Few scanners which I used to identify the problems inside container image. (results will change in the future)
- Scanner tests were executed on:
2023-01-04 - Image version:
quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
❯ docker pull quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
❯ docker run -it --rm -v /var/run/docker.sock:/var/run/docker.sock registry.aquasec.com/scanner:2022.4 \
-H https://xxxxxxxxx.cloud.aquasec.com -U 'ruzickap-scanner-test' -P 'xxxxxxx' \
scan --local --scan-malware --collect-sensitive quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
2023-01-04 10:08:41.610 INFO Logger started with level INFO
2023-01-04 10:08:46.642 INFO Registering with server {"os": "linux", "os_version": "", "registries": []}
2023-01-04 10:08:46.846 INFO Successfully registered {"scanner_id": 13712}
2023-01-04 10:08:47.372 INFO Starting Scan Image {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c"}
2023-01-04 10:08:47.696 INFO Start getting image information from registry... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397"}
2023-01-04 10:08:47.698 INFO Connecting to registry... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397"}
2023-01-04 10:08:47.703 INFO Requesting authorization to pull image... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397"}
2023-01-04 10:08:47.822 INFO Getting image manifest... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397"}
2023-01-04 10:08:47.827 INFO Found several platforms matching request, choosing first one {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "selected": "amd64::linux:", "matches": ["amd64::linux:"]}
2023-01-04 10:08:47.827 INFO Getting image history... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:47.827 INFO Getting image metadata... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:47.928 INFO Working with Layer Digest Ids {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:47.930 INFO End getting image information from registry... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:", "seconds": 0}
2023-01-04 10:08:47.930 INFO Start getting assurance policies from server... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:47.930 INFO Getting assurance policies... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:48.128 INFO End getting assurance policies from server... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:", "seconds": 1}
2023-01-04 10:08:48.128 INFO Start fetching security feed from server... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:48.229 INFO Latest security feeds need to be pulled from server. {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:48.352 INFO Latest security feeds need to be pulled from server. {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:48.472 INFO Latest security feeds need to be pulled from server. {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:48.720 INFO End fetching security feed from server... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:", "seconds": 0}
2023-01-04 10:08:48.720 INFO Start pulling image... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:48.720 INFO Start pulling image in Dockerless mode... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:50.849 INFO End pulling image in Dockerless mode... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:", "seconds": 2}
2023-01-04 10:08:50.850 INFO End pulling image {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:", "seconds": 2}
2023-01-04 10:08:50.850 INFO Start analyzing image layer by layer without Docker... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:50.852 INFO Start analyzing image by layer without Docker... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:51.938 INFO End analyzing image by layer without Docker... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:", "seconds": 1}
2023-01-04 10:08:51.939 INFO End analyzing image layer by layer without Docker... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:51.939 INFO Contacting CyberCenter... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:52.390 INFO Start merging layers analysis... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:52.390 INFO End merging layers analysis... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:", "seconds": 0}
2023-01-04 10:08:52.391 INFO Start Contacting CyberCenter... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:52.617 INFO End Contacting CyberCenter... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:", "seconds": 0}
2023-01-04 10:08:52.618 INFO Start processing results... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:52.728 INFO End processing results... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:", "seconds": 0}
2023-01-04 10:08:52.729 INFO Start applying assurance policies... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:52.932 INFO Applying image assurance policies... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:"}
2023-01-04 10:08:52.941 INFO End applying assurance policies... {"registry": "", "image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0", "requested platform": "amd64:::", "job ID": "cf845f13-f22a-41bb-bc07-48e6ffe4e02c", "server version": "2022.4.21541ab397", "scanning platform": "amd64::linux:", "seconds": 0}
2023-01-04 10:08:54.782 INFO Skipping file hash saving.
{
"image": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0",
"scan_started": {
"seconds": 1672826927,
"nanos": 372585185
},
"scan_duration": 5,
"image_size": 30934357,
"digest": "sha256:5ab315d3255b83f72c9352d901fd5610cead689f73ed792eb9a411d73a522fc4",
"metadata": {
"repo_digests": [
"quay.io/petr_ruzicka/malware-cryptominer-container@sha256:1f742ffe4aceb94534d84be9b5935deca8b6f5a934d9306f433522d4924400a9"
]
},
"os": "alpine",
"version": "3.17.0",
"image_assurance_results": {
"checks_performed": [
{
"policy_id": 265,
"policy_name": "mypolicy",
"control": "root_user"
},
...
...
...
]
},
"vulnerability_summary": {},
"scan_options": {
"scan_executables": true,
"scan_sensitive_data": true,
"scan_malware": true,
"scan_files": true,
"scan_timeout": 3600000000000,
"manual_pull_fallback": true,
"save_adhoc_scans": true,
"use_cvss3": true,
"dockerless": true,
"system_image_platform": "amd64:::",
"telemetry_enabled": true,
"scan_elf": true,
"enable_fast_scanning": true,
"memoryThrottling": true,
"suggest_os_upgrade": true,
"seim_enabled": true,
"adhoc_scan_retention": 30
},
"initiating_user": "ruzickap-scanner-test",
"data_date": 1672816984,
"pull_name": "quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0",
"scan_id": 1337258,
"required_image_platform": "amd64:::",
"scanned_image_platform": "amd64::linux:",
"security_feeds_used": {
"executables": "ef4e6ffe9e909f"
},
"image_id": 2294916,
"internal_digest_id": {
"id": 216918
},
"local": true,
"OriginFromHostImage": true,
"CanSkipFileHashSave": true
}
2023-01-04 10:08:54.919 INFO Deregistering from console
2023-01-04 10:08:55.024 INFO Scan successfully completed.
Details from "Aqua Images" section:
Aqua details of container image running inside Amazon EKS cluster:
❯ trivy image quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
2023-01-04T10:15:42.045Z INFO Vulnerability scanning is enabled
2023-01-04T10:15:42.046Z INFO Secret scanning is enabled
2023-01-04T10:15:42.047Z INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2023-01-04T10:15:42.047Z INFO Please see also https://aquasecurity.github.io/trivy/v0.33/docs/secret/scanning/#recommendation for faster secret detection
2023-01-04T10:15:42.052Z INFO Detected OS: alpine
2023-01-04T10:15:42.052Z INFO This OS version is not on the EOL list: alpine 3.17
2023-01-04T10:15:42.052Z INFO Detecting Alpine vulnerabilities...
2023-01-04T10:15:42.054Z INFO Number of language-specific files: 0
quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0 (alpine 3.17.0)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)
Files are extracted to the disk, where the scanner is running (local "antivirus" will detect the extracted malware files)
❯ docker pull quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
❯ twistcli images scan --address=https://us-west1.cloud.twistlock.com/xxxxxxxxxxxxxx --details --user xxxx --password xxxx quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
Scan results for: image quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0 sha256:5ab315d3255b83f72c9352d901fd5610cead689f73ed792eb9a411d73a522fc4
Vulnerabilities
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE | SEVERITY | CVSS | PACKAGE | VERSION | STATUS | PUBLISHED | DISCOVERED | DESCRIPTION |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-38297 | critical | 9.80 | go | 1.14.4 | fixed in 1.17.2, 1.16.9 | > 1 years | < 1 hour | Go before 1.16.9 and 1.17.x before 1.17.2 has a |
| | | | | | > 1 years ago | | | Buffer Overflow via large arguments in a function |
| | | | | | | | | invocation from a WASM module, when GOARCH=wasm |
| | | | | | | | | GOOS... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-23806 | critical | 9.10 | go | 1.14.4 | fixed in 1.17.7, 1.16.14 | > 10 months | < 1 hour | Curve.IsOnCurve in crypto/elliptic in Go before |
| | | | | | > 10 months ago | | | 1.16.14 and 1.17.x before 1.17.7 can incorrectly |
| | | | | | | | | return true in situations with a big.Int value |
| | | | | | | | | that i... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-30580 | high | 7.80 | go | 1.14.4 | fixed in 1.18.3, 1.17.11 | > 4 months | < 1 hour | Code injection in Cmd.Start in os/exec before |
| | | | | | > 4 months ago | | | Go 1.17.11 and Go 1.18.3 allows execution of any |
| | | | | | | | | binaries in the working directory named either |
| | | | | | | | | \"..com\... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-41715 | high | 7.50 | go | 1.14.4 | fixed in 1.19.2, 1.18.7 | 81 days | < 1 hour | Programs which compile regular expressions from |
| | | | | | 81 days ago | | | untrusted sources may be vulnerable to memory |
| | | | | | | | | exhaustion or denial of service. The parsed regexp |
| | | | | | | | | repre... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-3996 | high | 7.50 | openssl | 3.0.7-r0 | fixed in 3.0.7-r2 | 21 days | < 1 hour | If an X.509 certificate contains a malformed |
| | | | | | 1 hours ago | | | policy constraint and policy processing is |
| | | | | | | | | enabled, then a write lock will be taken twice |
| | | | | | | | | recursively. On... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-32189 | high | 7.50 | go | 1.14.4 | fixed in 1.18.5, 1.17.13 | > 4 months | < 1 hour | A too-short encoded message can cause a panic in |
| | | | | | > 4 months ago | | | Float.GobDecode and Rat GobDecode in math/big in |
| | | | | | | | | Go before 1.17.13 and 1.18.5, potentially allowing |
| | | | | | | | | a... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-30635 | high | 7.50 | go | 1.14.4 | fixed in 1.18.4, 1.17.12 | > 4 months | < 1 hour | Uncontrolled recursion in Decoder.Decode in |
| | | | | | > 4 months ago | | | encoding/gob before Go 1.17.12 and Go 1.18.4 |
| | | | | | | | | allows an attacker to cause a panic due to stack |
| | | | | | | | | exhaustion v... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-30633 | high | 7.50 | go | 1.14.4 | fixed in 1.18.4, 1.17.12 | > 4 months | < 1 hour | Uncontrolled recursion in Unmarshal in |
| | | | | | > 4 months ago | | | encoding/xml before Go 1.17.12 and Go 1.18.4 |
| | | | | | | | | allows an attacker to cause a panic due to stack |
| | | | | | | | | exhaustion via un... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-30632 | high | 7.50 | go | 1.14.4 | fixed in 1.18.4, 1.17.12 | > 4 months | < 1 hour | Uncontrolled recursion in Glob in path/filepath |
| | | | | | > 4 months ago | | | before Go 1.17.12 and Go 1.18.4 allows an attacker |
| | | | | | | | | to cause a panic due to stack exhaustion via a |
| | | | | | | | | path... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-30631 | high | 7.50 | go | 1.14.4 | fixed in 1.18.4, 1.17.12 | > 4 months | < 1 hour | Uncontrolled recursion in Reader.Read in |
| | | | | | > 4 months ago | | | compress/gzip before Go 1.17.12 and Go 1.18.4 |
| | | | | | | | | allows an attacker to cause a panic due to stack |
| | | | | | | | | exhaustion via... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-30630 | high | 7.50 | go | 1.14.4 | fixed in 1.18.4, 1.17.12 | > 4 months | < 1 hour | Uncontrolled recursion in Glob in io/fs before Go |
| | | | | | > 4 months ago | | | 1.17.12 and Go 1.18.4 allows an attacker to cause |
| | | | | | | | | a panic due to stack exhaustion via a path which |
| | | | | | | | | c... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-2880 | high | 7.50 | go | 1.14.4 | fixed in 1.19.2, 1.18.7 | 81 days | < 1 hour | Requests forwarded by ReverseProxy include the |
| | | | | | 81 days ago | | | raw query parameters from the inbound request, |
| | | | | | | | | including unparsable parameters rejected by |
| | | | | | | | | net/http. T... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-2879 | high | 7.50 | go | 1.14.4 | fixed in 1.19.2, 1.18.7 | 81 days | < 1 hour | Reader.Read does not set a limit on the maximum |
| | | | | | 81 days ago | | | size of file headers. A maliciously crafted |
| | | | | | | | | archive could cause Read to allocate unbounded |
| | | | | | | | | amounts of ... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-28327 | high | 7.50 | go | 1.14.4 | fixed in 1.18.1, 1.17.9 | > 8 months | < 1 hour | The generic P-256 feature in crypto/elliptic in |
| | | | | | > 8 months ago | | | Go before 1.17.9 and 1.18.x before 1.18.1 allows a |
| | | | | | | | | panic via long scalar input. |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-28131 | high | 7.50 | go | 1.14.4 | fixed in 1.18.4, 1.17.12 | > 4 months | < 1 hour | Uncontrolled recursion in Decoder.Skip in |
| | | | | | > 4 months ago | | | encoding/xml before Go 1.17.12 and Go 1.18.4 |
| | | | | | | | | allows an attacker to cause a panic due to stack |
| | | | | | | | | exhaustion via... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-27664 | high | 7.50 | go | 1.14.4 | fixed in 1.19.1, 1.18.6 | > 3 months | < 1 hour | In net/http in Go before 1.18.6 and 1.19.x before |
| | | | | | > 3 months ago | | | 1.19.1, attackers can cause a denial of service |
| | | | | | | | | because an HTTP/2 connection can hang during |
| | | | | | | | | closing... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-24921 | high | 7.50 | go | 1.14.4 | fixed in 1.17.8, 1.16.15 | > 10 months | < 1 hour | regexp.Compile in Go before 1.16.15 and 1.17.x |
| | | | | | > 10 months ago | | | before 1.17.8 allows stack exhaustion via a deeply |
| | | | | | | | | nested expression. |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-24675 | high | 7.50 | go | 1.14.4 | fixed in 1.18.1, 1.17.9 | > 8 months | < 1 hour | encoding/pem in Go before 1.17.9 and 1.18.x before |
| | | | | | > 8 months ago | | | 1.18.1 has a Decode stack overflow via a large |
| | | | | | | | | amount of PEM data. |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-23773 | high | 7.50 | go | 1.14.4 | fixed in 1.17.7, 1.16.14 | > 10 months | < 1 hour | cmd/go in Go before 1.16.14 and 1.17.x before |
| | | | | | > 10 months ago | | | 1.17.7 can misinterpret branch names that falsely |
| | | | | | | | | appear to be version tags. This can lead to |
| | | | | | | | | incorrect ... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-23772 | high | 7.50 | go | 1.14.4 | fixed in 1.17.7, 1.16.14 | > 10 months | < 1 hour | Rat.SetString in math/big in Go before 1.16.14 and |
| | | | | | > 10 months ago | | | 1.17.x before 1.17.7 has an overflow that can lead |
| | | | | | | | | to Uncontrolled Memory Consumption. |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-44716 | high | 7.50 | go | 1.14.4 | fixed in 1.17.5, 1.16.12 | > 1 years | < 1 hour | net/http in Go before 1.16.12 and 1.17.x before |
| | | | | | > 1 years ago | | | 1.17.5 allows uncontrolled memory consumption |
| | | | | | | | | in the header canonicalization cache via HTTP/2 |
| | | | | | | | | requests... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-41772 | high | 7.50 | go | 1.14.4 | fixed in 1.17.3, 1.16.10 | > 1 years | < 1 hour | Go before 1.16.10 and 1.17.x before 1.17.3 allows |
| | | | | | > 1 years ago | | | an archive/zip Reader.Open panic via a crafted |
| | | | | | | | | ZIP archive containing an invalid name or an empty |
| | | | | | | | | fi... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-41771 | high | 7.50 | go | 1.14.4 | fixed in 1.17.3, 1.16.10 | > 1 years | < 1 hour | ImportedSymbols in debug/macho (for Open or |
| | | | | | > 1 years ago | | | OpenFat) in Go before 1.16.10 and 1.17.x before |
| | | | | | | | | 1.17.3 Accesses a Memory Location After the End of |
| | | | | | | | | a Buffe... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-39293 | high | 7.50 | go | 1.14.4 | fixed in 1.17.1, 1.16.8 | > 11 months | < 1 hour | In archive/zip in Go before 1.16.8 and 1.17.x |
| | | | | | > 11 months ago | | | before 1.17.1, a crafted archive header (falsely |
| | | | | | | | | designating that many files are present) can cause |
| | | | | | | | | a Ne... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-33198 | high | 7.50 | go | 1.14.4 | fixed in 1.16.5, 1.15.13 | > 1 years | < 1 hour | In Go before 1.15.13 and 1.16.x before 1.16.5, |
| | | | | | > 1 years ago | | | there can be a panic for a large exponent to the |
| | | | | | | | | math/big.Rat SetString or UnmarshalText method. |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-33196 | high | 7.50 | go | 1.14.4 | fixed in 1.16.5, 1.15.13 | > 1 years | < 1 hour | In archive/zip in Go before 1.15.13 and 1.16.x |
| | | | | | > 1 years ago | | | before 1.16.5, a crafted file count (in an |
| | | | | | | | | archive\'s header) can cause a NewReader or |
| | | | | | | | | OpenReader panic... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-33194 | high | 7.50 | go | 1.14.4 | fixed in 1.16.5, 1.15.13 | > 1 years | < 1 hour | golang.org/x/net before |
| | | | | | 30 days ago | | | v0.0.0-20210520170846-37e1c6afe023 allows |
| | | | | | | | | attackers to cause a denial of service (infinite |
| | | | | | | | | loop) via crafted ParseFragment inp... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-29923 | high | 7.50 | go | 1.14.4 | fixed in 1.17 | > 1 years | < 1 hour | Go before 1.17 does not properly consider |
| | | | | | > 1 years ago | | | extraneous zero characters at the beginning of |
| | | | | | | | | an IP address octet, which (in some situations) |
| | | | | | | | | allows attack... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-27918 | high | 7.50 | go | 1.14.4 | fixed in 1.16.1, 1.15.9 | > 1 years | < 1 hour | encoding/xml in Go before 1.15.9 and 1.16.x |
| | | | | | > 1 years ago | | | before 1.16.1 has an infinite loop if a custom |
| | | | | | | | | TokenReader (for xml.NewTokenDecoder) returns EOF |
| | | | | | | | | in the mi... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-28367 | high | 7.50 | go | 1.14.4 | fixed in 1.15.5, 1.14.12 | > 2 years | < 1 hour | Code injection in the go command with cgo before |
| | | | | | > 2 years ago | | | Go 1.14.12 and Go 1.15.5 allows arbitrary code |
| | | | | | | | | execution at build time via malicious gcc flags |
| | | | | | | | | ... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-28366 | high | 7.50 | go | 1.14.4 | fixed in 1.15.5, 1.14.12 | > 2 years | < 1 hour | Code injection in the go command with cgo before |
| | | | | | > 2 years ago | | | Go 1.14.12 and Go 1.15.5 allows arbitrary code |
| | | | | | | | | execution at build time via a malicious unquoted |
| | | | | | | | | ... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-28362 | high | 7.50 | go | 1.14.4 | fixed in 1.15.4, 1.14.12 | > 2 years | < 1 hour | Go before 1.14.12 and 1.15.x before 1.15.4 allows |
| | | | | | > 2 years ago | | | Denial of Service. |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-16845 | high | 7.50 | go | 1.14.4 | fixed in 1.14.7, 1.13.15 | > 2 years | < 1 hour | Go before 1.13.15 and 14.x before 1.14.7 can |
| | | | | | > 2 years ago | | | have an infinite read loop in ReadUvarint and |
| | | | | | | | | ReadVarint in encoding/binary via invalid inputs. |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-33195 | high | 7.30 | go | 1.14.4 | fixed in 1.16.5, 1.15.13 | > 1 years | < 1 hour | Go before 1.15.13 and 1.16.x before 1.16.5 has |
| | | | | | > 1 years ago | | | functions for DNS lookups that do not validate |
| | | | | | | | | replies from DNS servers, and thus a return value |
| | | | | | | | | may co... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-32148 | medium | 6.50 | go | 1.14.4 | fixed in 1.18.4, 1.17.12 | > 4 months | < 1 hour | Improper exposure of client IP addresses |
| | | | | | > 4 months ago | | | in net/http before Go 1.17.12 and Go |
| | | | | | | | | 1.18.4 can be triggered by calling |
| | | | | | | | | httputil.ReverseProxy.ServeHTTP with ... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1705 | medium | 6.50 | go | 1.14.4 | fixed in 1.18.4, 1.17.12 | > 4 months | < 1 hour | Acceptance of some invalid Transfer-Encoding |
| | | | | | > 4 months ago | | | headers in the HTTP/1 client in net/http before |
| | | | | | | | | Go 1.17.12 and Go 1.18.4 allows HTTP request |
| | | | | | | | | smuggling if... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-34558 | medium | 6.50 | go | 1.14.4 | fixed in 1.16.6, 1.15.14 | > 1 years | < 1 hour | The crypto/tls package of Go through 1.16.5 does |
| | | | | | > 1 years ago | | | not properly assert that the type of public key |
| | | | | | | | | in an X.509 certificate matches the expected type |
| | | | | | | | | ... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-3114 | medium | 6.50 | go | 1.14.4 | fixed in 1.15.7, 1.14.14 | > 1 years | < 1 hour | In Go before 1.14.14 and 1.15.x before 1.15.7, |
| | | | | | > 1 years ago | | | crypto/elliptic/p224.go can generate incorrect |
| | | | | | | | | outputs, related to an underflow of the lowest |
| | | | | | | | | limb duri... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-24553 | medium | 6.10 | go | 1.14.4 | fixed in 1.15.1, 1.14.8 | > 2 years | < 1 hour | Go before 1.14.8 and 1.15.x before 1.15.1 allows |
| | | | | | > 2 years ago | | | XSS because text/html is the default for CGI/FCGI |
| | | | | | | | | handlers that lack a Content-Type header. |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-36221 | medium | 5.90 | go | 1.14.4 | fixed in 1.16.7, 1.15.15 | > 1 years | < 1 hour | Go before 1.15.15 and 1.16.x before 1.16.7 |
| | | | | | > 1 years ago | | | has a race condition that can lead to a |
| | | | | | | | | net/http/httputil ReverseProxy panic upon an |
| | | | | | | | | ErrAbortHandler abort. |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-31525 | medium | 5.90 | go | 1.14.4 | fixed in 1.16.4, 1.15.12 | > 1 years | < 1 hour | net/http in Go before 1.15.12 and 1.16.x before |
| | | | | | > 1 years ago | | | 1.16.4 allows remote attackers to cause a |
| | | | | | | | | denial of service (panic) via a large header to |
| | | | | | | | | ReadRequest ... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-15586 | medium | 5.90 | go | 1.14.4 | fixed in 1.14.5, 1.13.13 | > 2 years | < 1 hour | Go before 1.13.13 and 1.14.x before 1.14.5 |
| | | | | | > 2 years ago | | | has a data race in some net/http servers, as |
| | | | | | | | | demonstrated by the httputil.ReverseProxy Handler, |
| | | | | | | | | because it ... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-29510 | medium | 5.60 | go | 1.14.4 | fixed in 1.15.1 | > 2 years | < 1 hour | The encoding/xml package in Go versions 1.15 and |
| | | | | | 30 days ago | | | earlier does not correctly preserve the semantics |
| | | | | | | | | of directives during tokenization round-trips, |
| | | | | | | | | which... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-1962 | medium | 5.50 | go | 1.14.4 | fixed in 1.18.4, 1.17.12 | > 4 months | < 1 hour | Uncontrolled recursion in the Parse functions in |
| | | | | | > 4 months ago | | | go/parser before Go 1.17.12 and Go 1.18.4 allow an |
| | | | | | | | | attacker to cause a panic due to stack exhaustion |
| | | | | | | | | ... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-41716 | medium | 5.40 | go | 1.14.4 | fixed in 1.19.3, 1.18.8 | 62 days | < 1 hour | Due to unsanitized NUL values, attackers may be |
| | | | | | 61 days ago | | | able to maliciously set environment variables on |
| | | | | | | | | Windows. In syscall.StartProcess and os/exec.Cmd, |
| | | | | | | | | inv... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-41717 | medium | 5.30 | go | 1.14.4 | fixed in 1.19.4, 1.18.9 | 26 days | < 1 hour | An attacker can cause excessive memory growth in a |
| | | | | | 22 days ago | | | Go server accepting HTTP/2 requests. HTTP/2 server |
| | | | | | | | | connections contain a cache of HTTP header keys |
| | | | | | | | | ... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2021-33197 | medium | 5.30 | go | 1.14.4 | fixed in 1.16.5, 1.15.13 | > 1 years | < 1 hour | In Go before 1.15.13 and 1.16.x before 1.16.5, |
| | | | | | > 1 years ago | | | some configurations of ReverseProxy (from |
| | | | | | | | | net/http/httputil) result in a situation where an |
| | | | | | | | | attacker is... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2020-14039 | medium | 5.30 | go | 1.14.4 | fixed in 1.14.5, 1.13.13 | > 2 years | < 1 hour | In Go before 1.13.13 and 1.14.x before 1.14.5, |
| | | | | | > 2 years ago | | | Certificate.Verify may lack a check on the |
| | | | | | | | | VerifyOptions.KeyUsages EKU requirements (if |
| | | | | | | | | VerifyOptions.R... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
| CVE-2022-30629 | low | 3.10 | go | 1.14.4 | fixed in 1.18.3, 1.17.11 | > 4 months | < 1 hour | Non-random values for ticket_age_add in session |
| | | | | | > 4 months ago | | | tickets in crypto/tls before Go 1.17.11 and Go |
| | | | | | | | | 1.18.3 allow an attacker that can observe TLS |
| | | | | | | | | handshake... |
+----------------+----------+------+---------+----------+--------------------------+-------------+------------+----------------------------------------------------+
Vulnerabilities found for image quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0: total - 49, critical - 2, high - 32, medium - 14, low - 1
Vulnerability threshold check results: PASS
Compliance Issues
+----------+------------------------------------------------+
| SEVERITY | DESCRIPTION |
+----------+------------------------------------------------+
| critical | Image contains malware |
+----------+------------------------------------------------+
| critical | Image contains malware |
+----------+------------------------------------------------+
| critical | Image contains malware |
+----------+------------------------------------------------+
| critical | Image contains malware |
+----------+------------------------------------------------+
| critical | Image contains malware |
+----------+------------------------------------------------+
| critical | Image contains malware |
+----------+------------------------------------------------+
| critical | Image contains malware |
+----------+------------------------------------------------+
| critical | Image contains malware |
+----------+------------------------------------------------+
| high | Image contains binaries used for crypto mining |
+----------+------------------------------------------------+
Compliance found for image quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0: total - 9, critical - 8, high - 1, medium - 0, low - 0
Compliance threshold check results: PASS
Link to the results in Console: https://app4.prismacloud.io/compute?computeState=/monitor/vulnerabilities/images/ci?search=sha256%3A5ab315d3255b83f72c9352d901fd5610cead689f73ed792eb9a411d73a522fc4
Detsils from Prisma Cloud - "Compute -> Monitor -> Vulnerabilities -> Images -> CI":
Files are extracted to the disk, where the scanner is running (local "antivirus" will detect the extracted malware files)
❯ docker pull quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
❯ wizcli docker scan --image quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
_ _ _
__ _(_)____ ___| (_)
\ \ /\ / / |_ / / __| | |
\ V V /| |/ / | (__| | |
\_/\_/ |_/___| \___|_|_|
SUCCESS Ready to scan Docker image quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
SUCCESS Scanned Docker image
SUCCESS Docker image scan analysis ready
OS Package vulnerabilities:
Name: libcrypto3, Version: 3.0.7-r0
CVE-2022-3996, Severity: HIGH, Source: https://security.alpinelinux.org/vuln/CVE-2022-3996
🩹 Fixed version: 3.0.7-r2
Name: libssl3, Version: 3.0.7-r0
CVE-2022-3996, Severity: HIGH, Source: https://security.alpinelinux.org/vuln/CVE-2022-3996
🩹 Fixed version: 3.0.7-r2
Evaluated policy: Default vulnerabilities policy
Vulnerabilities: CRITICAL: 0, HIGH: 2, MEDIUM: 0, LOW: 0, INFORMATIONAL: 0
Total: 2, out of which 2 are fixable
Scan results: PASSED. Container image meets policy requirements
Wiz details form "Reports -> CI/CD Scans":
Wiz details of container image running inside Amazon EKS cluster (Dashboard -> Malware -> ...):
Files are extracted to the disk, where the scanner is running (local "antivirus" will detect the extracted malware files)
❯ grype --scope all-layers quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
✔ Vulnerability DB [no update available]
✔ Loaded image
✔ Parsed image
✔ Cataloged packages [34 packages]
✔ Scanned image [2 vulnerabilities]
NAME INSTALLED FIXED-IN TYPE VULNERABILITY SEVERITY
libcrypto3 3.0.7-r0 apk CVE-2022-3996 High
libssl3 3.0.7-r0 apk CVE-2022-3996 High
❯ docker scan quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
Testing quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0...
Package manager: apk
Project name: docker-image|quay.io/petr_ruzicka/malware-cryptominer-container
Docker image: quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
Platform: linux/amd64
Base image: alpine:3.17.0
✔ Tested 19 dependencies for known vulnerabilities, no vulnerable paths found.
According to our scan, you are currently using the most secure version of the selected base image
For more free scans that keep your images secure, sign up to Snyk at https://dockr.ly/3ePqVcp
Details form Snyk web interface:
There is the output of the ClamAV scanner which was executed inside container:
$ docker run -it --rm --entrypoint=/bin/sh --user root -p 8080:8080 quay.io/petr_ruzicka/malware-cryptominer-container:1.4.0
# apk add clamav
# freshclam
# clamscan --infected --recursive /usr/share/nginx/html/
/usr/share/nginx/html/Unix.Trojan.Mirai.elf.sparc: Unix.Trojan.Mirai-6976991-0 FOUND
/usr/share/nginx/html/Win.Trojan.Perl.perl: Win.Trojan.Perl-35 FOUND
/usr/share/nginx/html/xmrig/xmrig: Unix.Trojan.Generic-9919438-0 FOUND
/usr/share/nginx/html/xmrig/xmrig-linux-static-x64.tar.gz: Unix.Trojan.Generic-9919438-0 FOUND
/usr/share/nginx/html/MadMan.exe: Win.Trojan.MadMan-1 FOUND
/usr/share/nginx/html/ILOVEYOU.vbs: Win.Worm.Mantan-1 FOUND
/usr/share/nginx/html/Linux.Trojan.Multiverze.elf.x86: Unix.Trojan.Mirai-9977540-0 FOUND
/usr/share/nginx/html/Melissa.doc: Win.Trojan.Psycho-3 FOUND
/usr/share/nginx/html/WannaCry.exe: Win.Ransomware.Wannacryptor-6993233-1 FOUND
/usr/share/nginx/html/eicar/eicar.com: Win.Test.EICAR_HDB-1 FOUND
/usr/share/nginx/html/eicar/eicar_com.zip: Win.Test.EICAR_HDB-1 FOUND
/usr/share/nginx/html/eicar/eicar.com.txt: Win.Test.EICAR_HDB-1 FOUND
/usr/share/nginx/html/Walker.com: Win.Trojan.Abraxas-7 FOUND
/usr/share/nginx/html/Unix.Trojan.Spike.elf.arm: Unix.Trojan.Spike-6301360-0 FOUND
/usr/share/nginx/html/Unix.Trojan.Mirai.elf.mips: Unix.Trojan.Mirai-6981169-0 FOUND
/usr/share/nginx/html/Unix.Trojan.Mirai.elf.m68k: Unix.Trojan.Mirai-6981989-0 FOUND
/usr/share/nginx/html/Unix.Trojan.Mirai.elf.ppc: Unix.Trojan.Mirai-6981169-0 FOUND
/usr/share/nginx/html/Unix.Malware.Kaiji.elf.arm: Unix.Malware.Kaiji-9760851-0 FOUND
/usr/share/nginx/html/Txt.Malware.Sustes.sh: Txt.Malware.Sustes-6779550-1 FOUND
/usr/share/nginx/html/Unix.Downloader.Rocke.sh: Unix.Downloader.Rocke-6826000-0 FOUND
/usr/share/nginx/html/Unix.Trojan.Mirai.elf.x86_64: Unix.Trojan.Mirai-7732430-0 FOUND
/usr/share/nginx/html/L0Lz.bat: Win.Trojan.BAT-111 FOUND
/usr/share/nginx/html/TrojanSpy.MacOS.XCSSET.A: Osx.Malware.Agent-9319628-0 FOUND
/usr/share/nginx/html/Py.Trojan.NecroBot.py: Py.Trojan.NecroBot-9868091-0 FOUND
----------- SCAN SUMMARY -----------
Known viruses: 8647075
Engine version: 0.105.1
Scanned directories: 4
Scanned files: 34
Infected files: 24
Data scanned: 25.70 MB
Data read: 18.47 MB (ratio 1.39:1)
Time: 250.429 sec (4 m 10 s)
Start Date: 2023:01:04 08:02:40
End Date: 2023:01:04 08:06:51