Open tstromberg opened 2 weeks ago
From https://github.com/chainguard-dev/bincapz/runs/30182628380
-- | -- | -- 15507092967fbd28ccb833d98c2ee49da09e7c79fd41759cd6f783672fe1c5cc | pip_installer | rules/admin/pip_install.yara 975cd3986ba59ffab8df71227293dbf2534ffb572e028e3bd492d8d08ec1f090 | pip_installer | rules/admin/pip_install.yara 5b0f7b30b411d7e404786ab2266426db471a2c9d0d9cae593eb187a58a28bc4f | pip_installer | rules/admin/pip_install.yara 240fe01d9fcce5aae311e906b8311a1975f8c1431b83618f3d11aeaff10aede3 | miner_kvryr_stak_alike | rules/combo/backdoor/net_term.yara de1ef827bcd3100a259f29730cb06f7878220a7c02cee0ebfc9090753d2237a8 | php_possible_backdoor | rules/combo/backdoor/php.yara 94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 | php_bin_hashbang | rules/combo/backdoor/php.yara cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 | php_urlvar_recon_exec | rules/combo/backdoor/php.yara de1ef827bcd3100a259f29730cb06f7878220a7c02cee0ebfc9090753d2237a8 | php_base64_eval_uname | rules/combo/backdoor/php.yara cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 | php_post_system | rules/combo/backdoor/php.yara 94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 | php_post_system | rules/combo/backdoor/php.yara 43411e7e750ebfe589cc4004da7b67e907c6f2cfe868a00962ff6b08b515e4c2 | php_eval_get_contents | rules/combo/backdoor/php.yara 1a13a6c6bb6815ba352b43971e4e961615367aec714e0a0005c28b3ebbc544c6 | php_copy_files | rules/combo/backdoor/php.yara 6896b02503c15ffa68e17404f1c97fd53ea7b53c336a7b8b34e7767f156a9cf2 | php_base64_encoded | rules/combo/backdoor/php.yara 73ed0b692fda696efd5f8e33dc05210e54b17e4e4a39183c8462bcc5a3ba06cc | php_base64_encoded | rules/combo/backdoor/php.yara 99ed2445553e490c912ee8493073cc4340e7c6310b0b7fc425ffe8340c551473 | php_base64_encoded | rules/combo/backdoor/php.yara fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 | curl_chmod_relative_run_tiny | rules/combo/dropper/shell.yara 6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b | curl_chmod_relative_run_tiny | rules/combo/dropper/shell.yara df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 | curl_chmod_relative_run_tiny | rules/combo/dropper/shell.yara 06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725 | conti_alike | rules/combo/locker/readdir_rename_encrypt.yara e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f | py_crypto_urllib_multiprocessing | rules/combo/stealer/archive.yara 4259f2da90bf344092abc071f376753adaf077e13aeed684a7a3c2950ec82f69 | py_crypto_urllib_multiprocessing | rules/combo/stealer/archive.yara 7c5c84eb86a72395bf75510d5a1a51553a025668d6477dbef86ad12da7bc6b8a | py_crypto_urllib_multiprocessing | rules/combo/stealer/archive.yara 210cbe49df69a83462a7451ee46e591c755cfbbef320174dc0ff3f633597b092 | password_finder_mimipenguin | rules/combo/stealer/password.yara 50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 | base64_php_functions_multiple | rules/evasion/base64-php_functions.yara 17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 | base64_php_functions_multiple | rules/evasion/base64-php_functions.yara 50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 | base64_python_functions | rules/evasion/base64-python.yara 17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 | base64_python_functions | rules/evasion/base64-python.yara 7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe | python_exec_near_enough_decrypt | rules/evasion/decrypt-eval.yara 7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe | python_exec_near_enough_fernet | rules/evasion/decrypt-eval.yara fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 | run_and_delete | rules/evasion/run_sleep_delete.yara 6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b | run_and_delete | rules/evasion/run_sleep_delete.yara df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 | run_and_delete | rules/evasion/run_sleep_delete.yara 3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 | php_obfuscated_concat | rules/evasion/string_concatenation.yara 1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a | php_obfuscated_concat | rules/evasion/string_concatenation.yara 3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 | php_obfuscated_concat_long | rules/evasion/string_concatenation.yara 1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a | php_obfuscated_concat_long | rules/evasion/string_concatenation.yara 236cff4506f94c8c1059c8545631fa2dcd15b086c1ade4660b947b59bdf2afbd | obfuscated_concat_multiple | rules/evasion/string_concatenation.yara 3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 | obfuscated_concat_multiple | rules/evasion/string_concatenation.yara 1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a | obfuscated_concat_multiple | rules/evasion/string_concatenation.yara da3bb9669fb983ad8d2ffc01aab9d56198bd9cedf2cc4387f19f4604a070a9b5 | conti_phrases | rules/malware/family/conti.yara 58c54ded0af2fffb8cea743d8ec3538cecfe1afe88d5f7818591fb5d4d2bd4e1 | pid_inspector_high | rules/procfs/pid-inspector.yara 12330634ae5c2ac7da6d8d00f3d680630d596df154f74e03ff37e6942f90639e | pid_inspector_high | rules/procfs/pid-inspector.yara 8b84336e73c6a6d154e685d3729dfa4e08e4a3f136f0b2e7c6e5970df9145e95 | dev_shm_file | rules/ref/path/dev-shm.yara 8b9db0bc9152628bdacc32dab01590211bee9f27d58e0f66f6a1e26aea7552a6 | dev_shm_file | rules/ref/path/dev-shm.yara f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 | etc_ld_preload_not_ld | rules/ref/path/etc-ld.so.preload.yara e100be934f676c64528b5e8a609c3fb5122b2db43b9aee3b2cf30052799a82da | ssh_folder | rules/secrets/ssh.yara 6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b | nftables | rules/security_controls/linux/iptables.yara 89073097e72070cc7cc73c178447b70e07b603ccecfe406fe92fe9eafaae830f | nftables | rules/security_controls/linux/iptables.yara 82f509473dbacadaeb2373b309566e7e1a46a67ae9d9c74159aa65bf6424ded8 | ufw | rules/security_controls/linux/ufw.yara 03bb1cfd9e45844701aabc549f530d56f162150494b629ca19d83c1c696710d7 | ufw | rules/security_controls/linux/ufw.yara
From https://github.com/chainguard-dev/bincapz/runs/30182628380
-- | -- | -- 15507092967fbd28ccb833d98c2ee49da09e7c79fd41759cd6f783672fe1c5cc | pip_installer | rules/admin/pip_install.yara 975cd3986ba59ffab8df71227293dbf2534ffb572e028e3bd492d8d08ec1f090 | pip_installer | rules/admin/pip_install.yara 5b0f7b30b411d7e404786ab2266426db471a2c9d0d9cae593eb187a58a28bc4f | pip_installer | rules/admin/pip_install.yara 240fe01d9fcce5aae311e906b8311a1975f8c1431b83618f3d11aeaff10aede3 | miner_kvryr_stak_alike | rules/combo/backdoor/net_term.yara de1ef827bcd3100a259f29730cb06f7878220a7c02cee0ebfc9090753d2237a8 | php_possible_backdoor | rules/combo/backdoor/php.yara 94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 | php_bin_hashbang | rules/combo/backdoor/php.yara cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 | php_urlvar_recon_exec | rules/combo/backdoor/php.yara de1ef827bcd3100a259f29730cb06f7878220a7c02cee0ebfc9090753d2237a8 | php_base64_eval_uname | rules/combo/backdoor/php.yara cd784dc1f7bd95cac84dc696d63d8c807129ef47b3ce08cd08afb7b7456a8cd3 | php_post_system | rules/combo/backdoor/php.yara 94f4de1bd8c85b8f820bab936ec16cdb7f7bc19fa60d46ea8106cada4acc79a2 | php_post_system | rules/combo/backdoor/php.yara 43411e7e750ebfe589cc4004da7b67e907c6f2cfe868a00962ff6b08b515e4c2 | php_eval_get_contents | rules/combo/backdoor/php.yara 1a13a6c6bb6815ba352b43971e4e961615367aec714e0a0005c28b3ebbc544c6 | php_copy_files | rules/combo/backdoor/php.yara 6896b02503c15ffa68e17404f1c97fd53ea7b53c336a7b8b34e7767f156a9cf2 | php_base64_encoded | rules/combo/backdoor/php.yara 73ed0b692fda696efd5f8e33dc05210e54b17e4e4a39183c8462bcc5a3ba06cc | php_base64_encoded | rules/combo/backdoor/php.yara 99ed2445553e490c912ee8493073cc4340e7c6310b0b7fc425ffe8340c551473 | php_base64_encoded | rules/combo/backdoor/php.yara fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 | curl_chmod_relative_run_tiny | rules/combo/dropper/shell.yara 6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b | curl_chmod_relative_run_tiny | rules/combo/dropper/shell.yara df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 | curl_chmod_relative_run_tiny | rules/combo/dropper/shell.yara 06abc46d5dbd012b170c97d142c6b679183159197e9d3f6a76ba5e5abf999725 | conti_alike | rules/combo/locker/readdir_rename_encrypt.yara e6b6cf40d605fc7a5e8ba168a8a5d8699b0879e965d2b803e29b87926cba861f | py_crypto_urllib_multiprocessing | rules/combo/stealer/archive.yara 4259f2da90bf344092abc071f376753adaf077e13aeed684a7a3c2950ec82f69 | py_crypto_urllib_multiprocessing | rules/combo/stealer/archive.yara 7c5c84eb86a72395bf75510d5a1a51553a025668d6477dbef86ad12da7bc6b8a | py_crypto_urllib_multiprocessing | rules/combo/stealer/archive.yara 210cbe49df69a83462a7451ee46e591c755cfbbef320174dc0ff3f633597b092 | password_finder_mimipenguin | rules/combo/stealer/password.yara 50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 | base64_php_functions_multiple | rules/evasion/base64-php_functions.yara 17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 | base64_php_functions_multiple | rules/evasion/base64-php_functions.yara 50057362c139184abb74a6c4ec10700477dcefc8530cf356607737539845ca54 | base64_python_functions | rules/evasion/base64-python.yara 17a1219bf38d953ed22bbddd5aaf1811b9380ad0535089e6721d755a00bddbd0 | base64_python_functions | rules/evasion/base64-python.yara 7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe | python_exec_near_enough_decrypt | rules/evasion/decrypt-eval.yara 7b2a27e5d0559625fe7f6a4e0776130880130e414c851901bbfe0cdb892dadfe | python_exec_near_enough_fernet | rules/evasion/decrypt-eval.yara fd3e21b8e2d8acf196cb63a23fc336d7078e72c2c3e168ee7851ea2bef713588 | run_and_delete | rules/evasion/run_sleep_delete.yara 6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b | run_and_delete | rules/evasion/run_sleep_delete.yara df3b41b28d5e7679cddb68f92ec98bce090af0b24484b4636d7d84f579658c52 | run_and_delete | rules/evasion/run_sleep_delete.yara 3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 | php_obfuscated_concat | rules/evasion/string_concatenation.yara 1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a | php_obfuscated_concat | rules/evasion/string_concatenation.yara 3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 | php_obfuscated_concat_long | rules/evasion/string_concatenation.yara 1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a | php_obfuscated_concat_long | rules/evasion/string_concatenation.yara 236cff4506f94c8c1059c8545631fa2dcd15b086c1ade4660b947b59bdf2afbd | obfuscated_concat_multiple | rules/evasion/string_concatenation.yara 3eb6ea176cee1e92ab3c684d16a5f820131a518478016643b454a53eaf123e63 | obfuscated_concat_multiple | rules/evasion/string_concatenation.yara 1a1c97594340ede77bc814670eaf35eaba861f1f9519038582416c704796da0a | obfuscated_concat_multiple | rules/evasion/string_concatenation.yara da3bb9669fb983ad8d2ffc01aab9d56198bd9cedf2cc4387f19f4604a070a9b5 | conti_phrases | rules/malware/family/conti.yara 58c54ded0af2fffb8cea743d8ec3538cecfe1afe88d5f7818591fb5d4d2bd4e1 | pid_inspector_high | rules/procfs/pid-inspector.yara 12330634ae5c2ac7da6d8d00f3d680630d596df154f74e03ff37e6942f90639e | pid_inspector_high | rules/procfs/pid-inspector.yara 8b84336e73c6a6d154e685d3729dfa4e08e4a3f136f0b2e7c6e5970df9145e95 | dev_shm_file | rules/ref/path/dev-shm.yara 8b9db0bc9152628bdacc32dab01590211bee9f27d58e0f66f6a1e26aea7552a6 | dev_shm_file | rules/ref/path/dev-shm.yara f1612924814ac73339f777b48b0de28b716d606e142d4d3f4308ec648e3f56c8 | etc_ld_preload_not_ld | rules/ref/path/etc-ld.so.preload.yara e100be934f676c64528b5e8a609c3fb5122b2db43b9aee3b2cf30052799a82da | ssh_folder | rules/secrets/ssh.yara 6e35b5670953b6ab15e3eb062b8a594d58936dd93ca382bbb3ebdbf076a1f83b | nftables | rules/security_controls/linux/iptables.yara 89073097e72070cc7cc73c178447b70e07b603ccecfe406fe92fe9eafaae830f | nftables | rules/security_controls/linux/iptables.yara 82f509473dbacadaeb2373b309566e7e1a46a67ae9d9c74159aa65bf6424ded8 | ufw | rules/security_controls/linux/ufw.yara 03bb1cfd9e45844701aabc549f530d56f162150494b629ca19d83c1c696710d7 | ufw | rules/security_controls/linux/ufw.yara