So - Long story short. I've had an issue with malware on my systems for over the past two years. But, post 03/29, the XZutils disclosure things have magically.. started to abate.
But, that's not what I'm here for. I'm here because somehow that conversation, and now argument has led to the core systemd binaries of Archlinux hitting as malicious. On hybrid-analysis. Through just the generic yara-rules/rules lib, and with virustotal with 14 detections.
hybrid-analysis for -shared: https://hybrid-analysis.com/sample/...ccab0efba9c88f4a1c03/661dec693ba6f76f1b0f856a
hybrid-analysis for -core: https://hybrid-analysis.com/sample/...2c5cfed8f998e01fe169/661dac27782fbd32e806df1d
VT for -shared: VirusTotal
VT for -core: VirusTotal
But, instead of at least the forum moderators or any at Arch wanting to work with me. I'm being met with resistance, and overall peculiarity over the issue. And now am basically being challenged to prove that they are in fact malicious. As if I'm somehow doctoring the submission results and have even been asked to reach out to each vendor directly for an explaination or effectively been asked to bring a burden of proof that they in fact are malicious. Anyone mind taking a look for me? This is beyond my pay grade and expertise and would appreciate an assist.
The binaries are on disk and being distributed from Archlinux's mirrors at current. The sha256's are:
b1a9e5be43c028442c07071e202f44f33e3a2df167822c5cfed8f998e01fe169 /usr/lib/systemd/libsystemd-core-255.4-2.so
and
ff42428f0fcc346cc56e2b00d4b5c4bd43b55f3465b4ccab0efba9c88f4a1c03 /usr/lib/systemd/libsystemd-shared-255.4-2.so
But, that's not what I'm here for. I'm here because somehow that conversation, and now argument has led to the core systemd binaries of Archlinux hitting as malicious. On hybrid-analysis. Through just the generic yara-rules/rules lib, and with virustotal with 14 detections.
hybrid-analysis for -shared: https://hybrid-analysis.com/sample/...ccab0efba9c88f4a1c03/661dec693ba6f76f1b0f856a
hybrid-analysis for -core: https://hybrid-analysis.com/sample/...2c5cfed8f998e01fe169/661dac27782fbd32e806df1d
VT for -shared: VirusTotal
VT for -core: VirusTotal
But, instead of at least the forum moderators or any at Arch wanting to work with me. I'm being met with resistance, and overall peculiarity over the issue. And now am basically being challenged to prove that they are in fact malicious. As if I'm somehow doctoring the submission results and have even been asked to reach out to each vendor directly for an explaination or effectively been asked to bring a burden of proof that they in fact are malicious. Anyone mind taking a look for me? This is beyond my pay grade and expertise and would appreciate an assist.
The binaries are on disk and being distributed from Archlinux's mirrors at current. The sha256's are:
b1a9e5be43c028442c07071e202f44f33e3a2df167822c5cfed8f998e01fe169 /usr/lib/systemd/libsystemd-core-255.4-2.so
and
ff42428f0fcc346cc56e2b00d4b5c4bd43b55f3465b4ccab0efba9c88f4a1c03 /usr/lib/systemd/libsystemd-shared-255.4-2.so