Create Interactive Tour

Linux Analysis Report
skid.x86_64-20220818-1128

Overview

General Information

Sample Name:skid.x86_64-20220818-1128
Analysis ID:686280
MD5:e9adcff07098778702315e9450e0d8c5
SHA1:8dfe947c98b3fae9a1cb8130eff7aff00dc51fe7
SHA256:6ac3754ed57f4286681295abf6f23d0ccc535f7fcdb49ec74d746f521cde1990
Infos:

Detection

Moobot
Score:72
Range:0 - 100
Whitelisted:false

Signatures

Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected Moobot
Machine Learning detection for sample
Sets full permissions to files and/or directories
Yara signature match
Sample has stripped symbol table
Executes the "mkdir" command used to create folders
Sample tries to set the executable flag
Executes the "chmod" command used to modify permissions
Enumerates processes within the "proc" file system
Executes commands using a shell command-line interpreter
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Executes the "rm" command used to delete files or directories
Sample listens on a socket
Sample tries to kill a process (SIGKILL)
Sample contains strings indicative of BusyBox which embeds multiple Unix commands in a single executable

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.
Joe Sandbox Version:35.0.0 Citrine
Analysis ID:686280
Start date and time:2022-08-18 13:36:39 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 30s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:skid.x86_64-20220818-1128
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal72.troj.linX86_64-20220818-1128@0/0@1/0
Command:/tmp/skid.x86_64-20220818-1128
PID:6232
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:
qazwsxedc
Standard Error:
  • system is lnxubuntu20
  • skid.x86_64-20220818-1128 (PID: 6232, Parent: 6125, MD5: e9adcff07098778702315e9450e0d8c5) Arguments: /tmp/skid.x86_64-20220818-1128
    • sh (PID: 6234, Parent: 6232, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/skid.x86_64-20220818-1128 bin/systemd; chmod 777 bin/systemd"
      • sh New Fork (PID: 6235, Parent: 6234)
      • rm (PID: 6235, Parent: 6234, MD5: aa2b5496fdbfd88e38791ab81f90b95b) Arguments: rm -rf bin/systemd
      • sh New Fork (PID: 6236, Parent: 6234)
      • mkdir (PID: 6236, Parent: 6234, MD5: 088c9d1df5a28ed16c726eca15964cb7) Arguments: mkdir bin
      • sh New Fork (PID: 6237, Parent: 6234)
      • mv (PID: 6237, Parent: 6234, MD5: 504f0590fa482d4da070a702260e3716) Arguments: mv /tmp/skid.x86_64-20220818-1128 bin/systemd
      • sh New Fork (PID: 6238, Parent: 6234)
      • chmod (PID: 6238, Parent: 6234, MD5: 739483b900c045ae1374d6f53a86a279) Arguments: chmod 777 bin/systemd
  • cleanup
SourceRuleDescriptionAuthorStrings
skid.x86_64-20220818-1128Mirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
  • 0xeafe:$s1: LCOGQGPTGP
  • 0xe95f:$s3: CFOKLKQVPCVMP
  • 0xe947:$s4: QWRGPTKQMP
  • 0xe8dd:$s5: HWCLVGAJ
skid.x86_64-20220818-1128JoeSecurity_MoobotYara detected MoobotJoe Security
    skid.x86_64-20220818-1128Linux_Trojan_Gafgyt_28a2fe0cunknownunknown
    • 0xdd08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdd1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdd30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdd44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdd58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdd6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdd80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdd94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdda8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xddbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xddd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xdde4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xddf8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xde0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xde20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xde34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xde48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xde5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xde70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xde84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    • 0xde98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
    skid.x86_64-20220818-1128Linux_Trojan_Gafgyt_9e9530a7unknownunknown
    • 0x9ecc:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
    skid.x86_64-20220818-1128Linux_Trojan_Gafgyt_807911a2unknownunknown
    • 0xa6bb:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
    Click to see the 12 entries
    SourceRuleDescriptionAuthorStrings
    6240.1.0000000000400000.0000000000411000.r-x.sdmpMirai_Botnet_MalwareDetects Mirai Botnet MalwareFlorian Roth
    • 0xeafe:$s1: LCOGQGPTGP
    • 0xe95f:$s3: CFOKLKQVPCVMP
    • 0xe947:$s4: QWRGPTKQMP
    • 0xe8dd:$s5: HWCLVGAJ
    6240.1.0000000000400000.0000000000411000.r-x.sdmpJoeSecurity_MoobotYara detected MoobotJoe Security
      6240.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_28a2fe0cunknownunknown
      • 0xdd08:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdd1c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdd30:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdd44:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdd58:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdd6c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdd80:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdd94:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdda8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xddbc:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xddd0:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xdde4:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xddf8:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xde0c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xde20:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xde34:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xde48:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xde5c:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xde70:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xde84:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      • 0xde98:$a: 2F 78 33 38 2F 78 46 4A 2F 78 39 33 2F 78 49 44 2F 78 39 41 2F 78 33 38 2F 78 46 4A 2F
      6240.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_9e9530a7unknownunknown
      • 0x9ecc:$a: F6 48 63 FF B8 36 00 00 00 0F 05 48 3D 00 F0 FF FF 48 89 C3
      6240.1.0000000000400000.0000000000411000.r-x.sdmpLinux_Trojan_Gafgyt_807911a2unknownunknown
      • 0xa6bb:$a: FE 48 39 F3 0F 94 C2 48 83 F9 FF 0F 94 C0 84 D0 74 16 4B 8D
      Click to see the 51 entries
      No Snort rule has matched

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Source: skid.x86_64-20220818-1128Virustotal: Detection: 46%Perma Link
      Source: skid.x86_64-20220818-1128Joe Sandbox ML: detected
      Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
      Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
      Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 208.19.130.80:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 154.154.133.198:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 74.229.128.108:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 107.204.92.31:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 160.29.235.43:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 152.17.172.183:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 212.41.81.194:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 128.50.110.206:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 196.166.211.213:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 104.202.158.38:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 209.62.53.238:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 47.170.201.21:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 197.63.75.172:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 54.77.211.82:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 181.60.235.188:2323
      Source: global trafficTCP traffic: 192.168.2.23:19226 -> 133.102.156.126:2323
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6232)Socket: 0.0.0.0::1230Jump to behavior
      Source: unknownDNS traffic detected: queries for: cnc.condinet.cf
      Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
      Source: unknownTCP traffic detected without corresponding DNS query: 1.251.189.87
      Source: unknownTCP traffic detected without corresponding DNS query: 208.19.130.80
      Source: unknownTCP traffic detected without corresponding DNS query: 104.145.252.74
      Source: unknownTCP traffic detected without corresponding DNS query: 84.113.99.192
      Source: unknownTCP traffic detected without corresponding DNS query: 57.31.72.180
      Source: unknownTCP traffic detected without corresponding DNS query: 154.154.133.198
      Source: unknownTCP traffic detected without corresponding DNS query: 120.192.237.121
      Source: unknownTCP traffic detected without corresponding DNS query: 120.164.68.164
      Source: unknownTCP traffic detected without corresponding DNS query: 135.118.61.80
      Source: unknownTCP traffic detected without corresponding DNS query: 20.42.156.26
      Source: unknownTCP traffic detected without corresponding DNS query: 198.224.225.24
      Source: unknownTCP traffic detected without corresponding DNS query: 92.242.181.113
      Source: unknownTCP traffic detected without corresponding DNS query: 74.229.128.108
      Source: unknownTCP traffic detected without corresponding DNS query: 137.118.86.13
      Source: unknownTCP traffic detected without corresponding DNS query: 150.234.173.11
      Source: unknownTCP traffic detected without corresponding DNS query: 1.253.13.255
      Source: unknownTCP traffic detected without corresponding DNS query: 160.185.224.83
      Source: unknownTCP traffic detected without corresponding DNS query: 172.230.43.41
      Source: unknownTCP traffic detected without corresponding DNS query: 200.160.40.247
      Source: unknownTCP traffic detected without corresponding DNS query: 79.14.102.18
      Source: unknownTCP traffic detected without corresponding DNS query: 136.15.125.242
      Source: unknownTCP traffic detected without corresponding DNS query: 149.214.102.178
      Source: unknownTCP traffic detected without corresponding DNS query: 148.31.109.214
      Source: unknownTCP traffic detected without corresponding DNS query: 115.85.222.164
      Source: unknownTCP traffic detected without corresponding DNS query: 140.61.216.148
      Source: unknownTCP traffic detected without corresponding DNS query: 202.95.241.63
      Source: unknownTCP traffic detected without corresponding DNS query: 176.168.24.84
      Source: unknownTCP traffic detected without corresponding DNS query: 129.221.227.19
      Source: unknownTCP traffic detected without corresponding DNS query: 191.217.156.215
      Source: unknownTCP traffic detected without corresponding DNS query: 25.215.7.65
      Source: unknownTCP traffic detected without corresponding DNS query: 107.204.92.31
      Source: unknownTCP traffic detected without corresponding DNS query: 156.218.146.110
      Source: unknownTCP traffic detected without corresponding DNS query: 157.114.24.146
      Source: unknownTCP traffic detected without corresponding DNS query: 199.173.15.78
      Source: unknownTCP traffic detected without corresponding DNS query: 43.64.82.112
      Source: unknownTCP traffic detected without corresponding DNS query: 148.243.54.138
      Source: unknownTCP traffic detected without corresponding DNS query: 128.242.251.12
      Source: unknownTCP traffic detected without corresponding DNS query: 62.45.232.119
      Source: unknownTCP traffic detected without corresponding DNS query: 134.89.129.60
      Source: unknownTCP traffic detected without corresponding DNS query: 63.91.191.212
      Source: unknownTCP traffic detected without corresponding DNS query: 106.83.108.115
      Source: unknownTCP traffic detected without corresponding DNS query: 79.190.131.2
      Source: unknownTCP traffic detected without corresponding DNS query: 145.72.100.58
      Source: unknownTCP traffic detected without corresponding DNS query: 163.139.123.209
      Source: unknownTCP traffic detected without corresponding DNS query: 223.56.154.248
      Source: unknownTCP traffic detected without corresponding DNS query: 160.29.235.43
      Source: unknownTCP traffic detected without corresponding DNS query: 202.188.75.114
      Source: unknownTCP traffic detected without corresponding DNS query: 172.245.136.44
      Source: unknownTCP traffic detected without corresponding DNS query: 145.231.162.107
      Source: unknownTCP traffic detected without corresponding DNS query: 134.238.86.201

      System Summary

      barindex
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Detects Mirai Botnet Malware Author: Florian Roth
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown
      Source: Process Memory Space: skid.x86_64-20220818-1128 PID: 6232, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: skid.x86_64-20220818-1128 PID: 6239, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: Process Memory Space: skid.x86_64-20220818-1128 PID: 6240, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: skid.x86_64-20220818-1128, type: SAMPLEMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Mirai_Botnet_Malware date = 2016-10-04, hash5 = 420bf9215dfb04e5008c5e522eee9946599e2b323b17f17919cd802ebb012175, hash4 = 2efa09c124f277be2199bee58f49fc0ce6c64c0bef30079dfb3d94a6de492a69, hash3 = 20683ff7a5fec1237fc09224af40be029b9548c62c693844624089af568c89d4, hash2 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, hash1 = 05c78c3052b390435e53a87e3d31e9fb17f7c76bb4df2814313bca24735ce81c, author = Florian Roth, description = Detects Mirai Botnet Malware, hash10 = c61bf95146c68bfbbe01d7695337ed0e93ea759f59f651799f07eecdb339f83f, hash11 = d9573c3850e2ae35f371dff977fc3e5282a5e67db8e3274fd7818e8273fd5c89, hash12 = f1100c84abff05e0501e77781160d9815628e7fd2de9e53f5454dbcac7c84ca5, hash9 = bf0471b37dba7939524a30d7d5afc8fcfb8d4a7c9954343196737e72ea4e2dc4, hash8 = 89570ae59462e6472b6769545a999bde8457e47ae0d385caaa3499ab735b8147, hash7 = 70bb0ec35dd9afcfd52ec4e1d920e7045dc51dca0573cd4c753987c9d79405c0, hash6 = 62cdc8b7fffbaf5683a466f6503c03e68a15413a90f6afd5a13ba027631460c6, reference = Internal Research, license = Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE, hash13 = fb713ccf839362bf0fbe01aedd6796f4d74521b133011b408e42c1fd9ab8246b
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_0bce98a2 reference_sample = 1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 993d0d2e24152d0fb72cc5d5add395bed26671c3935f73386341398b91cb0e6e, id = 0bce98a2-113e-41e1-95c9-9e1852b26142, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16
      Source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16
      Source: Process Memory Space: skid.x86_64-20220818-1128 PID: 6232, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: skid.x86_64-20220818-1128 PID: 6239, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: Process Memory Space: skid.x86_64-20220818-1128 PID: 6240, type: MEMORYSTRMatched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16
      Source: ELF static info symbol of initial sample.symtab present: no
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)SIGKILL sent: pid: 6239, result: successfulJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)SIGKILL sent: pid: 6240, result: successfulJump to behavior
      Source: Initial sampleString containing 'busybox' found: /bin/busybox
      Source: Initial sampleString containing 'busybox' found: HTTP/1.1 200 OKarmarm7mipsmipselx86_64sh4ppcm68k/proc//proc/%d/maps/usr/lib/systemd/systemd/usr/bin/usr/sbin/usr/lib/var/lib/var/spool/tmp/Sofiasshdbashhttpdtelnetddropbearencoder/var/run//mnt/root/var/tmp/boot/.(deleted)/home/usr/libexec/openssh/sftp-server/bin/busybox/bin/watchdog/bin/systemdrm -rf && mkdir ; > && mv ; chmod 777 3f
      Source: classification engineClassification label: mal72.troj.linX86_64-20220818-1128@0/0@1/0

      Persistence and Installation Behavior

      barindex
      Source: /bin/sh (PID: 6238)Chmod executable with 777: /usr/bin/chmod -> chmod 777 bin/systemdJump to behavior
      Source: /bin/sh (PID: 6236)Mkdir executable: /usr/bin/mkdir -> mkdir binJump to behavior
      Source: /usr/bin/chmod (PID: 6238)File: /tmp/bin/systemd (bits: - usr: rwx grp: rwx all: rwx)Jump to behavior
      Source: /bin/sh (PID: 6238)Chmod executable: /usr/bin/chmod -> chmod 777 bin/systemdJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1582/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1582/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1582/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1582/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1582/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1582/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/3088/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/3088/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/3088/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/3088/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/3088/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/3088/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/230/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/230/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/230/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/230/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/230/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/230/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/230/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/110/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/110/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/110/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/110/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/110/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/110/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/110/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/231/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/231/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/231/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/231/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/231/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/231/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/231/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/111/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/111/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/111/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/111/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/111/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/111/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/111/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/232/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/232/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/232/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/232/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/232/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/232/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/232/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1579/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1579/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1579/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1579/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1579/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1579/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/112/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/112/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/112/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/112/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/112/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/112/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/112/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/233/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/233/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/233/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/233/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/233/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/233/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/233/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1699/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1699/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1699/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1699/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1699/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1699/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/113/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/113/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/113/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/113/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/113/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/113/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/113/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/234/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/234/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/234/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/234/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/234/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/234/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/234/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1335/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1335/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1335/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1335/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1335/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1335/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1698/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1698/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1698/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1698/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1698/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/1698/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/114/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/114/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/114/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/114/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/114/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/114/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6233)File opened: /proc/114/mapsJump to behavior
      Source: /tmp/skid.x86_64-20220818-1128 (PID: 6234)Shell command executed: sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/skid.x86_64-20220818-1128 bin/systemd; chmod 777 bin/systemd"Jump to behavior
      Source: /bin/sh (PID: 6235)Rm executable: /usr/bin/rm -> rm -rf bin/systemdJump to behavior

      Stealing of Sensitive Information

      barindex
      Source: Yara matchFile source: skid.x86_64-20220818-1128, type: SAMPLE
      Source: Yara matchFile source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: skid.x86_64-20220818-1128 PID: 6232, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: skid.x86_64-20220818-1128 PID: 6240, type: MEMORYSTR

      Remote Access Functionality

      barindex
      Source: Yara matchFile source: skid.x86_64-20220818-1128, type: SAMPLE
      Source: Yara matchFile source: 6240.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6239.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: 6232.1.0000000000400000.0000000000411000.r-x.sdmp, type: MEMORY
      Source: Yara matchFile source: Process Memory Space: skid.x86_64-20220818-1128 PID: 6232, type: MEMORYSTR
      Source: Yara matchFile source: Process Memory Space: skid.x86_64-20220818-1128 PID: 6240, type: MEMORYSTR
      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Scripting
      Path InterceptionPath Interception2
      File and Directory Permissions Modification
      1
      OS Credential Dumping
      System Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
      Encrypted Channel
      Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
      Scripting
      LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
      Non-Standard Port
      Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
      File Deletion
      Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
      Non-Application Layer Protocol
      Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer2
      Application Layer Protocol
      SIM Card SwapCarrier Billing Fraud
      No configs have been found
      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Number of created Files
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 686280 Sample: skid.x86_64-20220818-1128 Startdate: 18/08/2022 Architecture: LINUX Score: 72 27 92.242.181.113, 23 WISNIOWSKI-PL Poland 2->27 29 152.17.172.183, 2323 WAKE-FOREST-UNIVERSITYUS United States 2->29 31 99 other IPs or domains 2->31 35 Malicious sample detected (through community Yara rule) 2->35 37 Multi AV Scanner detection for submitted file 2->37 39 Yara detected Moobot 2->39 41 Machine Learning detection for sample 2->41 8 skid.x86_64-20220818-1128 2->8         started        signatures3 process4 process5 10 skid.x86_64-20220818-1128 sh 8->10         started        12 skid.x86_64-20220818-1128 8->12         started        14 skid.x86_64-20220818-1128 8->14         started        process6 16 sh chmod 10->16         started        19 sh rm 10->19         started        21 sh mkdir 10->21         started        23 sh mv 10->23         started        25 skid.x86_64-20220818-1128 12->25         started        signatures7 33 Sets full permissions to files and/or directories 16->33
      SourceDetectionScannerLabelLink
      skid.x86_64-20220818-112846%VirustotalBrowse
      skid.x86_64-20220818-1128100%Joe Sandbox ML
      No Antivirus matches
      SourceDetectionScannerLabelLink
      cnc.condinet.cf0%VirustotalBrowse
      No Antivirus matches

      Download Network PCAP: filteredfull

      NameIPActiveMaliciousAntivirus DetectionReputation
      cnc.condinet.cf
      141.98.6.110
      truefalseunknown
      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs
      IPDomainCountryFlagASNASN NameMalicious
      148.31.109.214
      unknownUnited States
      6400CompaniaDominicanadeTelefonosSADOfalse
      115.85.222.164
      unknownChina
      4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      105.70.79.30
      unknownMorocco
      36884MAROCCONNECTMAfalse
      104.145.252.74
      unknownUnited States
      23254CARR-INTERNETUSfalse
      58.108.168.250
      unknownAustralia
      4804MPX-ASMicroplexPTYLTDAUfalse
      105.133.191.240
      unknownMorocco
      6713IAM-ASMAfalse
      45.80.23.230
      unknownRomania
      199417SERVERBASECHfalse
      183.123.21.14
      unknownKorea Republic of
      4766KIXS-AS-KRKoreaTelecomKRfalse
      47.170.201.21
      unknownUnited States
      5650FRONTIER-FRTRUSfalse
      62.45.232.119
      unknownNetherlands
      15435KABELFOONDELTAFiberNederlandNLfalse
      202.51.101.224
      unknownIndonesia
      17995SOLUSINET-AS-IDPTiForteGlobalInternetIDfalse
      210.133.139.218
      unknownJapan4713OCNNTTCommunicationsCorporationJPfalse
      66.195.37.16
      unknownUnited States
      3549LVLT-3549USfalse
      79.190.131.2
      unknownPoland
      5617TPNETPLfalse
      163.139.123.209
      unknownJapan2519VECTANTARTERIANetworksCorporationJPfalse
      1.251.189.87
      unknownKorea Republic of
      9318SKB-ASSKBroadbandCoLtdKRfalse
      153.92.236.16
      unknownFrance
      200484SENDINBLUE-ASNFRfalse
      82.108.49.216
      unknownUnited Kingdom
      4589EASYNETEasynetGlobalServicesEUfalse
      2.29.10.9
      unknownUnited Kingdom
      12576EELtdGBfalse
      148.243.54.138
      unknownMexico
      6503AxtelSABdeCVMXfalse
      91.189.91.43
      unknownUnited Kingdom
      41231CANONICAL-ASGBfalse
      84.113.99.192
      unknownAustria
      6830LIBERTYGLOBALLibertyGlobalformerlyUPCBroadbandHoldingfalse
      91.189.91.42
      unknownUnited Kingdom
      41231CANONICAL-ASGBfalse
      135.239.185.48
      unknownUnited States
      10455LUCENT-CIOUSfalse
      198.224.225.24
      unknownUnited States
      6167CELLCO-PARTUSfalse
      161.158.15.123
      unknownNetherlands
      36351SOFTLAYERUSfalse
      84.210.50.95
      unknownNorway
      41164GET-NOGETNorwayNOfalse
      160.29.235.43
      unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
      114.237.215.50
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      116.220.190.123
      unknownJapan9824JTCL-JP-ASJupiterTelecommunicationCoLtdJPfalse
      54.77.211.82
      unknownUnited States
      16509AMAZON-02USfalse
      191.217.156.215
      unknownBrazil
      8167BrasilTelecomSA-FilialDistritoFederalBRfalse
      193.145.196.225
      unknownSpain
      766REDIRISRedIRISAutonomousSystemESfalse
      134.89.129.60
      unknownUnited States
      14706MBARI-MAINUSfalse
      202.188.75.114
      unknownMalaysia
      4788TMNET-AS-APTMNetInternetServiceProviderMYfalse
      156.170.107.214
      unknownEgypt
      36992ETISALAT-MISREGfalse
      152.17.172.183
      unknownUnited States
      40245WAKE-FOREST-UNIVERSITYUSfalse
      88.166.238.213
      unknownFrance
      12322PROXADFRfalse
      157.114.24.146
      unknownJapan2907SINET-ASResearchOrganizationofInformationandSystemsNfalse
      48.237.243.144
      unknownUnited States
      2686ATGS-MMD-ASUSfalse
      20.42.156.26
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      204.59.177.226
      unknownUnited States
      5511OPENTRANSITFRfalse
      104.202.158.38
      unknownUnited States
      18978ENZUINC-USfalse
      174.160.63.5
      unknownUnited States
      7922COMCAST-7922USfalse
      92.242.181.113
      unknownPoland
      210081WISNIOWSKI-PLfalse
      74.229.128.108
      unknownUnited States
      7018ATT-INTERNET4USfalse
      63.91.191.212
      unknownUnited States
      10584TRADEWEBUSfalse
      143.220.253.237
      unknownUnited States
      209CENTURYLINK-US-LEGACY-QWESTUSfalse
      123.206.28.15
      unknownChina
      45090CNNIC-TENCENT-NET-APShenzhenTencentComputerSystemsCompafalse
      43.64.82.112
      unknownJapan4249LILLY-ASUSfalse
      113.89.242.228
      unknownChina
      4134CHINANET-BACKBONENo31Jin-rongStreetCNfalse
      197.138.255.77
      unknownKenya
      36914KENET-ASKEfalse
      145.230.178.235
      unknownGermany
      12663VODAFONE-GROUPITfalse
      83.115.139.158
      unknownFrance
      3215FranceTelecom-OrangeFRfalse
      213.177.141.86
      unknownBelgium
      5432PROXIMUS-ISP-ASBEfalse
      134.238.86.201
      unknownUnited States
      16761FEDMOG-ASN-01USfalse
      115.82.226.126
      unknownTaiwan; Republic of China (ROC)
      24158TAIWANMOBILE-ASTaiwanMobileCoLtdTWfalse
      137.118.86.13
      unknownUnited States
      14368BRAZOS-INTERNETUSfalse
      112.111.200.156
      unknownChina
      4837CHINA169-BACKBONECHINAUNICOMChina169BackboneCNfalse
      121.88.226.46
      unknownKorea Republic of
      10036CNM-AS-KRDLIVEKRfalse
      107.204.92.31
      unknownUnited States
      7018ATT-INTERNET4USfalse
      34.122.4.99
      unknownUnited States
      15169GOOGLEUSfalse
      135.16.28.55
      unknownUnited States
      54614CIKTELECOM-CABLECAfalse
      177.212.205.207
      unknownBrazil
      26599TELEFONICABRASILSABRfalse
      139.178.164.9
      unknownNetherlands
      714APPLE-ENGINEERINGUSfalse
      150.234.173.11
      unknownUnited States
      122UPMC-AS122USfalse
      176.168.24.84
      unknownFrance
      5410BOUYGTEL-ISPFRfalse
      25.215.7.65
      unknownUnited Kingdom
      7922COMCAST-7922USfalse
      129.198.156.183
      unknownUnited States
      385AFCONC-BLOCK1-ASUSfalse
      161.114.207.133
      unknownUnited States
      71HP-INTERNET-ASUSfalse
      202.95.241.63
      unknownChina
      17894APMI-AS-APAyalaPortMakatiIncDataCenterOperatorPHfalse
      217.77.156.100
      unknownNetherlands
      12902LUNANLfalse
      128.50.110.206
      unknownUnited States
      11293UCOP-ASNUSfalse
      66.224.150.235
      unknownUnited States
      7385ALLSTREAMUSfalse
      120.97.70.27
      unknownTaiwan; Republic of China (ROC)
      17716NTU-TWNationalTaiwanUniversityTWfalse
      57.31.72.180
      unknownBelgium
      2686ATGS-MMD-ASUSfalse
      209.127.248.254
      unknownCanada
      27163INTERACTIVE-BROKERS-CORPUSfalse
      213.98.68.86
      unknownSpain
      3352TELEFONICA_DE_ESPANAESfalse
      221.124.22.161
      unknownHong Kong
      18116HGC-AS-APHGCGlobalCommunicationsLimitedHKfalse
      2.240.210.131
      unknownGermany
      6805TDDE-ASN1DEfalse
      157.233.100.177
      unknownUnited States
      20001TWC-20001-PACWESTUSfalse
      13.145.3.28
      unknownUnited States
      7018ATT-INTERNET4USfalse
      129.60.58.97
      unknownJapan37918ECL-INETNipponTelegraphandTelephoneCorporationJPfalse
      206.103.162.120
      unknownUnited States
      6423EASYSTREET-ONLINEUSfalse
      199.173.15.78
      unknownUnited States
      701UUNETUSfalse
      34.42.187.194
      unknownUnited States
      2686ATGS-MMD-ASUSfalse
      20.246.77.7
      unknownUnited States
      8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
      31.9.107.100
      unknownSyrian Arab Republic
      29256INT-PDN-STE-ASSTEPDNInternalASSYfalse
      146.175.19.198
      unknownBelgium
      2611BELNETBEfalse
      223.56.154.248
      unknownKorea Republic of
      9644SKTELECOM-NET-ASSKTelecomKRfalse
      197.63.75.172
      unknownEgypt
      8452TE-ASTE-ASEGfalse
      109.132.142.161
      unknownBelgium
      5432PROXIMUS-ISP-ASBEfalse
      1.253.13.255
      unknownKorea Republic of
      9318SKB-ASSKBroadbandCoLtdKRfalse
      129.221.227.19
      unknownUnited States
      24126UNISYS-AP-UI-AS-APUnisysAsiaPacIntranetAccesstoInternefalse
      54.114.191.16
      unknownUnited States
      16509AMAZON-02USfalse
      181.60.235.188
      unknownColombia
      10620TelmexColombiaSACOfalse
      120.164.68.164
      unknownIndonesia
      4761INDOSAT-INP-APINDOSATInternetNetworkProviderIDfalse
      120.144.5.64
      unknownAustralia
      1221ASN-TELSTRATelstraCorporationLtdAUfalse
      126.124.182.182
      unknownJapan17676GIGAINFRASoftbankBBCorpJPfalse
      198.12.4.116
      unknownUnited States
      18819ENTERGY-CORP-USfalse
      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      91.189.91.43skid.arm6-20220818-1128Get hashmaliciousBrowse
        SecuriteInfo.com.Linux.Mirai.6522.24453.11671Get hashmaliciousBrowse
          SecuriteInfo.com.Trojan.GenericKD.34055387.13146.14816Get hashmaliciousBrowse
            gLs8G52sCIGet hashmaliciousBrowse
              PiIeIFvP87Get hashmaliciousBrowse
                Ed2mIcm3tUGet hashmaliciousBrowse
                  6B5nNanZZjGet hashmaliciousBrowse
                    c86ci2N8TjGet hashmaliciousBrowse
                      bPYFBbP5GJGet hashmaliciousBrowse
                        DuDD5n5td5Get hashmaliciousBrowse
                          TytNMcxJIwGet hashmaliciousBrowse
                            5Yd4ywr80pGet hashmaliciousBrowse
                              yakuza.arm5-20220817-2047Get hashmaliciousBrowse
                                yakuza.arm6-20220817-2047Get hashmaliciousBrowse
                                  yakuza.x86-20220817-2047Get hashmaliciousBrowse
                                    yakuza.arm7-20220817-2047Get hashmaliciousBrowse
                                      LEKbhvacczGet hashmaliciousBrowse
                                        c7JV1jqz0cGet hashmaliciousBrowse
                                          M8PweSzf2wGet hashmaliciousBrowse
                                            Gs3U6zsz1UGet hashmaliciousBrowse
                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              cnc.condinet.cfskid.x86-20220818-1128Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.x86_64-20220815-1818Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.x86-20220815-1818Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.arm7-20220815-1818Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.mips-20220815-1818Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.mpsl-20220815-1818Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.arm-20220815-1818Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.x86_64-20220815-1256Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.x86-20220815-1256Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.arm7-20220815-1256Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.mips-20220815-1256Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.mpsl-20220815-1257Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.arm-20220815-1257Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              zJ9wENKpYiGet hashmaliciousBrowse
                                              • 141.98.6.110
                                              SAicZFhHM6Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              bupmbobeg8Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              izOgcbSh47Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              y2cQTPRijRGet hashmaliciousBrowse
                                              • 141.98.6.110
                                              qdcsYb87VEGet hashmaliciousBrowse
                                              • 141.98.6.110
                                              skid.arm7Get hashmaliciousBrowse
                                              • 141.98.6.110
                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              CompaniaDominicanadeTelefonosSADOrf6NT3iJPfGet hashmaliciousBrowse
                                              • 148.37.165.66
                                              ohHTpaqhhAGet hashmaliciousBrowse
                                              • 148.27.34.136
                                              lL6LrPDiwbGet hashmaliciousBrowse
                                              • 148.35.35.89
                                              4irWstY0T7Get hashmaliciousBrowse
                                              • 148.16.65.220
                                              UxIukBScfXGet hashmaliciousBrowse
                                              • 148.45.91.59
                                              Ib3F4SjsqRGet hashmaliciousBrowse
                                              • 150.10.170.125
                                              SecuriteInfo.com.Linux.Siggen.9999.11071.28797Get hashmaliciousBrowse
                                              • 66.98.91.59
                                              mipsel-20220816-1116Get hashmaliciousBrowse
                                              • 152.69.141.1
                                              i686-20220816-1117Get hashmaliciousBrowse
                                              • 148.33.83.97
                                              kG7ktScD2lGet hashmaliciousBrowse
                                              • 148.18.97.6
                                              A0E2C62C90C6C425BFD56FEF3D1E04530A1B0FD0DBF69.exeGet hashmaliciousBrowse
                                              • 186.6.41.113
                                              gyJkjCb7fGGet hashmaliciousBrowse
                                              • 148.182.44.20
                                              WGtyocaInjGet hashmaliciousBrowse
                                              • 148.130.95.188
                                              6cCa7jPh9xGet hashmaliciousBrowse
                                              • 190.80.166.186
                                              Q0ckwyWEJ4Get hashmaliciousBrowse
                                              • 148.128.79.206
                                              axP7RwrvyOGet hashmaliciousBrowse
                                              • 148.45.80.113
                                              SecuriteInfo.com.Trojan.Linux.Generic.265194.31321.14271Get hashmaliciousBrowse
                                              • 150.75.198.213
                                              KujrQYA5BIGet hashmaliciousBrowse
                                              • 150.72.126.217
                                              ncJmBOetwDGet hashmaliciousBrowse
                                              • 150.25.201.142
                                              Dze3X1EzuDGet hashmaliciousBrowse
                                              • 148.26.55.110
                                              CHINA169-BACKBONECHINAUNICOMChina169BackboneCNskid.x86-20220818-1128Get hashmaliciousBrowse
                                              • 123.13.62.192
                                              Xbze1p9z30.docxGet hashmaliciousBrowse
                                              • 123.190.113.45
                                              Xbze1p9z30.docxGet hashmaliciousBrowse
                                              • 123.190.113.45
                                              657mgzkci5Get hashmaliciousBrowse
                                              • 218.24.195.125
                                              4xUFxuWYKtGet hashmaliciousBrowse
                                              • 117.8.190.226
                                              rf6NT3iJPfGet hashmaliciousBrowse
                                              • 180.95.252.41
                                              lfYru0uB7iGet hashmaliciousBrowse
                                              • 27.202.109.191
                                              micIUMDDI8Get hashmaliciousBrowse
                                              • 119.185.72.157
                                              GFGKMctmKHGet hashmaliciousBrowse
                                              • 124.94.203.27
                                              ohHTpaqhhAGet hashmaliciousBrowse
                                              • 218.27.12.52
                                              lL6LrPDiwbGet hashmaliciousBrowse
                                              • 116.162.210.225
                                              KVQPI3FehqGet hashmaliciousBrowse
                                              • 221.214.135.68
                                              a84pe0qmNpGet hashmaliciousBrowse
                                              • 122.96.240.209
                                              4irWstY0T7Get hashmaliciousBrowse
                                              • 58.243.187.5
                                              IDTkPkfSPqGet hashmaliciousBrowse
                                              • 171.120.172.204
                                              UxIukBScfXGet hashmaliciousBrowse
                                              • 221.199.90.136
                                              j9C3Ja5YQyGet hashmaliciousBrowse
                                              • 221.215.154.94
                                              Ib3F4SjsqRGet hashmaliciousBrowse
                                              • 113.202.227.49
                                              by0RJi2Iv5Get hashmaliciousBrowse
                                              • 122.157.158.92
                                              NO8AMUK31lGet hashmaliciousBrowse
                                              • 218.61.57.103
                                              No context
                                              No context
                                              No created / dropped files found
                                              File type:ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, stripped
                                              Entropy (8bit):6.1220588210266085
                                              TrID:
                                              • ELF Executable and Linkable format (generic) (4004/1) 100.00%
                                              File name:skid.x86_64-20220818-1128
                                              File size:71488
                                              MD5:e9adcff07098778702315e9450e0d8c5
                                              SHA1:8dfe947c98b3fae9a1cb8130eff7aff00dc51fe7
                                              SHA256:6ac3754ed57f4286681295abf6f23d0ccc535f7fcdb49ec74d746f521cde1990
                                              SHA512:3a2483047857f93292090fae36419b1d5845b8ae3fa3d67334668c8c57910bcb9618630e949087c4b70e1ece7359631d1c17d9300805117d73f68752106d6fce
                                              SSDEEP:1536:4Ii+W6WhPekkTZiWJkFnzDo2NCtN3nm9cDZfm+JQaw:9i+nWpdCZ/QzDo+23n4yZO+JQaw
                                              TLSH:65630807F94181FDC08AC1741A5ABE3ADC3275FD1328F2A663E4FB362D5AD221E1AD45
                                              File Content Preview:.ELF..............>.......@.....@...................@.8...@.......................@.......@...............................................Q.......Q............../..............Q.td....................................................H...._........H........

                                              ELF header

                                              Class:ELF64
                                              Data:2's complement, little endian
                                              Version:1 (current)
                                              Machine:Advanced Micro Devices X86-64
                                              Version Number:0x1
                                              Type:EXEC (Executable file)
                                              OS/ABI:UNIX - System V
                                              ABI Version:0
                                              Entry Point Address:0x400194
                                              Flags:0x0
                                              ELF Header Size:64
                                              Program Header Offset:64
                                              Program Header Size:56
                                              Number of Program Headers:3
                                              Section Header Offset:70848
                                              Section Header Size:64
                                              Number of Section Headers:10
                                              Header String Table Index:9
                                              NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                              NULL0x00x00x00x00x0000
                                              .initPROGBITS0x4000e80xe80x130x00x6AX001
                                              .textPROGBITS0x4001000x1000xd7160x00x6AX0016
                                              .finiPROGBITS0x40d8160xd8160xe0x00x6AX001
                                              .rodataPROGBITS0x40d8400xd8400x29500x00x2A0032
                                              .ctorsPROGBITS0x5110000x110000x100x00x3WA008
                                              .dtorsPROGBITS0x5110100x110100x100x00x3WA008
                                              .dataPROGBITS0x5110400x110400x4400x00x3WA0032
                                              .bssNOBITS0x5114800x114800x2b080x00x3WA0032
                                              .shstrtabSTRTAB0x00x114800x3e0x00x0001
                                              TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                              LOAD0x00x4000000x4000000x101900x101906.40720x5R E0x100000.init .text .fini .rodata
                                              LOAD0x110000x5110000x5110000x4800x2f882.21170x6RW 0x100000.ctors .dtors .data .bss
                                              GNU_STACK0x00x00x00x00x00.00000x6RW 0x8

                                              Download Network PCAP: filteredfull

                                              • Total Packets: 167
                                              • 2323 undefined
                                              • 443 (HTTPS)
                                              • 80 (HTTP)
                                              • 53 (DNS)
                                              • 23 (Telnet)
                                              TimestampSource PortDest PortSource IPDest IP
                                              Aug 18, 2022 13:37:25.817823887 CEST1922623192.168.2.231.251.189.87
                                              Aug 18, 2022 13:37:25.817826986 CEST192262323192.168.2.23208.19.130.80
                                              Aug 18, 2022 13:37:25.817856073 CEST1922623192.168.2.2384.210.50.95
                                              Aug 18, 2022 13:37:25.817864895 CEST1922623192.168.2.23104.145.252.74
                                              Aug 18, 2022 13:37:25.817868948 CEST1922623192.168.2.2384.113.99.192
                                              Aug 18, 2022 13:37:25.817868948 CEST1922623192.168.2.2357.31.72.180
                                              Aug 18, 2022 13:37:25.817873001 CEST192262323192.168.2.23154.154.133.198
                                              Aug 18, 2022 13:37:25.817876101 CEST1922623192.168.2.23120.192.237.121
                                              Aug 18, 2022 13:37:25.817879915 CEST1922623192.168.2.23120.164.68.164
                                              Aug 18, 2022 13:37:25.817888021 CEST1922623192.168.2.23135.118.61.80
                                              Aug 18, 2022 13:37:25.817893982 CEST1922623192.168.2.2320.42.156.26
                                              Aug 18, 2022 13:37:25.817892075 CEST1922623192.168.2.23198.224.225.24
                                              Aug 18, 2022 13:37:25.817935944 CEST1922623192.168.2.2392.242.181.113
                                              Aug 18, 2022 13:37:25.817939997 CEST192262323192.168.2.2374.229.128.108
                                              Aug 18, 2022 13:37:25.817945004 CEST1922623192.168.2.23137.118.86.13
                                              Aug 18, 2022 13:37:25.817954063 CEST1922623192.168.2.23150.234.173.11
                                              Aug 18, 2022 13:37:25.817961931 CEST1922623192.168.2.231.253.13.255
                                              Aug 18, 2022 13:37:25.817971945 CEST1922623192.168.2.23160.185.224.83
                                              Aug 18, 2022 13:37:25.817981958 CEST1922623192.168.2.23172.230.43.41
                                              Aug 18, 2022 13:37:25.817984104 CEST1922623192.168.2.23200.160.40.247
                                              Aug 18, 2022 13:37:25.817986012 CEST1922623192.168.2.2379.14.102.18
                                              Aug 18, 2022 13:37:25.817987919 CEST1922623192.168.2.23136.15.125.242
                                              Aug 18, 2022 13:37:25.817991018 CEST1922623192.168.2.23149.214.102.178
                                              Aug 18, 2022 13:37:25.817992926 CEST1922623192.168.2.23148.31.109.214
                                              Aug 18, 2022 13:37:25.817992926 CEST1922623192.168.2.23115.85.222.164
                                              Aug 18, 2022 13:37:25.817997932 CEST1922623192.168.2.23140.61.216.148
                                              Aug 18, 2022 13:37:25.817998886 CEST1922623192.168.2.23202.95.241.63
                                              Aug 18, 2022 13:37:25.818002939 CEST1922623192.168.2.23176.168.24.84
                                              Aug 18, 2022 13:37:25.818007946 CEST1922623192.168.2.23129.221.227.19
                                              Aug 18, 2022 13:37:25.818012953 CEST1922623192.168.2.23191.217.156.215
                                              Aug 18, 2022 13:37:25.818011999 CEST1922623192.168.2.2325.215.7.65
                                              Aug 18, 2022 13:37:25.818017006 CEST192262323192.168.2.23107.204.92.31
                                              Aug 18, 2022 13:37:25.818020105 CEST1922623192.168.2.23156.218.146.110
                                              Aug 18, 2022 13:37:25.818027973 CEST1922623192.168.2.23157.114.24.146
                                              Aug 18, 2022 13:37:25.818031073 CEST1922623192.168.2.23199.173.15.78
                                              Aug 18, 2022 13:37:25.818032026 CEST1922623192.168.2.2343.64.82.112
                                              Aug 18, 2022 13:37:25.818037987 CEST1922623192.168.2.23148.243.54.138
                                              Aug 18, 2022 13:37:25.818042040 CEST1922623192.168.2.23128.242.251.12
                                              Aug 18, 2022 13:37:25.818052053 CEST1922623192.168.2.2362.45.232.119
                                              Aug 18, 2022 13:37:25.818053961 CEST1922623192.168.2.23134.89.129.60
                                              Aug 18, 2022 13:37:25.818054914 CEST1922623192.168.2.2363.91.191.212
                                              Aug 18, 2022 13:37:25.818058014 CEST1922623192.168.2.23106.83.108.115
                                              Aug 18, 2022 13:37:25.818058968 CEST1922623192.168.2.2379.190.131.2
                                              Aug 18, 2022 13:37:25.818058968 CEST1922623192.168.2.23145.72.100.58
                                              Aug 18, 2022 13:37:25.818059921 CEST1922623192.168.2.23163.139.123.209
                                              Aug 18, 2022 13:37:25.818059921 CEST1922623192.168.2.23223.56.154.248
                                              Aug 18, 2022 13:37:25.818064928 CEST192262323192.168.2.23160.29.235.43
                                              Aug 18, 2022 13:37:25.818072081 CEST1922623192.168.2.23202.188.75.114
                                              Aug 18, 2022 13:37:25.818073988 CEST1922623192.168.2.23172.245.136.44
                                              Aug 18, 2022 13:37:25.818077087 CEST1922623192.168.2.23145.231.162.107
                                              Aug 18, 2022 13:37:25.818079948 CEST1922623192.168.2.23134.238.86.201
                                              Aug 18, 2022 13:37:25.818083048 CEST1922623192.168.2.23125.236.99.178
                                              Aug 18, 2022 13:37:25.818084955 CEST1922623192.168.2.23112.111.200.156
                                              Aug 18, 2022 13:37:25.818088055 CEST192262323192.168.2.23152.17.172.183
                                              Aug 18, 2022 13:37:25.818090916 CEST192262323192.168.2.23212.41.81.194
                                              Aug 18, 2022 13:37:25.818094015 CEST1922623192.168.2.23113.89.242.228
                                              Aug 18, 2022 13:37:25.818097115 CEST1922623192.168.2.23145.230.178.235
                                              Aug 18, 2022 13:37:25.818099022 CEST1922623192.168.2.2399.92.36.49
                                              Aug 18, 2022 13:37:25.818103075 CEST1922623192.168.2.2385.27.106.51
                                              Aug 18, 2022 13:37:25.818104982 CEST1922623192.168.2.2331.9.107.100
                                              Aug 18, 2022 13:37:25.818106890 CEST1922623192.168.2.2327.155.140.183
                                              Aug 18, 2022 13:37:25.818109989 CEST1922623192.168.2.23143.220.253.237
                                              Aug 18, 2022 13:37:25.818111897 CEST1922623192.168.2.2334.20.208.145
                                              Aug 18, 2022 13:37:25.818114996 CEST1922623192.168.2.23103.124.22.125
                                              Aug 18, 2022 13:37:25.818118095 CEST1922623192.168.2.23105.70.79.30
                                              Aug 18, 2022 13:37:25.818120003 CEST1922623192.168.2.23216.184.159.215
                                              Aug 18, 2022 13:37:25.818124056 CEST1922623192.168.2.23179.78.248.19
                                              Aug 18, 2022 13:37:25.818125963 CEST1922623192.168.2.2347.83.111.26
                                              Aug 18, 2022 13:37:25.818128109 CEST1922623192.168.2.23180.171.110.49
                                              Aug 18, 2022 13:37:25.818130970 CEST192262323192.168.2.23128.50.110.206
                                              Aug 18, 2022 13:37:25.818134069 CEST1922623192.168.2.2345.80.23.230
                                              Aug 18, 2022 13:37:25.818135977 CEST1922623192.168.2.23139.178.164.9
                                              Aug 18, 2022 13:37:25.818137884 CEST1922623192.168.2.2348.86.66.193
                                              Aug 18, 2022 13:37:25.818140030 CEST1922623192.168.2.2341.23.113.191
                                              Aug 18, 2022 13:37:25.818142891 CEST192262323192.168.2.23196.166.211.213
                                              Aug 18, 2022 13:37:25.818146944 CEST192262323192.168.2.23104.202.158.38
                                              Aug 18, 2022 13:37:25.818149090 CEST1922623192.168.2.2388.166.238.213
                                              Aug 18, 2022 13:37:25.818150997 CEST1922623192.168.2.23115.82.226.126
                                              Aug 18, 2022 13:37:25.818152905 CEST1922623192.168.2.23129.171.15.119
                                              Aug 18, 2022 13:37:25.818156004 CEST1922623192.168.2.23183.123.21.14
                                              Aug 18, 2022 13:37:25.818156958 CEST1922623192.168.2.23135.239.185.48
                                              Aug 18, 2022 13:37:25.818161011 CEST1922623192.168.2.2334.122.4.99
                                              Aug 18, 2022 13:37:25.818161964 CEST1922623192.168.2.2358.108.168.250
                                              Aug 18, 2022 13:37:25.818165064 CEST1922623192.168.2.23126.124.182.182
                                              Aug 18, 2022 13:37:25.818167925 CEST1922623192.168.2.2382.108.49.216
                                              Aug 18, 2022 13:37:25.818170071 CEST1922623192.168.2.2366.224.150.235
                                              Aug 18, 2022 13:37:25.818173885 CEST1922623192.168.2.2378.135.91.110
                                              Aug 18, 2022 13:37:25.818176031 CEST1922623192.168.2.23145.171.213.95
                                              Aug 18, 2022 13:37:25.818177938 CEST1922623192.168.2.23150.17.182.36
                                              Aug 18, 2022 13:37:25.818178892 CEST1922623192.168.2.23221.124.22.161
                                              Aug 18, 2022 13:37:25.818180084 CEST1922623192.168.2.23146.175.19.198
                                              Aug 18, 2022 13:37:25.818185091 CEST1922623192.168.2.2320.246.77.7
                                              Aug 18, 2022 13:37:25.818186998 CEST1922623192.168.2.2343.221.10.124
                                              Aug 18, 2022 13:37:25.818190098 CEST1922623192.168.2.23174.160.63.5
                                              Aug 18, 2022 13:37:25.818192005 CEST1922623192.168.2.23194.184.162.87
                                              Aug 18, 2022 13:37:25.818193913 CEST1922623192.168.2.23205.170.187.30
                                              Aug 18, 2022 13:37:25.818197966 CEST1922623192.168.2.23217.77.156.100
                                              Aug 18, 2022 13:37:25.818201065 CEST1922623192.168.2.23156.170.107.214
                                              Aug 18, 2022 13:37:25.818202019 CEST1922623192.168.2.2334.42.187.194
                                              Aug 18, 2022 13:37:25.818205118 CEST1922623192.168.2.2353.183.242.65
                                              Aug 18, 2022 13:37:25.818207979 CEST1922623192.168.2.23114.237.215.50
                                              Aug 18, 2022 13:37:25.818211079 CEST1922623192.168.2.23193.145.196.225
                                              Aug 18, 2022 13:37:25.818214893 CEST1922623192.168.2.23105.133.191.240
                                              Aug 18, 2022 13:37:25.818217039 CEST1922623192.168.2.2343.42.51.249
                                              Aug 18, 2022 13:37:25.818218946 CEST1922623192.168.2.23198.12.4.116
                                              Aug 18, 2022 13:37:25.818222046 CEST1922623192.168.2.2396.229.91.204
                                              Aug 18, 2022 13:37:25.818224907 CEST1922623192.168.2.2348.237.243.144
                                              Aug 18, 2022 13:37:25.818226099 CEST192262323192.168.2.23209.62.53.238
                                              Aug 18, 2022 13:37:25.818228006 CEST1922623192.168.2.23135.16.28.55
                                              Aug 18, 2022 13:37:25.818231106 CEST1922623192.168.2.23134.148.61.28
                                              Aug 18, 2022 13:37:25.818233013 CEST1922623192.168.2.2366.19.5.2
                                              Aug 18, 2022 13:37:25.818236113 CEST1922623192.168.2.23166.209.26.217
                                              Aug 18, 2022 13:37:25.818237066 CEST1922623192.168.2.2383.115.139.158
                                              Aug 18, 2022 13:37:25.818239927 CEST1922623192.168.2.23161.158.15.123
                                              Aug 18, 2022 13:37:25.818242073 CEST1922623192.168.2.23109.54.2.187
                                              Aug 18, 2022 13:37:25.818243980 CEST1922623192.168.2.23210.133.139.218
                                              Aug 18, 2022 13:37:25.818248034 CEST1922623192.168.2.23218.20.181.197
                                              Aug 18, 2022 13:37:25.818248987 CEST1922623192.168.2.23213.98.68.86
                                              Aug 18, 2022 13:37:25.818253040 CEST1922623192.168.2.23129.198.156.183
                                              Aug 18, 2022 13:37:25.818253994 CEST1922623192.168.2.23116.220.190.123
                                              Aug 18, 2022 13:37:25.818257093 CEST1922623192.168.2.2354.213.204.112
                                              Aug 18, 2022 13:37:25.818259954 CEST192262323192.168.2.2347.170.201.21
                                              Aug 18, 2022 13:37:25.818262100 CEST1922623192.168.2.23206.103.162.120
                                              Aug 18, 2022 13:37:25.818264961 CEST1922623192.168.2.2375.199.7.29
                                              Aug 18, 2022 13:37:25.818268061 CEST1922623192.168.2.2386.204.150.122
                                              Aug 18, 2022 13:37:25.818269014 CEST1922623192.168.2.23209.127.248.254
                                              Aug 18, 2022 13:37:25.818273067 CEST1922623192.168.2.23177.212.205.207
                                              Aug 18, 2022 13:37:25.818275928 CEST1922623192.168.2.2354.114.191.16
                                              Aug 18, 2022 13:37:25.818276882 CEST1922623192.168.2.2363.218.10.52
                                              Aug 18, 2022 13:37:25.818279028 CEST1922623192.168.2.23213.177.141.86
                                              Aug 18, 2022 13:37:25.818279982 CEST192262323192.168.2.23197.63.75.172
                                              Aug 18, 2022 13:37:25.818288088 CEST1922623192.168.2.2313.145.3.28
                                              Aug 18, 2022 13:37:25.818289995 CEST1922623192.168.2.23197.138.255.77
                                              Aug 18, 2022 13:37:25.818293095 CEST1922623192.168.2.23120.97.70.27
                                              Aug 18, 2022 13:37:25.818295002 CEST192262323192.168.2.2354.77.211.82
                                              Aug 18, 2022 13:37:25.818295956 CEST1922623192.168.2.23109.132.142.161
                                              Aug 18, 2022 13:37:25.818298101 CEST192262323192.168.2.23181.60.235.188
                                              Aug 18, 2022 13:37:25.818300009 CEST1922623192.168.2.23157.233.100.177
                                              Aug 18, 2022 13:37:25.818305016 CEST1922623192.168.2.23191.141.6.152
                                              Aug 18, 2022 13:37:25.818305969 CEST1922623192.168.2.23201.35.239.237
                                              Aug 18, 2022 13:37:25.818306923 CEST1922623192.168.2.2323.135.70.84
                                              Aug 18, 2022 13:37:25.818310022 CEST1922623192.168.2.232.29.10.9
                                              Aug 18, 2022 13:37:25.818311930 CEST1922623192.168.2.232.240.210.131
                                              Aug 18, 2022 13:37:25.818312883 CEST1922623192.168.2.23120.144.5.64
                                              Aug 18, 2022 13:37:25.818320990 CEST1922623192.168.2.2389.36.84.208
                                              Aug 18, 2022 13:37:25.818322897 CEST1922623192.168.2.23216.27.235.211
                                              Aug 18, 2022 13:37:25.818329096 CEST1922623192.168.2.2366.195.37.16
                                              Aug 18, 2022 13:37:25.818331957 CEST1922623192.168.2.23196.62.122.222
                                              Aug 18, 2022 13:37:25.818334103 CEST1922623192.168.2.23153.92.236.16
                                              Aug 18, 2022 13:37:25.818341017 CEST1922623192.168.2.23204.59.177.226
                                              Aug 18, 2022 13:37:25.818342924 CEST1922623192.168.2.23123.206.28.15
                                              Aug 18, 2022 13:37:25.818348885 CEST1922623192.168.2.23216.19.182.206
                                              Aug 18, 2022 13:37:25.818351984 CEST1922623192.168.2.23161.114.207.133
                                              Aug 18, 2022 13:37:25.818360090 CEST192262323192.168.2.23133.102.156.126
                                              Aug 18, 2022 13:37:25.818367004 CEST1922623192.168.2.23121.88.226.46
                                              Aug 18, 2022 13:37:25.818372965 CEST1922623192.168.2.2389.127.38.165
                                              Aug 18, 2022 13:37:25.818381071 CEST1922623192.168.2.2360.222.30.251
                                              Aug 18, 2022 13:37:25.818387032 CEST1922623192.168.2.23202.51.101.224
                                              Aug 18, 2022 13:37:25.818394899 CEST1922623192.168.2.23129.60.58.97
                                              Aug 18, 2022 13:37:25.818402052 CEST1922623192.168.2.23136.220.226.243
                                              Aug 18, 2022 13:37:26.006537914 CEST2319226205.170.187.30192.168.2.23
                                              Aug 18, 2022 13:37:26.012392998 CEST2319226104.145.252.74192.168.2.23
                                              Aug 18, 2022 13:37:26.012469053 CEST1922623192.168.2.23104.145.252.74
                                              Aug 18, 2022 13:37:26.051337004 CEST2319226200.160.40.247192.168.2.23
                                              Aug 18, 2022 13:37:26.155843019 CEST42836443192.168.2.2391.189.91.43
                                              Aug 18, 2022 13:37:26.923803091 CEST4251680192.168.2.23109.202.202.202
                                              Aug 18, 2022 13:37:40.747102022 CEST43928443192.168.2.2391.189.91.42
                                              Aug 18, 2022 13:37:53.034486055 CEST42836443192.168.2.2391.189.91.43
                                              Aug 18, 2022 13:37:57.130131960 CEST4251680192.168.2.23109.202.202.202
                                              Aug 18, 2022 13:38:21.704921007 CEST43928443192.168.2.2391.189.91.42
                                              TimestampSource PortDest PortSource IPDest IP
                                              Aug 18, 2022 13:37:25.817225933 CEST5228353192.168.2.238.8.8.8
                                              Aug 18, 2022 13:37:26.152798891 CEST53522838.8.8.8192.168.2.23
                                              TimestampSource IPDest IPChecksumCodeType
                                              Aug 18, 2022 13:37:25.876559973 CEST185.188.130.1192.168.2.2369ce(Host unreachable)Destination Unreachable
                                              Aug 18, 2022 13:37:25.964517117 CEST104.202.158.38192.168.2.23c6bd(Unknown)Destination Unreachable
                                              Aug 18, 2022 13:37:26.153068066 CEST192.168.2.238.8.8.8d016(Port unreachable)Destination Unreachable
                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              Aug 18, 2022 13:37:25.817225933 CEST192.168.2.238.8.8.80xe68aStandard query (0)cnc.condinet.cfA (IP address)IN (0x0001)
                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              Aug 18, 2022 13:37:26.152798891 CEST8.8.8.8192.168.2.230xe68aNo error (0)cnc.condinet.cf141.98.6.110A (IP address)IN (0x0001)

                                              System Behavior

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/tmp/skid.x86_64-20220818-1128
                                              Arguments:/tmp/skid.x86_64-20220818-1128
                                              File size:71488 bytes
                                              MD5 hash:e9adcff07098778702315e9450e0d8c5

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/tmp/skid.x86_64-20220818-1128
                                              Arguments:n/a
                                              File size:71488 bytes
                                              MD5 hash:e9adcff07098778702315e9450e0d8c5

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/tmp/skid.x86_64-20220818-1128
                                              Arguments:n/a
                                              File size:71488 bytes
                                              MD5 hash:e9adcff07098778702315e9450e0d8c5

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/bin/sh
                                              Arguments:sh -c "rm -rf bin/systemd && mkdir bin; >bin/systemd && mv /tmp/skid.x86_64-20220818-1128 bin/systemd; chmod 777 bin/systemd"
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/bin/sh
                                              Arguments:n/a
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/usr/bin/rm
                                              Arguments:rm -rf bin/systemd
                                              File size:72056 bytes
                                              MD5 hash:aa2b5496fdbfd88e38791ab81f90b95b

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/bin/sh
                                              Arguments:n/a
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/usr/bin/mkdir
                                              Arguments:mkdir bin
                                              File size:88408 bytes
                                              MD5 hash:088c9d1df5a28ed16c726eca15964cb7

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/bin/sh
                                              Arguments:n/a
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/usr/bin/mv
                                              Arguments:mv /tmp/skid.x86_64-20220818-1128 bin/systemd
                                              File size:149888 bytes
                                              MD5 hash:504f0590fa482d4da070a702260e3716

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/bin/sh
                                              Arguments:n/a
                                              File size:129816 bytes
                                              MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/usr/bin/chmod
                                              Arguments:chmod 777 bin/systemd
                                              File size:63864 bytes
                                              MD5 hash:739483b900c045ae1374d6f53a86a279

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/tmp/skid.x86_64-20220818-1128
                                              Arguments:n/a
                                              File size:71488 bytes
                                              MD5 hash:e9adcff07098778702315e9450e0d8c5

                                              Start time:13:37:24
                                              Start date:18/08/2022
                                              Path:/tmp/skid.x86_64-20220818-1128
                                              Arguments:n/a
                                              File size:71488 bytes
                                              MD5 hash:e9adcff07098778702315e9450e0d8c5