154100x80000000000000002150362Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:07:38.014{ec230001-9a8a-6262-e087-520efb550000}5142/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150361Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:07:38.014{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-35356-false10.0.1.20-22- 354300x80000000000000002150363Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:07:38.481{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39212-false10.0.1.12-8000- 534500x80000000000000002150364Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:07:38.694{ec230001-9a8a-6262-0000-000000000000}5143-sshd 534500x80000000000000002150365Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:07:38.697{ec230001-9a8a-6262-e087-520efb550000}5142/usr/sbin/sshdroot 354300x80000000000000002150366Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:07:44.374{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39214-false10.0.1.12-8000- 354300x80000000000000002150367Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:07:47.263{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42200-false10.0.1.12-8089- 354300x80000000000000002150368Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:07:50.325{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39218-false10.0.1.12-8000- 354300x80000000000000002150369Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:07:56.272{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39220-false10.0.1.12-8000- 23542300x80000000000000002150370Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:00.982{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150371Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:01.272{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39222-false10.0.1.12-8000- 154100x80000000000000002150372Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:05.872{ec230001-9aa5-6262-68b4-a741f8550000}5144/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002150373Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:05.884{ec230001-9aa5-6262-68b4-a741f8550000}5144/bin/psroot 354300x80000000000000002150374Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:06.362{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39224-false10.0.1.12-8000- 154100x80000000000000002150376Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:06.907{ec230001-9aa6-6262-e0a7-45e99d550000}5145/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150375Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:06.907{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-40464-false10.0.1.20-22- 534500x80000000000000002150377Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:07.585{ec230001-9aa6-6262-0000-000000000000}5146-sshd 534500x80000000000000002150378Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:07.586{ec230001-9aa6-6262-e0a7-45e99d550000}5145/usr/sbin/sshdroot 354300x80000000000000002150379Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:11.364{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39226-false10.0.1.12-8000- 354300x80000000000000002150380Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:16.461{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39228-false10.0.1.12-8000- 354300x80000000000000002150381Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:21.485{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39230-false10.0.1.12-8000- 354300x80000000000000002150382Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:27.326{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39232-false10.0.1.12-8000- 23542300x80000000000000002150383Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:30.981{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150384Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:33.268{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39234-false10.0.1.12-8000- 354300x80000000000000002150385Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:36.522{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-45448-false10.0.1.20-22- 154100x80000000000000002150386Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:36.523{ec230001-9ac4-6262-e037-cd91f5550000}5147/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 534500x80000000000000002150387Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:37.185{ec230001-9ac4-6262-0000-000000000000}5148-sshd 534500x80000000000000002150388Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:37.186{ec230001-9ac4-6262-e037-cd91f5550000}5147/usr/sbin/sshdroot 354300x80000000000000002150389Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:38.271{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39236-false10.0.1.12-8000- 354300x80000000000000002150390Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:43.451{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39238-false10.0.1.12-8000- 354300x80000000000000002150391Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:47.267{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42224-false10.0.1.12-8089- 354300x80000000000000002150392Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:49.285{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39242-false10.0.1.12-8000- 354300x80000000000000002150393Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:08:55.270{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39244-false10.0.1.12-8000- 354300x80000000000000002150394Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:00.434{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39246-false10.0.1.12-8000- 23542300x80000000000000002150395Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:00.981{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150396Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:05.455{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39248-false10.0.1.12-8000- 354300x80000000000000002150397Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:06.598{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-50492-false10.0.1.20-22- 154100x80000000000000002150398Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:06.599{ec230001-9ae2-6262-e007-46b0d3550000}5149/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 154100x80000000000000002150399Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:06.885{ec230001-9ae2-6262-68c4-3e072c560000}5151/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002150400Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:06.898{ec230001-9ae2-6262-68c4-3e072c560000}5151/bin/psroot 534500x80000000000000002150401Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:07.260{ec230001-9ae2-6262-0000-000000000000}5150-sshd 534500x80000000000000002150402Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:07.261{ec230001-9ae2-6262-e007-46b0d3550000}5149/usr/sbin/sshdroot 354300x80000000000000002150403Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:11.320{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39250-false10.0.1.12-8000- 534500x80000000000000002150404Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:11.324{00000000-0000-0000-0000-000000000000}4824<unknown process>root 354300x80000000000000002150405Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:16.426{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39252-false10.0.1.12-8000- 354300x80000000000000002150406Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:22.341{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39254-false10.0.1.12-8000- 354300x80000000000000002150407Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:27.376{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39256-false10.0.1.12-8000- 23542300x80000000000000002150408Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:30.861{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150409Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:32.410{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39258-false10.0.1.12-8000- 354300x80000000000000002150410Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:37.646{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-55530-false10.0.1.20-22- 154100x80000000000000002150411Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:37.647{ec230001-9b01-6262-e007-12a929560000}5152/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 534500x80000000000000002150412Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:38.331{ec230001-9b01-6262-0000-000000000000}5153-sshd 534500x80000000000000002150413Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:38.332{ec230001-9b01-6262-e007-12a929560000}5152/usr/sbin/sshdroot 354300x80000000000000002150414Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:38.404{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39260-false10.0.1.12-8000- 354300x80000000000000002150415Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:44.288{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39262-false10.0.1.12-8000- 354300x80000000000000002150416Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:47.271{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42248-false10.0.1.12-8089- 354300x80000000000000002150417Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:49.336{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39266-false10.0.1.12-8000- 354300x80000000000000002150418Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:09:55.302{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39268-false10.0.1.12-8000- 354300x80000000000000002150419Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:00.444{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39270-false10.0.1.12-8000- 23542300x80000000000000002150420Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:00.979{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150421Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:05.457{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39272-false10.0.1.12-8000- 154100x80000000000000002150422Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:07.958{ec230001-9b1f-6262-6884-ffe4ac550000}5155/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002150423Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:07.970{ec230001-9b1f-6262-6884-ffe4ac550000}5155/bin/psroot 154100x80000000000000002150425Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:08.025{ec230001-9b20-6262-e057-0dc1c1550000}5156/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150424Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:08.025{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-60666-false10.0.1.20-22- 534500x80000000000000002150426Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:08.672{ec230001-9b20-6262-0000-000000000000}5157-sshd 534500x80000000000000002150427Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:08.674{ec230001-9b20-6262-e057-0dc1c1550000}5156/usr/sbin/sshdroot 354300x80000000000000002150428Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:10.483{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39274-false10.0.1.12-8000- 354300x80000000000000002150429Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:16.249{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39276-false10.0.1.12-8000- 354300x80000000000000002150430Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:21.370{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39278-false10.0.1.12-8000- 354300x80000000000000002150431Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:27.255{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39280-false10.0.1.12-8000- 23542300x80000000000000002150432Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:30.978{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150433Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:32.336{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39282-false10.0.1.12-8000- 534500x80000000000000002150435Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:34.610{ec230001-9a62-6262-80c2-4a0f84550000}5137/bin/nanoubuntu 23542300x80000000000000002150434Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:34.610{ec230001-9a62-6262-80c2-4a0f84550000}5137ubuntu/bin/nano/home/ubuntu/./.soloshred.sh.swp--- 354300x80000000000000002150436Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:37.440{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39284-false10.0.1.12-8000- 154100x80000000000000002150438Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:37.990{ec230001-9b3d-6262-e0d7-72dbdc550000}5158/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150437Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:37.990{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-37394-false10.0.1.20-22- 534500x80000000000000002150439Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:38.649{ec230001-9b3d-6262-0000-000000000000}5159-sshd 534500x80000000000000002150440Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:38.650{ec230001-9b3d-6262-e0d7-72dbdc550000}5158/usr/sbin/sshdroot 154100x80000000000000002150441Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:41.090{ec230001-9b41-6262-d089-345893550000}5160/bin/cat-----cat sol/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150442Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:41.091{ec230001-9b41-6262-d089-345893550000}5160/bin/catubuntu 534500x80000000000000002150443Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:43.015{00000000-0000-0000-0000-000000000000}5161<unknown process>ubuntu 23542300x80000000000000002150445Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:43.016{ec230001-9a51-6262-08a4-887865550000}5122ubuntu/bin/bash/tmp/sh-thd.RIgtEN--- 534500x80000000000000002150444Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:43.016{ec230001-9b3d-6262-0000-000000000000}5162-ubuntu 354300x80000000000000002150446Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:43.299{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39286-false10.0.1.12-8000- 154100x80000000000000002150447Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:43.610{ec230001-9b43-6262-d039-a4f0f6550000}5163/bin/cat-----cat soloshred.sh/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150448Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:43.611{ec230001-9b43-6262-d039-a4f0f6550000}5163/bin/catubuntu 354300x80000000000000002150449Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:47.275{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42272-false10.0.1.12-8089- 354300x80000000000000002150450Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.423{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39290-false10.0.1.12-8000- 154100x80000000000000002150451Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.865{ec230001-9b48-6262-7043-69efe1550000}5164/bin/rm-----rm -rf /etc/systemd/system/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150452Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.868{ec230001-9b48-6262-7043-69efe1550000}5164/bin/rmubuntu 154100x80000000000000002150453Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.870{ec230001-9b48-6262-50ef-678624560000}5165/usr/bin/shred-----shred -n 1 -x -z /usr/lib/systemd/system/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150454Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.871{ec230001-9b48-6262-50ef-678624560000}5165/usr/bin/shredubuntu 154100x80000000000000002150455Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.872{ec230001-9b48-6262-7093-0e114e560000}5166/bin/rm-----rm -rf /home --no-preserve-root rm -rf /etc/systemd/system/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 23542300x80000000000000002150464Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.875{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/prog--- 23542300x80000000000000002150463Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.875{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/soloshred.sh--- 23542300x80000000000000002150462Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.875{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/.sudo_as_admin_successful--- 23542300x80000000000000002150461Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.875{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/.bash_history--- 23542300x80000000000000002150460Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.875{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/test.txt--- 23542300x80000000000000002150459Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.875{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/orshred.sh--- 23542300x80000000000000002150458Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.875{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/.ssh/authorized_keys--- 23542300x80000000000000002150457Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.875{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/.cache/motd.legal-displayed--- 23542300x80000000000000002150456Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.875{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/.bash_logout--- 23542300x80000000000000002150470Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.876{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/.profile--- 23542300x80000000000000002150469Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.876{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/shadow_copy.txt--- 23542300x80000000000000002150468Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.876{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/prog.c--- 23542300x80000000000000002150467Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.876{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/hook_fopen.so--- 23542300x80000000000000002150466Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.876{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/run_hook.c--- 23542300x80000000000000002150465Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.876{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/hook_fopen.c--- 23542300x80000000000000002150473Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.877{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/passwd_copy.txt--- 23542300x80000000000000002150472Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.877{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/.bashrc--- 23542300x80000000000000002150471Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.877{ec230001-9b48-6262-7093-0e114e560000}5166ubuntu/bin/rm/home/ubuntu/run_hook--- 534500x80000000000000002150474Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.882{ec230001-9b48-6262-7093-0e114e560000}5166/bin/rmubuntu 154100x80000000000000002150475Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.884{ec230001-9b48-6262-50df-5cdb6e550000}5167/usr/bin/shred-----shred -n 1 -x -z /usr/lib/systemd/system/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150476Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.885{ec230001-9b48-6262-50df-5cdb6e550000}5167/usr/bin/shredubuntu 154100x80000000000000002150477Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.886{ec230001-9b48-6262-7043-8ce263550000}5168/bin/rm-----rm -rf /home --no-preserve-root/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150478Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.888{ec230001-9b48-6262-7043-8ce263550000}5168/bin/rmubuntu 154100x80000000000000002150479Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.889{ec230001-9b48-6262-50df-8eb5f1550000}5169/usr/bin/shred-----shred -n 1 -x -z /boot/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150480Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:48.892{ec230001-9b48-6262-50df-8eb5f1550000}5169/usr/bin/shredubuntu 354300x80000000000000002150481Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:53.476{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39292-false10.0.1.12-8000- 354300x80000000000000002150482Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:10:59.416{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39294-false10.0.1.12-8000- 23542300x80000000000000002150483Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:00.978{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150484Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:04.472{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39296-false10.0.1.12-8000- 154100x80000000000000002150486Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:06.919{ec230001-9b5a-6262-e007-2722de550000}5170/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150485Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:06.919{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-42458-false10.0.1.20-22- 534500x80000000000000002150487Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:07.609{ec230001-9b5a-6262-0000-000000000000}5171-sshd 534500x80000000000000002150488Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:07.610{ec230001-9b5a-6262-e007-2722de550000}5170/usr/sbin/sshdroot 154100x80000000000000002150489Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:08.972{ec230001-9b5c-6262-6804-d0aa02560000}5172/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002150490Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:08.983{ec230001-9b5c-6262-6804-d0aa02560000}5172/bin/psroot 354300x80000000000000002150491Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:10.320{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39298-false10.0.1.12-8000- 354300x80000000000000002150492Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:15.340{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39300-false10.0.1.12-8000- 354300x80000000000000002150493Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:20.354{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39302-false10.0.1.12-8000- 154100x80000000000000002150494Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:21.206{ec230001-9b69-6262-08d6-8c7b5b550000}5173/usr/bin/clear-----clear/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150495Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:21.207{ec230001-9b69-6262-08d6-8c7b5b550000}5173/usr/bin/clearubuntu 534500x80000000000000002150496Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:25.631{ec230001-9b6d-6262-0000-000000000000}5174-ubuntu 354300x80000000000000002150497Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:26.283{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39304-false10.0.1.12-8000- 534500x80000000000000002150498Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:26.712{00000000-0000-0000-0000-000000000000}5175<unknown process>ubuntu 23542300x80000000000000002150499Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:30.978{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150500Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:31.340{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39306-false10.0.1.12-8000- 154100x80000000000000002150501Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:32.265{ec230001-9b74-6262-e876-5ab3b6550000}5176/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150502Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:32.267{ec230001-9b74-6262-e876-5ab3b6550000}5176/bin/lsubuntu 154100x80000000000000002150504Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:35.984{ec230001-9b77-6262-e087-499200560000}5177/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150503Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:35.984{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-47544-false10.0.1.20-22- 354300x80000000000000002150505Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:36.428{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39308-false10.0.1.12-8000- 534500x80000000000000002150506Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:36.661{ec230001-9b77-6262-0000-000000000000}5178-sshd 534500x80000000000000002150507Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:36.662{ec230001-9b77-6262-e087-499200560000}5177/usr/sbin/sshdroot 354300x80000000000000002150508Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:42.260{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39310-false10.0.1.12-8000- 354300x80000000000000002150509Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:47.280{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42296-false10.0.1.12-8089- 354300x80000000000000002150510Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:48.243{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39314-false10.0.1.12-8000- 354300x80000000000000002150511Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:53.467{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39316-false10.0.1.12-8000- 354300x80000000000000002150512Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:11:59.446{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39318-false10.0.1.12-8000- 534500x80000000000000002150513Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:00.661{ec230001-60ec-6262-c89a-4e13d6550000}462/lib/systemd/systemd-journaldroot 23542300x80000000000000002150514Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:00.978{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150515Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:05.038{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-52548-false10.0.1.20-22- 154100x80000000000000002150516Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:05.039{ec230001-9b95-6262-e037-f9ffe0550000}5180/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150517Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:05.279{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39320-false10.0.1.12-8000- 534500x80000000000000002150518Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:05.699{ec230001-9b95-6262-0000-000000000000}5181-sshd 534500x80000000000000002150519Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:05.700{ec230001-9b95-6262-e037-f9ffe0550000}5180/usr/sbin/sshdroot 154100x80000000000000002150520Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:10.043{ec230001-9b9a-6262-6864-5c17ce550000}5182/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002150521Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:10.055{ec230001-9b9a-6262-6864-5c17ce550000}5182/bin/psroot 354300x80000000000000002150522Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:11.269{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39322-false10.0.1.12-8000- 354300x80000000000000002150523Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:16.415{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39324-false10.0.1.12-8000- 354300x80000000000000002150524Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:27.455{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39328-false10.0.1.12-8000- 154100x80000000000000002150525Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:30.486{ec230001-9bae-6262-1060-7294e6550000}5183/bin/touch-----touch soloshred.sh/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150526Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:30.487{ec230001-9bae-6262-1060-7294e6550000}5183/bin/touchubuntu 23542300x80000000000000002150527Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:30.978{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150528Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:33.319{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39330-false10.0.1.12-8000- 154100x80000000000000002150530Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:34.279{ec230001-9bb2-6262-e0f7-fd03d3550000}5184/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150529Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:34.279{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-57610-false10.0.1.20-22- 534500x80000000000000002150531Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:34.943{ec230001-9bb2-6262-0000-000000000000}5185-sshd 534500x80000000000000002150532Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:34.944{ec230001-9bb2-6262-e0f7-fd03d3550000}5184/usr/sbin/sshdroot 534500x80000000000000002150533Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:35.338{00000000-0000-0000-0000-000000000000}5186<unknown process>ubuntu 23542300x80000000000000002150535Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:35.339{ec230001-9a51-6262-08a4-887865550000}5122ubuntu/bin/bash/tmp/sh-thd.vj1XQv--- 534500x80000000000000002150534Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:35.339{00000000-0000-0000-0000-000000000000}5187<unknown process>ubuntu 154100x80000000000000002150536Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:36.022{ec230001-9bb4-6262-e081-6f224d560000}5188/bin/chmod-----chmod 777 soloshred.sh/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150537Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:36.023{ec230001-9bb4-6262-e081-6f224d560000}5188/bin/chmodubuntu 534500x80000000000000002150538Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:38.611{00000000-0000-0000-0000-000000000000}5189<unknown process>ubuntu 23542300x80000000000000002150540Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:38.613{ec230001-9a51-6262-08a4-887865550000}5122ubuntu/bin/bash/tmp/sh-thd.lNvhZm--- 534500x80000000000000002150539Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:38.613{ec230001-9bb2-6262-0000-000000000000}5190-ubuntu 154100x80000000000000002150541Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:39.194{ec230001-9bb7-6262-8082-9fd684550000}5191/bin/nano-----nano soloshred.sh/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 354300x80000000000000002150542Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:39.273{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39332-false10.0.1.12-8000- 354300x80000000000000002150543Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:45.247{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39334-false10.0.1.12-8000- 23542300x80000000000000002150544Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:46.941{ec230001-9bb7-6262-8082-9fd684550000}5191ubuntu/bin/nano/home/ubuntu/./.soloshred.sh.swp--- 354300x80000000000000002150545Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:47.283{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42320-false10.0.1.12-8089- 354300x80000000000000002150546Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:50.273{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39338-false10.0.1.12-8000- 354300x80000000000000002150547Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:12:55.411{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39340-false10.0.1.12-8000- 23542300x80000000000000002150548Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:00.980{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150549Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:01.350{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39342-false10.0.1.12-8000- 354300x80000000000000002150550Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:02.656{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-34486-false10.0.1.20-22- 154100x80000000000000002150551Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:02.657{ec230001-9bce-6262-e0b7-f35f77550000}5192/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 534500x80000000000000002150552Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:03.314{ec230001-9bce-6262-0000-000000000000}5193-sshd 534500x80000000000000002150553Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:03.315{ec230001-9bce-6262-e0b7-f35f77550000}5192/usr/sbin/sshdroot 354300x80000000000000002150554Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:06.392{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39344-false10.0.1.12-8000- 154100x80000000000000002150555Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:11.056{ec230001-9bd7-6262-6814-290667550000}5194/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002150556Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:11.068{ec230001-9bd7-6262-6814-290667550000}5194/bin/psroot 534500x80000000000000002150558Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:11.296{ec230001-9bb7-6262-8082-9fd684550000}5191/bin/nanoubuntu 23542300x80000000000000002150557Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:11.296{ec230001-9bb7-6262-8082-9fd684550000}5191ubuntu/bin/nano/home/ubuntu/./.soloshred.sh.swp--- 354300x80000000000000002150559Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:11.393{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39346-false10.0.1.12-8000- 534500x80000000000000002150560Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:14.924{00000000-0000-0000-0000-000000000000}5195<unknown process>ubuntu 354300x80000000000000002150561Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:17.238{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39348-false10.0.1.12-8000- 534500x80000000000000002150562Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:20.337{00000000-0000-0000-0000-000000000000}5196<unknown process>ubuntu 154100x80000000000000002150563Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.179{ec230001-9be1-6262-089e-4a2189550000}5197/usr/bin/sudo-----sudo ./soloshred.sh/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 354300x80000000000000002150565Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.182{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse0.0.0.0-0-false127.0.0.53-53- 354300x80000000000000002150564Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.182{ec230001-9be1-6262-089e-4a2189550000}5197/usr/bin/sudoubuntuudptruefalse127.0.0.1-59627-false127.0.0.53-53- 354300x80000000000000002150567Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.183{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-54897-false10.0.0.2-53- 354300x80000000000000002150566Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.183{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-46629-false10.0.0.2-53- 354300x80000000000000002150570Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.184{ec230001-9be1-6262-089e-4a2189550000}5197/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-59627- 354300x80000000000000002150569Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.184{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-59627- 354300x80000000000000002150568Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.184{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.20-54897- 354300x80000000000000002150571Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.189{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudpfalsefalse10.0.0.2-53-false10.0.1.20-46629- 354300x80000000000000002150573Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.190{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-51434- 354300x80000000000000002150572Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.190{ec230001-9be1-6262-089e-4a2189550000}5197/usr/bin/sudoubuntuudptruefalse127.0.0.1-51434-false127.0.0.53-53- 154100x80000000000000002150574Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.192{ec230001-9be1-6262-68c2-6265d4550000}5198/bin/dash-----sh ./soloshred.sh/home/ubunturoot{ec230001-0000-0000-0000-000002000000}09no level-{ec230001-9be1-6262-089e-4a2189550000}5197/usr/bin/sudosudoubuntu 154100x80000000000000002150575Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.193{ec230001-9be1-6262-086e-dc14d7550000}5199/usr/bin/sudo-----sudo shred -n 1 -x -z /boot/home/ubunturoot{ec230001-0000-0000-0000-000002000000}09no level-{ec230001-9be1-6262-68c2-6265d4550000}5198/bin/dashshroot 354300x80000000000000002150578Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.196{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-52224-false10.0.0.2-53- 354300x80000000000000002150577Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.196{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-47219-false10.0.0.2-53- 354300x80000000000000002150576Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.196{ec230001-9be1-6262-086e-dc14d7550000}5199/usr/bin/sudorootudptruefalse127.0.0.1-50491-false127.0.0.53-53- 354300x80000000000000002150582Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.197{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-36300- 354300x80000000000000002150581Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.197{ec230001-9be1-6262-086e-dc14d7550000}5199/usr/bin/sudorootudptruefalse127.0.0.1-36300-false127.0.0.53-53- 354300x80000000000000002150580Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.197{ec230001-9be1-6262-086e-dc14d7550000}5199/usr/bin/sudorootudpfalsefalse127.0.0.53-53-false127.0.0.1-36300- 354300x80000000000000002150579Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.197{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-50491- 154100x80000000000000002150583Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.200{ec230001-9be1-6262-50cf-aa2c0b560000}5200/usr/bin/shred-----shred -n 1 -x -z /boot/home/ubunturoot{ec230001-0000-0000-0000-000002000000}09no level-{ec230001-9be1-6262-086e-dc14d7550000}5199/usr/bin/sudosudoroot 534500x80000000000000002150584Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.201{ec230001-9be1-6262-50cf-aa2c0b560000}5200/usr/bin/shredroot 534500x80000000000000002150585Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.202{ec230001-9be1-6262-086e-dc14d7550000}5199/usr/bin/sudoroot 534500x80000000000000002150586Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.203{ec230001-9be1-6262-68c2-6265d4550000}5198/bin/dashroot 534500x80000000000000002150587Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:21.204{ec230001-9be1-6262-089e-4a2189550000}5197/usr/bin/sudoroot 354300x80000000000000002150588Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:22.393{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39350-false10.0.1.12-8000- 354300x80000000000000002150589Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:28.267{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39352-false10.0.1.12-8000- 154100x80000000000000002150591Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:30.130{ec230001-9bea-6262-e047-2e4715560000}5201/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150590Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:30.130{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-39476-false10.0.1.20-22- 534500x80000000000000002150592Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:30.813{ec230001-9bea-6262-0000-000000000000}5202-sshd 534500x80000000000000002150593Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:30.814{ec230001-9bea-6262-e047-2e4715560000}5201/usr/sbin/sshdroot 23542300x80000000000000002150594Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:30.956{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150595Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:33.395{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39354-false10.0.1.12-8000- 354300x80000000000000002150596Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:38.442{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39356-false10.0.1.12-8000- 354300x80000000000000002150597Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:43.453{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39358-false10.0.1.12-8000- 354300x80000000000000002150598Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:47.288{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42344-false10.0.1.12-8089- 354300x80000000000000002150599Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:48.469{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39362-false10.0.1.12-8000- 354300x80000000000000002150600Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:54.245{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39364-false10.0.1.12-8000- 154100x80000000000000002150602Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:58.289{ec230001-9c06-6262-e017-695605560000}5203/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150601Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:58.289{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-44648-false10.0.1.20-22- 354300x80000000000000002150603Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:58.293{ec230001-9c06-6262-e017-695605560000}5203/usr/sbin/sshdrootudpfalsetrue0:0:0:0:0:0:0:1-22-true0:0:0:0:0:0:0:0-40911- 534500x80000000000000002150604Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:58.955{ec230001-9c06-6262-0000-000000000000}5204-sshd 534500x80000000000000002150605Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:58.956{ec230001-9c06-6262-e017-695605560000}5203/usr/sbin/sshdroot 354300x80000000000000002150606Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:13:59.274{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39366-false10.0.1.12-8000- 23542300x80000000000000002150607Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:00.858{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150608Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:04.284{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39368-false10.0.1.12-8000- 354300x80000000000000002150609Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:09.333{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39370-false10.0.1.12-8000- 154100x80000000000000002150610Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:12.128{ec230001-9c14-6262-68c4-658749560000}5205/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002150611Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:12.139{ec230001-9c14-6262-68c4-658749560000}5205/bin/psroot 354300x80000000000000002150612Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:14.443{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39372-false10.0.1.12-8000- 354300x80000000000000002150613Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:19.469{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39374-false10.0.1.12-8000- 354300x80000000000000002150614Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:25.308{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39376-false10.0.1.12-8000- 154100x80000000000000002150616Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:26.251{ec230001-9c22-6262-e017-b64fef550000}5206/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150615Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:26.251{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-49654-false10.0.1.20-22- 534500x80000000000000002150617Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:26.922{ec230001-9c22-6262-0000-000000000000}5207-sshd 534500x80000000000000002150618Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:26.923{ec230001-9c22-6262-e017-b64fef550000}5206/usr/sbin/sshdroot 354300x80000000000000002150619Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:30.345{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39378-false10.0.1.12-8000- 23542300x80000000000000002150620Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:30.977{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150621Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:36.295{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39380-false10.0.1.12-8000- 354300x80000000000000002150622Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:41.385{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39382-false10.0.1.12-8000- 354300x80000000000000002150623Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:46.419{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39384-false10.0.1.12-8000- 354300x80000000000000002150624Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:47.291{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42370-false10.0.1.12-8089- 354300x80000000000000002150625Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:51.480{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39388-false10.0.1.12-8000- 154100x80000000000000002150627Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:54.120{ec230001-9c3e-6262-e087-fff2a2550000}5208/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150626Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:54.120{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-54674-false10.0.1.20-22- 534500x80000000000000002150628Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:54.795{ec230001-9c3e-6262-0000-000000000000}5209-sshd 534500x80000000000000002150629Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:54.796{ec230001-9c3e-6262-e087-fff2a2550000}5208/usr/sbin/sshdroot 354300x80000000000000002150630Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:14:57.278{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39390-false10.0.1.12-8000- 23542300x80000000000000002150631Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:00.977{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150632Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:02.370{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39392-false10.0.1.12-8000- 354300x80000000000000002150633Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:08.245{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39394-false10.0.1.12-8000- 534500x80000000000000002150634Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:11.208{00000000-0000-0000-0000-000000000000}4959<unknown process>root 154100x80000000000000002150635Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:13.140{ec230001-9c51-6262-6804-76d530560000}5210/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002150636Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:13.154{ec230001-9c51-6262-6804-76d530560000}5210/bin/psroot 354300x80000000000000002150637Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:14.245{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39396-false10.0.1.12-8000- 354300x80000000000000002150638Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:19.411{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39398-false10.0.1.12-8000- 154100x80000000000000002150640Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:21.541{ec230001-9c59-6262-e0d7-31abec550000}5211/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150639Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:21.541{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-59694-false10.0.1.20-22- 534500x80000000000000002150641Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:22.230{ec230001-9c59-6262-0000-000000000000}5212-sshd 534500x80000000000000002150642Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:22.231{ec230001-9c59-6262-e0d7-31abec550000}5211/usr/sbin/sshdroot 354300x80000000000000002150643Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:25.385{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39400-false10.0.1.12-8000- 154100x80000000000000002150644Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:26.289{ec230001-9c5e-6262-e8b6-66255f550000}5213/bin/ls-----ls --color=auto -l/bootubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150645Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:26.292{ec230001-9c5e-6262-e8b6-66255f550000}5213/bin/lsubuntu 354300x80000000000000002150646Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:30.418{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39402-false10.0.1.12-8000- 23542300x80000000000000002150647Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:30.976{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 154100x80000000000000002150648Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:31.182{ec230001-9c63-6262-e886-5b9abf550000}5214/bin/ls-----ls --color=auto -l/ubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150649Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:31.185{ec230001-9c63-6262-e886-5b9abf550000}5214/bin/lsubuntu 354300x80000000000000002150650Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:35.461{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39404-false10.0.1.12-8000- 23542300x80000000000000002150652Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:36.495{ec230001-9a51-6262-08a4-887865550000}5122ubuntu/bin/bash/tmp/sh-thd.hv2ox3--- 534500x80000000000000002150651Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:36.495{00000000-0000-0000-0000-000000000000}5215<unknown process>ubuntu 154100x80000000000000002150653Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:37.944{ec230001-9c69-6262-e896-1222df550000}5216/bin/ls-----ls --color=auto -l/homeubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150654Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:37.947{ec230001-9c69-6262-e896-1222df550000}5216/bin/lsubuntu 534500x80000000000000002150655Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:39.882{ec230001-9c59-6262-0000-000000000000}5217-ubuntu 23542300x80000000000000002150657Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:41.007{ec230001-9a51-6262-08a4-887865550000}5122ubuntu/bin/bash/tmp/sh-thd.HcSToW--- 534500x80000000000000002150656Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:41.007{00000000-0000-0000-0000-000000000000}5218<unknown process>ubuntu 354300x80000000000000002150658Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:41.437{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39406-false10.0.1.12-8000- 154100x80000000000000002150659Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:43.636{ec230001-9c6f-6262-e8f6-50dac8550000}5219/bin/ls-----ls --color=auto -l/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 534500x80000000000000002150660Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:43.638{ec230001-9c6f-6262-e8f6-50dac8550000}5219/bin/lsubuntu 354300x80000000000000002150661Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:46.473{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39408-false10.0.1.12-8000- 354300x80000000000000002150662Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:47.296{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42394-false10.0.1.12-8089- 154100x80000000000000002150664Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:48.877{ec230001-9c74-6262-e0f7-af9977550000}5220/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150663Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:48.877{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-36512-false10.0.1.20-22- 154100x80000000000000002150665Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.499{ec230001-9c75-6262-085e-f68526560000}5223/usr/bin/sudo-----sudo shred -n 1 -x -z /boot/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{00000000-0000-0000-0000-000000000000}5222--- 354300x80000000000000002150668Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.503{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-49440-false10.0.0.2-53- 354300x80000000000000002150667Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.503{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-58167-false10.0.0.2-53- 354300x80000000000000002150666Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.503{ec230001-9c75-6262-085e-f68526560000}5223/usr/bin/sudoubuntuudptruefalse127.0.0.1-38756-false127.0.0.53-53- 354300x80000000000000002150670Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.504{ec230001-9c75-6262-085e-f68526560000}5223/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-38756- 354300x80000000000000002150669Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.504{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-38756- 354300x80000000000000002150672Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.512{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-52720- 354300x80000000000000002150671Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.512{ec230001-9c75-6262-085e-f68526560000}5223/usr/bin/sudoubuntuudptruefalse127.0.0.1-52720-false127.0.0.53-53- 154100x80000000000000002150673Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.515{ec230001-9c75-6262-50df-1d86bc550000}5224/usr/bin/shred-----shred -n 1 -x -z /boot/home/ubunturoot{ec230001-0000-0000-0000-000002000000}09no level-{ec230001-9c75-6262-085e-f68526560000}5223/usr/bin/sudosudoubuntu 534500x80000000000000002150675Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.516{ec230001-9c75-6262-085e-f68526560000}5223/usr/bin/sudoroot 534500x80000000000000002150674Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.516{ec230001-9c75-6262-50df-1d86bc550000}5224/usr/bin/shredroot 534500x80000000000000002150676Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.517{ec230001-9c59-6262-0000-000000000000}5222-ubuntu 534500x80000000000000002150678Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.553{ec230001-9c74-6262-e0f7-af9977550000}5220/usr/sbin/sshdroot 534500x80000000000000002150677Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:49.553{ec230001-9c74-6262-0000-000000000000}5221-sshd 354300x80000000000000002150679Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:52.304{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39412-false10.0.1.12-8000- 354300x80000000000000002150680Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:57.469{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39414-false10.0.1.12-8000- 354300x80000000000000002150681Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:15:59.196{ec230001-81da-6262-68b9-6a9386550000}4512/usr/sbin/apache2www-datatcpfalsetrue0:0:0:0:0:ffff:b9fe:c4d9-52104-true0:0:0:0:0:ffff:a00:114-80- 23542300x80000000000000002150682Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:00.977{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 534500x80000000000000002150683Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:02.762{00000000-0000-0000-0000-000000000000}5225<unknown process>ubuntu 23542300x80000000000000002150685Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:02.764{ec230001-9a51-6262-08a4-887865550000}5122ubuntu/bin/bash/tmp/sh-thd.jpLuDM--- 534500x80000000000000002150684Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:02.764{ec230001-9c82-6262-0000-000000000000}5226-ubuntu 354300x80000000000000002150686Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:03.409{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39416-false10.0.1.12-8000- 354300x80000000000000002150687Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:09.280{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39418-false10.0.1.12-8000- 154100x80000000000000002150688Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:14.184{ec230001-9c8e-6262-68e4-97d726560000}5227/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002150689Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:14.195{ec230001-9c8e-6262-68e4-97d726560000}5227/bin/psroot 354300x80000000000000002150690Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:15.255{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39420-false10.0.1.12-8000- 154100x80000000000000002150692Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:17.100{ec230001-9c91-6262-e057-50ee9b550000}5228/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150691Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:17.100{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-41640-false10.0.1.20-22- 534500x80000000000000002150694Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:17.760{ec230001-9c91-6262-e057-50ee9b550000}5228/usr/sbin/sshdroot 534500x80000000000000002150693Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:17.760{ec230001-9c91-6262-0000-000000000000}5229-sshd 154100x80000000000000002150695Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:18.473{ec230001-9c92-6262-8062-1d4010560000}5230/bin/nano-----nano soloshred.sh/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 354300x80000000000000002150696Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:20.332{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39422-false10.0.1.12-8000- 23542300x80000000000000002150697Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:22.551{ec230001-9c92-6262-8062-1d4010560000}5230ubuntu/bin/nano/home/ubuntu/./.soloshred.sh.swp--- 354300x80000000000000002150698Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:25.411{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39424-false10.0.1.12-8000- 354300x80000000000000002150699Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:30.454{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39426-false10.0.1.12-8000- 23542300x80000000000000002150700Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:30.976{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150701Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:36.284{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39428-false10.0.1.12-8000- 354300x80000000000000002150702Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:41.390{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39430-false10.0.1.12-8000- 154100x80000000000000002150704Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:45.305{ec230001-9cad-6262-e0a7-bdfe48560000}5231/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 354300x80000000000000002150703Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:45.305{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-46612-false10.0.1.20-22- 534500x80000000000000002150705Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:45.979{ec230001-9cad-6262-0000-000000000000}5232-sshd 534500x80000000000000002150706Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:45.980{ec230001-9cad-6262-e0a7-bdfe48560000}5231/usr/sbin/sshdroot 354300x80000000000000002150707Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:46.464{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39432-false10.0.1.12-8000- 354300x80000000000000002150708Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:47.300{ec230001-60f3-6262-601c-3e8419560000}1354/opt/splunkforwarder/bin/splunkdroottcptruefalse10.0.1.20-42418-false10.0.1.12-8089- 354300x80000000000000002150709Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:52.238{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39436-false10.0.1.12-8000- 354300x80000000000000002150710Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:16:57.480{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39438-false10.0.1.12-8000- 154100x80000000000000002150711Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:00.594{ec230001-9cbc-6262-6882-4497ee550000}5234/bin/dash-----/bin/sh -c cd / && run-parts --report /etc/cron.hourly/rootroot{ec230001-0000-0000-0000-000000000000}010no level-{00000000-0000-0000-0000-000000000000}5233--- 534500x80000000000000002150714Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:00.596{ec230001-9cbc-6262-6882-4497ee550000}5234/bin/dashroot 534500x80000000000000002150713Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:00.596{ec230001-9cbc-6262-38fa-62b17a550000}5235/bin/run-partsroot 154100x80000000000000002150712Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:00.596{ec230001-9cbc-6262-38fa-62b17a550000}5235/bin/run-parts-----run-parts --report /etc/cron.hourly/root{ec230001-0000-0000-0000-000000000000}010no level-{ec230001-9cbc-6262-6882-4497ee550000}5234/bin/dash/bin/shroot 534500x80000000000000002150715Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:00.597{ec230001-9cbc-6262-0000-000000000000}5233-root 534500x80000000000000002150716Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:00.916{ec230001-60ec-6262-c89a-4e13d6550000}462/lib/systemd/systemd-journaldroot 23542300x80000000000000002150717Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:00.976{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002150718Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:03.352{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39440-false10.0.1.12-8000- 354300x80000000000000002150719Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:09.249{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39442-false10.0.1.12-8000- 23542300x80000000000000002150720Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:10.847{ec230001-9c92-6262-8062-1d4010560000}5230ubuntu/bin/nano/home/ubuntu/./.soloshred.sh.swp--- 534500x80000000000000002150721Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:10.848{ec230001-9c92-6262-8062-1d4010560000}5230/bin/nanoubuntu 354300x80000000000000002150722Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:13.714{ec230001-60f1-6262-e0c7-99217b550000}979/usr/sbin/sshdroottcpfalsefalse179.43.154.185-51636-false10.0.1.20-22- 154100x80000000000000002150723Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:13.716{ec230001-9cc9-6262-e0c7-e1f941560000}5237/usr/sbin/sshd-----/usr/sbin/sshd -D -R/root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}979--- 534500x80000000000000002150725Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:14.387{ec230001-9cc9-6262-e0c7-e1f941560000}5237/usr/sbin/sshdroot 534500x80000000000000002150724Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:14.387{ec230001-9cc9-6262-0000-000000000000}5238-sshd 354300x80000000000000002150726Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:14.467{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39444-false10.0.1.12-8000- 154100x80000000000000002150727Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:15.196{ec230001-9ccb-6262-6834-e9a8af550000}5239/bin/ps-----ps -e -o pid,ppid,state,command/var/snap/amazon-ssm-agent/5163root{ec230001-0000-0000-0000-000000000000}04294967295no level-{00000000-0000-0000-0000-000000000000}964--- 534500x80000000000000002150728Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:15.207{ec230001-9ccb-6262-6834-e9a8af550000}5239/bin/psroot 154100x80000000000000002150729Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.821{ec230001-9ccc-6262-087e-4a449d550000}5240/usr/bin/sudo-----sudo ./soloshred.sh/home/ubuntuubuntu{ec230001-9a52-6262-e803-000002000000}10009no level-{ec230001-9a51-6262-08a4-887865550000}5122/bin/bash-bashubuntu 354300x80000000000000002150730Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.824{ec230001-9ccc-6262-087e-4a449d550000}5240/usr/bin/sudoubuntuudptruefalse127.0.0.1-57507-false127.0.0.53-53- 354300x80000000000000002150732Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.825{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-59934-false10.0.0.2-53- 354300x80000000000000002150731Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.825{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse10.0.1.20-58806-false10.0.0.2-53- 354300x80000000000000002150736Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.826{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-50709- 354300x80000000000000002150735Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.826{ec230001-9ccc-6262-087e-4a449d550000}5240/usr/bin/sudoubuntuudptruefalse127.0.0.1-50709-false127.0.0.53-53- 354300x80000000000000002150734Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.826{ec230001-9ccc-6262-087e-4a449d550000}5240/usr/bin/sudoubuntuudpfalsefalse127.0.0.53-53-false127.0.0.1-50709- 354300x80000000000000002150733Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.826{ec230001-60ee-6262-c037-a3c6b5550000}744/lib/systemd/systemd-resolvedsystemd-resolveudptruefalse127.0.0.53-53-false127.0.0.1-57507- 154100x80000000000000002150737Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.829{ec230001-9ccc-6262-6832-cb0479550000}5241/bin/dash-----sh ./soloshred.sh/home/ubunturoot{ec230001-0000-0000-0000-000002000000}09no level-{ec230001-9ccc-6262-087e-4a449d550000}5240/usr/bin/sudosudoubuntu 154100x80000000000000002150738Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.830{ec230001-9ccc-6262-7043-981303560000}5242/bin/rm-----rm -rf /boot --no-preserve-root/home/ubunturoot{ec230001-0000-0000-0000-000002000000}09no level-{ec230001-9ccc-6262-6832-cb0479550000}5241/bin/dashshroot 23542300x80000000000000002150744Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.831{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/gfxblacklist.txt--- 23542300x80000000000000002150743Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.831{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/grub.cfg--- 23542300x80000000000000002150742Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.831{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/default--- 23542300x80000000000000002150741Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.831{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/menu.lst~--- 23542300x80000000000000002150740Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.831{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/System.map-5.4.0-1071-aws--- 23542300x80000000000000002150739Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.831{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/vmlinuz-5.4.0-1071-aws--- 23542300x80000000000000002150745Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.832{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/fonts/unicode.pf2--- 23542300x80000000000000002150748Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.833{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/menu.lst--- 23542300x80000000000000002150747Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.833{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/grubenv--- 23542300x80000000000000002150746Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.833{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/unicode.pf2--- 23542300x80000000000000002150798Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/keylayouts.mod--- 23542300x80000000000000002150797Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ntfs.mod--- 23542300x80000000000000002150796Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/video_colors.mod--- 23542300x80000000000000002150795Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/verify.mod--- 23542300x80000000000000002150794Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/search_fs_uuid.mod--- 23542300x80000000000000002150793Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_rijndael.mod--- 23542300x80000000000000002150792Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/probe.mod--- 23542300x80000000000000002150791Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/usbserial_common.mod--- 23542300x80000000000000002150790Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/affs.mod--- 23542300x80000000000000002150789Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/lsapm.mod--- 23542300x80000000000000002150788Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_tiger.mod--- 23542300x80000000000000002150787Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cmp_test.mod--- 23542300x80000000000000002150786Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/minix3_be.mod--- 23542300x80000000000000002150785Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/terminfo.mod--- 23542300x80000000000000002150784Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_acorn.mod--- 23542300x80000000000000002150783Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/datetime.mod--- 23542300x80000000000000002150782Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/terminal.mod--- 23542300x80000000000000002150781Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/reboot.mod--- 23542300x80000000000000002150780Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ctz_test.mod--- 23542300x80000000000000002150779Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/adler32.mod--- 23542300x80000000000000002150778Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_rmd160.mod--- 23542300x80000000000000002150777Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/boot.mod--- 23542300x80000000000000002150776Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/search_label.mod--- 23542300x80000000000000002150775Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/video.lst--- 23542300x80000000000000002150774Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/romfs.mod--- 23542300x80000000000000002150773Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_twofish.mod--- 23542300x80000000000000002150772Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/videotest.mod--- 23542300x80000000000000002150771Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/morse.mod--- 23542300x80000000000000002150770Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/password.mod--- 23542300x80000000000000002150769Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_bsd.mod--- 23542300x80000000000000002150768Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/blocklist.mod--- 23542300x80000000000000002150767Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ufs1.mod--- 23542300x80000000000000002150766Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_serpent.mod--- 23542300x80000000000000002150765Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/xnu_uuid_test.mod--- 23542300x80000000000000002150764Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/xfs.mod--- 23542300x80000000000000002150763Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/bfs.mod--- 23542300x80000000000000002150762Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_msdos.mod--- 23542300x80000000000000002150761Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/efiemu64.o--- 23542300x80000000000000002150760Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/lvm.mod--- 23542300x80000000000000002150759Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/jfs.mod--- 23542300x80000000000000002150758Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/functional_test.mod--- 23542300x80000000000000002150757Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/bufio.mod--- 23542300x80000000000000002150756Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/extcmd.mod--- 23542300x80000000000000002150755Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cbfs.mod--- 23542300x80000000000000002150754Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/setjmp_test.mod--- 23542300x80000000000000002150753Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/mpi.mod--- 23542300x80000000000000002150752Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/sendkey.mod--- 23542300x80000000000000002150751Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/relocator.mod--- 23542300x80000000000000002150750Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/date.mod--- 23542300x80000000000000002150749Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.835{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/test.mod--- 23542300x80000000000000002150850Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_crc.mod--- 23542300x80000000000000002150849Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/nilfs2.mod--- 23542300x80000000000000002150848Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/xnu_uuid.mod--- 23542300x80000000000000002150847Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_camellia.mod--- 23542300x80000000000000002150846Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cpio_be.mod--- 23542300x80000000000000002150845Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/font.mod--- 23542300x80000000000000002150844Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ata.mod--- 23542300x80000000000000002150843Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/loopback.mod--- 23542300x80000000000000002150842Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/plan9.mod--- 23542300x80000000000000002150841Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/uhci.mod--- 23542300x80000000000000002150840Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cs5536.mod--- 23542300x80000000000000002150839Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/minix.mod--- 23542300x80000000000000002150838Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/lsmmap.mod--- 23542300x80000000000000002150837Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_md5.mod--- 23542300x80000000000000002150836Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cpio.mod--- 23542300x80000000000000002150835Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/memdisk.mod--- 23542300x80000000000000002150834Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/partmap.lst--- 23542300x80000000000000002150833Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/progress.mod--- 23542300x80000000000000002150832Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/efiemu32.o--- 23542300x80000000000000002150831Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_dsa.mod--- 23542300x80000000000000002150830Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/terminal.lst--- 23542300x80000000000000002150829Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/spkmodem.mod--- 23542300x80000000000000002150828Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/core.img--- 23542300x80000000000000002150827Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/mul_test.mod--- 23542300x80000000000000002150826Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/normal.mod--- 23542300x80000000000000002150825Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/biosdisk.mod--- 23542300x80000000000000002150824Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/tftp.mod--- 23542300x80000000000000002150823Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/hello.mod--- 23542300x80000000000000002150822Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/usbserial_ftdi.mod--- 23542300x80000000000000002150821Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/sleep.mod--- 23542300x80000000000000002150820Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_plan.mod--- 23542300x80000000000000002150819Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ldm.mod--- 23542300x80000000000000002150818Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/udf.mod--- 23542300x80000000000000002150817Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/pcidump.mod--- 23542300x80000000000000002150816Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/hfsplus.mod--- 23542300x80000000000000002150815Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/msdospart.mod--- 23542300x80000000000000002150814Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/moddep.lst--- 23542300x80000000000000002150813Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/regexp.mod--- 23542300x80000000000000002150812Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/freedos.mod--- 23542300x80000000000000002150811Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/multiboot.mod--- 23542300x80000000000000002150810Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/btrfs.mod--- 23542300x80000000000000002150809Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/odc.mod--- 23542300x80000000000000002150808Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/all_video.mod--- 23542300x80000000000000002150807Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gptsync.mod--- 23542300x80000000000000002150806Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/sleep_test.mod--- 23542300x80000000000000002150805Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/command.lst--- 23542300x80000000000000002150804Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/tga.mod--- 23542300x80000000000000002150803Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_gpt.mod--- 23542300x80000000000000002150802Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cbmemc.mod--- 23542300x80000000000000002150801Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/hwmatch.mod--- 23542300x80000000000000002150800Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/crypto.mod--- 23542300x80000000000000002150799Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.836{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gfxterm_menu.mod--- 23542300x80000000000000002150897Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/search.mod--- 23542300x80000000000000002150896Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_blowfish.mod--- 23542300x80000000000000002150895Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/password_pbkdf2.mod--- 23542300x80000000000000002150894Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_whirlpool.mod--- 23542300x80000000000000002150893Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/offsetio.mod--- 23542300x80000000000000002150892Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/bitmap_scale.mod--- 23542300x80000000000000002150891Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/nativedisk.mod--- 23542300x80000000000000002150890Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/serial.mod--- 23542300x80000000000000002150889Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gettext.mod--- 23542300x80000000000000002150888Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/squash4.mod--- 23542300x80000000000000002150887Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/videoinfo.mod--- 23542300x80000000000000002150886Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/truecrypt.mod--- 23542300x80000000000000002150885Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cpuid.mod--- 23542300x80000000000000002150884Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/png.mod--- 23542300x80000000000000002150883Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/true.mod--- 23542300x80000000000000002150882Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/macbless.mod--- 23542300x80000000000000002150881Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/bitmap.mod--- 23542300x80000000000000002150880Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/usb.mod--- 23542300x80000000000000002150879Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cmosdump.mod--- 23542300x80000000000000002150878Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gdb.mod--- 23542300x80000000000000002150877Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/linux16.mod--- 23542300x80000000000000002150876Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/backtrace.mod--- 23542300x80000000000000002150875Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/915resolution.mod--- 23542300x80000000000000002150874Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/xzio.mod--- 23542300x80000000000000002150873Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/diskfilter.mod--- 23542300x80000000000000002150872Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/usbserial_pl2303.mod--- 23542300x80000000000000002150871Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/geli.mod--- 23542300x80000000000000002150870Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_sunpc.mod--- 23542300x80000000000000002150869Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/test_blockarg.mod--- 23542300x80000000000000002150868Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/pbkdf2.mod--- 23542300x80000000000000002150867Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/parttool.lst--- 23542300x80000000000000002150866Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gfxterm.mod--- 23542300x80000000000000002150865Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gfxterm_background.mod--- 23542300x80000000000000002150864Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/raid6rec.mod--- 23542300x80000000000000002150863Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_sha1.mod--- 23542300x80000000000000002150862Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cbls.mod--- 23542300x80000000000000002150861Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_sun.mod--- 23542300x80000000000000002150860Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/eval.mod--- 23542300x80000000000000002150859Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/shift_test.mod--- 23542300x80000000000000002150858Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/priority_queue.mod--- 23542300x80000000000000002150857Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/video_fb.mod--- 23542300x80000000000000002150856Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cbtable.mod--- 23542300x80000000000000002150855Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/vga.mod--- 23542300x80000000000000002150854Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/pxe.mod--- 23542300x80000000000000002150853Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/zfs.mod--- 23542300x80000000000000002150852Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/dm_nv.mod--- 23542300x80000000000000002150851Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.837{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/testspeed.mod--- 23542300x80000000000000002150946Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/aout.mod--- 23542300x80000000000000002150945Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/testload.mod--- 23542300x80000000000000002150944Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/memrw.mod--- 23542300x80000000000000002150943Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/help.mod--- 23542300x80000000000000002150942Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/xnu.mod--- 23542300x80000000000000002150941Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/acpi.mod--- 23542300x80000000000000002150940Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/lsacpi.mod--- 23542300x80000000000000002150939Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/play.mod--- 23542300x80000000000000002150938Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/hfspluscomp.mod--- 23542300x80000000000000002150937Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/boot.img--- 23542300x80000000000000002150936Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_arcfour.mod--- 23542300x80000000000000002150935Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cryptodisk.mod--- 23542300x80000000000000002150934Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/mdraid09_be.mod--- 23542300x80000000000000002150933Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/hfs.mod--- 23542300x80000000000000002150932Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/zfsinfo.mod--- 23542300x80000000000000002150931Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/parttool.mod--- 23542300x80000000000000002150930Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_dfly.mod--- 23542300x80000000000000002150929Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/exfat.mod--- 23542300x80000000000000002150928Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/video_cirrus.mod--- 23542300x80000000000000002150927Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_md4.mod--- 23542300x80000000000000002150926Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/usbms.mod--- 23542300x80000000000000002150925Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/macho.mod--- 23542300x80000000000000002150924Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/mdraid09.mod--- 23542300x80000000000000002150923Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/archelp.mod--- 23542300x80000000000000002150922Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/efiemu.mod--- 23542300x80000000000000002150921Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/loadenv.mod--- 23542300x80000000000000002150920Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/tar.mod--- 23542300x80000000000000002150919Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/pxechain.mod--- 23542300x80000000000000002150918Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cat.mod--- 23542300x80000000000000002150917Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/halt.mod--- 23542300x80000000000000002150916Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/legacy_password_test.mod--- 23542300x80000000000000002150915Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/file.mod--- 23542300x80000000000000002150914Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/reiserfs.mod--- 23542300x80000000000000002150913Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/at_keyboard.mod--- 23542300x80000000000000002150912Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/vbe.mod--- 23542300x80000000000000002150911Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/newc.mod--- 23542300x80000000000000002150910Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/minix_be.mod--- 23542300x80000000000000002150909Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/bswap_test.mod--- 23542300x80000000000000002150908Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/sfs.mod--- 23542300x80000000000000002150907Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ext2.mod--- 23542300x80000000000000002150906Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/search_fs_file.mod--- 23542300x80000000000000002150905Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cmostest.mod--- 23542300x80000000000000002150904Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_sha512.mod--- 23542300x80000000000000002150903Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cmdline_cat_test.mod--- 23542300x80000000000000002150902Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/usbtest.mod--- 23542300x80000000000000002150901Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gzio.mod--- 23542300x80000000000000002150900Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/mmap.mod--- 23542300x80000000000000002150899Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/crypto.lst--- 23542300x80000000000000002150898Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.838{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/mdraid1x.mod--- 23542300x80000000000000002151000Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/jpeg.mod--- 23542300x80000000000000002150999Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/echo.mod--- 23542300x80000000000000002150998Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/lspci.mod--- 23542300x80000000000000002150997Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/bsd.mod--- 23542300x80000000000000002150996Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/div.mod--- 23542300x80000000000000002150995Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/usb_keyboard.mod--- 23542300x80000000000000002150994Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/disk.mod--- 23542300x80000000000000002150993Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/mda_text.mod--- 23542300x80000000000000002150992Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/minicmd.mod--- 23542300x80000000000000002150991Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/zfscrypt.mod--- 23542300x80000000000000002150990Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/vga_text.mod--- 23542300x80000000000000002150989Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/legacycfg.mod--- 23542300x80000000000000002150988Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_des.mod--- 23542300x80000000000000002150987Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/fs.lst--- 23542300x80000000000000002150986Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/luks.mod--- 23542300x80000000000000002150985Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/multiboot2.mod--- 23542300x80000000000000002150984Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/pata.mod--- 23542300x80000000000000002150983Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/raid5rec.mod--- 23542300x80000000000000002150982Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/video_bochs.mod--- 23542300x80000000000000002150981Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gfxmenu.mod--- 23542300x80000000000000002150980Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/lzopio.mod--- 23542300x80000000000000002150979Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/modinfo.sh--- 23542300x80000000000000002150978Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ufs2.mod--- 23542300x80000000000000002150977Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cbtime.mod--- 23542300x80000000000000002150976Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_rsa.mod--- 23542300x80000000000000002150975Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/syslinuxcfg.mod--- 23542300x80000000000000002150974Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/drivemap.mod--- 23542300x80000000000000002150973Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/net.mod--- 23542300x80000000000000002150972Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ohci.mod--- 23542300x80000000000000002150971Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/minix2.mod--- 23542300x80000000000000002150970Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_idea.mod--- 23542300x80000000000000002150969Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/afs.mod--- 23542300x80000000000000002150968Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/read.mod--- 23542300x80000000000000002150967Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ehci.mod--- 23542300x80000000000000002150966Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/usbserial_usbdebug.mod--- 23542300x80000000000000002150965Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/elf.mod--- 23542300x80000000000000002150964Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/cmp.mod--- 23542300x80000000000000002150963Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/scsi.mod--- 23542300x80000000000000002150962Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/hexdump.mod--- 23542300x80000000000000002150961Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/hdparm.mod--- 23542300x80000000000000002150960Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_dvh.mod--- 23542300x80000000000000002150959Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/configfile.mod--- 23542300x80000000000000002150958Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ufs1_be.mod--- 23542300x80000000000000002150957Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/minix3.mod--- 23542300x80000000000000002150956Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/fshelp.mod--- 23542300x80000000000000002150955Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/trig.mod--- 23542300x80000000000000002150954Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/pci.mod--- 23542300x80000000000000002150953Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/minix2_be.mod--- 23542300x80000000000000002150952Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/div_test.mod--- 23542300x80000000000000002150951Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ntldr.mod--- 23542300x80000000000000002150950Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/fat.mod--- 23542300x80000000000000002150949Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/iso9660.mod--- 23542300x80000000000000002150948Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/crc64.mod--- 23542300x80000000000000002150947Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.839{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/http.mod--- 534500x80000000000000002151030Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-6832-cb0479550000}5241/bin/dashroot 534500x80000000000000002151029Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242/bin/rmroot 23542300x80000000000000002151028Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/config-5.4.0-1071-aws--- 23542300x80000000000000002151027Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/initrd.img-5.4.0-1071-aws--- 23542300x80000000000000002151026Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/keystatus.mod--- 23542300x80000000000000002151025Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_sha256.mod--- 23542300x80000000000000002151024Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/datehook.mod--- 23542300x80000000000000002151023Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/chain.mod--- 23542300x80000000000000002151022Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/random.mod--- 23542300x80000000000000002151021Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/pbkdf2_test.mod--- 23542300x80000000000000002151020Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_rfc2268.mod--- 23542300x80000000000000002151019Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/setjmp.mod--- 23542300x80000000000000002151018Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/videotest_checksum.mod--- 23542300x80000000000000002151017Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ahci.mod--- 23542300x80000000000000002151016Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/exfctest.mod--- 23542300x80000000000000002151015Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/setpci.mod--- 23542300x80000000000000002151014Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/procfs.mod--- 23542300x80000000000000002151013Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/time.mod--- 23542300x80000000000000002151012Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_cast5.mod--- 23542300x80000000000000002151011Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/signature_test.mod--- 23542300x80000000000000002151010Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/tr.mod--- 23542300x80000000000000002151009Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/video.mod--- 23542300x80000000000000002151008Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/iorw.mod--- 23542300x80000000000000002151007Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ntfscomp.mod--- 23542300x80000000000000002151006Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_amiga.mod--- 23542300x80000000000000002151005Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/linux.mod--- 23542300x80000000000000002151004Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/part_apple.mod--- 23542300x80000000000000002151003Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/ls.mod--- 23542300x80000000000000002151002Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/hashsum.mod--- 23542300x80000000000000002151001Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.840{ec230001-9ccc-6262-7043-981303560000}5242root/bin/rm/boot/grub/i386-pc/gcry_seed.mod--- 534500x80000000000000002151031Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:16.841{ec230001-9ccc-6262-087e-4a449d550000}5240/usr/bin/sudoroot 354300x80000000000000002151032Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:20.455{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39446-false10.0.1.12-8000- 354300x80000000000000002151033Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:26.381{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39448-false10.0.1.12-8000- 23542300x80000000000000002151034Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:30.806{ec230001-60f3-6262-601c-3e8419560000}1354root/opt/splunkforwarder/bin/splunkd/opt/splunkforwarder/var/spool/splunk/tracker.log--- 354300x80000000000000002151035Linux-Sysmon/Operationalsysmonlinux-ctus-attack-range-6628-2022-04-22 12:17:31.455{ec230001-60fb-6262-d9ff-4d0400000000}1744/opt/splunkforwarder/etc/apps/Splunk_TA_stream/linux_x86_64/bin/streamfwdroottcptruefalse10.0.1.20-39450-false10.0.1.12-8000-