Public API

connect-line

Use our free API to detect the XZ backdoor

Example request:

Analyse the given ELF binary to check for potential implants.

curl -X POST https://xz.fail/ -F "file=@path_to_your_file"

Request body (multipart/form-data):

file: ELF binary to analyse (binary)

Responses:

200 OK: Analysis result

Status: The analysis result (malicious, benign, etc.)

Details:

  • MD5, SHA-1, SHA-256, SHA-512: hashes of the input binary
  • Analysis time: time taken to complete the analysis
  • Suspicious IFUNC resolvers: list of suspicious IFUNC resolvers
  • Potential triggers: list of addresses marked as likely places where the backdoor payload is triggered

Example response:

{
"status": "malicious",
"details": {
"hashes": {
"md5": "d41d8cd98f00b204e9800998ecf8427e",
"sha1": "da39a3ee5e6b4b0d3255bfef95601890afd80709",
"sha256": "e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855",
"sha512": "cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e"
},
"analysis-time": "2.4s",
"suspicious-ifunc-resolvers": [123456, 789012],
"potential-triggers": [234567, 890123]
}
}