Technical Information
Malicious functions:
Launches processes:
- chmod 700 /tmp/apt-key-gpghome.kLtjwXGvBx
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
- gpgv --homedir /tmp/apt-key-gpghome.kLtjwXGvBx --keyring /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.wzyBi2 /tmp/apt.data.02kNn1
- apt-config shell REMOVED_KEYS APT::Key::RemovedKeys
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
- mktemp --directory --tmpdir apt-key-gpghome.XXXXXXXXXX
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
- /usr/lib/apt/methods/store
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-automatic.gpg
- apt-config shell ARCHIVE_KEYRING_URI APT::Key::ArchiveKeyringURI
- gpg-connect-agent --no-autostart --dirmngr KILLDIRMNGR
- chmod 700 /tmp/apt-key-gpghome.NmiTFuZjr8
- readlink -f /etc/apt/trusted.gpg.d/
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-security-automatic.gpg
- readlink -f /tmp/apt-key-gpghome.NmiTFuZjr8
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
- cp -a /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.gpg /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.orig.gpg
- rm -rf /tmp/apt-key-gpghome.kLtjwXGvBx
- apt-config shell MASTER_KEYRING APT::Key::MasterKeyring
- chmod 700 /tmp/apt-key-gpghome.49x5CB1Z6E
- /usr/lib/apt/methods/https
- apt-config shell GPGV Apt::Key::gpgvcommand
- /usr/bin/mawk awk /^-----BEGIN/{ x = 1; }\x0a/^$/{ if (x == 1) { x = 2; }; }\x0a/^[^=-]/{ if (x == 2) { print $0; }; }\x0a/^-----END/{ x = 0; }
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-automatic.gpg
- /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.wzyBi2 /tmp/apt.data.02kNn1
- /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.TkuGFS /tmp/apt.data.3esXOV
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
- gpg-connect-agent -s --no-autostart GETINFO scd_running /if ${! $?} scd killscd /end
- apt-get update
- apt-config shell ARCHIVE_KEYRING APT::Key::ArchiveKeyring
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-bullseye-security-automatic.gpg
- /bin/sh /usr/bin/apt-key --quiet --readonly verify --status-fd 3 /tmp/apt.sig.bewQN0 /tmp/apt.data.0x0JR1
- apt-get --fix-broken install
- sudo apt-get --fix-broken install
- cat /etc/apt/trusted.gpg.d/debian-archive-bullseye-stable.gpg
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
- gpgv --homedir /tmp/apt-key-gpghome.NmiTFuZjr8 --keyring /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.TkuGFS /tmp/apt.data.3esXOV
- find /etc/apt/trusted.gpg.d -mindepth 1 -maxdepth 1 ( -name *.gpg -o -name *.asc )
- /usr/bin/dpkg --print-foreign-architectures
- gpgv --homedir /tmp/apt-key-gpghome.49x5CB1Z6E --keyring /tmp/apt-key-gpghome.49x5CB1Z6E/docker.asc.gpg --ignore-time-conflict --status-fd 3 /tmp/apt.sig.G2Rfvi /tmp/apt.data.RnYEej
- rm -f /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.gpg
- sort
- cmp --silent --bytes=1 - /etc/apt/trusted.gpg.d/debian-archive-stretch-automatic.gpg
- apt-config shell TRUSTEDPARTS Dir::Etc::TrustedParts/d
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-stable.gpg
- touch /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.gpg
- touch /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.gpg
- rm -f /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.gpg
- cp -a /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.gpg /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.orig.gpg
- apt-config shell TRUSTEDFILE Apt::GPGV::TrustedKeyring
- cat /etc/apt/trusted.gpg.d/debian-archive-buster-stable.gpg
- rm -rf /tmp/apt-key-gpghome.NmiTFuZjr8
- readlink -f /tmp/apt-key-gpghome.kLtjwXGvBx
- cat /etc/apt/trusted.gpg.d/debian-archive-stretch-security-automatic.gpg
- sed -e s#\x27#\x27\x22\x27\x22\x27#g
- rm -rf /tmp/apt-key-gpghome.49x5CB1Z6E
- apt-config shell TRUSTEDFILE Dir::Etc::Trusted/f
- gpgconf --kill all
- /bin/sh /usr/bin/apt-key --quiet --readonly --keyring /etc/apt/keyrings/docker.asc verify --status-fd 3 /tmp/apt.sig.G2Rfvi /tmp/apt.data.RnYEej
- base64 -d
- gpg-connect-agent --no-autostart KILLAGENT
- /usr/lib/apt/methods/http
- /usr/lib/apt/methods/gpgv
- sudo apt-get update
Kills the following processes:
- http
- gpgv
- store
Performs operations with the file system:
Modifies file access rights:
- /var/cache/apt/archives/partial
- /var/lib/apt/lists/auxfiles
- /var/lib/apt/lists/partial
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /tmp/apt-key-gpghome.49x5CB1Z6E
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_stable_binary-amd64_Packages.bz2
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_stable_binary-amd64_Packages.bC8Mfo
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_stable_binary-amd64_Packages
- /tmp/apt-key-gpghome.NmiTFuZjr8
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.QdBq4p
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.0VGL3r
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.shKBiq
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
- /tmp/apt-key-gpghome.kLtjwXGvBx
Modifies file owner:
- /var/cache/apt/archives/partial
- /var/lib/apt/lists/auxfiles
- /var/lib/apt/lists/partial
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_stable_binary-amd64_Packages.bz2
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_stable_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
Creates folders:
- /tmp/apt-key-gpghome.49x5CB1Z6E
- /tmp/apt-key-gpghome.NmiTFuZjr8
- /tmp/apt-key-gpghome.kLtjwXGvBx
Deletes folders:
- /tmp/apt-key-gpghome.49x5CB1Z6E
- /tmp/apt-key-gpghome.NmiTFuZjr8
- /tmp/apt-key-gpghome.kLtjwXGvBx
Creates or modifies files:
- /tmp/#130834 (deleted)
- /var/lib/dpkg/lock-frontend
- /var/lib/dpkg/lock
- /var/cache/apt/archives/lock
- /tmp/#130829 (deleted)
- /var/lib/apt/lists/lock
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.LJNUSB
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.HTZcLD
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.AUuY8C
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.hKdRDC
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /tmp/apt.conf.UbLwWi
- /tmp/apt.sig.G2Rfvi
- /tmp/apt.data.RnYEej
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /tmp/apt-key-gpghome.49x5CB1Z6E/docker.asc.gpg
- /tmp/apt-key-gpghome.49x5CB1Z6E/gpg.1.sh
- /tmp/apt.conf.mvfbxR
- /tmp/apt.sig.TkuGFS
- /tmp/apt.data.3esXOV
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_stable_binary-amd64_Packages.bz2
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_stable_binary-amd64_Packages.bC8Mfo
- /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.gpg
- /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.orig.gpg
- /tmp/apt-key-gpghome.NmiTFuZjr8/gpg.1.sh
- /tmp/apt.conf.wO9Jx3
- /tmp/apt.sig.wzyBi2
- /tmp/apt.data.02kNn1
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.QdBq4p
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.0VGL3r
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.shKBiq
- /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.gpg
- /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.orig.gpg
- /tmp/apt-key-gpghome.kLtjwXGvBx/gpg.1.sh
- /tmp/apt.conf.dlard0
- /tmp/apt.sig.bewQN0
- /tmp/apt.data.0x0JR1
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_main_source_Sources.xz
Deletes files:
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.LJNUSB
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.HTZcLD
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.AUuY8C
- /var/lib/apt/lists/partial/.apt-acquire-privs-test.hKdRDC
- /tmp/apt-key-gpghome.49x5CB1Z6E/docker.asc.gpg
- /tmp/apt-key-gpghome.49x5CB1Z6E/gpg.1.sh
- /tmp/apt.conf.UbLwWi
- /tmp/apt.sig.G2Rfvi
- /tmp/apt.data.RnYEej
- /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.orig.gpg
- /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.gpg
- /tmp/apt-key-gpghome.NmiTFuZjr8/gpg.1.sh
- /tmp/apt.conf.mvfbxR
- /tmp/apt.sig.TkuGFS
- /tmp/apt.data.3esXOV
- /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.orig.gpg
- /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.gpg
- /tmp/apt-key-gpghome.kLtjwXGvBx/gpg.1.sh
- /tmp/apt.conf.wO9Jx3
- /tmp/apt.sig.wzyBi2
- /tmp/apt.data.02kNn1
Changes time of creation/access/modification of files:
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye_InRelease
- /var/lib/apt/lists/partial/deb.debian.org_debian_dists_bullseye-updates_InRelease
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_stable_binary-amd64_Packages.bz2
- /var/lib/apt/lists/partial/download.docker.com_linux_debian_dists_bullseye_stable_binary-amd64_Packages
- /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.gpg
- /tmp/apt-key-gpghome.NmiTFuZjr8/pubring.orig.gpg
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_source_Sources
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_binary-amd64_Packages
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en.xz
- /var/lib/apt/lists/partial/security.debian.org_debian-security_dists_bullseye-security_main_i18n_Translation-en
- /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.gpg
- /tmp/apt-key-gpghome.kLtjwXGvBx/pubring.orig.gpg
Network activity:
Awaits incoming connections on ports:
- 127.0.0.1:9999
Establishes connection:
- 45.##.28.202:5111
- 8.#.8.8:53
- 14#.##.118.132:80
- [2#####e42:8d::644]:80
- 13.##.121.35:443
- (e##val)
- 13.##.121.78:443
- 13.##.121.29:443
- 13.##.121.111:443
- [2##########36e:1800:3:db06:4200:93a1]:443
- [2##########240:3400:3:db06:4200:93a1]:443
- [2##########36e:6000:3:db06:4200:93a1]:443
- [2##########36e:f400:3:db06:4200:93a1]:443
- [2##########240:2a00:3:db06:4200:93a1]:443
- [2##########240:f600:3:db06:4200:93a1]:443
- [2##########36e:1200:3:db06:4200:93a1]:443
- [2##########36e:5e00:3:db06:4200:93a1]:443
DNS ASK:
- _h####.##cp.download.docker.com
- _h###.###p.security.debian.org
- _h###.##cp.deb.debian.org
- de####.#ap.fastlydns.net
- do####ad.docker.com
Sends data to the following servers:
- 14#.##.118.132:80
- 13.##.121.35:443
Receives data from the following servers:
- 14#.##.118.132:80
- 13.##.121.35:443
