Posibly victim of Unix.Malware.Caldera #441
Description
Hello, my OS was executing arbitrary dpkg query, so i first stopped /usr/bin/dpkg-query, then i did a scan with clamscan and this notice me of the precense of the executable of caldero pluging, /var/lib/caldera, as this plugin execute instructions on the target host, and then send results back to the C2 server i think it's avaible to execute dpkg-query bypassing the cron.service instruction, and even executing deb_nopackfiles when dpkg query is disabled.
I have remove the malware and i'd be happy if you confirm that sandcat could do all of this, because i want to be 100% sure that this was the malware i have removed