12-10-2025, 12:54 AM
Tested version: GetOverX BlackDog Linux 1.0.0.1
Package SHA-256 hash: [f0d1323dc901aa346de644ab3bbd5660c9c5de3a5c3cf91f09b9890c293f0ca2]
1. Multi-AV result (VirusTotal)
- Engines: 1.0.0.1
- Result: 0/71]
- Isolated detection(s), if any:
All passed
2. Behaviour summary in sandbox (MITRE ATT&CK for Linux)
When the BlackDog Linux package was executed in a sandbox/container environment, the following categories were observed:
- Execution: launching of daemon processes and helper binaries.
- Persistence: creation of systemd service units / init scripts to start at boot.
- Defense Evasion: use of protected binaries and root-level components for monitoring (according to the distribution’s security model).
- Discovery: enumeration of system information, running processes and network configuration to build telemetry.
No destructive Linux malware behaviours were observed:
- No unauthorised modification of `/etc` core configuration beyond its own services.
- No mass deletion or encryption of user data.
- No exfiltration of logs or files to unknown remote hosts.
3. Lab tests (summary)
- Installation and removal on fresh Debian/Ubuntu-based virtual machines.
- Verified:
- Proper registration of systemd services.
- Network and filesystem monitoring components.
- Log generation under `/var/log` or the configured logging path.
Conclusion:
The tested BlackDog Linux build behaves as expected for a Linux security agent:
- Multi-AV scanning does not show classic malware signatures; any isolated flags are due to the presence of powerful system and network tools.
- Behavioural analysis shows service setup and monitoring, with no evidence of data exfiltration, unauthorised privilege escalation paths or ransomware-like activity.
Link test:
https://www.virustotal.com/gui/file/f0d1...0c293f0ca2
Package SHA-256 hash: [f0d1323dc901aa346de644ab3bbd5660c9c5de3a5c3cf91f09b9890c293f0ca2]
1. Multi-AV result (VirusTotal)
- Engines: 1.0.0.1
- Result: 0/71]
- Isolated detection(s), if any:
All passed
2. Behaviour summary in sandbox (MITRE ATT&CK for Linux)
When the BlackDog Linux package was executed in a sandbox/container environment, the following categories were observed:
- Execution: launching of daemon processes and helper binaries.
- Persistence: creation of systemd service units / init scripts to start at boot.
- Defense Evasion: use of protected binaries and root-level components for monitoring (according to the distribution’s security model).
- Discovery: enumeration of system information, running processes and network configuration to build telemetry.
No destructive Linux malware behaviours were observed:
- No unauthorised modification of `/etc` core configuration beyond its own services.
- No mass deletion or encryption of user data.
- No exfiltration of logs or files to unknown remote hosts.
3. Lab tests (summary)
- Installation and removal on fresh Debian/Ubuntu-based virtual machines.
- Verified:
- Proper registration of systemd services.
- Network and filesystem monitoring components.
- Log generation under `/var/log` or the configured logging path.
Conclusion:
The tested BlackDog Linux build behaves as expected for a Linux security agent:
- Multi-AV scanning does not show classic malware signatures; any isolated flags are due to the presence of powerful system and network tools.
- Behavioural analysis shows service setup and monitoring, with no evidence of data exfiltration, unauthorised privilege escalation paths or ransomware-like activity.
Link test:
https://www.virustotal.com/gui/file/f0d1...0c293f0ca2