| Indicator | Low | Medium | High | |-----------|-----|--------|------| | | ✓ | | | | File is an unsigned, custom binary named “top” | | ✓ | | | Binary exhibits network C2, privilege escalation, or persistence | | | ✓ | | Matches known legitimate top from OS packages | ✓ | | | | Appears in internal CI/CD checksum manifests | ✓ (if vetted) | | | | Obfuscated / packed | | ✓ | |
It had started, as most apocalypses do, with something small. A glitch. A single corrupted file in the climate modeling supercomputer at the Geneva Institute. The lead technician, a young man named Leo, had tried to delete it. But the file—named simply phage_origin.dna —refused to be erased. Every time he dragged it to the trash, it replicated. Within an hour, it had spread to the atmospheric sensors. Within a day, to the global buoy network in the Atlantic. 5a82f65b9a1b41b1af1bc9df802d15db top
| Distribution | Command to verify | |--------------|-------------------| | | apt-get download procps && md5sum $(dpkg -L procps | grep /usr/bin/top) | | CentOS/RHEL | yumdownloader procps-ng && md5sum $(rpm -ql procps-ng | grep /usr/bin/top) | | Alpine | apk fetch procps && md5sum $(tar -tf procps-*.apk | grep /bin/top) | | Indicator | Low | Medium | High
If you don’t have direct access, consider that the identifier may be via a web service. Try searching the string on Google in quotes – it might appear in URLs, JSON dumps, or source code repositories. The lead technician, a young man named Leo,