Automated Malware Analysis Report for Sqlninja 0

Total Page:16

File Type:pdf, Size:1020Kb

Automated Malware Analysis Report for Sqlninja 0 ID: 130390 Sample Name: sqlninja_0.2.6- r1-1raring0_all.deb Cookbook: defaultlinuxfilecookbook.jbs Time: 20:49:43 Date: 09/05/2019 Version: 26.0.0 Aquamarine Table of Contents Table of Contents 2 Analysis Report sqlninja_0.2.6-r1-1raring0_all.deb 4 Overview 4 General Information 4 Detection 4 Classification 4 Mitre Att&ck Matrix 5 Signature Overview 5 AV Detection: 6 Networking: 6 System Summary: 6 Persistence and Installation Behavior: 6 Malware Analysis System Evasion: 6 Runtime Messages 6 Behavior Graph 6 Yara Overview 7 Initial Sample 7 PCAP (Network Traffic) 7 Dropped Files 7 Joe Sandbox View / Context 7 IPs 7 Domains 8 ASN 8 JA3 Fingerprints 8 Dropped Files 8 Antivirus and Machine Learning Detection 8 Initial Sample 8 Dropped Files 8 Domains 9 URLs 9 Screenshots 9 Thumbnails 9 Startup 9 Created / dropped Files 10 Domains and IPs 12 Contacted Domains 12 Contacted IPs 12 Public 12 Static File Info 12 General 12 Network Behavior 13 Network Port Distribution 13 TCP Packets 13 UDP Packets 13 DNS Queries 13 DNS Answers 13 HTTPS Packets 13 System Behavior 14 Analysis Process: gnome-software PID: 20951 Parent PID: 20139 14 General 14 File Activities 14 File Deleted 14 File Read 14 File Written 14 Directory Enumerated 14 Directory Created 14 Owner / Group Modified 14 Permission Modified 14 Analysis Process: gnome-software PID: 20974 Parent PID: 20951 14 General 14 Copyright Joe Security LLC 2019 Page 2 of 19 File Activities 15 Directory Enumerated 15 Analysis Process: dbus-launch PID: 20974 Parent PID: 20951 15 General 15 File Activities 15 File Read 15 Analysis Process: gnome-software PID: 21043 Parent PID: 20951 15 General 15 File Activities 15 Directory Enumerated 15 Analysis Process: dpkg-deb PID: 21043 Parent PID: 20951 15 General 15 File Activities 15 File Read 15 Directory Created 15 Directory Deleted 16 Analysis Process: dpkg-deb PID: 21044 Parent PID: 21043 16 General 16 File Activities 16 File Read 16 Analysis Process: dpkg-deb PID: 21045 Parent PID: 21043 16 General 16 File Activities 16 File Read 16 Analysis Process: dpkg-deb PID: 21046 Parent PID: 21043 16 General 16 Analysis Process: tar PID: 21046 Parent PID: 21043 16 General 16 File Activities 17 File Read 17 File Written 17 Directory Created 17 Owner / Group Modified 17 Permission Modified 17 Analysis Process: dpkg-deb PID: 21048 Parent PID: 21043 17 General 17 Analysis Process: rm PID: 21048 Parent PID: 21043 17 General 17 File Activities 17 File Deleted 17 File Read 17 Directory Enumerated 17 Analysis Process: gnome-software PID: 21116 Parent PID: 20951 17 General 17 File Activities 17 Directory Enumerated 18 Analysis Process: dpkg PID: 21116 Parent PID: 20951 18 General 18 File Activities 18 File Read 18 Directory Enumerated 18 Analysis Process: gnome-software PID: 21117 Parent PID: 20951 18 General 18 File Activities 18 Directory Enumerated 18 Analysis Process: dpkg PID: 21117 Parent PID: 20951 18 General 18 File Activities 18 File Read 18 Directory Enumerated 18 Analysis Process: systemd PID: 21014 Parent PID: 1 18 General 19 Analysis Process: fwupd PID: 21014 Parent PID: 1 19 General 19 File Activities 19 File Deleted 19 File Read 19 File Written 19 Directory Enumerated 19 Directory Created 19 Owner / Group Modified 19 Copyright Joe Security LLC 2019 Page 3 of 19 Analysis Report sqlninja_0.2.6-r1-1raring0_all.deb Create Interactive Tour Overview General Information Joe Sandbox Version: 26.0.0 Aquamarine Analysis ID: 130390 Start date: 09.05.2019 Start time: 20:49:43 Joe Sandbox Product: CloudBasic Overall analysis duration: 0h 6m 36s Hypervisor based Inspection enabled: false Report type: light Sample file name: sqlninja_0.2.6-r1-1raring0_all.deb Cookbook file name: defaultlinuxfilecookbook.jbs Analysis system description: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171) Detection: MAL Classification: mal48.linDEB@0/7@4/0 Detection Strategy Score Range Reporting Whitelisted Detection Threshold 48 0 - 100 false Classification Copyright Joe Security LLC 2019 Page 4 of 19 Ransomware Miner Spreading mmaallliiiccciiioouusss malicious Evader Phishing sssuusssppiiiccciiioouusss suspicious cccllleeaann clean Exploiter Banker Spyware Trojan / Bot Adware Mitre Att&ck Matrix Privilege Defense Credential Lateral Command and Initial Access Execution Persistence Escalation Evasion Access Discovery Movement Collection Exfiltration Control Valid Accounts Windows Hidden Files Port Monitors Hidden Files Credential Security Application Data from Local Data Standard Remote and and Dumping Software Deployment System Encrypted 1 Cryptographic Management Directories 1 Directories 1 Discovery 1 Software Protocol 1 Replication Service Port Monitors Accessibility File Deletion 1 Network Application Remote Data from Exfiltration Over Standard Non- Through Execution Features Sniffing Window Services Removable Other Network Application Removable Discovery Media Medium Layer Media Protocol 2 Drive-by Windows Accessibility Path Rootkit Input Query Registry Windows Data from Automated Standard Compromise Management Features Interception Capture Remote Network Shared Exfiltration Application Instrumentation Management Drive Layer Protocol 2 Signature Overview Copyright Joe Security LLC 2019 Page 5 of 19 • AV Detection • Networking • System Summary • Persistence and Installation Behavior • Malware Analysis System Evasion Click to jump to signature section AV Detection: Multi AV Scanner detection for submitted file Networking: Connects to IPs without corresponding DNS lookups Performs DNS lookups Uses HTTPS System Summary: Classification label Persistence and Installation Behavior: Creates hidden files and/or directories Executes the "rm" command used to delete files or directories Sample tries to set the executable flag Samples exit code indicates no error despite standard error output Malware Analysis System Evasion: Uses the "uname" system call to query kernel version information (possible evasion) Runtime Messages Command: xdg-open "/tmp/sqlninja_0.2.6-r1-1raring0_all.deb" Exit Code: 0 Exit Code Info: Killed: False Standard Output: Standard Error: (gnome-software:20951): GsPlugin-WARNING **: could not lookup cached macaroon: Error calling StartServiceByName for org.freedesktop.secrets: Timeout was reached (gnome-software:20951): IBUS-WARNING **: The owner of /home/user/.config/ibus/bus is not root! Behavior Graph Copyright Joe Security LLC 2019 Page 6 of 19 Hide Legend Behavior Graph Legend: ID: 130390 Process Sample: sqlninja_0.2.6-r1-1raring0_all.deb Startdate: 09/05/2019 Signature Architecture: LINUX Created File Score: 48 DNS/IP Info Is Dropped reviews.ubuntu.com 91.189.92.41, 443, 58830 Number of created Files 91.189.94.244, 443, 47334, 47336 unknown Is malicious United Kingdom unknown United Kingdom Internet started started Multi AV Scanner detection for submitted file systemd gnome-software fwupd started started started started gnome-software gnome-software gnome-software gnome-software dpkg-deb dbus-launch dpkg dpkg started started started started dpkg-deb dpkg-deb dpkg-deb dpkg-deb tar rm Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Joe Sandbox View / Context IPs Match Associated Sample Name / URL SHA 256 Detection Link Context 91.189.92.41 173.208.186.54/g.txt Get hash malicious Browse zmcat.txt Get hash malicious Browse f4cdc407 Get hash malicious Browse a.sh Get hash malicious Browse 4Zcb1GzjZE Get hash malicious Browse Copyright Joe Security LLC 2019 Page 7 of 19 Match Associated Sample Name / URL SHA 256 Detection Link Context KzFtsE2yzc.bin Get hash malicious Browse hostmu Get hash malicious Browse FqpYARHxM1 Get hash malicious Browse Domains No context ASN Match Associated Sample Name / URL SHA 256 Detection Link Context unknown request.doc Get hash malicious Browse 192.168.0.44 FERK444259.doc Get hash malicious Browse 192.168.0.44 b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7 Get hash malicious Browse 192.168.0.40 f3cd4e5bb150a4.js Setup.exe Get hash malicious Browse 192.168.0.40 base64.pdf Get hash malicious Browse 192.168.0.40 file.pdf Get hash malicious Browse 192.168.0.40 Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40 request_08.30.doc Get hash malicious Browse 192.168.0.44 P_2038402.xlsx Get hash malicious Browse 192.168.0.44 48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22 seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40 Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40 QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40 pptxb.pdf Get hash malicious Browse 192.168.0.40 unknown request.doc Get hash malicious Browse 192.168.0.44 FERK444259.doc Get hash malicious Browse 192.168.0.44 b392e93a5753601db564e6f2dc6a945aac3861bc31e2c1e5e7 Get hash malicious Browse 192.168.0.40 f3cd4e5bb150a4.js Setup.exe Get hash malicious Browse 192.168.0.40 base64.pdf Get hash malicious Browse 192.168.0.40 file.pdf Get hash malicious Browse 192.168.0.40 Spread sheet 2.pdf Get hash malicious Browse 192.168.0.40 request_08.30.doc Get hash malicious Browse 192.168.0.44 P_2038402.xlsx Get hash malicious Browse 192.168.0.44 48b1cf747a678641566cd1778777ca72.apk Get hash malicious Browse 192.168.0.22 seu nome na lista de favorecidos.exe Get hash malicious Browse 192.168.0.40 Adm_Boleto.via2.com Get hash malicious Browse 192.168.0.40 QuitacaoVotorantim345309.exe Get hash malicious Browse 192.168.0.40 pptxb.pdf Get hash malicious Browse 192.168.0.40 JA3 Fingerprints
Recommended publications
  • Referência Debian I
    Referência Debian i Referência Debian Osamu Aoki Referência Debian ii Copyright © 2013-2021 Osamu Aoki Esta Referência Debian (versão 2.85) (2021-09-17 09:11:56 UTC) pretende fornecer uma visão geral do sistema Debian como um guia do utilizador pós-instalação. Cobre muitos aspetos da administração do sistema através de exemplos shell-command para não programadores. Referência Debian iii COLLABORATORS TITLE : Referência Debian ACTION NAME DATE SIGNATURE WRITTEN BY Osamu Aoki 17 de setembro de 2021 REVISION HISTORY NUMBER DATE DESCRIPTION NAME Referência Debian iv Conteúdo 1 Manuais de GNU/Linux 1 1.1 Básico da consola ................................................... 1 1.1.1 A linha de comandos da shell ........................................ 1 1.1.2 The shell prompt under GUI ......................................... 2 1.1.3 A conta root .................................................. 2 1.1.4 A linha de comandos shell do root ...................................... 3 1.1.5 GUI de ferramentas de administração do sistema .............................. 3 1.1.6 Consolas virtuais ............................................... 3 1.1.7 Como abandonar a linha de comandos .................................... 3 1.1.8 Como desligar o sistema ........................................... 4 1.1.9 Recuperar uma consola sã .......................................... 4 1.1.10 Sugestões de pacotes adicionais para o novato ................................ 4 1.1.11 Uma conta de utilizador extra ........................................ 5 1.1.12 Configuração
    [Show full text]
  • Opensuse Leap 15.3 Start-Up Start-Up Opensuse Leap 15.3
    openSUSE Leap 15.3 Start-Up Start-Up openSUSE Leap 15.3 Publication Date: June 22, 2021 SUSE LLC 1800 South Novell Place Provo, UT 84606 USA https://documentation.suse.com Copyright © 2006– 2021 SUSE LLC and contributors. All rights reserved. Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or (at your option) version 1.3; with the Invariant Section being this copyright notice and license. A copy of the license version 1.2 is included in the section entitled “GNU Free Documentation License”. For SUSE trademarks, see https://www.suse.com/company/legal/ . All other third-party trademarks are the property of their respective owners. Trademark symbols (®, ™ etc.) denote trademarks of SUSE and its aliates. Asterisks (*) denote third-party trademarks. All information found in this book has been compiled with utmost attention to detail. However, this does not guarantee complete accuracy. Neither SUSE LLC, its aliates, the authors nor the translators shall be held liable for possible errors or the consequences thereof. Contents About this guide xi 1 Available documentation xi 2 Improving the documentation xii 3 Documentation conventions xiii 4 Source code xiv 5 Acknowledgments xiv I INSTALLATION 1 1 Installation Quick Start 2 1.1 Welcome to openSUSE Leap 2 Minimum system requirements 2 • Installing openSUSE Leap 2 2 Boot parameters 17 2.1 Using the default boot parameters 17 2.2 PC (AMD64/Intel 64/Arm AArch64) 17 The boot screen on machines equipped with traditional
    [Show full text]
  • Red Hat Enterprise Linux 7 7.8 Release Notes
    Red Hat Enterprise Linux 7 7.8 Release Notes Release Notes for Red Hat Enterprise Linux 7.8 Last Updated: 2021-03-02 Red Hat Enterprise Linux 7 7.8 Release Notes Release Notes for Red Hat Enterprise Linux 7.8 Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Red Hat Enterprise Linux 7 7.9 Release Notes
    Red Hat Enterprise Linux 7 7.9 Release Notes Release Notes for Red Hat Enterprise Linux 7.9 Last Updated: 2021-08-17 Red Hat Enterprise Linux 7 7.9 Release Notes Release Notes for Red Hat Enterprise Linux 7.9 Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Gnome-Software and Fwupd Security, Bug Fix, and Enhancement Update
    [RHSA-2020:4436-01] Low: gnome-software and fwupd security, bug fix, and enhancement update http://www.securityhome.eu/mailings/mailing.php?mid=17860 [RHSA-2020:4436-01] Low: gnome-software and fwupd secur... Article URL www.securityhome.eu/mailings/mailing.php?mid=17860 Author SecurityHome.eu Published: 04 November 2020 ===================================================================== Red Hat Security Advisory Synopsis: Low: gnome-software and fwupd security, bug fix, and enhancement update Advisory ID: RHSA-2020:4436-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2020:4436 Issue date: 2020-11-03 CVE Names: CVE-2020-10759 ===================================================================== 1. Summary: An update for appstream-data, fwupd, gnome-software, and libxmlb is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The gnome-software packages contain an application that makes it easy to add, remove, and update software in the GNOME desktop. The appstream-data package provides the distribution specific AppStream metadata required for the GNOME and KDE software centers. Page 1/4 [RHSA-2020:4436-01] Low: gnome-software and fwupd security, bug fix, and enhancement update http://www.securityhome.eu/mailings/mailing.php?mid=17860 The fwupd packages provide a service that allows session software to update device firmware.
    [Show full text]
  • Hello Everyone. I Introduce You Voyager GE 19.04 That Continues the Adventure with the Desktop Gnome Shell Version 3.32 by Introducing New Features
    Hello everyone. I introduce you Voyager GE 19.04 that continues the adventure with the desktop Gnome Shell version 3.32 by introducing new features. With the promise finally realized to have a light Gnome system, fast, fluid and powerful. This version is based on the Linux 5.0 kernel and distribution Ubuntu Disco Dingo . 19.04 is an intermediate version upgrade nine months preparing the future version 20.04 LTS - Long-term Support - 5 years that happens every two years, when Voyager will be available in 2 versions, GNOME Shell and Xfce. Also you can choose according to your wishes and capacity machines. The general idea of Voyager is to introduce in Gnome Gnome Shell preinstalled extensions and scripts grouped in a box that optimize the system with a choice of necessary software. A video presentation and pictures are available. Soon for this new human and digital adventure. Voyager wants multi-profile and multi-task in an environment aesthetic and immersive as possible and that, from the origins of traveling, so that time spent on your machine is the most pleasant. In summary, the general idea is that for each profile, we have options available types that can activate or not. Voyager GE 19.04 based on Ubuntu 19.04 will cycle nine months of support and updates. For information, these are intermediate versions that prepare Future LTS. You can then seamlessly transition to 19.10 with automatic up-to-date system and so on until the next LTS. Voyager GE is not a distribution with its deposits but a customized variant of Ubuntu as mentioned above, with all its official repositories.
    [Show full text]
  • Linuxwelt Jahresabo 6X Pro Jahr – Gedruckt Und in Unserer App
    Mini- Satte Angebot! 33 % gespart! 3x LinuxWelt inkl. Prämie** Als Print-Abonnent der LinuxWelt erhalten Sie Ihre Ausgabe in der PC- WELT App IMMER GRATIS inklusive DVD-Inhalte zum Download. Jetzt testen: 3 x LinuxWelt als Heft frei Haus mit Gratis-DVD + 3 x LinuxWelt direkt aufs Smartphone & Tablet mit interaktivem Lesemodus + 10,- € BestChoice- oder BestChoice Entertainment-Gutschein* oder 10,- € Geldprämie** =17,- € (anstatt 25,50 EUR) Jetzt bestellen unter www.pcwelt.de/linuxwelt oder per Telefon: 0711/7252233 oder ganz einfach: 1. Formular ausfüllen 2. Foto machen 3. Foto an [email protected] Ja, ich bestelle das LinuxWelt Mini-Angebot für 17,- € und erhalte 3 Ausgaben inkl. Prämie Möchten Sie die LinuxWelt anschließend weiter lesen, brauchen Sie nichts zu tun. Sie BestChoice- BestChoice Enter- 10,- € erhalten die LinuxWelt für weitere 6 Ausgaben zum aktuellen Jahresabopreis von z.Zt. Gutschein tainment-Gutschein Prämie 51,- EUR. Danach ist eine Kündigung zur übernächsten Ausgabe jederzeit möglich. Vorname / Name Ich bezahle bequem per Bankeinzug. Ich erwarte Ihre Rechnung. Straße / Nr. Geldinstitut PLZ / Ort IBAN Telefon / Handy Geburtstag TT MM JJJJ BIC ABONNIEREN BEZAHLEN E-Mail Datum / Unterschrift des neuen Lesers LWPM062018 LWPM062018 *die BestChoice Gutscheine werden per Mail an den Kunden geschickt sobald die Zahlung eingegangen ist. ** wird mit Abo-Preis verrechnet LinuxWelt erscheint im Verlag IT Media Publishing GmbH & Co. KG, Gotthardstraße 42, 80686 München, Registergericht München, HRA 104234, Geschäftsführer: Sebastian Hirsch. Die Kundenbetreuung erfolgt durch ZENIT Pressevertrieb GmbH, Postfach 810580, 70522 Stuttgart, Geschäftsführer: Joachim John Editorial Reden wir über Geheimnisse „Geheime Linux-Tricks“ lautete bereits im Jahr 2017 der Titel einer LinuxWelt-Ausgabe.
    [Show full text]
  • X1 Nano Gen 1 User Guide Read This First
    X1 Nano Gen 1 User Guide Read this first Before using this documentation and the product it supports, ensure that you read and understand the following: • Safety and Warranty Guide • Generic Safety and Compliance Notices • Setup Guide First Edition (November 2020) © Copyright Lenovo 2020. LIMITED AND RESTRICTED RIGHTS NOTICE: If data or software is delivered pursuant to a General Services Administration “GSA” contract, use, reproduction, or disclosure is subject to restrictions set forth in Contract No. GS- 35F-05925. Contents About this documentation . iii Use Power Loss Protection function . 20 Chapter 1. Meet your computer. 1 Chapter 5. Configure advanced Front view . 1 settings. 21 Side view . 3 UEFI BIOS . 21 Bottom view . 4 What is UEFI BIOS . 21 Rear view . 4 Enter the UEFI BIOS menu. 21 Specifications . 5 Navigate in the UEFI BIOS interface . 21 USB specifications. 5 Change the startup sequence . 21 Set the system date and time. 22 Chapter 2. Get started with your Update UEFI BIOS . 22 computer. 7 Get started with your desktop . 7 Chapter 6. CRU replacement . 23 Manage networks . 7 CRU list . 23 Connect to Wi-Fi networks. 7 Disable the built-in battery. 23 Airplane mode . 8 Replace a CRU . 23 Interact with your computer . 8 Base cover assembly . 24 Use the camera . 8 2242 M.2 solid-state drive . 25 Use the keyboard shortcuts . 8 Use the TrackPoint pointing device . 9 Chapter 7. Help and support . 27 Use the trackpad . 10 Frequently asked questions . 27 Use the multi-touch screen (for selected Error messages . 28 models) . 11 Beep errors . 29 Connect to an external display .
    [Show full text]
  • Automated Malware Analysis Report for Veraport-G3 Amd64.Deb
    ID: 154829 Sample Name: veraport- g3_amd64.deb Cookbook: defaultlinuxfilecookbook.jbs Time: 06:34:22 Date: 22/07/2019 Version: 26.0.0 Aquamarine Table of Contents Table of Contents 2 Analysis Report veraport-g3_amd64.deb 4 Overview 4 General Information 4 Detection 4 Classification 4 Mitre Att&ck Matrix 5 Signature Overview 5 Networking: 6 System Summary: 6 Persistence and Installation Behavior: 6 Malware Analysis System Evasion: 6 Runtime Messages 6 Behavior Graph 6 Yara Overview 7 Initial Sample 7 PCAP (Network Traffic) 7 Dropped Files 7 Joe Sandbox View / Context 7 IPs 7 Domains 8 ASN 8 JA3 Fingerprints 8 Dropped Files 8 Antivirus and Machine Learning Detection 9 Initial Sample 9 Dropped Files 9 Domains 9 URLs 9 Screenshots 9 Thumbnails 9 Startup 10 Created / dropped Files 10 Domains and IPs 12 Contacted Domains 12 URLs from Memory and Binaries 12 Contacted IPs 12 Public 13 Static File Info 13 General 13 Network Behavior 13 Network Port Distribution 13 TCP Packets 14 UDP Packets 14 DNS Queries 14 DNS Answers 14 HTTPS Packets 14 System Behavior 15 Analysis Process: gnome-software PID: 20860 Parent PID: 20139 15 General 15 File Activities 15 File Deleted 15 File Read 15 File Written 15 Directory Enumerated 15 Directory Created 15 Owner / Group Modified 15 Permission Modified 15 Analysis Process: gnome-software PID: 20891 Parent PID: 20860 15 General 15 Copyright Joe Security LLC 2019 Page 2 of 20 File Activities 15 Directory Enumerated 15 Analysis Process: dbus-launch PID: 20891 Parent PID: 20860 15 General 15 File Activities 16 File
    [Show full text]
  • Introducing the Linux Vendor Firmware Service
    Introducing the Linux Vendor Firmware Service Richard Hughes Principal Software Engineer, Red Hat [email protected] The Introduction Story ● What hardware? ● What updates? ● Where from? ● How to apply? The Introduction Story : ColorHug The Introduction Story : BIOS Easiest way to infect hardware? Missing protections Failed root-of-trust Implanted updates Unsigned updater Malicious devices ??? The Grand Design™ ● fwupd – 100% free software (LGPLv2+) – Mechanism – Used by users, typically with a GUI ● lvfs-website – 100% free software (GPLv2+) – Data source – Used by vendors: OEMs and ODMs The Grand Design™ : Architecture The Grand Design™ : GNOME Software The Grand Design™ : GNOME Software Layers of Security LVFS : It’s just a website... Bi-directional Feedback : User Reports Bi-directional Feedback : Auto Demotion Bi-directional Feedback : Signed Reports Privacy Concerns : Trust Me ● Mirror the LVFS using PULP ● Vendor secrecy Vendor Relationships : User Permissions Firmware Analysis Firmware Analysis : Comparing Shards Firmware Analysis : UpdateCapsule Firmware Analysis : Certificates Firmware Analysis : Raising the Bar Firmware Analysis : Device Lifecycle Vendor Relationships : Complicated ● OBV → ODM → OEM → User ● “Trade secret” update protocols Attestation and Dashboards World Domination : Green Ticks ● Increasing requirement for “3 LVFS ticks” – Dell, Lenovo, Google, Red Hat, various UK and US governmental departments ● Change in tone World Domination : Vendor Support User Search Results Looking to the Future ● Dashboard, albeit with caveats ● The few remaining vendors, ASUS, Microsoft, etc. ● More tests, possibly using external companies Thank you! ● Question Everything! – (except asking what vendors are testing in secret!) – https://www.fwupd.org/ – https://github.com/fwupd/lvfs-website.
    [Show full text]
  • Oss NMC Rel9.Xlsx
    Open Source Software Packages for NMC XMP Release 9 Application License Publisher abattis-cantarell-fonts OFL https://git.gnome.org/browse/cantarell-fonts/ abrt GPLv2+ https://abrt.readthedocs.org/ abrt-addon-ccpp GPLv2+ https://abrt.readthedocs.org/ abrt-addon-kerneloops GPLv2+ https://abrt.readthedocs.org/ abrt-addon-pstoreoops GPLv2+ https://abrt.readthedocs.org/ abrt-addon-python GPLv2+ https://abrt.readthedocs.org/ abrt-addon-vmcore GPLv2+ https://abrt.readthedocs.org/ abrt-addon-xorg GPLv2+ https://abrt.readthedocs.org/ abrt-cli GPLv2+ https://abrt.readthedocs.org/ abrt-console-notification GPLv2+ https://abrt.readthedocs.org/ abrt-dbus GPLv2+ https://abrt.readthedocs.org/ abrt-desktop GPLv2+ https://abrt.readthedocs.org/ abrt-gui GPLv2+ https://abrt.readthedocs.org/ abrt-gui-libs GPLv2+ https://abrt.readthedocs.org/ abrt-libs GPLv2+ https://abrt.readthedocs.org/ abrt-python GPLv2+ https://abrt.readthedocs.org/ abrt-retrace-client GPLv2+ https://abrt.readthedocs.org/ abrt-tui GPLv2+ https://abrt.readthedocs.org/ accountsservice GPLv3+ https://www.freedesktop.org/wiki/Software/AccountsService/ accountsservice-libs GPLv3+ https://www.freedesktop.org/wiki/Software/AccountsService/ acl GPLv2+ http://acl.bestbits.at/ adcli LGPLv2+ http://cgit.freedesktop.org/realmd/adcli adwaita-cursor-theme LGPLv3+ or CC-BY-SA http://www.gnome.org adwaita-gtk2-theme LGPLv2+ https://gitlab.gnome.org/GNOME/gnome-themes-extra adwaita-icon-theme LGPLv3+ or CC-BY-SA http://www.gnome.org adwaita-qt5 LGPLv2+ https://github.com/MartinBriza/adwaita-qt aic94xx-firmware
    [Show full text]
  • Red Hat Enterprise Linux 7 7.8 Release Notes
    Red Hat Enterprise Linux 7 7.8 Release Notes Release Notes for Red Hat Enterprise Linux 7.8 Last Updated: 2020-04-03 Red Hat Enterprise Linux 7 7.8 Release Notes Release Notes for Red Hat Enterprise Linux 7.8 Legal Notice Copyright © 2020 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]