Oh and WINE updating its config when I hadn’t made changes, just gave me a funny feeling
Comment on Absolute disaster, RAT backdoored through WINE. Assistance with Docker
frongt@lemmy.zip 1 day ago
Wine to Linux seems like an unlikely attack vector. What led you to believe you were compromised? I’m not sure what the screenshots are supposed to show, and the text file isn’t loading.
If you can share the evidence of compromise itself, or the disk images, I’d like to take a look at it.
ushjftye@programming.dev 1 day ago
ushjftye@programming.dev 1 day ago
I tell you what though I am pulling a shit tonne of .txt files off of this dump. I am gonna put them all in a folder, and grep through it. There’s definitely syslogs, I might be able to find out where it was going. If I can find the exact .DLL I could potentially open it up in a text editor and see where it was going. Schroot was established January the 29th and I didn’t discover it until February 4th so there’s a week of stuff to comb through.
ushjftye@programming.dev 1 day ago
ImageImageImageImageImageImageImage
Sorry friend, I’m not gonna send you an image of the disk. This just happened to me, I’m not about to trust an anonymous good samaritan.
ushjftye@programming.dev 1 day ago
First image is the second half of the tree from my /home/. contains a whopping 37 directories.
2nd is what I believe to be the poisoned .Dll in the output of foremost’s audit.text
3rd is the beginning of the audit.
4th is the first half of the tree for home. Sorry for out of order.
5th is photorec which is currently digging through the img…
6th is the out put from my first attempt at using foremost to file carve. didn’t work because the img was mounted
7th is my poor desktop which is now just the default kde screen the browser I’m talking to you on and the Win10.iso I burned onto my housemates laptop.