-331.23C166,-316.79 178.97,-297.93 189.3,-282.9"/>
|
||||
<polygon fill="black" stroke="black" points="192.26,-284.78 195.04,-274.55 186.49,-280.81 192.26,-284.78"/>
|
||||
<text text-anchor="middle" x="193.26" y="-301.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117 -->
|
||||
<g id="node6" class="node">
|
||||
<title>guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117</title>
|
||||
<path fill="#3b5741" stroke="black" d="M293.76,-233.5C293.76,-233.5 443.76,-233.5 443.76,-233.5 449.76,-233.5 455.76,-239.5 455.76,-245.5 455.76,-245.5 455.76,-267.5 455.76,-267.5 455.76,-273.5 449.76,-279.5 443.76,-279.5 443.76,-279.5 293.76,-279.5 293.76,-279.5 287.76,-279.5 281.76,-273.5 281.76,-267.5 281.76,-267.5 281.76,-245.5 281.76,-245.5 281.76,-239.5 287.76,-233.5 293.76,-233.5"/>
|
||||
<text text-anchor="middle" x="338.26" y="-264.3" font-family="Arial" font-size="14.00" fill="#fff000">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="281.76,-256.5 394.76,-256.5 "/>
|
||||
<text text-anchor="middle" x="338.26" y="-241.3" font-family="Arial" font-size="14.00" fill="#fff000">net</text>
|
||||
<polyline fill="none" stroke="black" points="394.76,-233.5 394.76,-279.5 "/>
|
||||
<text text-anchor="middle" x="425.26" y="-252.8" font-family="Arial" font-size="14.00" fill="#fff000">zombie</text>
|
||||
</g>
|
||||
<!-- guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114->guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117 -->
|
||||
<g id="edge5" class="edge">
|
||||
<title>guuid=dfa9562b-0b00-0000-482e-ff275a040000 pid=1114->guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M193.07,-331.48C226.98,-317.2 271.32,-298.53 306.97,-283.52"/>
|
||||
<polygon fill="black" stroke="black" points="308.45,-286.69 316.3,-279.59 305.73,-280.24 308.45,-286.69"/>
|
||||
<text text-anchor="middle" x="284.26" y="-301.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- 66.23.233.179 -->
|
||||
<g id="node7" class="node">
|
||||
<title>66.23.233.179</title>
|
||||
<path fill="grey" stroke="black" d="M72.26,-117.5C72.26,-117.5 151.26,-117.5 151.26,-117.5 157.26,-117.5 163.26,-123.5 163.26,-129.5 163.26,-129.5 163.26,-141.5 163.26,-141.5 163.26,-147.5 157.26,-153.5 151.26,-153.5 151.26,-153.5 72.26,-153.5 72.26,-153.5 66.26,-153.5 60.26,-147.5 60.26,-141.5 60.26,-141.5 60.26,-129.5 60.26,-129.5 60.26,-123.5 66.26,-117.5 72.26,-117.5"/>
|
||||
<text text-anchor="middle" x="111.76" y="-131.8" font-family="Arial" font-size="14.00" fill="white">66.23.233.179</text>
|
||||
</g>
|
||||
<!-- guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117->66.23.233.179 -->
|
||||
<g id="edge6" class="edge">
|
||||
<title>guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117->66.23.233.179</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M295.4,-233.48C257.63,-220.79 211.52,-203.16 172.76,-182 161.35,-175.77 149.69,-167.6 139.67,-159.91"/>
|
||||
<polygon fill="green" stroke="green" points="141.7,-157.05 131.68,-153.61 137.37,-162.55 141.7,-157.05"/>
|
||||
<text text-anchor="middle" x="250.76" y="-203.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- guuid=ef4bc12b-0b00-0000-482e-ff275e040000 pid=1118 -->
|
||||
<g id="node8" class="node">
|
||||
<title>guuid=ef4bc12b-0b00-0000-482e-ff275e040000 pid=1118</title>
|
||||
<path fill="white" stroke="black" d="M193.26,-117.5C193.26,-117.5 282.26,-117.5 282.26,-117.5 288.26,-117.5 294.26,-123.5 294.26,-129.5 294.26,-129.5 294.26,-141.5 294.26,-141.5 294.26,-147.5 288.26,-153.5 282.26,-153.5 282.26,-153.5 193.26,-153.5 193.26,-153.5 187.26,-153.5 181.26,-147.5 181.26,-141.5 181.26,-141.5 181.26,-129.5 181.26,-129.5 181.26,-123.5 187.26,-117.5 193.26,-117.5"/>
|
||||
<text text-anchor="middle" x="237.76" y="-131.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117->guuid=ef4bc12b-0b00-0000-482e-ff275e040000 pid=1118 -->
|
||||
<g id="edge7" class="edge">
|
||||
<title>guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117->guuid=ef4bc12b-0b00-0000-482e-ff275e040000 pid=1118</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M344.43,-233.4C321.69,-212.74 287.83,-181.98 264.38,-160.68"/>
|
||||
<polygon fill="black" stroke="black" points="266.62,-157.98 256.86,-153.85 261.91,-163.17 266.62,-157.98"/>
|
||||
<text text-anchor="middle" x="338.26" y="-203.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=6cc4cd2b-0b00-0000-482e-ff275f040000 pid=1119 -->
|
||||
<g id="node9" class="node">
|
||||
<title>guuid=6cc4cd2b-0b00-0000-482e-ff275f040000 pid=1119</title>
|
||||
<path fill="white" stroke="black" d="M324.26,-117.5C324.26,-117.5 413.26,-117.5 413.26,-117.5 419.26,-117.5 425.26,-123.5 425.26,-129.5 425.26,-129.5 425.26,-141.5 425.26,-141.5 425.26,-147.5 419.26,-153.5 413.26,-153.5 413.26,-153.5 324.26,-153.5 324.26,-153.5 318.26,-153.5 312.26,-147.5 312.26,-141.5 312.26,-141.5 312.26,-129.5 312.26,-129.5 312.26,-123.5 318.26,-117.5 324.26,-117.5"/>
|
||||
<text text-anchor="middle" x="368.76" y="-131.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117->guuid=6cc4cd2b-0b00-0000-482e-ff275f040000 pid=1119 -->
|
||||
<g id="edge8" class="edge">
|
||||
<title>guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117->guuid=6cc4cd2b-0b00-0000-482e-ff275f040000 pid=1119</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M368.76,-233.4C368.76,-213.82 368.76,-185.16 368.76,-164.09"/>
|
||||
<polygon fill="black" stroke="black" points="372.26,-163.85 368.76,-153.85 365.26,-163.85 372.26,-163.85"/>
|
||||
<text text-anchor="middle" x="385.26" y="-203.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120 -->
|
||||
<g id="node10" class="node">
|
||||
<title>guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120</title>
|
||||
<path fill="#ff3f3f" stroke="black" d="M455.26,-89.5C455.26,-89.5 544.26,-89.5 544.26,-89.5 550.26,-89.5 556.26,-95.5 556.26,-101.5 556.26,-101.5 556.26,-169.5 556.26,-169.5 556.26,-175.5 550.26,-181.5 544.26,-181.5 544.26,-181.5 455.26,-181.5 455.26,-181.5 449.26,-181.5 443.26,-175.5 443.26,-169.5 443.26,-169.5 443.26,-101.5 443.26,-101.5 443.26,-95.5 449.26,-89.5 455.26,-89.5"/>
|
||||
<text text-anchor="middle" x="499.76" y="-166.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="443.26,-158.5 556.26,-158.5 "/>
|
||||
<text text-anchor="middle" x="499.76" y="-143.3" font-family="Arial" font-size="14.00">net</text>
|
||||
<polyline fill="none" stroke="black" points="443.26,-135.5 556.26,-135.5 "/>
|
||||
<text text-anchor="middle" x="499.76" y="-120.3" font-family="Arial" font-size="14.00">net-scan</text>
|
||||
<polyline fill="none" stroke="black" points="443.26,-112.5 556.26,-112.5 "/>
|
||||
<text text-anchor="middle" x="499.76" y="-97.3" font-family="Arial" font-size="14.00">send-data</text>
|
||||
</g>
|
||||
<!-- guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117->guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120 -->
|
||||
<g id="edge9" class="edge">
|
||||
<title>guuid=c6da6e2b-0b00-0000-482e-ff275d040000 pid=1117->guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M393.1,-233.4C406.96,-220.81 424.95,-204.46 442.2,-188.79"/>
|
||||
<polygon fill="black" stroke="black" points="445.01,-190.97 450.06,-181.65 440.3,-185.79 445.01,-190.97"/>
|
||||
<text text-anchor="middle" x="442.26" y="-203.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120->8.8.8.8 -->
|
||||
<g id="edge10" class="edge">
|
||||
<title>guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120->8.8.8.8</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M443.06,-93.03C440.31,-91.58 437.53,-90.23 434.76,-89 345.2,-49.29 230.23,-31.2 170.97,-24.03"/>
|
||||
<polygon fill="green" stroke="green" points="171.26,-20.54 160.92,-22.86 170.44,-27.5 171.26,-20.54"/>
|
||||
<text text-anchor="middle" x="397.76" y="-59.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- 66.242.136.229 -->
|
||||
<g id="node11" class="node">
|
||||
<title>66.242.136.229</title>
|
||||
<path fill="grey" stroke="black" d="M331.76,-1C331.76,-1 417.76,-1 417.76,-1 423.76,-1 429.76,-7 429.76,-13 429.76,-13 429.76,-25 429.76,-25 429.76,-31 423.76,-37 417.76,-37 417.76,-37 331.76,-37 331.76,-37 325.76,-37 319.76,-31 319.76,-25 319.76,-25 319.76,-13 319.76,-13 319.76,-7 325.76,-1 331.76,-1"/>
|
||||
<text text-anchor="middle" x="374.76" y="-15.3" font-family="Arial" font-size="14.00" fill="white">66.242.136.229</text>
|
||||
</g>
|
||||
<!-- guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120->66.242.136.229 -->
|
||||
<g id="edge11" class="edge">
|
||||
<title>guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120->66.242.136.229</title>
|
||||
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M450.36,-89.25C433.55,-73.85 415.41,-57.23 401.12,-44.14"/>
|
||||
<polygon fill="blue" stroke="blue" points="403.34,-41.43 393.6,-37.26 398.61,-46.59 403.34,-41.43"/>
|
||||
<text text-anchor="middle" x="460.26" y="-59.8" font-family="Arial" font-size="14.00" fill="blue">send: 40B</text>
|
||||
</g>
|
||||
<!-- 197.158.12.78 -->
|
||||
<g id="node12" class="node">
|
||||
<title>197.158.12.78</title>
|
||||
<path fill="grey" stroke="black" d="M460.26,-1C460.26,-1 539.26,-1 539.26,-1 545.26,-1 551.26,-7 551.26,-13 551.26,-13 551.26,-25 551.26,-25 551.26,-31 545.26,-37 539.26,-37 539.26,-37 460.26,-37 460.26,-37 454.26,-37 448.26,-31 448.26,-25 448.26,-25 448.26,-13 448.26,-13 448.26,-7 454.26,-1 460.26,-1"/>
|
||||
<text text-anchor="middle" x="499.76" y="-15.3" font-family="Arial" font-size="14.00" fill="white">197.158.12.78</text>
|
||||
</g>
|
||||
<!-- guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120->197.158.12.78 -->
|
||||
<g id="edge12" class="edge">
|
||||
<title>guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120->197.158.12.78</title>
|
||||
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M499.76,-89.25C499.76,-75.13 499.76,-59.99 499.76,-47.48"/>
|
||||
<polygon fill="blue" stroke="blue" points="503.26,-47.26 499.76,-37.26 496.26,-47.26 503.26,-47.26"/>
|
||||
<text text-anchor="middle" x="530.26" y="-59.8" font-family="Arial" font-size="14.00" fill="blue">send: 40B</text>
|
||||
</g>
|
||||
<!-- guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120|send-data -->
|
||||
<g id="node13" class="node">
|
||||
<title>guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120|send-data</title>
|
||||
<path fill="grey" stroke="black" d="M765.76,-38C765.76,-38 581.76,-38 581.76,-38 575.76,-38 569.76,-32 569.76,-26 569.76,-26 569.76,-12 569.76,-12 569.76,-6 575.76,0 581.76,0 581.76,0 765.76,0 765.76,0 771.76,0 777.76,-6 777.76,-12 777.76,-12 777.76,-26 777.76,-26 777.76,-32 771.76,-38 765.76,-38"/>
|
||||
<text text-anchor="middle" x="673.76" y="-22.8" font-family="Arial" font-size="14.00" fill="white">send-data to 9280 IP addresses</text>
|
||||
<text text-anchor="middle" x="673.76" y="-7.8" font-family="Arial" font-size="14.00" fill="white">review logs to see them all</text>
|
||||
</g>
|
||||
<!-- guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120->guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120|send-data -->
|
||||
<g id="edge13" class="edge">
|
||||
<title>guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120->guuid=0ea3ce2b-0b00-0000-482e-ff2760040000 pid=1120|send-data</title>
|
||||
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M556.74,-97.01C583.28,-79.54 614.07,-59.28 637.4,-43.93"/>
|
||||
<polygon fill="blue" stroke="blue" points="639.53,-46.72 645.96,-38.3 635.68,-40.87 639.53,-46.72"/>
|
||||
<text text-anchor="middle" x="631.76" y="-59.8" font-family="Arial" font-size="14.00" fill="blue">send</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 18 KiB |
Binary file not shown.
|
|
@ -0,0 +1,14 @@
|
|||
analysis:
|
||||
duration_sec: 60
|
||||
timestamp: '2024-06-19T14:35:54.333976+00:00'
|
||||
kunai:
|
||||
args:
|
||||
- --include=all
|
||||
- --send-data-min-len=0
|
||||
version: kunai 0.2.3
|
||||
sample:
|
||||
args: []
|
||||
system:
|
||||
kernel: 5.10.0-30-cloud-amd64
|
||||
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
|
||||
x86_64 GNU/Linux'
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,2 @@
|
|||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
|
|
@ -0,0 +1,531 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.43.0 (0)
|
||||
-->
|
||||
<!-- Title: %3 Pages: 1 -->
|
||||
<svg width="2311pt" height="747pt"
|
||||
viewBox="0.00 0.00 2311.00 747.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 743)">
|
||||
<title>%3</title>
|
||||
<polygon fill="white" stroke="transparent" points="-4,4 -4,-743 2307,-743 2307,4 -4,4"/>
|
||||
<!-- guuid=1b8c051f-0b00-0000-2b3c-d78659040000 pid=1113 -->
|
||||
<g id="node1" class="node">
|
||||
<title>guuid=1b8c051f-0b00-0000-2b3c-d78659040000 pid=1113</title>
|
||||
<path fill="white" stroke="black" d="M1040,-702.5C1040,-702.5 1110,-702.5 1110,-702.5 1116,-702.5 1122,-708.5 1122,-714.5 1122,-714.5 1122,-726.5 1122,-726.5 1122,-732.5 1116,-738.5 1110,-738.5 1110,-738.5 1040,-738.5 1040,-738.5 1034,-738.5 1028,-732.5 1028,-726.5 1028,-726.5 1028,-714.5 1028,-714.5 1028,-708.5 1034,-702.5 1040,-702.5"/>
|
||||
<text text-anchor="middle" x="1075" y="-716.8" font-family="Arial" font-size="14.00">/usr/bin/sudo</text>
|
||||
</g>
|
||||
<!-- guuid=c84cc31f-0b00-0000-2b3c-d7865a040000 pid=1114 -->
|
||||
<g id="node2" class="node">
|
||||
<title>guuid=c84cc31f-0b00-0000-2b3c-d7865a040000 pid=1114</title>
|
||||
<path fill="white" stroke="black" d="M1030.5,-614.5C1030.5,-614.5 1119.5,-614.5 1119.5,-614.5 1125.5,-614.5 1131.5,-620.5 1131.5,-626.5 1131.5,-626.5 1131.5,-638.5 1131.5,-638.5 1131.5,-644.5 1125.5,-650.5 1119.5,-650.5 1119.5,-650.5 1030.5,-650.5 1030.5,-650.5 1024.5,-650.5 1018.5,-644.5 1018.5,-638.5 1018.5,-638.5 1018.5,-626.5 1018.5,-626.5 1018.5,-620.5 1024.5,-614.5 1030.5,-614.5"/>
|
||||
<text text-anchor="middle" x="1075" y="-628.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=1b8c051f-0b00-0000-2b3c-d78659040000 pid=1113->guuid=c84cc31f-0b00-0000-2b3c-d7865a040000 pid=1114 -->
|
||||
<g id="edge1" class="edge">
|
||||
<title>guuid=1b8c051f-0b00-0000-2b3c-d78659040000 pid=1113->guuid=c84cc31f-0b00-0000-2b3c-d7865a040000 pid=1114</title>
|
||||
<path fill="none" stroke="black" d="M1075,-702.1C1075,-690.25 1075,-674.32 1075,-660.79"/>
|
||||
<polygon fill="black" stroke="black" points="1078.5,-660.58 1075,-650.58 1071.5,-660.58 1078.5,-660.58"/>
|
||||
<text text-anchor="middle" x="1096.5" y="-672.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115 -->
|
||||
<g id="node3" class="node">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115</title>
|
||||
<path fill="#3b5741" stroke="black" d="M1000,-493.5C1000,-493.5 1150,-493.5 1150,-493.5 1156,-493.5 1162,-499.5 1162,-505.5 1162,-505.5 1162,-550.5 1162,-550.5 1162,-556.5 1156,-562.5 1150,-562.5 1150,-562.5 1000,-562.5 1000,-562.5 994,-562.5 988,-556.5 988,-550.5 988,-550.5 988,-505.5 988,-505.5 988,-499.5 994,-493.5 1000,-493.5"/>
|
||||
<text text-anchor="middle" x="1044.5" y="-547.3" font-family="Arial" font-size="14.00" fill="#fff000">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="988,-539.5 1101,-539.5 "/>
|
||||
<text text-anchor="middle" x="1044.5" y="-524.3" font-family="Arial" font-size="14.00" fill="#fff000">write-config</text>
|
||||
<polyline fill="none" stroke="black" points="988,-516.5 1101,-516.5 "/>
|
||||
<text text-anchor="middle" x="1044.5" y="-501.3" font-family="Arial" font-size="14.00" fill="#fff000">write-file</text>
|
||||
<polyline fill="none" stroke="black" points="1101,-493.5 1101,-562.5 "/>
|
||||
<text text-anchor="middle" x="1131.5" y="-524.3" font-family="Arial" font-size="14.00" fill="#fff000">zombie</text>
|
||||
</g>
|
||||
<!-- guuid=c84cc31f-0b00-0000-2b3c-d7865a040000 pid=1114->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115 -->
|
||||
<g id="edge2" class="edge">
|
||||
<title>guuid=c84cc31f-0b00-0000-2b3c-d7865a040000 pid=1114->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1075,-614.11C1075,-602.81 1075,-587.52 1075,-573.02"/>
|
||||
<polygon fill="black" stroke="black" points="1078.5,-572.67 1075,-562.67 1071.5,-572.67 1078.5,-572.67"/>
|
||||
<text text-anchor="middle" x="1091.5" y="-584.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=87e09cd9-0b00-0000-2b3c-d7865d040000 pid=1117 -->
|
||||
<g id="node4" class="node">
|
||||
<title>guuid=87e09cd9-0b00-0000-2b3c-d7865d040000 pid=1117</title>
|
||||
<path fill="white" stroke="black" d="M12,-400.5C12,-400.5 82,-400.5 82,-400.5 88,-400.5 94,-406.5 94,-412.5 94,-412.5 94,-424.5 94,-424.5 94,-430.5 88,-436.5 82,-436.5 82,-436.5 12,-436.5 12,-436.5 6,-436.5 0,-430.5 0,-424.5 0,-424.5 0,-412.5 0,-412.5 0,-406.5 6,-400.5 12,-400.5"/>
|
||||
<text text-anchor="middle" x="47" y="-414.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=87e09cd9-0b00-0000-2b3c-d7865d040000 pid=1117 -->
|
||||
<g id="edge3" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=87e09cd9-0b00-0000-2b3c-d7865d040000 pid=1117</title>
|
||||
<path fill="none" stroke="black" d="M987.95,-527.03C834.35,-525.87 505.59,-518.04 232,-475 173.54,-465.8 159.24,-460.4 103,-442 101.13,-441.39 99.24,-440.75 97.33,-440.08"/>
|
||||
<polygon fill="black" stroke="black" points="98.35,-436.73 87.75,-436.6 95.95,-443.3 98.35,-436.73"/>
|
||||
<text text-anchor="middle" x="253.5" y="-463.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=d438d0d9-0b00-0000-2b3c-d7865f040000 pid=1119 -->
|
||||
<g id="node6" class="node">
|
||||
<title>guuid=d438d0d9-0b00-0000-2b3c-d7865f040000 pid=1119</title>
|
||||
<path fill="white" stroke="black" d="M124,-400.5C124,-400.5 194,-400.5 194,-400.5 200,-400.5 206,-406.5 206,-412.5 206,-412.5 206,-424.5 206,-424.5 206,-430.5 200,-436.5 194,-436.5 194,-436.5 124,-436.5 124,-436.5 118,-436.5 112,-430.5 112,-424.5 112,-424.5 112,-412.5 112,-412.5 112,-406.5 118,-400.5 124,-400.5"/>
|
||||
<text text-anchor="middle" x="159" y="-414.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=d438d0d9-0b00-0000-2b3c-d7865f040000 pid=1119 -->
|
||||
<g id="edge5" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=d438d0d9-0b00-0000-2b3c-d7865f040000 pid=1119</title>
|
||||
<path fill="none" stroke="black" d="M987.75,-525.07C852.13,-521.07 582.82,-509.2 357,-475 292.94,-465.3 276.8,-461.47 215,-442 213.09,-441.4 211.15,-440.76 209.2,-440.1"/>
|
||||
<polygon fill="black" stroke="black" points="210.01,-436.67 199.41,-436.59 207.65,-443.26 210.01,-436.67"/>
|
||||
<text text-anchor="middle" x="378.5" y="-463.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=4b9423da-0b00-0000-2b3c-d78661040000 pid=1121 -->
|
||||
<g id="node8" class="node">
|
||||
<title>guuid=4b9423da-0b00-0000-2b3c-d78661040000 pid=1121</title>
|
||||
<path fill="white" stroke="black" d="M236,-400.5C236,-400.5 306,-400.5 306,-400.5 312,-400.5 318,-406.5 318,-412.5 318,-412.5 318,-424.5 318,-424.5 318,-430.5 312,-436.5 306,-436.5 306,-436.5 236,-436.5 236,-436.5 230,-436.5 224,-430.5 224,-424.5 224,-424.5 224,-412.5 224,-412.5 224,-406.5 230,-400.5 236,-400.5"/>
|
||||
<text text-anchor="middle" x="271" y="-414.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=4b9423da-0b00-0000-2b3c-d78661040000 pid=1121 -->
|
||||
<g id="edge7" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=4b9423da-0b00-0000-2b3c-d78661040000 pid=1121</title>
|
||||
<path fill="none" stroke="black" d="M987.62,-521.18C876.88,-513.29 680.27,-497.54 513,-475 429.79,-463.79 407.72,-465.11 327,-442 324.71,-441.34 322.38,-440.62 320.03,-439.86"/>
|
||||
<polygon fill="black" stroke="black" points="321.01,-436.5 310.42,-436.51 318.71,-443.11 321.01,-436.5"/>
|
||||
<text text-anchor="middle" x="534.5" y="-463.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=1e3463da-0b00-0000-2b3c-d78663040000 pid=1123 -->
|
||||
<g id="node10" class="node">
|
||||
<title>guuid=1e3463da-0b00-0000-2b3c-d78663040000 pid=1123</title>
|
||||
<path fill="white" stroke="black" d="M348,-400.5C348,-400.5 418,-400.5 418,-400.5 424,-400.5 430,-406.5 430,-412.5 430,-412.5 430,-424.5 430,-424.5 430,-430.5 424,-436.5 418,-436.5 418,-436.5 348,-436.5 348,-436.5 342,-436.5 336,-430.5 336,-424.5 336,-424.5 336,-412.5 336,-412.5 336,-406.5 342,-400.5 348,-400.5"/>
|
||||
<text text-anchor="middle" x="383" y="-414.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=1e3463da-0b00-0000-2b3c-d78663040000 pid=1123 -->
|
||||
<g id="edge9" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=1e3463da-0b00-0000-2b3c-d78663040000 pid=1123</title>
|
||||
<path fill="none" stroke="black" d="M987.68,-518.85C898.5,-510.03 756.18,-494.55 634,-475 600.86,-469.7 593.05,-465.8 560,-460 506.45,-450.6 491.47,-456.23 439,-442 436.57,-441.34 434.1,-440.61 431.62,-439.82"/>
|
||||
<polygon fill="black" stroke="black" points="432.66,-436.48 422.07,-436.54 430.39,-443.1 432.66,-436.48"/>
|
||||
<text text-anchor="middle" x="655.5" y="-463.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=296496da-0b00-0000-2b3c-d78665040000 pid=1125 -->
|
||||
<g id="node12" class="node">
|
||||
<title>guuid=296496da-0b00-0000-2b3c-d78665040000 pid=1125</title>
|
||||
<path fill="white" stroke="black" d="M460,-400.5C460,-400.5 530,-400.5 530,-400.5 536,-400.5 542,-406.5 542,-412.5 542,-412.5 542,-424.5 542,-424.5 542,-430.5 536,-436.5 530,-436.5 530,-436.5 460,-436.5 460,-436.5 454,-436.5 448,-430.5 448,-424.5 448,-424.5 448,-412.5 448,-412.5 448,-406.5 454,-400.5 460,-400.5"/>
|
||||
<text text-anchor="middle" x="495" y="-414.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=296496da-0b00-0000-2b3c-d78665040000 pid=1125 -->
|
||||
<g id="edge11" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=296496da-0b00-0000-2b3c-d78665040000 pid=1125</title>
|
||||
<path fill="none" stroke="black" d="M988,-517.88C917.37,-509.54 815.51,-495.38 728,-475 706.64,-470.03 702.38,-464.85 681,-460 624.12,-447.09 607.37,-456.98 551,-442 548.56,-441.35 546.09,-440.63 543.61,-439.85"/>
|
||||
<polygon fill="black" stroke="black" points="544.65,-436.5 534.06,-436.59 542.39,-443.13 544.65,-436.5"/>
|
||||
<text text-anchor="middle" x="749.5" y="-463.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=70b90e52-0c00-0000-2b3c-d78667040000 pid=1127 -->
|
||||
<g id="node14" class="node">
|
||||
<title>guuid=70b90e52-0c00-0000-2b3c-d78667040000 pid=1127</title>
|
||||
<path fill="white" stroke="black" d="M572,-400.5C572,-400.5 642,-400.5 642,-400.5 648,-400.5 654,-406.5 654,-412.5 654,-412.5 654,-424.5 654,-424.5 654,-430.5 648,-436.5 642,-436.5 642,-436.5 572,-436.5 572,-436.5 566,-436.5 560,-430.5 560,-424.5 560,-424.5 560,-412.5 560,-412.5 560,-406.5 566,-400.5 572,-400.5"/>
|
||||
<text text-anchor="middle" x="607" y="-414.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=70b90e52-0c00-0000-2b3c-d78667040000 pid=1127 -->
|
||||
<g id="edge13" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=70b90e52-0c00-0000-2b3c-d78667040000 pid=1127</title>
|
||||
<path fill="none" stroke="black" d="M987.73,-515.29C934.94,-506.92 866.7,-493.77 808,-475 792.65,-470.09 790.42,-464.65 775,-460 726.73,-445.44 711.58,-455.48 663,-442 660.7,-441.36 658.37,-440.66 656.02,-439.91"/>
|
||||
<polygon fill="black" stroke="black" points="656.99,-436.54 646.39,-436.59 654.71,-443.16 656.99,-436.54"/>
|
||||
<text text-anchor="middle" x="829.5" y="-463.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=01208c52-0c00-0000-2b3c-d78669040000 pid=1129 -->
|
||||
<g id="node16" class="node">
|
||||
<title>guuid=01208c52-0c00-0000-2b3c-d78669040000 pid=1129</title>
|
||||
<path fill="white" stroke="black" d="M684,-400.5C684,-400.5 754,-400.5 754,-400.5 760,-400.5 766,-406.5 766,-412.5 766,-412.5 766,-424.5 766,-424.5 766,-430.5 760,-436.5 754,-436.5 754,-436.5 684,-436.5 684,-436.5 678,-436.5 672,-430.5 672,-424.5 672,-424.5 672,-412.5 672,-412.5 672,-406.5 678,-400.5 684,-400.5"/>
|
||||
<text text-anchor="middle" x="719" y="-414.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=01208c52-0c00-0000-2b3c-d78669040000 pid=1129 -->
|
||||
<g id="edge15" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=01208c52-0c00-0000-2b3c-d78669040000 pid=1129</title>
|
||||
<path fill="none" stroke="black" d="M987.7,-507.38C954.71,-498.89 917.14,-487.91 884,-475 870.48,-469.73 868.63,-464.97 855,-460 820.76,-447.53 809.8,-452.83 775,-442 772.89,-441.34 770.74,-440.64 768.58,-439.9"/>
|
||||
<polygon fill="black" stroke="black" points="769.69,-436.58 759.1,-436.51 767.33,-443.17 769.69,-436.58"/>
|
||||
<text text-anchor="middle" x="905.5" y="-463.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=4838b08e-0c00-0000-2b3c-d7866b040000 pid=1131 -->
|
||||
<g id="node18" class="node">
|
||||
<title>guuid=4838b08e-0c00-0000-2b3c-d7866b040000 pid=1131</title>
|
||||
<path fill="white" stroke="black" d="M796.5,-400.5C796.5,-400.5 885.5,-400.5 885.5,-400.5 891.5,-400.5 897.5,-406.5 897.5,-412.5 897.5,-412.5 897.5,-424.5 897.5,-424.5 897.5,-430.5 891.5,-436.5 885.5,-436.5 885.5,-436.5 796.5,-436.5 796.5,-436.5 790.5,-436.5 784.5,-430.5 784.5,-424.5 784.5,-424.5 784.5,-412.5 784.5,-412.5 784.5,-406.5 790.5,-400.5 796.5,-400.5"/>
|
||||
<text text-anchor="middle" x="841" y="-414.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=4838b08e-0c00-0000-2b3c-d7866b040000 pid=1131 -->
|
||||
<g id="edge17" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=4838b08e-0c00-0000-2b3c-d7866b040000 pid=1131</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1001.92,-493.43C964.58,-476.27 920.24,-455.9 887.58,-440.9"/>
|
||||
<polygon fill="black" stroke="black" points="888.81,-437.61 878.26,-436.62 885.89,-443.97 888.81,-437.61"/>
|
||||
<text text-anchor="middle" x="974.5" y="-463.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=52f85d8f-0c00-0000-2b3c-d7866e040000 pid=1134 -->
|
||||
<g id="node21" class="node">
|
||||
<title>guuid=52f85d8f-0c00-0000-2b3c-d7866e040000 pid=1134</title>
|
||||
<path fill="white" stroke="black" d="M928,-400.5C928,-400.5 998,-400.5 998,-400.5 1004,-400.5 1010,-406.5 1010,-412.5 1010,-412.5 1010,-424.5 1010,-424.5 1010,-430.5 1004,-436.5 998,-436.5 998,-436.5 928,-436.5 928,-436.5 922,-436.5 916,-430.5 916,-424.5 916,-424.5 916,-412.5 916,-412.5 916,-406.5 922,-400.5 928,-400.5"/>
|
||||
<text text-anchor="middle" x="963" y="-414.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=52f85d8f-0c00-0000-2b3c-d7866e040000 pid=1134 -->
|
||||
<g id="edge20" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=52f85d8f-0c00-0000-2b3c-d7866e040000 pid=1134</title>
|
||||
<path fill="none" stroke="black" d="M1039.87,-493.28C1023.15,-477.24 1003.54,-458.41 988.31,-443.79"/>
|
||||
<polygon fill="black" stroke="black" points="990.42,-440.97 980.78,-436.57 985.58,-446.02 990.42,-440.97"/>
|
||||
<text text-anchor="middle" x="1040.5" y="-463.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=eb8f0390-0c00-0000-2b3c-d78670040000 pid=1136 -->
|
||||
<g id="node23" class="node">
|
||||
<title>guuid=eb8f0390-0c00-0000-2b3c-d78670040000 pid=1136</title>
|
||||
<path fill="white" stroke="black" d="M1040,-400.5C1040,-400.5 1110,-400.5 1110,-400.5 1116,-400.5 1122,-406.5 1122,-412.5 1122,-412.5 1122,-424.5 1122,-424.5 1122,-430.5 1116,-436.5 1110,-436.5 1110,-436.5 1040,-436.5 1040,-436.5 1034,-436.5 1028,-430.5 1028,-424.5 1028,-424.5 1028,-412.5 1028,-412.5 1028,-406.5 1034,-400.5 1040,-400.5"/>
|
||||
<text text-anchor="middle" x="1075" y="-414.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=eb8f0390-0c00-0000-2b3c-d78670040000 pid=1136 -->
|
||||
<g id="edge22" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=eb8f0390-0c00-0000-2b3c-d78670040000 pid=1136</title>
|
||||
<path fill="none" stroke="black" d="M1075,-493.28C1075,-478.27 1075,-460.82 1075,-446.66"/>
|
||||
<polygon fill="black" stroke="black" points="1078.5,-446.57 1075,-436.57 1071.5,-446.57 1078.5,-446.57"/>
|
||||
<text text-anchor="middle" x="1096.5" y="-463.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=31bb38cc-0c00-0000-2b3c-d78672040000 pid=1138 -->
|
||||
<g id="node25" class="node">
|
||||
<title>guuid=31bb38cc-0c00-0000-2b3c-d78672040000 pid=1138</title>
|
||||
<path fill="white" stroke="black" d="M1152.5,-400.5C1152.5,-400.5 1241.5,-400.5 1241.5,-400.5 1247.5,-400.5 1253.5,-406.5 1253.5,-412.5 1253.5,-412.5 1253.5,-424.5 1253.5,-424.5 1253.5,-430.5 1247.5,-436.5 1241.5,-436.5 1241.5,-436.5 1152.5,-436.5 1152.5,-436.5 1146.5,-436.5 1140.5,-430.5 1140.5,-424.5 1140.5,-424.5 1140.5,-412.5 1140.5,-412.5 1140.5,-406.5 1146.5,-400.5 1152.5,-400.5"/>
|
||||
<text text-anchor="middle" x="1197" y="-414.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=31bb38cc-0c00-0000-2b3c-d78672040000 pid=1138 -->
|
||||
<g id="edge24" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=31bb38cc-0c00-0000-2b3c-d78672040000 pid=1138</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1113.27,-493.28C1131.64,-477.09 1153.23,-458.07 1169.88,-443.39"/>
|
||||
<polygon fill="black" stroke="black" points="1172.44,-445.81 1177.63,-436.57 1167.81,-440.56 1172.44,-445.81"/>
|
||||
<text text-anchor="middle" x="1167.5" y="-463.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=c9df14cd-0c00-0000-2b3c-d78676040000 pid=1142 -->
|
||||
<g id="node29" class="node">
|
||||
<title>guuid=c9df14cd-0c00-0000-2b3c-d78676040000 pid=1142</title>
|
||||
<path fill="white" stroke="black" d="M1284,-400.5C1284,-400.5 1354,-400.5 1354,-400.5 1360,-400.5 1366,-406.5 1366,-412.5 1366,-412.5 1366,-424.5 1366,-424.5 1366,-430.5 1360,-436.5 1354,-436.5 1354,-436.5 1284,-436.5 1284,-436.5 1278,-436.5 1272,-430.5 1272,-424.5 1272,-424.5 1272,-412.5 1272,-412.5 1272,-406.5 1278,-400.5 1284,-400.5"/>
|
||||
<text text-anchor="middle" x="1319" y="-414.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=c9df14cd-0c00-0000-2b3c-d78676040000 pid=1142 -->
|
||||
<g id="edge28" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=c9df14cd-0c00-0000-2b3c-d78676040000 pid=1142</title>
|
||||
<path fill="none" stroke="black" d="M1151.2,-493.43C1190.31,-476.2 1236.77,-455.73 1270.87,-440.7"/>
|
||||
<polygon fill="black" stroke="black" points="1272.41,-443.85 1280.15,-436.62 1269.58,-437.45 1272.41,-443.85"/>
|
||||
<text text-anchor="middle" x="1248.5" y="-463.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1144 -->
|
||||
<g id="node31" class="node">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1144</title>
|
||||
<path fill="white" stroke="black" d="M1396.5,-400.5C1396.5,-400.5 1485.5,-400.5 1485.5,-400.5 1491.5,-400.5 1497.5,-406.5 1497.5,-412.5 1497.5,-412.5 1497.5,-424.5 1497.5,-424.5 1497.5,-430.5 1491.5,-436.5 1485.5,-436.5 1485.5,-436.5 1396.5,-436.5 1396.5,-436.5 1390.5,-436.5 1384.5,-430.5 1384.5,-424.5 1384.5,-424.5 1384.5,-412.5 1384.5,-412.5 1384.5,-406.5 1390.5,-400.5 1396.5,-400.5"/>
|
||||
<text text-anchor="middle" x="1441" y="-414.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1144 -->
|
||||
<g id="edge30" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1144</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1162,-505.48C1196.94,-496.52 1237.51,-485.72 1274,-475 1319.31,-461.69 1330.21,-456.95 1375,-442 1377.23,-441.26 1379.5,-440.5 1381.79,-439.73"/>
|
||||
<polygon fill="black" stroke="black" points="1382.93,-443.03 1391.29,-436.52 1380.7,-436.4 1382.93,-443.03"/>
|
||||
<text text-anchor="middle" x="1338.5" y="-463.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1145 -->
|
||||
<g id="node32" class="node">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1145</title>
|
||||
<path fill="white" stroke="black" d="M1527.5,-400.5C1527.5,-400.5 1616.5,-400.5 1616.5,-400.5 1622.5,-400.5 1628.5,-406.5 1628.5,-412.5 1628.5,-412.5 1628.5,-424.5 1628.5,-424.5 1628.5,-430.5 1622.5,-436.5 1616.5,-436.5 1616.5,-436.5 1527.5,-436.5 1527.5,-436.5 1521.5,-436.5 1515.5,-430.5 1515.5,-424.5 1515.5,-424.5 1515.5,-412.5 1515.5,-412.5 1515.5,-406.5 1521.5,-400.5 1527.5,-400.5"/>
|
||||
<text text-anchor="middle" x="1572" y="-414.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1145 -->
|
||||
<g id="edge31" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1145</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1162.23,-514C1249.98,-499.95 1388.73,-475.05 1506,-442 1508.73,-441.23 1511.52,-440.41 1514.32,-439.56"/>
|
||||
<polygon fill="black" stroke="black" points="1515.39,-442.9 1523.89,-436.57 1513.3,-436.22 1515.39,-442.9"/>
|
||||
<text text-anchor="middle" x="1453.5" y="-463.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1146 -->
|
||||
<g id="node33" class="node">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1146</title>
|
||||
<path fill="white" stroke="black" d="M1658.5,-400.5C1658.5,-400.5 1747.5,-400.5 1747.5,-400.5 1753.5,-400.5 1759.5,-406.5 1759.5,-412.5 1759.5,-412.5 1759.5,-424.5 1759.5,-424.5 1759.5,-430.5 1753.5,-436.5 1747.5,-436.5 1747.5,-436.5 1658.5,-436.5 1658.5,-436.5 1652.5,-436.5 1646.5,-430.5 1646.5,-424.5 1646.5,-424.5 1646.5,-412.5 1646.5,-412.5 1646.5,-406.5 1652.5,-400.5 1658.5,-400.5"/>
|
||||
<text text-anchor="middle" x="1703" y="-414.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1146 -->
|
||||
<g id="edge32" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1146</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1162.44,-520C1274.06,-509.65 1472.44,-486.51 1637,-442 1639.79,-441.24 1642.64,-440.43 1645.51,-439.58"/>
|
||||
<polygon fill="black" stroke="black" points="1646.75,-442.86 1655.28,-436.58 1644.69,-436.17 1646.75,-442.86"/>
|
||||
<text text-anchor="middle" x="1579.5" y="-463.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1147 -->
|
||||
<g id="node34" class="node">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1147</title>
|
||||
<path fill="white" stroke="black" d="M1789.5,-400.5C1789.5,-400.5 1878.5,-400.5 1878.5,-400.5 1884.5,-400.5 1890.5,-406.5 1890.5,-412.5 1890.5,-412.5 1890.5,-424.5 1890.5,-424.5 1890.5,-430.5 1884.5,-436.5 1878.5,-436.5 1878.5,-436.5 1789.5,-436.5 1789.5,-436.5 1783.5,-436.5 1777.5,-430.5 1777.5,-424.5 1777.5,-424.5 1777.5,-412.5 1777.5,-412.5 1777.5,-406.5 1783.5,-400.5 1789.5,-400.5"/>
|
||||
<text text-anchor="middle" x="1834" y="-414.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1147 -->
|
||||
<g id="edge33" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1147</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1162.17,-520.92C1266.59,-513.05 1446.64,-497.6 1600,-475 1675.28,-463.9 1694.49,-461.65 1768,-442 1770.8,-441.25 1773.65,-440.45 1776.51,-439.6"/>
|
||||
<polygon fill="black" stroke="black" points="1777.75,-442.89 1786.29,-436.61 1775.7,-436.19 1777.75,-442.89"/>
|
||||
<text text-anchor="middle" x="1710.5" y="-463.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1148 -->
|
||||
<g id="node35" class="node">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1148</title>
|
||||
<path fill="white" stroke="black" d="M1920.5,-400.5C1920.5,-400.5 2009.5,-400.5 2009.5,-400.5 2015.5,-400.5 2021.5,-406.5 2021.5,-412.5 2021.5,-412.5 2021.5,-424.5 2021.5,-424.5 2021.5,-430.5 2015.5,-436.5 2009.5,-436.5 2009.5,-436.5 1920.5,-436.5 1920.5,-436.5 1914.5,-436.5 1908.5,-430.5 1908.5,-424.5 1908.5,-424.5 1908.5,-412.5 1908.5,-412.5 1908.5,-406.5 1914.5,-400.5 1920.5,-400.5"/>
|
||||
<text text-anchor="middle" x="1965" y="-414.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1148 -->
|
||||
<g id="edge34" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1148</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1162.09,-523.28C1288.07,-517.19 1528.26,-502.85 1731,-475 1806.39,-464.64 1825.49,-461.65 1899,-442 1901.8,-441.25 1904.65,-440.45 1907.51,-439.6"/>
|
||||
<polygon fill="black" stroke="black" points="1908.75,-442.89 1917.29,-436.61 1906.7,-436.19 1908.75,-442.89"/>
|
||||
<text text-anchor="middle" x="1841.5" y="-463.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1149 -->
|
||||
<g id="node36" class="node">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1149</title>
|
||||
<path fill="white" stroke="black" d="M2051.5,-400.5C2051.5,-400.5 2140.5,-400.5 2140.5,-400.5 2146.5,-400.5 2152.5,-406.5 2152.5,-412.5 2152.5,-412.5 2152.5,-424.5 2152.5,-424.5 2152.5,-430.5 2146.5,-436.5 2140.5,-436.5 2140.5,-436.5 2051.5,-436.5 2051.5,-436.5 2045.5,-436.5 2039.5,-430.5 2039.5,-424.5 2039.5,-424.5 2039.5,-412.5 2039.5,-412.5 2039.5,-406.5 2045.5,-400.5 2051.5,-400.5"/>
|
||||
<text text-anchor="middle" x="2096" y="-414.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1149 -->
|
||||
<g id="edge35" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1149</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1162.12,-524.88C1307.63,-520.54 1609.12,-508.05 1862,-475 1937.45,-465.14 1956.49,-461.65 2030,-442 2032.8,-441.25 2035.65,-440.45 2038.51,-439.6"/>
|
||||
<polygon fill="black" stroke="black" points="2039.75,-442.89 2048.29,-436.61 2037.7,-436.19 2039.75,-442.89"/>
|
||||
<text text-anchor="middle" x="1972.5" y="-463.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1150 -->
|
||||
<g id="node37" class="node">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1150</title>
|
||||
<path fill="#ffbfbf" stroke="black" d="M2182.5,-395.5C2182.5,-395.5 2271.5,-395.5 2271.5,-395.5 2277.5,-395.5 2283.5,-401.5 2283.5,-407.5 2283.5,-407.5 2283.5,-429.5 2283.5,-429.5 2283.5,-435.5 2277.5,-441.5 2271.5,-441.5 2271.5,-441.5 2182.5,-441.5 2182.5,-441.5 2176.5,-441.5 2170.5,-435.5 2170.5,-429.5 2170.5,-429.5 2170.5,-407.5 2170.5,-407.5 2170.5,-401.5 2176.5,-395.5 2182.5,-395.5"/>
|
||||
<text text-anchor="middle" x="2227" y="-426.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="2170.5,-418.5 2283.5,-418.5 "/>
|
||||
<text text-anchor="middle" x="2227" y="-403.3" font-family="Arial" font-size="14.00">send-data</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1150 -->
|
||||
<g id="edge36" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1115->guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1150</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1162.06,-526.04C1325.53,-523.37 1689.31,-513.24 1993,-475 2065.4,-465.88 2085.84,-461.98 2160.4,-442.03"/>
|
||||
<polygon fill="black" stroke="black" points="2161.52,-445.35 2170.27,-439.38 2159.7,-438.59 2161.52,-445.35"/>
|
||||
<text text-anchor="middle" x="2103.5" y="-463.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=6dddb3d9-0b00-0000-2b3c-d7865e040000 pid=1118 -->
|
||||
<g id="node5" class="node">
|
||||
<title>guuid=6dddb3d9-0b00-0000-2b3c-d7865e040000 pid=1118</title>
|
||||
<path fill="white" stroke="black" d="M21.5,-302.5C21.5,-302.5 72.5,-302.5 72.5,-302.5 78.5,-302.5 84.5,-308.5 84.5,-314.5 84.5,-314.5 84.5,-326.5 84.5,-326.5 84.5,-332.5 78.5,-338.5 72.5,-338.5 72.5,-338.5 21.5,-338.5 21.5,-338.5 15.5,-338.5 9.5,-332.5 9.5,-326.5 9.5,-326.5 9.5,-314.5 9.5,-314.5 9.5,-308.5 15.5,-302.5 21.5,-302.5"/>
|
||||
<text text-anchor="middle" x="47" y="-316.8" font-family="Arial" font-size="14.00">/usr/bin/ln</text>
|
||||
</g>
|
||||
<!-- guuid=87e09cd9-0b00-0000-2b3c-d7865d040000 pid=1117->guuid=6dddb3d9-0b00-0000-2b3c-d7865e040000 pid=1118 -->
|
||||
<g id="edge4" class="edge">
|
||||
<title>guuid=87e09cd9-0b00-0000-2b3c-d7865d040000 pid=1117->guuid=6dddb3d9-0b00-0000-2b3c-d7865e040000 pid=1118</title>
|
||||
<path fill="none" stroke="black" d="M47,-400.34C47,-386 47,-365.31 47,-348.72"/>
|
||||
<polygon fill="black" stroke="black" points="50.5,-348.51 47,-338.51 43.5,-348.51 50.5,-348.51"/>
|
||||
<text text-anchor="middle" x="68.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=17c205da-0b00-0000-2b3c-d78660040000 pid=1120 -->
|
||||
<g id="node7" class="node">
|
||||
<title>guuid=17c205da-0b00-0000-2b3c-d78660040000 pid=1120</title>
|
||||
<path fill="white" stroke="black" d="M133.5,-302.5C133.5,-302.5 184.5,-302.5 184.5,-302.5 190.5,-302.5 196.5,-308.5 196.5,-314.5 196.5,-314.5 196.5,-326.5 196.5,-326.5 196.5,-332.5 190.5,-338.5 184.5,-338.5 184.5,-338.5 133.5,-338.5 133.5,-338.5 127.5,-338.5 121.5,-332.5 121.5,-326.5 121.5,-326.5 121.5,-314.5 121.5,-314.5 121.5,-308.5 127.5,-302.5 133.5,-302.5"/>
|
||||
<text text-anchor="middle" x="159" y="-316.8" font-family="Arial" font-size="14.00">/usr/bin/ln</text>
|
||||
</g>
|
||||
<!-- guuid=d438d0d9-0b00-0000-2b3c-d7865f040000 pid=1119->guuid=17c205da-0b00-0000-2b3c-d78660040000 pid=1120 -->
|
||||
<g id="edge6" class="edge">
|
||||
<title>guuid=d438d0d9-0b00-0000-2b3c-d7865f040000 pid=1119->guuid=17c205da-0b00-0000-2b3c-d78660040000 pid=1120</title>
|
||||
<path fill="none" stroke="black" d="M159,-400.34C159,-386 159,-365.31 159,-348.72"/>
|
||||
<polygon fill="black" stroke="black" points="162.5,-348.51 159,-338.51 155.5,-348.51 162.5,-348.51"/>
|
||||
<text text-anchor="middle" x="180.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=1c573bda-0b00-0000-2b3c-d78662040000 pid=1122 -->
|
||||
<g id="node9" class="node">
|
||||
<title>guuid=1c573bda-0b00-0000-2b3c-d78662040000 pid=1122</title>
|
||||
<path fill="white" stroke="black" d="M245.5,-302.5C245.5,-302.5 296.5,-302.5 296.5,-302.5 302.5,-302.5 308.5,-308.5 308.5,-314.5 308.5,-314.5 308.5,-326.5 308.5,-326.5 308.5,-332.5 302.5,-338.5 296.5,-338.5 296.5,-338.5 245.5,-338.5 245.5,-338.5 239.5,-338.5 233.5,-332.5 233.5,-326.5 233.5,-326.5 233.5,-314.5 233.5,-314.5 233.5,-308.5 239.5,-302.5 245.5,-302.5"/>
|
||||
<text text-anchor="middle" x="271" y="-316.8" font-family="Arial" font-size="14.00">/usr/bin/ln</text>
|
||||
</g>
|
||||
<!-- guuid=4b9423da-0b00-0000-2b3c-d78661040000 pid=1121->guuid=1c573bda-0b00-0000-2b3c-d78662040000 pid=1122 -->
|
||||
<g id="edge8" class="edge">
|
||||
<title>guuid=4b9423da-0b00-0000-2b3c-d78661040000 pid=1121->guuid=1c573bda-0b00-0000-2b3c-d78662040000 pid=1122</title>
|
||||
<path fill="none" stroke="black" d="M271,-400.34C271,-386 271,-365.31 271,-348.72"/>
|
||||
<polygon fill="black" stroke="black" points="274.5,-348.51 271,-338.51 267.5,-348.51 274.5,-348.51"/>
|
||||
<text text-anchor="middle" x="292.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=29a876da-0b00-0000-2b3c-d78664040000 pid=1124 -->
|
||||
<g id="node11" class="node">
|
||||
<title>guuid=29a876da-0b00-0000-2b3c-d78664040000 pid=1124</title>
|
||||
<path fill="white" stroke="black" d="M357.5,-302.5C357.5,-302.5 408.5,-302.5 408.5,-302.5 414.5,-302.5 420.5,-308.5 420.5,-314.5 420.5,-314.5 420.5,-326.5 420.5,-326.5 420.5,-332.5 414.5,-338.5 408.5,-338.5 408.5,-338.5 357.5,-338.5 357.5,-338.5 351.5,-338.5 345.5,-332.5 345.5,-326.5 345.5,-326.5 345.5,-314.5 345.5,-314.5 345.5,-308.5 351.5,-302.5 357.5,-302.5"/>
|
||||
<text text-anchor="middle" x="383" y="-316.8" font-family="Arial" font-size="14.00">/usr/bin/ln</text>
|
||||
</g>
|
||||
<!-- guuid=1e3463da-0b00-0000-2b3c-d78663040000 pid=1123->guuid=29a876da-0b00-0000-2b3c-d78664040000 pid=1124 -->
|
||||
<g id="edge10" class="edge">
|
||||
<title>guuid=1e3463da-0b00-0000-2b3c-d78663040000 pid=1123->guuid=29a876da-0b00-0000-2b3c-d78664040000 pid=1124</title>
|
||||
<path fill="none" stroke="black" d="M383,-400.34C383,-386 383,-365.31 383,-348.72"/>
|
||||
<polygon fill="black" stroke="black" points="386.5,-348.51 383,-338.51 379.5,-348.51 386.5,-348.51"/>
|
||||
<text text-anchor="middle" x="404.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=66aeacda-0b00-0000-2b3c-d78666040000 pid=1126 -->
|
||||
<g id="node13" class="node">
|
||||
<title>guuid=66aeacda-0b00-0000-2b3c-d78666040000 pid=1126</title>
|
||||
<path fill="white" stroke="black" d="M469.5,-302.5C469.5,-302.5 520.5,-302.5 520.5,-302.5 526.5,-302.5 532.5,-308.5 532.5,-314.5 532.5,-314.5 532.5,-326.5 532.5,-326.5 532.5,-332.5 526.5,-338.5 520.5,-338.5 520.5,-338.5 469.5,-338.5 469.5,-338.5 463.5,-338.5 457.5,-332.5 457.5,-326.5 457.5,-326.5 457.5,-314.5 457.5,-314.5 457.5,-308.5 463.5,-302.5 469.5,-302.5"/>
|
||||
<text text-anchor="middle" x="495" y="-316.8" font-family="Arial" font-size="14.00">/usr/bin/ln</text>
|
||||
</g>
|
||||
<!-- guuid=296496da-0b00-0000-2b3c-d78665040000 pid=1125->guuid=66aeacda-0b00-0000-2b3c-d78666040000 pid=1126 -->
|
||||
<g id="edge12" class="edge">
|
||||
<title>guuid=296496da-0b00-0000-2b3c-d78665040000 pid=1125->guuid=66aeacda-0b00-0000-2b3c-d78666040000 pid=1126</title>
|
||||
<path fill="none" stroke="black" d="M495,-400.34C495,-386 495,-365.31 495,-348.72"/>
|
||||
<polygon fill="black" stroke="black" points="498.5,-348.51 495,-338.51 491.5,-348.51 498.5,-348.51"/>
|
||||
<text text-anchor="middle" x="516.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=44c93052-0c00-0000-2b3c-d78668040000 pid=1128 -->
|
||||
<g id="node15" class="node">
|
||||
<title>guuid=44c93052-0c00-0000-2b3c-d78668040000 pid=1128</title>
|
||||
<path fill="white" stroke="black" d="M570,-302.5C570,-302.5 644,-302.5 644,-302.5 650,-302.5 656,-308.5 656,-314.5 656,-314.5 656,-326.5 656,-326.5 656,-332.5 650,-338.5 644,-338.5 644,-338.5 570,-338.5 570,-338.5 564,-338.5 558,-332.5 558,-326.5 558,-326.5 558,-314.5 558,-314.5 558,-308.5 564,-302.5 570,-302.5"/>
|
||||
<text text-anchor="middle" x="607" y="-316.8" font-family="Arial" font-size="14.00">/usr/bin/mkdir</text>
|
||||
</g>
|
||||
<!-- guuid=70b90e52-0c00-0000-2b3c-d78667040000 pid=1127->guuid=44c93052-0c00-0000-2b3c-d78668040000 pid=1128 -->
|
||||
<g id="edge14" class="edge">
|
||||
<title>guuid=70b90e52-0c00-0000-2b3c-d78667040000 pid=1127->guuid=44c93052-0c00-0000-2b3c-d78668040000 pid=1128</title>
|
||||
<path fill="none" stroke="black" d="M607,-400.34C607,-386 607,-365.31 607,-348.72"/>
|
||||
<polygon fill="black" stroke="black" points="610.5,-348.51 607,-338.51 603.5,-348.51 610.5,-348.51"/>
|
||||
<text text-anchor="middle" x="628.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=9842b152-0c00-0000-2b3c-d7866a040000 pid=1130 -->
|
||||
<g id="node17" class="node">
|
||||
<title>guuid=9842b152-0c00-0000-2b3c-d7866a040000 pid=1130</title>
|
||||
<path fill="#ffbfbf" stroke="black" d="M691.5,-297.5C691.5,-297.5 746.5,-297.5 746.5,-297.5 752.5,-297.5 758.5,-303.5 758.5,-309.5 758.5,-309.5 758.5,-331.5 758.5,-331.5 758.5,-337.5 752.5,-343.5 746.5,-343.5 746.5,-343.5 691.5,-343.5 691.5,-343.5 685.5,-343.5 679.5,-337.5 679.5,-331.5 679.5,-331.5 679.5,-309.5 679.5,-309.5 679.5,-303.5 685.5,-297.5 691.5,-297.5"/>
|
||||
<text text-anchor="middle" x="719" y="-328.3" font-family="Arial" font-size="14.00">/usr/bin/cp</text>
|
||||
<polyline fill="none" stroke="black" points="679.5,-320.5 758.5,-320.5 "/>
|
||||
<text text-anchor="middle" x="719" y="-305.3" font-family="Arial" font-size="14.00">write-file</text>
|
||||
</g>
|
||||
<!-- guuid=01208c52-0c00-0000-2b3c-d78669040000 pid=1129->guuid=9842b152-0c00-0000-2b3c-d7866a040000 pid=1130 -->
|
||||
<g id="edge16" class="edge">
|
||||
<title>guuid=01208c52-0c00-0000-2b3c-d78669040000 pid=1129->guuid=9842b152-0c00-0000-2b3c-d7866a040000 pid=1130</title>
|
||||
<path fill="none" stroke="black" d="M719,-400.34C719,-387.45 719,-369.43 719,-353.87"/>
|
||||
<polygon fill="black" stroke="black" points="722.5,-353.58 719,-343.58 715.5,-353.58 722.5,-353.58"/>
|
||||
<text text-anchor="middle" x="740.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=e280bd8e-0c00-0000-2b3c-d7866c040000 pid=1132 -->
|
||||
<g id="node19" class="node">
|
||||
<title>guuid=e280bd8e-0c00-0000-2b3c-d7866c040000 pid=1132</title>
|
||||
<path fill="white" stroke="black" d="M806,-302.5C806,-302.5 876,-302.5 876,-302.5 882,-302.5 888,-308.5 888,-314.5 888,-314.5 888,-326.5 888,-326.5 888,-332.5 882,-338.5 876,-338.5 876,-338.5 806,-338.5 806,-338.5 800,-338.5 794,-332.5 794,-326.5 794,-326.5 794,-314.5 794,-314.5 794,-308.5 800,-302.5 806,-302.5"/>
|
||||
<text text-anchor="middle" x="841" y="-316.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=4838b08e-0c00-0000-2b3c-d7866b040000 pid=1131->guuid=e280bd8e-0c00-0000-2b3c-d7866c040000 pid=1132 -->
|
||||
<g id="edge18" class="edge">
|
||||
<title>guuid=4838b08e-0c00-0000-2b3c-d7866b040000 pid=1131->guuid=e280bd8e-0c00-0000-2b3c-d7866c040000 pid=1132</title>
|
||||
<path fill="none" stroke="black" d="M841,-400.34C841,-386 841,-365.31 841,-348.72"/>
|
||||
<polygon fill="black" stroke="black" points="844.5,-348.51 841,-338.51 837.5,-348.51 844.5,-348.51"/>
|
||||
<text text-anchor="middle" x="862.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=1be4308f-0c00-0000-2b3c-d7866d040000 pid=1133 -->
|
||||
<g id="node20" class="node">
|
||||
<title>guuid=1be4308f-0c00-0000-2b3c-d7866d040000 pid=1133</title>
|
||||
<path fill="white" stroke="black" d="M806,-209.5C806,-209.5 876,-209.5 876,-209.5 882,-209.5 888,-215.5 888,-221.5 888,-221.5 888,-233.5 888,-233.5 888,-239.5 882,-245.5 876,-245.5 876,-245.5 806,-245.5 806,-245.5 800,-245.5 794,-239.5 794,-233.5 794,-233.5 794,-221.5 794,-221.5 794,-215.5 800,-209.5 806,-209.5"/>
|
||||
<text text-anchor="middle" x="841" y="-223.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=e280bd8e-0c00-0000-2b3c-d7866c040000 pid=1132->guuid=1be4308f-0c00-0000-2b3c-d7866d040000 pid=1133 -->
|
||||
<g id="edge19" class="edge">
|
||||
<title>guuid=e280bd8e-0c00-0000-2b3c-d7866c040000 pid=1132->guuid=1be4308f-0c00-0000-2b3c-d7866d040000 pid=1133</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M841,-302.38C841,-289.29 841,-270.98 841,-255.86"/>
|
||||
<polygon fill="black" stroke="black" points="844.5,-255.54 841,-245.54 837.5,-255.54 844.5,-255.54"/>
|
||||
<text text-anchor="middle" x="857.5" y="-267.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=ce4f9f8f-0c00-0000-2b3c-d7866f040000 pid=1135 -->
|
||||
<g id="node22" class="node">
|
||||
<title>guuid=ce4f9f8f-0c00-0000-2b3c-d7866f040000 pid=1135</title>
|
||||
<path fill="white" stroke="black" d="M926,-302.5C926,-302.5 1000,-302.5 1000,-302.5 1006,-302.5 1012,-308.5 1012,-314.5 1012,-314.5 1012,-326.5 1012,-326.5 1012,-332.5 1006,-338.5 1000,-338.5 1000,-338.5 926,-338.5 926,-338.5 920,-338.5 914,-332.5 914,-326.5 914,-326.5 914,-314.5 914,-314.5 914,-308.5 920,-302.5 926,-302.5"/>
|
||||
<text text-anchor="middle" x="963" y="-316.8" font-family="Arial" font-size="14.00">/usr/bin/mkdir</text>
|
||||
</g>
|
||||
<!-- guuid=52f85d8f-0c00-0000-2b3c-d7866e040000 pid=1134->guuid=ce4f9f8f-0c00-0000-2b3c-d7866f040000 pid=1135 -->
|
||||
<g id="edge21" class="edge">
|
||||
<title>guuid=52f85d8f-0c00-0000-2b3c-d7866e040000 pid=1134->guuid=ce4f9f8f-0c00-0000-2b3c-d7866f040000 pid=1135</title>
|
||||
<path fill="none" stroke="black" d="M963,-400.34C963,-386 963,-365.31 963,-348.72"/>
|
||||
<polygon fill="black" stroke="black" points="966.5,-348.51 963,-338.51 959.5,-348.51 966.5,-348.51"/>
|
||||
<text text-anchor="middle" x="984.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=2bdb2c90-0c00-0000-2b3c-d78671040000 pid=1137 -->
|
||||
<g id="node24" class="node">
|
||||
<title>guuid=2bdb2c90-0c00-0000-2b3c-d78671040000 pid=1137</title>
|
||||
<path fill="#ffbfbf" stroke="black" d="M1047.5,-297.5C1047.5,-297.5 1102.5,-297.5 1102.5,-297.5 1108.5,-297.5 1114.5,-303.5 1114.5,-309.5 1114.5,-309.5 1114.5,-331.5 1114.5,-331.5 1114.5,-337.5 1108.5,-343.5 1102.5,-343.5 1102.5,-343.5 1047.5,-343.5 1047.5,-343.5 1041.5,-343.5 1035.5,-337.5 1035.5,-331.5 1035.5,-331.5 1035.5,-309.5 1035.5,-309.5 1035.5,-303.5 1041.5,-297.5 1047.5,-297.5"/>
|
||||
<text text-anchor="middle" x="1075" y="-328.3" font-family="Arial" font-size="14.00">/usr/bin/cp</text>
|
||||
<polyline fill="none" stroke="black" points="1035.5,-320.5 1114.5,-320.5 "/>
|
||||
<text text-anchor="middle" x="1075" y="-305.3" font-family="Arial" font-size="14.00">write-file</text>
|
||||
</g>
|
||||
<!-- guuid=eb8f0390-0c00-0000-2b3c-d78670040000 pid=1136->guuid=2bdb2c90-0c00-0000-2b3c-d78671040000 pid=1137 -->
|
||||
<g id="edge23" class="edge">
|
||||
<title>guuid=eb8f0390-0c00-0000-2b3c-d78670040000 pid=1136->guuid=2bdb2c90-0c00-0000-2b3c-d78671040000 pid=1137</title>
|
||||
<path fill="none" stroke="black" d="M1075,-400.34C1075,-387.45 1075,-369.43 1075,-353.87"/>
|
||||
<polygon fill="black" stroke="black" points="1078.5,-353.58 1075,-343.58 1071.5,-353.58 1078.5,-353.58"/>
|
||||
<text text-anchor="middle" x="1096.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=71ab3bcc-0c00-0000-2b3c-d78673040000 pid=1139 -->
|
||||
<g id="node26" class="node">
|
||||
<title>guuid=71ab3bcc-0c00-0000-2b3c-d78673040000 pid=1139</title>
|
||||
<path fill="white" stroke="black" d="M1162,-302.5C1162,-302.5 1232,-302.5 1232,-302.5 1238,-302.5 1244,-308.5 1244,-314.5 1244,-314.5 1244,-326.5 1244,-326.5 1244,-332.5 1238,-338.5 1232,-338.5 1232,-338.5 1162,-338.5 1162,-338.5 1156,-338.5 1150,-332.5 1150,-326.5 1150,-326.5 1150,-314.5 1150,-314.5 1150,-308.5 1156,-302.5 1162,-302.5"/>
|
||||
<text text-anchor="middle" x="1197" y="-316.8" font-family="Arial" font-size="14.00">/usr/bin/dash</text>
|
||||
</g>
|
||||
<!-- guuid=31bb38cc-0c00-0000-2b3c-d78672040000 pid=1138->guuid=71ab3bcc-0c00-0000-2b3c-d78673040000 pid=1139 -->
|
||||
<g id="edge25" class="edge">
|
||||
<title>guuid=31bb38cc-0c00-0000-2b3c-d78672040000 pid=1138->guuid=71ab3bcc-0c00-0000-2b3c-d78673040000 pid=1139</title>
|
||||
<path fill="none" stroke="black" d="M1197,-400.34C1197,-386 1197,-365.31 1197,-348.72"/>
|
||||
<polygon fill="black" stroke="black" points="1200.5,-348.51 1197,-338.51 1193.5,-348.51 1200.5,-348.51"/>
|
||||
<text text-anchor="middle" x="1218.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=e97f4fcc-0c00-0000-2b3c-d78674040000 pid=1140 -->
|
||||
<g id="node27" class="node">
|
||||
<title>guuid=e97f4fcc-0c00-0000-2b3c-d78674040000 pid=1140</title>
|
||||
<path fill="white" stroke="black" d="M1158.5,-209.5C1158.5,-209.5 1235.5,-209.5 1235.5,-209.5 1241.5,-209.5 1247.5,-215.5 1247.5,-221.5 1247.5,-221.5 1247.5,-233.5 1247.5,-233.5 1247.5,-239.5 1241.5,-245.5 1235.5,-245.5 1235.5,-245.5 1158.5,-245.5 1158.5,-245.5 1152.5,-245.5 1146.5,-239.5 1146.5,-233.5 1146.5,-233.5 1146.5,-221.5 1146.5,-221.5 1146.5,-215.5 1152.5,-209.5 1158.5,-209.5"/>
|
||||
<text text-anchor="middle" x="1197" y="-223.8" font-family="Arial" font-size="14.00">/usr/bin/oracle</text>
|
||||
</g>
|
||||
<!-- guuid=71ab3bcc-0c00-0000-2b3c-d78673040000 pid=1139->guuid=e97f4fcc-0c00-0000-2b3c-d78674040000 pid=1140 -->
|
||||
<g id="edge26" class="edge">
|
||||
<title>guuid=71ab3bcc-0c00-0000-2b3c-d78673040000 pid=1139->guuid=e97f4fcc-0c00-0000-2b3c-d78674040000 pid=1140</title>
|
||||
<path fill="none" stroke="black" d="M1197,-302.38C1197,-289.29 1197,-270.98 1197,-255.86"/>
|
||||
<polygon fill="black" stroke="black" points="1200.5,-255.54 1197,-245.54 1193.5,-255.54 1200.5,-255.54"/>
|
||||
<text text-anchor="middle" x="1218.5" y="-267.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=00ebffcc-0c00-0000-2b3c-d78675040000 pid=1141 -->
|
||||
<g id="node28" class="node">
|
||||
<title>guuid=00ebffcc-0c00-0000-2b3c-d78675040000 pid=1141</title>
|
||||
<path fill="#3b5741" stroke="black" d="M1128,-88.5C1128,-88.5 1266,-88.5 1266,-88.5 1272,-88.5 1278,-94.5 1278,-100.5 1278,-100.5 1278,-145.5 1278,-145.5 1278,-151.5 1272,-157.5 1266,-157.5 1266,-157.5 1128,-157.5 1128,-157.5 1122,-157.5 1116,-151.5 1116,-145.5 1116,-145.5 1116,-100.5 1116,-100.5 1116,-94.5 1122,-88.5 1128,-88.5"/>
|
||||
<text text-anchor="middle" x="1166.5" y="-142.3" font-family="Arial" font-size="14.00" fill="#fff000">/usr/bin/oracle</text>
|
||||
<polyline fill="none" stroke="black" points="1116,-134.5 1217,-134.5 "/>
|
||||
<text text-anchor="middle" x="1166.5" y="-119.3" font-family="Arial" font-size="14.00" fill="#fff000">delete-file</text>
|
||||
<polyline fill="none" stroke="black" points="1116,-111.5 1217,-111.5 "/>
|
||||
<text text-anchor="middle" x="1166.5" y="-96.3" font-family="Arial" font-size="14.00" fill="#fff000">write-file</text>
|
||||
<polyline fill="none" stroke="black" points="1217,-88.5 1217,-157.5 "/>
|
||||
<text text-anchor="middle" x="1247.5" y="-119.3" font-family="Arial" font-size="14.00" fill="#fff000">zombie</text>
|
||||
</g>
|
||||
<!-- guuid=e97f4fcc-0c00-0000-2b3c-d78674040000 pid=1140->guuid=00ebffcc-0c00-0000-2b3c-d78675040000 pid=1141 -->
|
||||
<g id="edge27" class="edge">
|
||||
<title>guuid=e97f4fcc-0c00-0000-2b3c-d78674040000 pid=1140->guuid=00ebffcc-0c00-0000-2b3c-d78675040000 pid=1141</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1197,-209.11C1197,-197.81 1197,-182.52 1197,-168.02"/>
|
||||
<polygon fill="black" stroke="black" points="1200.5,-167.67 1197,-157.67 1193.5,-167.67 1200.5,-167.67"/>
|
||||
<text text-anchor="middle" x="1213.5" y="-179.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=00ebffcc-0c00-0000-2b3c-d78675040000 pid=1151 -->
|
||||
<g id="node39" class="node">
|
||||
<title>guuid=00ebffcc-0c00-0000-2b3c-d78675040000 pid=1151</title>
|
||||
<path fill="white" stroke="black" d="M1158.5,-0.5C1158.5,-0.5 1235.5,-0.5 1235.5,-0.5 1241.5,-0.5 1247.5,-6.5 1247.5,-12.5 1247.5,-12.5 1247.5,-24.5 1247.5,-24.5 1247.5,-30.5 1241.5,-36.5 1235.5,-36.5 1235.5,-36.5 1158.5,-36.5 1158.5,-36.5 1152.5,-36.5 1146.5,-30.5 1146.5,-24.5 1146.5,-24.5 1146.5,-12.5 1146.5,-12.5 1146.5,-6.5 1152.5,-0.5 1158.5,-0.5"/>
|
||||
<text text-anchor="middle" x="1197" y="-14.8" font-family="Arial" font-size="14.00">/usr/bin/oracle</text>
|
||||
</g>
|
||||
<!-- guuid=00ebffcc-0c00-0000-2b3c-d78675040000 pid=1141->guuid=00ebffcc-0c00-0000-2b3c-d78675040000 pid=1151 -->
|
||||
<g id="edge38" class="edge">
|
||||
<title>guuid=00ebffcc-0c00-0000-2b3c-d78675040000 pid=1141->guuid=00ebffcc-0c00-0000-2b3c-d78675040000 pid=1151</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M1197,-88.44C1197,-74.94 1197,-59.57 1197,-46.77"/>
|
||||
<polygon fill="black" stroke="black" points="1200.5,-46.73 1197,-36.73 1193.5,-46.73 1200.5,-46.73"/>
|
||||
<text text-anchor="middle" x="1213.5" y="-58.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=185226cd-0c00-0000-2b3c-d78677040000 pid=1143 -->
|
||||
<g id="node30" class="node">
|
||||
<title>guuid=185226cd-0c00-0000-2b3c-d78677040000 pid=1143</title>
|
||||
<path fill="white" stroke="black" d="M1282,-302.5C1282,-302.5 1356,-302.5 1356,-302.5 1362,-302.5 1368,-308.5 1368,-314.5 1368,-314.5 1368,-326.5 1368,-326.5 1368,-332.5 1362,-338.5 1356,-338.5 1356,-338.5 1282,-338.5 1282,-338.5 1276,-338.5 1270,-332.5 1270,-326.5 1270,-326.5 1270,-314.5 1270,-314.5 1270,-308.5 1276,-302.5 1282,-302.5"/>
|
||||
<text text-anchor="middle" x="1319" y="-316.8" font-family="Arial" font-size="14.00">/usr/bin/kmod</text>
|
||||
</g>
|
||||
<!-- guuid=c9df14cd-0c00-0000-2b3c-d78676040000 pid=1142->guuid=185226cd-0c00-0000-2b3c-d78677040000 pid=1143 -->
|
||||
<g id="edge29" class="edge">
|
||||
<title>guuid=c9df14cd-0c00-0000-2b3c-d78676040000 pid=1142->guuid=185226cd-0c00-0000-2b3c-d78677040000 pid=1143</title>
|
||||
<path fill="none" stroke="black" d="M1319,-400.34C1319,-386 1319,-365.31 1319,-348.72"/>
|
||||
<polygon fill="black" stroke="black" points="1322.5,-348.51 1319,-338.51 1315.5,-348.51 1322.5,-348.51"/>
|
||||
<text text-anchor="middle" x="1340.5" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- 10.0.2.3 -->
|
||||
<g id="node38" class="node">
|
||||
<title>10.0.2.3</title>
|
||||
<path fill="grey" stroke="black" d="M2206.5,-302.5C2206.5,-302.5 2247.5,-302.5 2247.5,-302.5 2253.5,-302.5 2259.5,-308.5 2259.5,-314.5 2259.5,-314.5 2259.5,-326.5 2259.5,-326.5 2259.5,-332.5 2253.5,-338.5 2247.5,-338.5 2247.5,-338.5 2206.5,-338.5 2206.5,-338.5 2200.5,-338.5 2194.5,-332.5 2194.5,-326.5 2194.5,-326.5 2194.5,-314.5 2194.5,-314.5 2194.5,-308.5 2200.5,-302.5 2206.5,-302.5"/>
|
||||
<text text-anchor="middle" x="2227" y="-316.8" font-family="Arial" font-size="14.00" fill="white">10.0.2.3</text>
|
||||
</g>
|
||||
<!-- guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1150->10.0.2.3 -->
|
||||
<g id="edge37" class="edge">
|
||||
<title>guuid=0a03d020-0b00-0000-2b3c-d7865b040000 pid=1150->10.0.2.3</title>
|
||||
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M2227,-395.23C2227,-381.33 2227,-363.33 2227,-348.6"/>
|
||||
<polygon fill="blue" stroke="blue" points="2230.5,-348.55 2227,-338.55 2223.5,-348.55 2230.5,-348.55"/>
|
||||
<text text-anchor="middle" x="2265" y="-365.8" font-family="Arial" font-size="14.00" fill="blue">send: 1734B</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 52 KiB |
Binary file not shown.
|
|
@ -0,0 +1,14 @@
|
|||
analysis:
|
||||
duration_sec: 60
|
||||
timestamp: '2024-06-19T14:37:03.126703+00:00'
|
||||
kunai:
|
||||
args:
|
||||
- --include=all
|
||||
- --send-data-min-len=0
|
||||
version: kunai 0.2.3
|
||||
sample:
|
||||
args: []
|
||||
system:
|
||||
kernel: 5.10.0-30-cloud-amd64
|
||||
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
|
||||
x86_64 GNU/Linux'
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,24 @@
|
|||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
[2024-06-17T10:05:56Z ERROR kunai] some events have been lost in the way from kernel read=707 lost=421: consider filtering out some events or increase the number of buffered events in configuration
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats execve: 11
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats execve_script: 0
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats task_sched: 27
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats exit: 0
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats exit_group: 7
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats clone: 15
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats prctl: 5
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats init_module: 0
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats bpf_prog_load: 0
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats bpf_socket_filter: 0
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats mprotect_exec: 0
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats mmap_exec: 81
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats connect: 8
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats dns_query: 1
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats send_data: 5714
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats read: 121
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats read_config: 52
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats write: 21
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats write_config: 0
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats file_rename: 6
|
||||
[2024-06-17T10:05:56Z ERROR kunai] stats file_unlink: 0
|
||||
Binary file not shown.
|
|
@ -0,0 +1,193 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.43.0 (0)
|
||||
-->
|
||||
<!-- Title: %3 Pages: 1 -->
|
||||
<svg width="868pt" height="520pt"
|
||||
viewBox="0.00 0.00 867.51 520.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 516)">
|
||||
<title>%3</title>
|
||||
<polygon fill="white" stroke="transparent" points="-4,4 -4,-516 863.51,-516 863.51,4 -4,4"/>
|
||||
<!-- guuid=de5aab22-0b00-0000-2742-7dc259040000 pid=1113 -->
|
||||
<g id="node1" class="node">
|
||||
<title>guuid=de5aab22-0b00-0000-2742-7dc259040000 pid=1113</title>
|
||||
<path fill="white" stroke="black" d="M110.01,-475.5C110.01,-475.5 180.01,-475.5 180.01,-475.5 186.01,-475.5 192.01,-481.5 192.01,-487.5 192.01,-487.5 192.01,-499.5 192.01,-499.5 192.01,-505.5 186.01,-511.5 180.01,-511.5 180.01,-511.5 110.01,-511.5 110.01,-511.5 104.01,-511.5 98.01,-505.5 98.01,-499.5 98.01,-499.5 98.01,-487.5 98.01,-487.5 98.01,-481.5 104.01,-475.5 110.01,-475.5"/>
|
||||
<text text-anchor="middle" x="145.01" y="-489.8" font-family="Arial" font-size="14.00">/usr/bin/sudo</text>
|
||||
</g>
|
||||
<!-- guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114 -->
|
||||
<g id="node2" class="node">
|
||||
<title>guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114</title>
|
||||
<path fill="#ffbfbf" stroke="black" d="M100.51,-377.5C100.51,-377.5 189.51,-377.5 189.51,-377.5 195.51,-377.5 201.51,-383.5 201.51,-389.5 201.51,-389.5 201.51,-411.5 201.51,-411.5 201.51,-417.5 195.51,-423.5 189.51,-423.5 189.51,-423.5 100.51,-423.5 100.51,-423.5 94.51,-423.5 88.51,-417.5 88.51,-411.5 88.51,-411.5 88.51,-389.5 88.51,-389.5 88.51,-383.5 94.51,-377.5 100.51,-377.5"/>
|
||||
<text text-anchor="middle" x="145.01" y="-408.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="88.51,-400.5 201.51,-400.5 "/>
|
||||
<text text-anchor="middle" x="145.01" y="-385.3" font-family="Arial" font-size="14.00">net</text>
|
||||
</g>
|
||||
<!-- guuid=de5aab22-0b00-0000-2742-7dc259040000 pid=1113->guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114 -->
|
||||
<g id="edge1" class="edge">
|
||||
<title>guuid=de5aab22-0b00-0000-2742-7dc259040000 pid=1113->guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114</title>
|
||||
<path fill="none" stroke="black" d="M145.01,-475.38C145.01,-463.73 145.01,-447.95 145.01,-433.96"/>
|
||||
<polygon fill="black" stroke="black" points="148.51,-433.71 145.01,-423.71 141.51,-433.71 148.51,-433.71"/>
|
||||
<text text-anchor="middle" x="166.51" y="-445.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- 8.8.8.8 -->
|
||||
<g id="node3" class="node">
|
||||
<title>8.8.8.8</title>
|
||||
<path fill="grey" stroke="black" d="M205.01,-1C205.01,-1 239.01,-1 239.01,-1 245.01,-1 251.01,-7 251.01,-13 251.01,-13 251.01,-25 251.01,-25 251.01,-31 245.01,-37 239.01,-37 239.01,-37 205.01,-37 205.01,-37 199.01,-37 193.01,-31 193.01,-25 193.01,-25 193.01,-13 193.01,-13 193.01,-7 199.01,-1 205.01,-1"/>
|
||||
<text text-anchor="middle" x="222.01" y="-15.3" font-family="Arial" font-size="14.00" fill="white">8.8.8.8</text>
|
||||
</g>
|
||||
<!-- guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114->8.8.8.8 -->
|
||||
<g id="edge2" class="edge">
|
||||
<title>guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114->8.8.8.8</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M88.46,-382.87C60.84,-371.58 30.15,-353.57 14.01,-326 -6.88,-290.33 -1.58,-271.28 14.01,-233 48.95,-147.2 136.93,-77.13 186.55,-42.83"/>
|
||||
<polygon fill="green" stroke="green" points="188.75,-45.56 195.05,-37.04 184.81,-39.77 188.75,-45.56"/>
|
||||
<text text-anchor="middle" x="40.01" y="-203.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- guuid=52b87523-0b00-0000-2742-7dc25b040000 pid=1115 -->
|
||||
<g id="node4" class="node">
|
||||
<title>guuid=52b87523-0b00-0000-2742-7dc25b040000 pid=1115</title>
|
||||
<path fill="white" stroke="black" d="M35.51,-261.5C35.51,-261.5 124.51,-261.5 124.51,-261.5 130.51,-261.5 136.51,-267.5 136.51,-273.5 136.51,-273.5 136.51,-285.5 136.51,-285.5 136.51,-291.5 130.51,-297.5 124.51,-297.5 124.51,-297.5 35.51,-297.5 35.51,-297.5 29.51,-297.5 23.51,-291.5 23.51,-285.5 23.51,-285.5 23.51,-273.5 23.51,-273.5 23.51,-267.5 29.51,-261.5 35.51,-261.5"/>
|
||||
<text text-anchor="middle" x="80.01" y="-275.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114->guuid=52b87523-0b00-0000-2742-7dc25b040000 pid=1115 -->
|
||||
<g id="edge3" class="edge">
|
||||
<title>guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114->guuid=52b87523-0b00-0000-2742-7dc25b040000 pid=1115</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M132.94,-377.4C122,-357.37 105.87,-327.84 94.3,-306.65"/>
|
||||
<polygon fill="black" stroke="black" points="97.35,-304.95 89.49,-297.85 91.21,-308.3 97.35,-304.95"/>
|
||||
<text text-anchor="middle" x="139.51" y="-347.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=1a137723-0b00-0000-2742-7dc25c040000 pid=1116 -->
|
||||
<g id="node5" class="node">
|
||||
<title>guuid=1a137723-0b00-0000-2742-7dc25c040000 pid=1116</title>
|
||||
<path fill="white" stroke="black" d="M166.51,-261.5C166.51,-261.5 255.51,-261.5 255.51,-261.5 261.51,-261.5 267.51,-267.5 267.51,-273.5 267.51,-273.5 267.51,-285.5 267.51,-285.5 267.51,-291.5 261.51,-297.5 255.51,-297.5 255.51,-297.5 166.51,-297.5 166.51,-297.5 160.51,-297.5 154.51,-291.5 154.51,-285.5 154.51,-285.5 154.51,-273.5 154.51,-273.5 154.51,-267.5 160.51,-261.5 166.51,-261.5"/>
|
||||
<text text-anchor="middle" x="211.01" y="-275.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114->guuid=1a137723-0b00-0000-2742-7dc25c040000 pid=1116 -->
|
||||
<g id="edge4" class="edge">
|
||||
<title>guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114->guuid=1a137723-0b00-0000-2742-7dc25c040000 pid=1116</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M157.27,-377.4C168.38,-357.37 184.75,-327.84 196.5,-306.65"/>
|
||||
<polygon fill="black" stroke="black" points="199.6,-308.29 201.39,-297.85 193.48,-304.9 199.6,-308.29"/>
|
||||
<text text-anchor="middle" x="190.51" y="-347.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=66368023-0b00-0000-2742-7dc25d040000 pid=1117 -->
|
||||
<g id="node6" class="node">
|
||||
<title>guuid=66368023-0b00-0000-2742-7dc25d040000 pid=1117</title>
|
||||
<path fill="#3b5741" stroke="black" d="M298.01,-233.5C298.01,-233.5 448.01,-233.5 448.01,-233.5 454.01,-233.5 460.01,-239.5 460.01,-245.5 460.01,-245.5 460.01,-313.5 460.01,-313.5 460.01,-319.5 454.01,-325.5 448.01,-325.5 448.01,-325.5 298.01,-325.5 298.01,-325.5 292.01,-325.5 286.01,-319.5 286.01,-313.5 286.01,-313.5 286.01,-245.5 286.01,-245.5 286.01,-239.5 292.01,-233.5 298.01,-233.5"/>
|
||||
<text text-anchor="middle" x="342.51" y="-310.3" font-family="Arial" font-size="14.00" fill="#fff000">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="286.01,-302.5 399.01,-302.5 "/>
|
||||
<text text-anchor="middle" x="342.51" y="-287.3" font-family="Arial" font-size="14.00" fill="#fff000">dns</text>
|
||||
<polyline fill="none" stroke="black" points="286.01,-279.5 399.01,-279.5 "/>
|
||||
<text text-anchor="middle" x="342.51" y="-264.3" font-family="Arial" font-size="14.00" fill="#fff000">net</text>
|
||||
<polyline fill="none" stroke="black" points="286.01,-256.5 399.01,-256.5 "/>
|
||||
<text text-anchor="middle" x="342.51" y="-241.3" font-family="Arial" font-size="14.00" fill="#fff000">send-data</text>
|
||||
<polyline fill="none" stroke="black" points="399.01,-233.5 399.01,-325.5 "/>
|
||||
<text text-anchor="middle" x="429.51" y="-275.8" font-family="Arial" font-size="14.00" fill="#fff000">zombie</text>
|
||||
</g>
|
||||
<!-- guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114->guuid=66368023-0b00-0000-2742-7dc25d040000 pid=1117 -->
|
||||
<g id="edge5" class="edge">
|
||||
<title>guuid=ce196323-0b00-0000-2742-7dc25a040000 pid=1114->guuid=66368023-0b00-0000-2742-7dc25d040000 pid=1117</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M187.36,-377.4C212.68,-364.18 245.92,-346.83 277.28,-330.47"/>
|
||||
<polygon fill="black" stroke="black" points="279.25,-333.38 286.5,-325.65 276.01,-327.18 279.25,-333.38"/>
|
||||
<text text-anchor="middle" x="261.51" y="-347.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=66368023-0b00-0000-2742-7dc25d040000 pid=1117->8.8.8.8 -->
|
||||
<g id="edge6" class="edge">
|
||||
<title>guuid=66368023-0b00-0000-2742-7dc25d040000 pid=1117->8.8.8.8</title>
|
||||
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M285.75,-237.37C264.26,-222.95 243.78,-204.57 231.01,-182 207.24,-139.96 211.27,-81.57 216.53,-47.59"/>
|
||||
<polygon fill="blue" stroke="blue" points="220.02,-47.91 218.24,-37.46 213.12,-46.74 220.02,-47.91"/>
|
||||
<text text-anchor="middle" x="265.51" y="-131.8" font-family="Arial" font-size="14.00" fill="blue">send: 264B</text>
|
||||
</g>
|
||||
<!-- pty.su -->
|
||||
<g id="node7" class="node">
|
||||
<title>pty.su</title>
|
||||
<path fill="grey" stroke="black" d="M321.01,-117.5C321.01,-117.5 351.01,-117.5 351.01,-117.5 357.01,-117.5 363.01,-123.5 363.01,-129.5 363.01,-129.5 363.01,-141.5 363.01,-141.5 363.01,-147.5 357.01,-153.5 351.01,-153.5 351.01,-153.5 321.01,-153.5 321.01,-153.5 315.01,-153.5 309.01,-147.5 309.01,-141.5 309.01,-141.5 309.01,-129.5 309.01,-129.5 309.01,-123.5 315.01,-117.5 321.01,-117.5"/>
|
||||
<text text-anchor="middle" x="336.01" y="-131.8" font-family="Arial" font-size="14.00" fill="white">pty.su</text>
|
||||
</g>
|
||||
<!-- guuid=66368023-0b00-0000-2742-7dc25d040000 pid=1117->pty.su -->
|
||||
<g id="edge7" class="edge">
|
||||
<title>guuid=66368023-0b00-0000-2742-7dc25d040000 pid=1117->pty.su</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M361.2,-233.18C355.21,-210.2 348.14,-183.07 343.02,-163.41"/>
|
||||
<polygon fill="green" stroke="green" points="346.37,-162.4 340.47,-153.6 339.6,-164.16 346.37,-162.4"/>
|
||||
<text text-anchor="middle" x="366.01" y="-203.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118 -->
|
||||
<g id="node8" class="node">
|
||||
<title>guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118</title>
|
||||
<path fill="#ff3f3f" stroke="black" d="M393.51,-89.5C393.51,-89.5 482.51,-89.5 482.51,-89.5 488.51,-89.5 494.51,-95.5 494.51,-101.5 494.51,-101.5 494.51,-169.5 494.51,-169.5 494.51,-175.5 488.51,-181.5 482.51,-181.5 482.51,-181.5 393.51,-181.5 393.51,-181.5 387.51,-181.5 381.51,-175.5 381.51,-169.5 381.51,-169.5 381.51,-101.5 381.51,-101.5 381.51,-95.5 387.51,-89.5 393.51,-89.5"/>
|
||||
<text text-anchor="middle" x="438.01" y="-166.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="381.51,-158.5 494.51,-158.5 "/>
|
||||
<text text-anchor="middle" x="438.01" y="-143.3" font-family="Arial" font-size="14.00">net</text>
|
||||
<polyline fill="none" stroke="black" points="381.51,-135.5 494.51,-135.5 "/>
|
||||
<text text-anchor="middle" x="438.01" y="-120.3" font-family="Arial" font-size="14.00">net-scan</text>
|
||||
<polyline fill="none" stroke="black" points="381.51,-112.5 494.51,-112.5 "/>
|
||||
<text text-anchor="middle" x="438.01" y="-97.3" font-family="Arial" font-size="14.00">send-data</text>
|
||||
</g>
|
||||
<!-- guuid=66368023-0b00-0000-2742-7dc25d040000 pid=1117->guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118 -->
|
||||
<g id="edge8" class="edge">
|
||||
<title>guuid=66368023-0b00-0000-2742-7dc25d040000 pid=1117->guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M393.75,-233.18C399.85,-219.86 406.59,-205.14 412.93,-191.3"/>
|
||||
<polygon fill="black" stroke="black" points="416.26,-192.43 417.24,-181.88 409.89,-189.51 416.26,-192.43"/>
|
||||
<text text-anchor="middle" x="423.51" y="-203.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118->8.8.8.8 -->
|
||||
<g id="edge9" class="edge">
|
||||
<title>guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118->8.8.8.8</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M381.22,-94.32C378.14,-92.47 375.06,-90.68 372.01,-89 354.23,-79.19 348.53,-79.34 330.01,-71 306.73,-60.52 280.85,-48.32 260.27,-38.48"/>
|
||||
<polygon fill="green" stroke="green" points="261.74,-35.31 251.21,-34.14 258.72,-41.62 261.74,-35.31"/>
|
||||
<text text-anchor="middle" x="341.01" y="-59.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- 197.15.8.245 -->
|
||||
<g id="node9" class="node">
|
||||
<title>197.15.8.245</title>
|
||||
<path fill="grey" stroke="black" d="M283.51,-1C283.51,-1 354.51,-1 354.51,-1 360.51,-1 366.51,-7 366.51,-13 366.51,-13 366.51,-25 366.51,-25 366.51,-31 360.51,-37 354.51,-37 354.51,-37 283.51,-37 283.51,-37 277.51,-37 271.51,-31 271.51,-25 271.51,-25 271.51,-13 271.51,-13 271.51,-7 277.51,-1 283.51,-1"/>
|
||||
<text text-anchor="middle" x="319.01" y="-15.3" font-family="Arial" font-size="14.00" fill="white">197.15.8.245</text>
|
||||
</g>
|
||||
<!-- guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118->197.15.8.245 -->
|
||||
<g id="edge10" class="edge">
|
||||
<title>guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118->197.15.8.245</title>
|
||||
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M389.97,-89.16C383.58,-83.07 377.12,-76.9 371.01,-71 362,-62.31 352.18,-52.72 343.53,-44.21"/>
|
||||
<polygon fill="blue" stroke="blue" points="345.85,-41.59 336.27,-37.07 340.94,-46.58 345.85,-41.59"/>
|
||||
<text text-anchor="middle" x="401.51" y="-59.8" font-family="Arial" font-size="14.00" fill="blue">send: 40B</text>
|
||||
</g>
|
||||
<!-- 94.121.73.170 -->
|
||||
<g id="node10" class="node">
|
||||
<title>94.121.73.170</title>
|
||||
<path fill="grey" stroke="black" d="M396.51,-1C396.51,-1 475.51,-1 475.51,-1 481.51,-1 487.51,-7 487.51,-13 487.51,-13 487.51,-25 487.51,-25 487.51,-31 481.51,-37 475.51,-37 475.51,-37 396.51,-37 396.51,-37 390.51,-37 384.51,-31 384.51,-25 384.51,-25 384.51,-13 384.51,-13 384.51,-7 390.51,-1 396.51,-1"/>
|
||||
<text text-anchor="middle" x="436.01" y="-15.3" font-family="Arial" font-size="14.00" fill="white">94.121.73.170</text>
|
||||
</g>
|
||||
<!-- guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118->94.121.73.170 -->
|
||||
<g id="edge11" class="edge">
|
||||
<title>guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118->94.121.73.170</title>
|
||||
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M437.22,-89.25C436.97,-75.13 436.71,-59.99 436.49,-47.48"/>
|
||||
<polygon fill="blue" stroke="blue" points="439.99,-47.2 436.31,-37.26 432.99,-47.32 439.99,-47.2"/>
|
||||
<text text-anchor="middle" x="466.51" y="-59.8" font-family="Arial" font-size="14.00" fill="blue">send: 40B</text>
|
||||
</g>
|
||||
<!-- guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118|send-data -->
|
||||
<g id="node11" class="node">
|
||||
<title>guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118|send-data</title>
|
||||
<path fill="grey" stroke="black" d="M716.51,-38C716.51,-38 517.51,-38 517.51,-38 511.51,-38 505.51,-32 505.51,-26 505.51,-26 505.51,-12 505.51,-12 505.51,-6 511.51,0 517.51,0 517.51,0 716.51,0 716.51,0 722.51,0 728.51,-6 728.51,-12 728.51,-12 728.51,-26 728.51,-26 728.51,-32 722.51,-38 716.51,-38"/>
|
||||
<text text-anchor="middle" x="617.01" y="-22.8" font-family="Arial" font-size="14.00" fill="white">send-data to 307377 IP addresses</text>
|
||||
<text text-anchor="middle" x="617.01" y="-7.8" font-family="Arial" font-size="14.00" fill="white">review logs to see them all</text>
|
||||
</g>
|
||||
<!-- guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118->guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118|send-data -->
|
||||
<g id="edge12" class="edge">
|
||||
<title>guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118->guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118|send-data</title>
|
||||
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M494.65,-98.27C522.56,-80.42 555.43,-59.39 580.07,-43.63"/>
|
||||
<polygon fill="blue" stroke="blue" points="582.21,-46.42 588.75,-38.08 578.44,-40.52 582.21,-46.42"/>
|
||||
<text text-anchor="middle" x="574.01" y="-59.8" font-family="Arial" font-size="14.00" fill="blue">send</text>
|
||||
</g>
|
||||
<!-- guuid=78439723-0b00-0000-2742-7dc25f040000 pid=1119 -->
|
||||
<g id="node12" class="node">
|
||||
<title>guuid=78439723-0b00-0000-2742-7dc25f040000 pid=1119</title>
|
||||
<path fill="white" stroke="black" d="M758.51,-1C758.51,-1 847.51,-1 847.51,-1 853.51,-1 859.51,-7 859.51,-13 859.51,-13 859.51,-25 859.51,-25 859.51,-31 853.51,-37 847.51,-37 847.51,-37 758.51,-37 758.51,-37 752.51,-37 746.51,-31 746.51,-25 746.51,-25 746.51,-13 746.51,-13 746.51,-7 752.51,-1 758.51,-1"/>
|
||||
<text text-anchor="middle" x="803.01" y="-15.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118->guuid=78439723-0b00-0000-2742-7dc25f040000 pid=1119 -->
|
||||
<g id="edge13" class="edge">
|
||||
<title>guuid=e72c8d23-0b00-0000-2742-7dc25e040000 pid=1118->guuid=78439723-0b00-0000-2742-7dc25f040000 pid=1119</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M494.64,-116.74C560.68,-96.02 669.58,-61.86 738.73,-40.17"/>
|
||||
<polygon fill="black" stroke="black" points="740.14,-43.39 748.63,-37.06 738.04,-36.71 740.14,-43.39"/>
|
||||
<text text-anchor="middle" x="700.51" y="-59.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 18 KiB |
|
|
@ -0,0 +1,14 @@
|
|||
analysis:
|
||||
duration_sec: 60
|
||||
timestamp: '2024-06-19T14:27:43.043251+00:00'
|
||||
kunai:
|
||||
args:
|
||||
- --include=all
|
||||
- --send-data-min-len=0
|
||||
version: kunai 0.2.3
|
||||
sample:
|
||||
args: []
|
||||
system:
|
||||
kernel: 5.10.0-30-cloud-amd64
|
||||
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
|
||||
x86_64 GNU/Linux'
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,2 @@
|
|||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
Infected
|
||||
|
|
@ -0,0 +1,215 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.43.0 (0)
|
||||
-->
|
||||
<!-- Title: %3 Pages: 1 -->
|
||||
<svg width="566pt" height="672pt"
|
||||
viewBox="0.00 0.00 565.50 672.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 668)">
|
||||
<title>%3</title>
|
||||
<polygon fill="white" stroke="transparent" points="-4,4 -4,-668 561.5,-668 561.5,4 -4,4"/>
|
||||
<!-- guuid=01272926-0b00-0000-79d1-e3c959040000 pid=1113 -->
|
||||
<g id="node1" class="node">
|
||||
<title>guuid=01272926-0b00-0000-79d1-e3c959040000 pid=1113</title>
|
||||
<path fill="white" stroke="black" d="M230.5,-627.5C230.5,-627.5 300.5,-627.5 300.5,-627.5 306.5,-627.5 312.5,-633.5 312.5,-639.5 312.5,-639.5 312.5,-651.5 312.5,-651.5 312.5,-657.5 306.5,-663.5 300.5,-663.5 300.5,-663.5 230.5,-663.5 230.5,-663.5 224.5,-663.5 218.5,-657.5 218.5,-651.5 218.5,-651.5 218.5,-639.5 218.5,-639.5 218.5,-633.5 224.5,-627.5 230.5,-627.5"/>
|
||||
<text text-anchor="middle" x="265.5" y="-641.8" font-family="Arial" font-size="14.00">/usr/bin/sudo</text>
|
||||
</g>
|
||||
<!-- guuid=bbcd9627-0b00-0000-79d1-e3c95a040000 pid=1114 -->
|
||||
<g id="node2" class="node">
|
||||
<title>guuid=bbcd9627-0b00-0000-79d1-e3c95a040000 pid=1114</title>
|
||||
<path fill="#ffbfbf" stroke="black" d="M221,-529.5C221,-529.5 310,-529.5 310,-529.5 316,-529.5 322,-535.5 322,-541.5 322,-541.5 322,-563.5 322,-563.5 322,-569.5 316,-575.5 310,-575.5 310,-575.5 221,-575.5 221,-575.5 215,-575.5 209,-569.5 209,-563.5 209,-563.5 209,-541.5 209,-541.5 209,-535.5 215,-529.5 221,-529.5"/>
|
||||
<text text-anchor="middle" x="265.5" y="-560.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="209,-552.5 322,-552.5 "/>
|
||||
<text text-anchor="middle" x="265.5" y="-537.3" font-family="Arial" font-size="14.00">net</text>
|
||||
</g>
|
||||
<!-- guuid=01272926-0b00-0000-79d1-e3c959040000 pid=1113->guuid=bbcd9627-0b00-0000-79d1-e3c95a040000 pid=1114 -->
|
||||
<g id="edge1" class="edge">
|
||||
<title>guuid=01272926-0b00-0000-79d1-e3c959040000 pid=1113->guuid=bbcd9627-0b00-0000-79d1-e3c95a040000 pid=1114</title>
|
||||
<path fill="none" stroke="black" d="M265.5,-627.38C265.5,-615.73 265.5,-599.95 265.5,-585.96"/>
|
||||
<polygon fill="black" stroke="black" points="269,-585.71 265.5,-575.71 262,-585.71 269,-585.71"/>
|
||||
<text text-anchor="middle" x="287" y="-597.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- 8.8.8.8 -->
|
||||
<g id="node3" class="node">
|
||||
<title>8.8.8.8</title>
|
||||
<path fill="grey" stroke="black" d="M245.5,-297C245.5,-297 279.5,-297 279.5,-297 285.5,-297 291.5,-303 291.5,-309 291.5,-309 291.5,-321 291.5,-321 291.5,-327 285.5,-333 279.5,-333 279.5,-333 245.5,-333 245.5,-333 239.5,-333 233.5,-327 233.5,-321 233.5,-321 233.5,-309 233.5,-309 233.5,-303 239.5,-297 245.5,-297"/>
|
||||
<text text-anchor="middle" x="262.5" y="-311.3" font-family="Arial" font-size="14.00" fill="white">8.8.8.8</text>
|
||||
</g>
|
||||
<!-- guuid=bbcd9627-0b00-0000-79d1-e3c95a040000 pid=1114->8.8.8.8 -->
|
||||
<g id="edge2" class="edge">
|
||||
<title>guuid=bbcd9627-0b00-0000-79d1-e3c95a040000 pid=1114->8.8.8.8</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M265.22,-529.34C264.67,-486 263.44,-390.14 262.85,-343.1"/>
|
||||
<polygon fill="green" stroke="green" points="266.34,-343 262.72,-333.05 259.34,-343.09 266.34,-343"/>
|
||||
<text text-anchor="middle" x="276.5" y="-427.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115 -->
|
||||
<g id="node4" class="node">
|
||||
<title>guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115</title>
|
||||
<path fill="#3b5741" stroke="black" d="M67.5,-385.5C67.5,-385.5 217.5,-385.5 217.5,-385.5 223.5,-385.5 229.5,-391.5 229.5,-397.5 229.5,-397.5 229.5,-465.5 229.5,-465.5 229.5,-471.5 223.5,-477.5 217.5,-477.5 217.5,-477.5 67.5,-477.5 67.5,-477.5 61.5,-477.5 55.5,-471.5 55.5,-465.5 55.5,-465.5 55.5,-397.5 55.5,-397.5 55.5,-391.5 61.5,-385.5 67.5,-385.5"/>
|
||||
<text text-anchor="middle" x="112" y="-462.3" font-family="Arial" font-size="14.00" fill="#fff000">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="55.5,-454.5 168.5,-454.5 "/>
|
||||
<text text-anchor="middle" x="112" y="-439.3" font-family="Arial" font-size="14.00" fill="#fff000">net</text>
|
||||
<polyline fill="none" stroke="black" points="55.5,-431.5 168.5,-431.5 "/>
|
||||
<text text-anchor="middle" x="112" y="-416.3" font-family="Arial" font-size="14.00" fill="#fff000">net-scan</text>
|
||||
<polyline fill="none" stroke="black" points="55.5,-408.5 168.5,-408.5 "/>
|
||||
<text text-anchor="middle" x="112" y="-393.3" font-family="Arial" font-size="14.00" fill="#fff000">send-data</text>
|
||||
<polyline fill="none" stroke="black" points="168.5,-385.5 168.5,-477.5 "/>
|
||||
<text text-anchor="middle" x="199" y="-427.8" font-family="Arial" font-size="14.00" fill="#fff000">zombie</text>
|
||||
</g>
|
||||
<!-- guuid=bbcd9627-0b00-0000-79d1-e3c95a040000 pid=1114->guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115 -->
|
||||
<g id="edge3" class="edge">
|
||||
<title>guuid=bbcd9627-0b00-0000-79d1-e3c95a040000 pid=1114->guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M238.78,-529.21C232.05,-523.4 224.92,-517.06 218.5,-511 209.77,-502.76 200.71,-493.8 192.02,-484.97"/>
|
||||
<polygon fill="black" stroke="black" points="194.32,-482.32 184.82,-477.61 189.31,-487.21 194.32,-482.32"/>
|
||||
<text text-anchor="middle" x="235" y="-499.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=bb4e4328-0b00-0000-79d1-e3c95c040000 pid=1116 -->
|
||||
<g id="node6" class="node">
|
||||
<title>guuid=bb4e4328-0b00-0000-79d1-e3c95c040000 pid=1116</title>
|
||||
<path fill="white" stroke="black" d="M322,-413.5C322,-413.5 411,-413.5 411,-413.5 417,-413.5 423,-419.5 423,-425.5 423,-425.5 423,-437.5 423,-437.5 423,-443.5 417,-449.5 411,-449.5 411,-449.5 322,-449.5 322,-449.5 316,-449.5 310,-443.5 310,-437.5 310,-437.5 310,-425.5 310,-425.5 310,-419.5 316,-413.5 322,-413.5"/>
|
||||
<text text-anchor="middle" x="366.5" y="-427.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=bbcd9627-0b00-0000-79d1-e3c95a040000 pid=1114->guuid=bb4e4328-0b00-0000-79d1-e3c95c040000 pid=1116 -->
|
||||
<g id="edge6" class="edge">
|
||||
<title>guuid=bbcd9627-0b00-0000-79d1-e3c95a040000 pid=1114->guuid=bb4e4328-0b00-0000-79d1-e3c95c040000 pid=1116</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M284.26,-529.4C301.56,-509.01 327.22,-478.78 345.26,-457.52"/>
|
||||
<polygon fill="black" stroke="black" points="347.97,-459.74 351.77,-449.85 342.63,-455.21 347.97,-459.74"/>
|
||||
<text text-anchor="middle" x="327" y="-499.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115->8.8.8.8 -->
|
||||
<g id="edge4" class="edge">
|
||||
<title>guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115->8.8.8.8</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M189.93,-385.25C205.92,-369.99 223.16,-353.54 236.82,-340.5"/>
|
||||
<polygon fill="green" stroke="green" points="239.59,-342.69 244.41,-333.26 234.76,-337.63 239.59,-342.69"/>
|
||||
<text text-anchor="middle" x="235.5" y="-355.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115|send-data -->
|
||||
<g id="node5" class="node">
|
||||
<title>guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115|send-data</title>
|
||||
<path fill="grey" stroke="black" d="M203,-334C203,-334 12,-334 12,-334 6,-334 0,-328 0,-322 0,-322 0,-308 0,-308 0,-302 6,-296 12,-296 12,-296 203,-296 203,-296 209,-296 215,-302 215,-308 215,-308 215,-322 215,-322 215,-328 209,-334 203,-334"/>
|
||||
<text text-anchor="middle" x="107.5" y="-318.8" font-family="Arial" font-size="14.00" fill="white">send-data to 40919 IP addresses</text>
|
||||
<text text-anchor="middle" x="107.5" y="-303.8" font-family="Arial" font-size="14.00" fill="white">review logs to see them all</text>
|
||||
</g>
|
||||
<!-- guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115->guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115|send-data -->
|
||||
<g id="edge5" class="edge">
|
||||
<title>guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115->guuid=f725dd27-0b00-0000-79d1-e3c95b040000 pid=1115|send-data</title>
|
||||
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M128.67,-385.25C124.4,-371.28 119.82,-356.32 116.02,-343.88"/>
|
||||
<polygon fill="blue" stroke="blue" points="119.31,-342.66 113.04,-334.12 112.61,-344.7 119.31,-342.66"/>
|
||||
<text text-anchor="middle" x="138.5" y="-355.8" font-family="Arial" font-size="14.00" fill="blue">send</text>
|
||||
</g>
|
||||
<!-- guuid=399b5128-0b00-0000-79d1-e3c95d040000 pid=1117 -->
|
||||
<g id="node7" class="node">
|
||||
<title>guuid=399b5128-0b00-0000-79d1-e3c95d040000 pid=1117</title>
|
||||
<path fill="white" stroke="black" d="M322,-297C322,-297 411,-297 411,-297 417,-297 423,-303 423,-309 423,-309 423,-321 423,-321 423,-327 417,-333 411,-333 411,-333 322,-333 322,-333 316,-333 310,-327 310,-321 310,-321 310,-309 310,-309 310,-303 316,-297 322,-297"/>
|
||||
<text text-anchor="middle" x="366.5" y="-311.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=bb4e4328-0b00-0000-79d1-e3c95c040000 pid=1116->guuid=399b5128-0b00-0000-79d1-e3c95d040000 pid=1117 -->
|
||||
<g id="edge7" class="edge">
|
||||
<title>guuid=bb4e4328-0b00-0000-79d1-e3c95c040000 pid=1116->guuid=399b5128-0b00-0000-79d1-e3c95d040000 pid=1117</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M366.5,-413.11C366.5,-394.59 366.5,-365.03 366.5,-343.38"/>
|
||||
<polygon fill="black" stroke="black" points="370,-343.18 366.5,-333.18 363,-343.18 370,-343.18"/>
|
||||
<text text-anchor="middle" x="383" y="-355.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=aeec5228-0b00-0000-79d1-e3c95e040000 pid=1118 -->
|
||||
<g id="node8" class="node">
|
||||
<title>guuid=aeec5228-0b00-0000-79d1-e3c95e040000 pid=1118</title>
|
||||
<path fill="white" stroke="black" d="M419,-241.5C419,-241.5 508,-241.5 508,-241.5 514,-241.5 520,-247.5 520,-253.5 520,-253.5 520,-265.5 520,-265.5 520,-271.5 514,-277.5 508,-277.5 508,-277.5 419,-277.5 419,-277.5 413,-277.5 407,-271.5 407,-265.5 407,-265.5 407,-253.5 407,-253.5 407,-247.5 413,-241.5 419,-241.5"/>
|
||||
<text text-anchor="middle" x="463.5" y="-255.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=bb4e4328-0b00-0000-79d1-e3c95c040000 pid=1116->guuid=aeec5228-0b00-0000-79d1-e3c95e040000 pid=1118 -->
|
||||
<g id="edge8" class="edge">
|
||||
<title>guuid=bb4e4328-0b00-0000-79d1-e3c95c040000 pid=1116->guuid=aeec5228-0b00-0000-79d1-e3c95e040000 pid=1118</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M379.48,-413.32C393.37,-394.48 415.57,-363.04 431.5,-334 439.74,-318.98 447.46,-301.4 453.25,-287.21"/>
|
||||
<polygon fill="black" stroke="black" points="456.64,-288.14 457.1,-277.55 450.14,-285.54 456.64,-288.14"/>
|
||||
<text text-anchor="middle" x="437" y="-355.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=d1b1c2e1-0b00-0000-79d1-e3c961040000 pid=1121 -->
|
||||
<g id="node12" class="node">
|
||||
<title>guuid=d1b1c2e1-0b00-0000-79d1-e3c961040000 pid=1121</title>
|
||||
<path fill="white" stroke="black" d="M306,-186.5C306,-186.5 395,-186.5 395,-186.5 401,-186.5 407,-192.5 407,-198.5 407,-198.5 407,-210.5 407,-210.5 407,-216.5 401,-222.5 395,-222.5 395,-222.5 306,-222.5 306,-222.5 300,-222.5 294,-216.5 294,-210.5 294,-210.5 294,-198.5 294,-198.5 294,-192.5 300,-186.5 306,-186.5"/>
|
||||
<text text-anchor="middle" x="350.5" y="-200.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=399b5128-0b00-0000-79d1-e3c95d040000 pid=1117->guuid=d1b1c2e1-0b00-0000-79d1-e3c961040000 pid=1121 -->
|
||||
<g id="edge12" class="edge">
|
||||
<title>guuid=399b5128-0b00-0000-79d1-e3c95d040000 pid=1117->guuid=d1b1c2e1-0b00-0000-79d1-e3c961040000 pid=1121</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M363.93,-296.57C361.38,-279.3 357.45,-252.62 354.5,-232.59"/>
|
||||
<polygon fill="black" stroke="black" points="357.93,-231.91 353.01,-222.53 351.01,-232.94 357.93,-231.91"/>
|
||||
<text text-anchor="middle" x="378" y="-255.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=3c3fbd28-0b00-0000-79d1-e3c95f040000 pid=1119 -->
|
||||
<g id="node9" class="node">
|
||||
<title>guuid=3c3fbd28-0b00-0000-79d1-e3c95f040000 pid=1119</title>
|
||||
<path fill="#3b5741" stroke="black" d="M395.5,-88.5C395.5,-88.5 545.5,-88.5 545.5,-88.5 551.5,-88.5 557.5,-94.5 557.5,-100.5 557.5,-100.5 557.5,-122.5 557.5,-122.5 557.5,-128.5 551.5,-134.5 545.5,-134.5 545.5,-134.5 395.5,-134.5 395.5,-134.5 389.5,-134.5 383.5,-128.5 383.5,-122.5 383.5,-122.5 383.5,-100.5 383.5,-100.5 383.5,-94.5 389.5,-88.5 395.5,-88.5"/>
|
||||
<text text-anchor="middle" x="440" y="-119.3" font-family="Arial" font-size="14.00" fill="#fff000">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="383.5,-111.5 496.5,-111.5 "/>
|
||||
<text text-anchor="middle" x="440" y="-96.3" font-family="Arial" font-size="14.00" fill="#fff000">net</text>
|
||||
<polyline fill="none" stroke="black" points="496.5,-88.5 496.5,-134.5 "/>
|
||||
<text text-anchor="middle" x="527" y="-107.8" font-family="Arial" font-size="14.00" fill="#fff000">zombie</text>
|
||||
</g>
|
||||
<!-- guuid=aeec5228-0b00-0000-79d1-e3c95e040000 pid=1118->guuid=3c3fbd28-0b00-0000-79d1-e3c95f040000 pid=1119 -->
|
||||
<g id="edge9" class="edge">
|
||||
<title>guuid=aeec5228-0b00-0000-79d1-e3c95e040000 pid=1118->guuid=3c3fbd28-0b00-0000-79d1-e3c95f040000 pid=1119</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M464.32,-241.47C465.45,-217.88 467.51,-174.83 468.94,-144.99"/>
|
||||
<polygon fill="black" stroke="black" points="472.45,-144.81 469.44,-134.65 465.46,-144.48 472.45,-144.81"/>
|
||||
<text text-anchor="middle" x="484" y="-200.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- 85.239.34.203 -->
|
||||
<g id="node10" class="node">
|
||||
<title>85.239.34.203</title>
|
||||
<path fill="grey" stroke="black" d="M270,-0.5C270,-0.5 349,-0.5 349,-0.5 355,-0.5 361,-6.5 361,-12.5 361,-12.5 361,-24.5 361,-24.5 361,-30.5 355,-36.5 349,-36.5 349,-36.5 270,-36.5 270,-36.5 264,-36.5 258,-30.5 258,-24.5 258,-24.5 258,-12.5 258,-12.5 258,-6.5 264,-0.5 270,-0.5"/>
|
||||
<text text-anchor="middle" x="309.5" y="-14.8" font-family="Arial" font-size="14.00" fill="white">85.239.34.203</text>
|
||||
</g>
|
||||
<!-- guuid=3c3fbd28-0b00-0000-79d1-e3c95f040000 pid=1119->85.239.34.203 -->
|
||||
<g id="edge10" class="edge">
|
||||
<title>guuid=3c3fbd28-0b00-0000-79d1-e3c95f040000 pid=1119->85.239.34.203</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M442.16,-88.47C427.5,-77.64 409.05,-64.83 391.5,-55 382.47,-49.95 372.59,-45.11 362.9,-40.74"/>
|
||||
<polygon fill="green" stroke="green" points="364.27,-37.51 353.7,-36.68 361.44,-43.92 364.27,-37.51"/>
|
||||
<text text-anchor="middle" x="425.5" y="-58.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- 255.255.255.255 -->
|
||||
<g id="node11" class="node">
|
||||
<title>255.255.255.255</title>
|
||||
<path fill="grey" stroke="black" d="M405.5,-0.5C405.5,-0.5 499.5,-0.5 499.5,-0.5 505.5,-0.5 511.5,-6.5 511.5,-12.5 511.5,-12.5 511.5,-24.5 511.5,-24.5 511.5,-30.5 505.5,-36.5 499.5,-36.5 499.5,-36.5 405.5,-36.5 405.5,-36.5 399.5,-36.5 393.5,-30.5 393.5,-24.5 393.5,-24.5 393.5,-12.5 393.5,-12.5 393.5,-6.5 399.5,-0.5 405.5,-0.5"/>
|
||||
<text text-anchor="middle" x="452.5" y="-14.8" font-family="Arial" font-size="14.00" fill="white">255.255.255.255</text>
|
||||
</g>
|
||||
<!-- guuid=3c3fbd28-0b00-0000-79d1-e3c95f040000 pid=1119->255.255.255.255 -->
|
||||
<g id="edge11" class="edge">
|
||||
<title>guuid=3c3fbd28-0b00-0000-79d1-e3c95f040000 pid=1119->255.255.255.255</title>
|
||||
<path fill="none" stroke="red" stroke-dasharray="5,2" d="M466.14,-88.47C463.66,-75.94 460.54,-60.13 457.9,-46.81"/>
|
||||
<polygon fill="red" stroke="red" points="461.29,-45.9 455.92,-36.77 454.42,-47.26 461.29,-45.9"/>
|
||||
<text text-anchor="middle" x="473.5" y="-58.8" font-family="Arial" font-size="14.00" fill="red">con</text>
|
||||
</g>
|
||||
<!-- guuid=36d3c4e1-0b00-0000-79d1-e3c962040000 pid=1122 -->
|
||||
<g id="node13" class="node">
|
||||
<title>guuid=36d3c4e1-0b00-0000-79d1-e3c962040000 pid=1122</title>
|
||||
<path fill="#3b5741" stroke="black" d="M203.5,-88.5C203.5,-88.5 353.5,-88.5 353.5,-88.5 359.5,-88.5 365.5,-94.5 365.5,-100.5 365.5,-100.5 365.5,-122.5 365.5,-122.5 365.5,-128.5 359.5,-134.5 353.5,-134.5 353.5,-134.5 203.5,-134.5 203.5,-134.5 197.5,-134.5 191.5,-128.5 191.5,-122.5 191.5,-122.5 191.5,-100.5 191.5,-100.5 191.5,-94.5 197.5,-88.5 203.5,-88.5"/>
|
||||
<text text-anchor="middle" x="248" y="-119.3" font-family="Arial" font-size="14.00" fill="#fff000">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="191.5,-111.5 304.5,-111.5 "/>
|
||||
<text text-anchor="middle" x="248" y="-96.3" font-family="Arial" font-size="14.00" fill="#fff000">net</text>
|
||||
<polyline fill="none" stroke="black" points="304.5,-88.5 304.5,-134.5 "/>
|
||||
<text text-anchor="middle" x="335" y="-107.8" font-family="Arial" font-size="14.00" fill="#fff000">zombie</text>
|
||||
</g>
|
||||
<!-- guuid=d1b1c2e1-0b00-0000-79d1-e3c961040000 pid=1121->guuid=36d3c4e1-0b00-0000-79d1-e3c962040000 pid=1122 -->
|
||||
<g id="edge13" class="edge">
|
||||
<title>guuid=d1b1c2e1-0b00-0000-79d1-e3c961040000 pid=1121->guuid=36d3c4e1-0b00-0000-79d1-e3c962040000 pid=1122</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M336.96,-186.38C327.29,-174.16 314.02,-157.39 302.56,-142.91"/>
|
||||
<polygon fill="black" stroke="black" points="305.02,-140.38 296.07,-134.71 299.53,-144.72 305.02,-140.38"/>
|
||||
<text text-anchor="middle" x="338" y="-156.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=36d3c4e1-0b00-0000-79d1-e3c962040000 pid=1122->85.239.34.203 -->
|
||||
<g id="edge14" class="edge">
|
||||
<title>guuid=36d3c4e1-0b00-0000-79d1-e3c962040000 pid=1122->85.239.34.203</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M286,-88.47C290.32,-75.81 295.77,-59.82 300.33,-46.42"/>
|
||||
<polygon fill="green" stroke="green" points="303.7,-47.37 303.62,-36.77 297.08,-45.11 303.7,-47.37"/>
|
||||
<text text-anchor="middle" x="308.5" y="-58.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- guuid=36d3c4e1-0b00-0000-79d1-e3c962040000 pid=1122->255.255.255.255 -->
|
||||
<g id="edge15" class="edge">
|
||||
<title>guuid=36d3c4e1-0b00-0000-79d1-e3c962040000 pid=1122->255.255.255.255</title>
|
||||
<path fill="none" stroke="red" stroke-dasharray="5,2" d="M310.31,-88.25C326.44,-77.48 346.57,-64.8 365.5,-55 375.37,-49.89 386.15,-44.99 396.66,-40.54"/>
|
||||
<polygon fill="red" stroke="red" points="398.29,-43.65 406.2,-36.59 395.62,-37.18 398.29,-43.65"/>
|
||||
<text text-anchor="middle" x="376.5" y="-58.8" font-family="Arial" font-size="14.00" fill="red">con</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 19 KiB |
Binary file not shown.
|
|
@ -0,0 +1,14 @@
|
|||
analysis:
|
||||
duration_sec: 60
|
||||
timestamp: '2024-06-19T14:31:17.011929+00:00'
|
||||
kunai:
|
||||
args:
|
||||
- --include=all
|
||||
- --send-data-min-len=0
|
||||
version: kunai 0.2.3
|
||||
sample:
|
||||
args: []
|
||||
system:
|
||||
kernel: 5.10.0-30-cloud-amd64
|
||||
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
|
||||
x86_64 GNU/Linux'
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,2 @@
|
|||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
|
|
@ -0,0 +1 @@
|
|||
!!! Must run as non-root.
|
||||
|
|
@ -0,0 +1,3 @@
|
|||
Diagnostic tool for public CVE-2010-3081 exploit -- Ksplice, Inc.
|
||||
(see http://www.ksplice.com/uptrack/cve-2010-3081)
|
||||
|
||||
|
|
@ -0,0 +1,32 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.43.0 (0)
|
||||
-->
|
||||
<!-- Title: %3 Pages: 1 -->
|
||||
<svg width="121pt" height="133pt"
|
||||
viewBox="0.00 0.00 121.00 133.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 129)">
|
||||
<title>%3</title>
|
||||
<polygon fill="white" stroke="transparent" points="-4,4 -4,-129 117,-129 117,4 -4,4"/>
|
||||
<!-- guuid=31486530-0b00-0000-d458-7b1f58040000 pid=1112 -->
|
||||
<g id="node1" class="node">
|
||||
<title>guuid=31486530-0b00-0000-d458-7b1f58040000 pid=1112</title>
|
||||
<path fill="white" stroke="black" d="M21.5,-88.5C21.5,-88.5 91.5,-88.5 91.5,-88.5 97.5,-88.5 103.5,-94.5 103.5,-100.5 103.5,-100.5 103.5,-112.5 103.5,-112.5 103.5,-118.5 97.5,-124.5 91.5,-124.5 91.5,-124.5 21.5,-124.5 21.5,-124.5 15.5,-124.5 9.5,-118.5 9.5,-112.5 9.5,-112.5 9.5,-100.5 9.5,-100.5 9.5,-94.5 15.5,-88.5 21.5,-88.5"/>
|
||||
<text text-anchor="middle" x="56.5" y="-102.8" font-family="Arial" font-size="14.00">/usr/bin/sudo</text>
|
||||
</g>
|
||||
<!-- guuid=41fb7f31-0b00-0000-d458-7b1f59040000 pid=1113 -->
|
||||
<g id="node2" class="node">
|
||||
<title>guuid=41fb7f31-0b00-0000-d458-7b1f59040000 pid=1113</title>
|
||||
<path fill="white" stroke="black" d="M12,-0.5C12,-0.5 101,-0.5 101,-0.5 107,-0.5 113,-6.5 113,-12.5 113,-12.5 113,-24.5 113,-24.5 113,-30.5 107,-36.5 101,-36.5 101,-36.5 12,-36.5 12,-36.5 6,-36.5 0,-30.5 0,-24.5 0,-24.5 0,-12.5 0,-12.5 0,-6.5 6,-0.5 12,-0.5"/>
|
||||
<text text-anchor="middle" x="56.5" y="-14.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=31486530-0b00-0000-d458-7b1f58040000 pid=1112->guuid=41fb7f31-0b00-0000-d458-7b1f59040000 pid=1113 -->
|
||||
<g id="edge1" class="edge">
|
||||
<title>guuid=31486530-0b00-0000-d458-7b1f58040000 pid=1112->guuid=41fb7f31-0b00-0000-d458-7b1f59040000 pid=1113</title>
|
||||
<path fill="none" stroke="black" d="M56.5,-88.1C56.5,-76.25 56.5,-60.32 56.5,-46.79"/>
|
||||
<polygon fill="black" stroke="black" points="60,-46.58 56.5,-36.58 53,-46.58 60,-46.58"/>
|
||||
<text text-anchor="middle" x="78" y="-58.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 2.3 KiB |
Binary file not shown.
|
|
@ -0,0 +1,14 @@
|
|||
analysis:
|
||||
duration_sec: 60
|
||||
timestamp: '2024-06-19T14:28:59.105345+00:00'
|
||||
kunai:
|
||||
args:
|
||||
- --include=all
|
||||
- --send-data-min-len=0
|
||||
version: kunai 0.2.3
|
||||
sample:
|
||||
args: []
|
||||
system:
|
||||
kernel: 5.10.0-30-cloud-amd64
|
||||
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
|
||||
x86_64 GNU/Linux'
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,2 @@
|
|||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
File diff suppressed because it is too large
Load diff
|
After Width: | Height: | Size: 120 KiB |
Binary file not shown.
|
|
@ -0,0 +1,14 @@
|
|||
analysis:
|
||||
duration_sec: 60
|
||||
timestamp: '2024-06-19T14:30:08.021887+00:00'
|
||||
kunai:
|
||||
args:
|
||||
- --include=all
|
||||
- --send-data-min-len=0
|
||||
version: kunai 0.2.3
|
||||
sample:
|
||||
args: []
|
||||
system:
|
||||
kernel: 5.10.0-30-cloud-amd64
|
||||
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
|
||||
x86_64 GNU/Linux'
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,2 @@
|
|||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
|
|
@ -0,0 +1,92 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.43.0 (0)
|
||||
-->
|
||||
<!-- Title: %3 Pages: 1 -->
|
||||
<svg width="234pt" height="440pt"
|
||||
viewBox="0.00 0.00 233.50 440.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 436)">
|
||||
<title>%3</title>
|
||||
<polygon fill="white" stroke="transparent" points="-4,4 -4,-436 229.5,-436 229.5,4 -4,4"/>
|
||||
<!-- guuid=56bd9127-0b00-0000-7c0a-19cb58040000 pid=1112 -->
|
||||
<g id="node1" class="node">
|
||||
<title>guuid=56bd9127-0b00-0000-7c0a-19cb58040000 pid=1112</title>
|
||||
<path fill="white" stroke="black" d="M21.5,-395.5C21.5,-395.5 91.5,-395.5 91.5,-395.5 97.5,-395.5 103.5,-401.5 103.5,-407.5 103.5,-407.5 103.5,-419.5 103.5,-419.5 103.5,-425.5 97.5,-431.5 91.5,-431.5 91.5,-431.5 21.5,-431.5 21.5,-431.5 15.5,-431.5 9.5,-425.5 9.5,-419.5 9.5,-419.5 9.5,-407.5 9.5,-407.5 9.5,-401.5 15.5,-395.5 21.5,-395.5"/>
|
||||
<text text-anchor="middle" x="56.5" y="-409.8" font-family="Arial" font-size="14.00">/usr/bin/sudo</text>
|
||||
</g>
|
||||
<!-- guuid=fed9b428-0b00-0000-7c0a-19cb59040000 pid=1113 -->
|
||||
<g id="node2" class="node">
|
||||
<title>guuid=fed9b428-0b00-0000-7c0a-19cb59040000 pid=1113</title>
|
||||
<path fill="#ffbfbf" stroke="black" d="M12,-297.5C12,-297.5 101,-297.5 101,-297.5 107,-297.5 113,-303.5 113,-309.5 113,-309.5 113,-331.5 113,-331.5 113,-337.5 107,-343.5 101,-343.5 101,-343.5 12,-343.5 12,-343.5 6,-343.5 0,-337.5 0,-331.5 0,-331.5 0,-309.5 0,-309.5 0,-303.5 6,-297.5 12,-297.5"/>
|
||||
<text text-anchor="middle" x="56.5" y="-328.3" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="0,-320.5 113,-320.5 "/>
|
||||
<text text-anchor="middle" x="56.5" y="-305.3" font-family="Arial" font-size="14.00">net</text>
|
||||
</g>
|
||||
<!-- guuid=56bd9127-0b00-0000-7c0a-19cb58040000 pid=1112->guuid=fed9b428-0b00-0000-7c0a-19cb59040000 pid=1113 -->
|
||||
<g id="edge1" class="edge">
|
||||
<title>guuid=56bd9127-0b00-0000-7c0a-19cb58040000 pid=1112->guuid=fed9b428-0b00-0000-7c0a-19cb59040000 pid=1113</title>
|
||||
<path fill="none" stroke="black" d="M56.5,-395.38C56.5,-383.73 56.5,-367.95 56.5,-353.96"/>
|
||||
<polygon fill="black" stroke="black" points="60,-353.71 56.5,-343.71 53,-353.71 60,-353.71"/>
|
||||
<text text-anchor="middle" x="78" y="-365.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- 8.8.8.8 -->
|
||||
<g id="node3" class="node">
|
||||
<title>8.8.8.8</title>
|
||||
<path fill="grey" stroke="black" d="M17.5,-209.5C17.5,-209.5 51.5,-209.5 51.5,-209.5 57.5,-209.5 63.5,-215.5 63.5,-221.5 63.5,-221.5 63.5,-233.5 63.5,-233.5 63.5,-239.5 57.5,-245.5 51.5,-245.5 51.5,-245.5 17.5,-245.5 17.5,-245.5 11.5,-245.5 5.5,-239.5 5.5,-233.5 5.5,-233.5 5.5,-221.5 5.5,-221.5 5.5,-215.5 11.5,-209.5 17.5,-209.5"/>
|
||||
<text text-anchor="middle" x="34.5" y="-223.8" font-family="Arial" font-size="14.00" fill="white">8.8.8.8</text>
|
||||
</g>
|
||||
<!-- guuid=fed9b428-0b00-0000-7c0a-19cb59040000 pid=1113->8.8.8.8 -->
|
||||
<g id="edge2" class="edge">
|
||||
<title>guuid=fed9b428-0b00-0000-7c0a-19cb59040000 pid=1113->8.8.8.8</title>
|
||||
<path fill="none" stroke="green" stroke-dasharray="5,2" d="M51.17,-297.47C48.14,-284.94 44.32,-269.13 41.1,-255.81"/>
|
||||
<polygon fill="green" stroke="green" points="44.43,-254.67 38.68,-245.77 37.62,-256.32 44.43,-254.67"/>
|
||||
<text text-anchor="middle" x="57.5" y="-267.8" font-family="Arial" font-size="14.00" fill="green">con</text>
|
||||
</g>
|
||||
<!-- guuid=7b1ec728-0b00-0000-7c0a-19cb5a040000 pid=1114 -->
|
||||
<g id="node4" class="node">
|
||||
<title>guuid=7b1ec728-0b00-0000-7c0a-19cb5a040000 pid=1114</title>
|
||||
<path fill="white" stroke="black" d="M94,-209.5C94,-209.5 183,-209.5 183,-209.5 189,-209.5 195,-215.5 195,-221.5 195,-221.5 195,-233.5 195,-233.5 195,-239.5 189,-245.5 183,-245.5 183,-245.5 94,-245.5 94,-245.5 88,-245.5 82,-239.5 82,-233.5 82,-233.5 82,-221.5 82,-221.5 82,-215.5 88,-209.5 94,-209.5"/>
|
||||
<text text-anchor="middle" x="138.5" y="-223.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=fed9b428-0b00-0000-7c0a-19cb59040000 pid=1113->guuid=7b1ec728-0b00-0000-7c0a-19cb5a040000 pid=1114 -->
|
||||
<g id="edge3" class="edge">
|
||||
<title>guuid=fed9b428-0b00-0000-7c0a-19cb59040000 pid=1113->guuid=7b1ec728-0b00-0000-7c0a-19cb5a040000 pid=1114</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M76.35,-297.47C88.32,-284.19 103.59,-267.24 116,-253.47"/>
|
||||
<polygon fill="black" stroke="black" points="118.84,-255.55 122.93,-245.77 113.64,-250.86 118.84,-255.55"/>
|
||||
<text text-anchor="middle" x="121" y="-267.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=c24ac928-0b00-0000-7c0a-19cb5b040000 pid=1115 -->
|
||||
<g id="node5" class="node">
|
||||
<title>guuid=c24ac928-0b00-0000-7c0a-19cb5b040000 pid=1115</title>
|
||||
<path fill="#3b5741" stroke="black" d="M63.5,-88.5C63.5,-88.5 213.5,-88.5 213.5,-88.5 219.5,-88.5 225.5,-94.5 225.5,-100.5 225.5,-100.5 225.5,-145.5 225.5,-145.5 225.5,-151.5 219.5,-157.5 213.5,-157.5 213.5,-157.5 63.5,-157.5 63.5,-157.5 57.5,-157.5 51.5,-151.5 51.5,-145.5 51.5,-145.5 51.5,-100.5 51.5,-100.5 51.5,-94.5 57.5,-88.5 63.5,-88.5"/>
|
||||
<text text-anchor="middle" x="108" y="-142.3" font-family="Arial" font-size="14.00" fill="#fff000">/tmp/sample.bin</text>
|
||||
<polyline fill="none" stroke="black" points="51.5,-134.5 164.5,-134.5 "/>
|
||||
<text text-anchor="middle" x="108" y="-119.3" font-family="Arial" font-size="14.00" fill="#fff000">net</text>
|
||||
<polyline fill="none" stroke="black" points="51.5,-111.5 164.5,-111.5 "/>
|
||||
<text text-anchor="middle" x="108" y="-96.3" font-family="Arial" font-size="14.00" fill="#fff000">send-data</text>
|
||||
<polyline fill="none" stroke="black" points="164.5,-88.5 164.5,-157.5 "/>
|
||||
<text text-anchor="middle" x="195" y="-119.3" font-family="Arial" font-size="14.00" fill="#fff000">zombie</text>
|
||||
</g>
|
||||
<!-- guuid=7b1ec728-0b00-0000-7c0a-19cb5a040000 pid=1114->guuid=c24ac928-0b00-0000-7c0a-19cb5b040000 pid=1115 -->
|
||||
<g id="edge4" class="edge">
|
||||
<title>guuid=7b1ec728-0b00-0000-7c0a-19cb5a040000 pid=1114->guuid=c24ac928-0b00-0000-7c0a-19cb5b040000 pid=1115</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M138.5,-209.11C138.5,-197.81 138.5,-182.52 138.5,-168.02"/>
|
||||
<polygon fill="black" stroke="black" points="142,-167.67 138.5,-157.67 135,-167.67 142,-167.67"/>
|
||||
<text text-anchor="middle" x="155" y="-179.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- 45.95.169.138 -->
|
||||
<g id="node6" class="node">
|
||||
<title>45.95.169.138</title>
|
||||
<path fill="grey" stroke="black" d="M99,-0.5C99,-0.5 178,-0.5 178,-0.5 184,-0.5 190,-6.5 190,-12.5 190,-12.5 190,-24.5 190,-24.5 190,-30.5 184,-36.5 178,-36.5 178,-36.5 99,-36.5 99,-36.5 93,-36.5 87,-30.5 87,-24.5 87,-24.5 87,-12.5 87,-12.5 87,-6.5 93,-0.5 99,-0.5"/>
|
||||
<text text-anchor="middle" x="138.5" y="-14.8" font-family="Arial" font-size="14.00" fill="white">45.95.169.138</text>
|
||||
</g>
|
||||
<!-- guuid=c24ac928-0b00-0000-7c0a-19cb5b040000 pid=1115->45.95.169.138 -->
|
||||
<g id="edge5" class="edge">
|
||||
<title>guuid=c24ac928-0b00-0000-7c0a-19cb5b040000 pid=1115->45.95.169.138</title>
|
||||
<path fill="none" stroke="blue" stroke-dasharray="5,2" d="M138.5,-88.44C138.5,-74.94 138.5,-59.57 138.5,-46.77"/>
|
||||
<polygon fill="blue" stroke="blue" points="142,-46.73 138.5,-36.73 135,-46.73 142,-46.73"/>
|
||||
<text text-anchor="middle" x="169" y="-58.8" font-family="Arial" font-size="14.00" fill="blue">send: 96B</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 7.7 KiB |
|
|
@ -0,0 +1,14 @@
|
|||
analysis:
|
||||
duration_sec: 60
|
||||
timestamp: '2024-06-19T14:32:25.847547+00:00'
|
||||
kunai:
|
||||
args:
|
||||
- --include=all
|
||||
- --send-data-min-len=0
|
||||
version: kunai 0.2.3
|
||||
sample:
|
||||
args: []
|
||||
system:
|
||||
kernel: 5.10.0-30-cloud-amd64
|
||||
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
|
||||
x86_64 GNU/Linux'
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,2 @@
|
|||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
attached
|
||||
New password: Password change has been aborted.
|
||||
passwd: Authentication token manipulation error
|
||||
passwd: password unchanged
|
||||
|
|
@ -0,0 +1,77 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.43.0 (0)
|
||||
-->
|
||||
<!-- Title: %3 Pages: 1 -->
|
||||
<svg width="357pt" height="221pt"
|
||||
viewBox="0.00 0.00 356.50 221.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph0" class="graph" transform="scale(1 1) rotate(0) translate(4 217)">
|
||||
<title>%3</title>
|
||||
<polygon fill="white" stroke="transparent" points="-4,4 -4,-217 352.5,-217 352.5,4 -4,4"/>
|
||||
<!-- guuid=b11c622b-0b00-0000-bc0f-2f2859040000 pid=1113 -->
|
||||
<g id="node1" class="node">
|
||||
<title>guuid=b11c622b-0b00-0000-bc0f-2f2859040000 pid=1113</title>
|
||||
<path fill="white" stroke="black" d="M82.5,-176.5C82.5,-176.5 152.5,-176.5 152.5,-176.5 158.5,-176.5 164.5,-182.5 164.5,-188.5 164.5,-188.5 164.5,-200.5 164.5,-200.5 164.5,-206.5 158.5,-212.5 152.5,-212.5 152.5,-212.5 82.5,-212.5 82.5,-212.5 76.5,-212.5 70.5,-206.5 70.5,-200.5 70.5,-200.5 70.5,-188.5 70.5,-188.5 70.5,-182.5 76.5,-176.5 82.5,-176.5"/>
|
||||
<text text-anchor="middle" x="117.5" y="-190.8" font-family="Arial" font-size="14.00">/usr/bin/sudo</text>
|
||||
</g>
|
||||
<!-- guuid=57ed1f2c-0b00-0000-bc0f-2f285a040000 pid=1114 -->
|
||||
<g id="node2" class="node">
|
||||
<title>guuid=57ed1f2c-0b00-0000-bc0f-2f285a040000 pid=1114</title>
|
||||
<path fill="white" stroke="black" d="M75,-88.5C75,-88.5 160,-88.5 160,-88.5 166,-88.5 172,-94.5 172,-100.5 172,-100.5 172,-112.5 172,-112.5 172,-118.5 166,-124.5 160,-124.5 160,-124.5 75,-124.5 75,-124.5 69,-124.5 63,-118.5 63,-112.5 63,-112.5 63,-100.5 63,-100.5 63,-94.5 69,-88.5 75,-88.5"/>
|
||||
<text text-anchor="middle" x="117.5" y="-102.8" font-family="Arial" font-size="14.00">/usr/bin/newgrp</text>
|
||||
</g>
|
||||
<!-- guuid=b11c622b-0b00-0000-bc0f-2f2859040000 pid=1113->guuid=57ed1f2c-0b00-0000-bc0f-2f285a040000 pid=1114 -->
|
||||
<g id="edge1" class="edge">
|
||||
<title>guuid=b11c622b-0b00-0000-bc0f-2f2859040000 pid=1113->guuid=57ed1f2c-0b00-0000-bc0f-2f285a040000 pid=1114</title>
|
||||
<path fill="none" stroke="black" d="M117.5,-176.1C117.5,-164.25 117.5,-148.32 117.5,-134.79"/>
|
||||
<polygon fill="black" stroke="black" points="121,-134.58 117.5,-124.58 114,-134.58 121,-134.58"/>
|
||||
<text text-anchor="middle" x="139" y="-146.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=b8c1c52c-0b00-0000-bc0f-2f285c040000 pid=1116 -->
|
||||
<g id="node5" class="node">
|
||||
<title>guuid=b8c1c52c-0b00-0000-bc0f-2f285c040000 pid=1116</title>
|
||||
<path fill="white" stroke="black" d="M12,-0.5C12,-0.5 101,-0.5 101,-0.5 107,-0.5 113,-6.5 113,-12.5 113,-12.5 113,-24.5 113,-24.5 113,-30.5 107,-36.5 101,-36.5 101,-36.5 12,-36.5 12,-36.5 6,-36.5 0,-30.5 0,-24.5 0,-24.5 0,-12.5 0,-12.5 0,-6.5 6,-0.5 12,-0.5"/>
|
||||
<text text-anchor="middle" x="56.5" y="-14.8" font-family="Arial" font-size="14.00">/tmp/sample.bin</text>
|
||||
</g>
|
||||
<!-- guuid=57ed1f2c-0b00-0000-bc0f-2f285a040000 pid=1114->guuid=b8c1c52c-0b00-0000-bc0f-2f285c040000 pid=1116 -->
|
||||
<g id="edge3" class="edge">
|
||||
<title>guuid=57ed1f2c-0b00-0000-bc0f-2f285a040000 pid=1114->guuid=b8c1c52c-0b00-0000-bc0f-2f285c040000 pid=1116</title>
|
||||
<path fill="none" stroke="black" stroke-dasharray="1,5" d="M105.16,-88.1C96.33,-75.66 84.33,-58.73 74.45,-44.8"/>
|
||||
<polygon fill="black" stroke="black" points="77.26,-42.72 68.62,-36.58 71.55,-46.77 77.26,-42.72"/>
|
||||
<text text-anchor="middle" x="108" y="-58.8" font-family="Arial" font-size="14.00">clone</text>
|
||||
</g>
|
||||
<!-- guuid=cae6f62e-0b00-0000-bc0f-2f285d040000 pid=1117 -->
|
||||
<g id="node6" class="node">
|
||||
<title>guuid=cae6f62e-0b00-0000-bc0f-2f285d040000 pid=1117</title>
|
||||
<path fill="white" stroke="black" d="M143.5,-0.5C143.5,-0.5 213.5,-0.5 213.5,-0.5 219.5,-0.5 225.5,-6.5 225.5,-12.5 225.5,-12.5 225.5,-24.5 225.5,-24.5 225.5,-30.5 219.5,-36.5 213.5,-36.5 213.5,-36.5 143.5,-36.5 143.5,-36.5 137.5,-36.5 131.5,-30.5 131.5,-24.5 131.5,-24.5 131.5,-12.5 131.5,-12.5 131.5,-6.5 137.5,-0.5 143.5,-0.5"/>
|
||||
<text text-anchor="middle" x="178.5" y="-14.8" font-family="Arial" font-size="14.00">/usr/bin/bash</text>
|
||||
</g>
|
||||
<!-- guuid=57ed1f2c-0b00-0000-bc0f-2f285a040000 pid=1114->guuid=cae6f62e-0b00-0000-bc0f-2f285d040000 pid=1117 -->
|
||||
<g id="edge4" class="edge">
|
||||
<title>guuid=57ed1f2c-0b00-0000-bc0f-2f285a040000 pid=1114->guuid=cae6f62e-0b00-0000-bc0f-2f285d040000 pid=1117</title>
|
||||
<path fill="none" stroke="black" d="M129.84,-88.1C138.67,-75.66 150.67,-58.73 160.55,-44.8"/>
|
||||
<polygon fill="black" stroke="black" points="163.45,-46.77 166.38,-36.58 157.74,-42.72 163.45,-46.77"/>
|
||||
<text text-anchor="middle" x="174" y="-58.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
<!-- guuid=a493e31f-0000-0000-bc0f-2f2801000000 pid=1 -->
|
||||
<g id="node3" class="node">
|
||||
<title>guuid=a493e31f-0000-0000-bc0f-2f2801000000 pid=1</title>
|
||||
<path fill="white" stroke="black" d="M194.5,-176.5C194.5,-176.5 336.5,-176.5 336.5,-176.5 342.5,-176.5 348.5,-182.5 348.5,-188.5 348.5,-188.5 348.5,-200.5 348.5,-200.5 348.5,-206.5 342.5,-212.5 336.5,-212.5 336.5,-212.5 194.5,-212.5 194.5,-212.5 188.5,-212.5 182.5,-206.5 182.5,-200.5 182.5,-200.5 182.5,-188.5 182.5,-188.5 182.5,-182.5 188.5,-176.5 194.5,-176.5"/>
|
||||
<text text-anchor="middle" x="265.5" y="-190.8" font-family="Arial" font-size="14.00">/usr/lib/systemd/systemd</text>
|
||||
</g>
|
||||
<!-- guuid=2f5bc22c-0b00-0000-bc0f-2f285b040000 pid=1115 -->
|
||||
<g id="node4" class="node">
|
||||
<title>guuid=2f5bc22c-0b00-0000-bc0f-2f285b040000 pid=1115</title>
|
||||
<path fill="white" stroke="black" d="M222.5,-88.5C222.5,-88.5 308.5,-88.5 308.5,-88.5 314.5,-88.5 320.5,-94.5 320.5,-100.5 320.5,-100.5 320.5,-112.5 320.5,-112.5 320.5,-118.5 314.5,-124.5 308.5,-124.5 308.5,-124.5 222.5,-124.5 222.5,-124.5 216.5,-124.5 210.5,-118.5 210.5,-112.5 210.5,-112.5 210.5,-100.5 210.5,-100.5 210.5,-94.5 216.5,-88.5 222.5,-88.5"/>
|
||||
<text text-anchor="middle" x="265.5" y="-102.8" font-family="Arial" font-size="14.00">/usr/bin/passwd</text>
|
||||
</g>
|
||||
<!-- guuid=a493e31f-0000-0000-bc0f-2f2801000000 pid=1->guuid=2f5bc22c-0b00-0000-bc0f-2f285b040000 pid=1115 -->
|
||||
<g id="edge2" class="edge">
|
||||
<title>guuid=a493e31f-0000-0000-bc0f-2f2801000000 pid=1->guuid=2f5bc22c-0b00-0000-bc0f-2f285b040000 pid=1115</title>
|
||||
<path fill="none" stroke="black" d="M265.5,-176.1C265.5,-164.25 265.5,-148.32 265.5,-134.79"/>
|
||||
<polygon fill="black" stroke="black" points="269,-134.58 265.5,-124.58 262,-134.58 269,-134.58"/>
|
||||
<text text-anchor="middle" x="287" y="-146.8" font-family="Arial" font-size="14.00">execve</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
||||
|
After Width: | Height: | Size: 6.8 KiB |
Binary file not shown.
|
|
@ -0,0 +1,14 @@
|
|||
analysis:
|
||||
duration_sec: 60
|
||||
timestamp: '2024-06-19T14:33:34.822490+00:00'
|
||||
kunai:
|
||||
args:
|
||||
- --include=all
|
||||
- --send-data-min-len=0
|
||||
version: kunai 0.2.3
|
||||
sample:
|
||||
args: []
|
||||
system:
|
||||
kernel: 5.10.0-30-cloud-amd64
|
||||
uname: 'Linux kunai-sandbox 5.10.0-30-cloud-amd64 #1 SMP Debian 5.10.218-1 (2024-06-01)
|
||||
x86_64 GNU/Linux'
|
||||
Binary file not shown.
Binary file not shown.
|
|
@ -0,0 +1,2 @@
|
|||
[2024-06-17T10:05:51Z WARN kunai] syscalls_sys_exit_execve probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
[2024-06-17T10:05:52Z WARN kunai] syscalls_sys_exit_execveat probe is not compatible with current kernel: min=KernelVersion::MIN max=5.9.0 current=5.10.0
|
||||
File diff suppressed because it is too large
Load diff
|
After Width: | Height: | Size: 122 KiB |
Binary file not shown.
Loading…
Reference in a new issue