| 6271.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6352.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6352.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6352.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6352.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6352.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6352.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6352.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6352.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6303.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6303.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6303.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6303.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6303.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6303.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6303.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6303.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6306.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6306.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6306.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6306.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6306.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6306.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6306.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6306.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6324.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6328.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6328.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6328.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6328.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6328.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6328.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6328.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6328.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6276.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6276.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6276.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6276.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6276.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6276.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6276.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6276.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6313.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6313.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6313.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6313.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6313.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6313.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6313.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6313.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6284.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6283.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6283.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6283.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6283.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6283.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6283.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6283.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6283.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6283.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6287.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6299.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6299.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6299.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6299.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6299.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6299.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6299.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6299.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6291.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6291.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6291.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6291.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6291.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6291.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6291.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6291.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6269.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6339.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6295.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6267.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6338.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6338.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6338.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6338.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6338.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6338.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6338.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6338.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6305.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6305.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6305.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6305.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6305.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6305.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6305.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6305.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6279.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6279.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6279.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6279.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6279.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6279.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6279.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6279.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6309.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6313.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6269.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6269.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6269.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6269.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6269.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6269.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6269.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6269.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6328.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6299.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6295.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6295.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6295.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6295.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6295.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6295.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6295.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6295.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6288.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6325.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6325.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6325.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6325.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6325.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6325.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6325.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6325.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6287.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6287.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6287.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6287.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6287.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6287.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6287.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6287.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6336.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6336.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6336.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6336.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6336.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6336.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6336.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6336.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6315.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6315.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6315.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6315.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6315.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6315.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6315.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6315.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6332.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6343.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6310.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6272.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6272.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6272.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6272.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6272.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6272.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6272.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6272.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6322.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6275.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6309.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6309.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6309.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6309.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6309.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6309.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6309.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6309.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6253.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6253.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6253.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6253.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6253.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6253.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6253.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6253.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6280.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6280.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6280.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6280.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6280.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6280.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6280.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6280.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6329.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6342.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6342.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6342.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6342.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6342.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6342.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6342.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6342.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6310.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6310.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6310.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6310.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6310.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6310.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6310.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6310.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6301.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6284.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6284.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6284.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6284.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6284.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6284.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6284.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6284.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6235.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6235.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6235.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6235.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6235.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6235.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6235.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6235.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6322.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6322.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6322.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6322.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6322.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6322.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6322.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6322.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6348.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6348.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6348.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6348.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6348.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6348.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6348.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6348.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6293.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6329.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6329.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6329.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6329.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6329.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6329.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6329.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6329.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6271.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6271.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6271.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6271.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6271.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6271.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6271.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6271.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6272.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6348.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6317.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6320.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6291.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6345.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6345.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6345.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6345.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6345.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6345.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6345.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6345.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6325.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6297.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6297.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6297.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6297.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6297.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6297.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6297.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6297.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6332.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6332.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6332.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6332.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6332.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6332.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6332.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6332.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6303.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6235.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6315.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6319.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6350.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6350.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6350.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6350.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6350.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6350.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6350.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6350.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6333.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6333.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6333.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6333.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6333.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6333.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6333.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6333.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6320.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6320.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6320.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6320.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6320.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6320.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6320.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6320.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6276.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6306.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6280.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6275.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6275.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6275.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6275.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6275.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6275.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6275.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6275.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6324.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6324.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6324.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6324.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6324.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6324.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6324.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6324.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6343.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6343.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6343.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6343.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6343.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6343.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6343.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6343.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6336.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6267.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6267.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6267.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6267.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6267.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6267.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6267.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6267.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6317.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6317.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6317.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6317.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6317.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6317.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6317.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6317.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6338.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6253.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6293.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6293.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6293.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6293.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6293.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6293.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6293.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6293.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6342.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6297.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6238.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6238.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6238.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6238.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6238.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6238.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6238.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6238.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6279.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6319.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6319.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6319.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6319.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6319.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6319.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6319.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6319.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6238.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6288.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6288.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6288.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6288.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6288.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6288.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6288.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6288.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6305.1.00007f9cc4040000.00007f9cc4043000.rw-.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x2414:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2488:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x24fc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2570:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x25e4:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2864:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x28bc:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x2914:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x296c:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x29c4:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6339.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6339.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6339.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6339.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6339.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6339.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6339.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6339.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| 6301.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | SUSP_XORed_Mozilla | Detects suspicious single byte XORed keyword \'Mozilla/5.0\' - it uses yara\'s XOR modifier and therefore cannot print the XOR key. You can use the CyberChef recipe linked in the reference field to brute force the used key. | Florian Roth | - 0x1c398:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c408:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c478:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c4e8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c558:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c7d8:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c830:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c888:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c8e0:$xo1: oMXKNNC\x0D\x17\x0C\x12
- 0x1c938:$xo1: oMXKNNC\x0D\x17\x0C\x12
|
| 6301.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | Mirai_Botnet_Malware | Detects Mirai Botnet Malware | Florian Roth | - 0x19f70:$x1: POST /cdn-cgi/
- 0x1c1e0:$s1: LCOGQGPTGP
|
| 6301.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | MAL_ELF_LNX_Mirai_Oct10_2 | Detects ELF malware Mirai related | Florian Roth | - 0x19f70:$c01: 50 4F 53 54 20 2F 63 64 6E 2D 63 67 69 2F 00 00 20 48 54 54 50 2F 31 2E 31 0D 0A 55 73 65 72 2D 41 67 65 6E 74 3A 20 00 0D 0A 48 6F 73 74 3A
|
| 6301.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_5 | Yara detected Mirai | Joe Security | |
| 6301.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_8 | Yara detected Mirai | Joe Security | |
| 6301.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_9 | Yara detected Mirai | Joe Security | |
| 6301.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| 6301.1.00007f9cc4011000.00007f9cc402f000.r-x.sdmp | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6235 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6235 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6238 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6238 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6253 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6253 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6267 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6267 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6269 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6269 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6271 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6271 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6272 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6272 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6275 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6275 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6276 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6276 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6279 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6279 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6280 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6280 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6283 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6283 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6284 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6284 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6287 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6287 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6288 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6288 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6291 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6291 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6293 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6293 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6295 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6295 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6297 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6297 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6299 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6299 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6301 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6301 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6303 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6303 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6305 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6305 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6306 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6306 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6309 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6309 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6310 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6310 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6313 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6313 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6315 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6315 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6317 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6317 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6319 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6319 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6320 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6320 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6322 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6322 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6324 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6324 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6325 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6325 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6328 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6328 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6329 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6329 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6332 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6332 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6333 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6333 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6336 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6336 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6338 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6338 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6339 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6339 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6342 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6342 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6343 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6343 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6345 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6345 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6348 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6348 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6350 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6350 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6352 | JoeSecurity_Mirai_6 | Yara detected Mirai | Joe Security | |
| Process Memory Space: go9qYoY9kg PID: 6352 | JoeSecurity_Mirai_4 | Yara detected Mirai | Joe Security | |
| Click to see the 508 entries |
Edit tour
