10-26-2022 09:18 PM
Is this BOT or not ?
# cat /etc/passwd | grep trapsanalyzer1
trapsanalyzer1:x:993:990::/home/trapsanalyzer1:/usr/sbin/nologin
# chage -l trapsanalyzer1
Last password change : Jul 13, 2020
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : -1
Maximum number of days between password change : -1
Number of days of warning before password expires : -1
# userdel -r trapsanalyzer1
userdel: user trapsanalyzer1 is currently used by process 1137
]# ps -ef | grep 1137
trapsan+ 1137 744 0 Sep25 ? 00:00:00 /opt/traps/analyzerd/analyzerd 17 19 21
root 26328 25808 0 22:20 pts/0 00:00:00 grep --color=auto 1137
File :analyzerd
# cd /opt/traps/analyzerd/
# ll
total 1972
-r-xr-xr-x. 1 root root 2018616 Jul 13 2020 analyzerd
# stat analyzerd
File: ‘analyzerd’
Size: 2018616 Blocks: 3944 IO Block: 4096 regular file
Device: fd01h/64769d Inode: 509439873 Links: 1
Access: (0555/-r-xr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2022-10-19 22:10:58.555360195 +0530
Modify: 2020-07-13 10:38:39.431252769 +0530
Change: 2020-07-13 10:39:04.990251201 +0530
Birth: -
So , This is virustotal hash of analyzd file.
0f762101141fae2791a810d99e69ec28358acef9c6491f79e9d13941c22ac4de
Is this is not a BOT and no need to take action to remove this?
10-27-2022 01:06 AM
Hi @pra838 ,
I believe a user trapsanalyzer1 is normal and created by Cortex XDR endpoint protection (or previously traps).
When a file needs to be analyzed it will give the task to "analyzerd". The job of it is to analyze the file and return a verdict.
Hope this helps,
-Kiwi.
10-27-2022 01:06 AM
Hi @pra838 ,
I believe a user trapsanalyzer1 is normal and created by Cortex XDR endpoint protection (or previously traps).
When a file needs to be analyzed it will give the task to "analyzerd". The job of it is to analyze the file and return a verdict.
Hope this helps,
-Kiwi.
10-27-2022 08:05 AM
Thank You So much ...!💪
But what is the connection established to UK IPs.
Do you have any idea about it?
0f762101141fae2791a810d99e69ec28358acef9c6491f79e9d13941c22ac4de
https://www.virustotal.com/graph/embed/g341095e131824f508d1d0cb150bc7da3ebddab77a09a46f98c5221ac813b...
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
