Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Linux Analysis Report
Di1p3oLnDb.elf

Overview

General Information

Sample Name:Di1p3oLnDb.elf
Analysis ID:716619
MD5:96671eab0913c0003c63f4d2c50318db
SHA1:0ef56578885236f87ae7f1c7580b8ed50c9ade77
SHA256:5a7d7f1d53f039e7b69cf8d040cc043d1264b14107a8a73034e6b90d8e81f87a
Tags:elf
Infos:

Detection

XorDDoS
Score:100
Range:0 - 100
Whitelisted:false

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus detection for dropped file
Yara detected XorDDoS Bot
Snort IDS alert for network traffic
Sample tries to persist itself using System V runlevels
Machine Learning detection for dropped file
Sample tries to persist itself using cron
Drops files in suspicious directories
Sample deletes itself
Machine Learning detection for sample
Writes ELF files to disk
Yara signature match
Drops files with innocent-looking names
PID-file does not contain an ASCII number
Writes shell script files to disk
Reads system information from the proc file system
Uses the "uname" system call to query kernel version information (possible evasion)
Executes the "systemctl" command used for controlling the systemd system and service manager
Tries to connect to HTTP servers, but all servers are down (expired dropper behavior)
Detected TCP or UDP traffic on non-standard ports
Sample has stripped symbol table
Executes commands using a shell command-line interpreter
Reads CPU information from /proc indicative of miner or evasive malware
Writes shell script file to disk with an unusual file extension

Classification

Analysis Advice

All HTTP servers contacted by the sample do not answer. The sample is likely an old dropper which does no longer work.

General Information

Joe Sandbox Version:36.0.0 Rainbow Opal
Analysis ID:716619
Start date and time:2022-10-05 13:39:13 +02:00
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 7m 35s
Hypervisor based Inspection enabled:false
Report type:full
Sample file name:Di1p3oLnDb.elf
Cookbook file name:defaultlinuxfilecookbook.jbs
Analysis system description:Ubuntu Linux 20.04 x64 (Kernel 5.4.0-72, Firefox 91.0, Evince Document Viewer 3.36.10, LibreOffice 6.4.7.2, OpenJDK 11.0.11)
Analysis Mode:default
Detection:MAL
Classification:mal100.troj.evad.linELF@0/21@5/0

Warnings

  • VT rate limit hit for: ppp.gggatat456.com

Runtime Messages

Command:/tmp/Di1p3oLnDb.elf
PID:6224
Exit Code:0
Exit Code Info:
Killed:False
Standard Output:

Standard Error:

Process Tree

  • system is lnxubuntu20
  • Di1p3oLnDb.elf (PID: 6224, Parent: 6130, MD5: 96671eab0913c0003c63f4d2c50318db) Arguments: /tmp/Di1p3oLnDb.elf
    • Di1p3oLnDb.elf New Fork (PID: 6225, Parent: 6224)
      • Di1p3oLnDb.elf New Fork (PID: 6228, Parent: 6225)
        • update-rc.d (PID: 6229, Parent: 1860, MD5: 16a21f464119ea7fad1d3660de963637) Arguments: update-rc.d Di1p3oLnDb.elf defaults
          • systemctl (PID: 6235, Parent: 6229, MD5: 4deddfb6741481f68aeac522cc26ff4b) Arguments: systemctl daemon-reload
      • sh (PID: 6230, Parent: 6225, MD5: 1e6b1c887c59a315edb7eb9a315fc84c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
        • sh New Fork (PID: 6231, Parent: 6230)
        • sed (PID: 6231, Parent: 6230, MD5: 885062561f66aa1d4af4c54b9e7cc81a) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
      • Di1p3oLnDb.elf New Fork (PID: 6257, Parent: 6225)
        • qhknhggmjf (PID: 6258, Parent: 6257, MD5: 7cd491e3750c0e09a84213102078562c) Arguments: /usr/bin/qhknhggmjf "sleep 1" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6259, Parent: 6225)
        • qhknhggmjf (PID: 6260, Parent: 6259, MD5: 7cd491e3750c0e09a84213102078562c) Arguments: /usr/bin/qhknhggmjf "netstat -an" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6262, Parent: 6225)
        • qhknhggmjf (PID: 6263, Parent: 6262, MD5: 7cd491e3750c0e09a84213102078562c) Arguments: /usr/bin/qhknhggmjf "netstat -an" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6265, Parent: 6225)
        • qhknhggmjf (PID: 6266, Parent: 6265, MD5: 7cd491e3750c0e09a84213102078562c) Arguments: /usr/bin/qhknhggmjf su 6225
      • Di1p3oLnDb.elf New Fork (PID: 6267, Parent: 6225)
        • qhknhggmjf (PID: 6269, Parent: 6267, MD5: 7cd491e3750c0e09a84213102078562c) Arguments: /usr/bin/qhknhggmjf pwd 6225
      • Di1p3oLnDb.elf New Fork (PID: 6275, Parent: 6225)
        • ltaanxttrs (PID: 6276, Parent: 6275, MD5: e51ed28589d76c5f8fc2ad7ea9c1cc03) Arguments: /usr/bin/ltaanxttrs "netstat -antop" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6278, Parent: 6225)
        • ltaanxttrs (PID: 6279, Parent: 6278, MD5: e51ed28589d76c5f8fc2ad7ea9c1cc03) Arguments: /usr/bin/ltaanxttrs su 6225
      • Di1p3oLnDb.elf New Fork (PID: 6282, Parent: 6225)
        • ltaanxttrs (PID: 6283, Parent: 6282, MD5: e51ed28589d76c5f8fc2ad7ea9c1cc03) Arguments: /usr/bin/ltaanxttrs pwd 6225
      • Di1p3oLnDb.elf New Fork (PID: 6285, Parent: 6225)
        • ltaanxttrs (PID: 6286, Parent: 6285, MD5: e51ed28589d76c5f8fc2ad7ea9c1cc03) Arguments: /usr/bin/ltaanxttrs "cd /etc" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6288, Parent: 6225)
        • ltaanxttrs (PID: 6289, Parent: 6288, MD5: e51ed28589d76c5f8fc2ad7ea9c1cc03) Arguments: /usr/bin/ltaanxttrs sh 6225
      • Di1p3oLnDb.elf New Fork (PID: 6294, Parent: 6225)
        • kihierzlde (PID: 6295, Parent: 6294, MD5: 3ae356a1821888903e278250f3a77d3b) Arguments: /usr/bin/kihierzlde "cat resolv.conf" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6296, Parent: 6225)
        • kihierzlde (PID: 6298, Parent: 6296, MD5: 3ae356a1821888903e278250f3a77d3b) Arguments: /usr/bin/kihierzlde gnome-terminal 6225
      • Di1p3oLnDb.elf New Fork (PID: 6299, Parent: 6225)
        • kihierzlde (PID: 6300, Parent: 6299, MD5: 3ae356a1821888903e278250f3a77d3b) Arguments: /usr/bin/kihierzlde who 6225
      • Di1p3oLnDb.elf New Fork (PID: 6302, Parent: 6225)
        • kihierzlde (PID: 6303, Parent: 6302, MD5: 3ae356a1821888903e278250f3a77d3b) Arguments: /usr/bin/kihierzlde ifconfig 6225
      • Di1p3oLnDb.elf New Fork (PID: 6304, Parent: 6225)
        • kihierzlde (PID: 6305, Parent: 6304, MD5: 3ae356a1821888903e278250f3a77d3b) Arguments: /usr/bin/kihierzlde whoami 6225
      • Di1p3oLnDb.elf New Fork (PID: 6311, Parent: 6225)
        • thgxtutpuw (PID: 6312, Parent: 6311, MD5: dc66ac7ec93e0ec52d5b4c1039769dd1) Arguments: /usr/bin/thgxtutpuw "netstat -antop" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6314, Parent: 6225)
        • thgxtutpuw (PID: 6315, Parent: 6314, MD5: dc66ac7ec93e0ec52d5b4c1039769dd1) Arguments: /usr/bin/thgxtutpuw "echo \"find\"" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6316, Parent: 6225)
        • thgxtutpuw (PID: 6317, Parent: 6316, MD5: dc66ac7ec93e0ec52d5b4c1039769dd1) Arguments: /usr/bin/thgxtutpuw sh 6225
      • Di1p3oLnDb.elf New Fork (PID: 6319, Parent: 6225)
        • thgxtutpuw (PID: 6320, Parent: 6319, MD5: dc66ac7ec93e0ec52d5b4c1039769dd1) Arguments: /usr/bin/thgxtutpuw "cd /etc" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6321, Parent: 6225)
        • thgxtutpuw (PID: 6322, Parent: 6321, MD5: dc66ac7ec93e0ec52d5b4c1039769dd1) Arguments: /usr/bin/thgxtutpuw who 6225
      • Di1p3oLnDb.elf New Fork (PID: 6328, Parent: 6225)
        • dwfhzeeizt (PID: 6329, Parent: 6328, MD5: 2394c32c9bf33731ba0aea110fffaaf0) Arguments: /usr/bin/dwfhzeeizt top 6225
      • Di1p3oLnDb.elf New Fork (PID: 6331, Parent: 6225)
        • dwfhzeeizt (PID: 6332, Parent: 6331, MD5: 2394c32c9bf33731ba0aea110fffaaf0) Arguments: /usr/bin/dwfhzeeizt ifconfig 6225
      • Di1p3oLnDb.elf New Fork (PID: 6333, Parent: 6225)
        • dwfhzeeizt (PID: 6334, Parent: 6333, MD5: 2394c32c9bf33731ba0aea110fffaaf0) Arguments: /usr/bin/dwfhzeeizt "echo \"find\"" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6336, Parent: 6225)
        • dwfhzeeizt (PID: 6337, Parent: 6336, MD5: 2394c32c9bf33731ba0aea110fffaaf0) Arguments: /usr/bin/dwfhzeeizt bash 6225
      • Di1p3oLnDb.elf New Fork (PID: 6339, Parent: 6225)
        • dwfhzeeizt (PID: 6340, Parent: 6339, MD5: 2394c32c9bf33731ba0aea110fffaaf0) Arguments: /usr/bin/dwfhzeeizt whoami 6225
      • Di1p3oLnDb.elf New Fork (PID: 6345, Parent: 6225)
        • xmnjiktnas (PID: 6346, Parent: 6345, MD5: ddd43550bad564e41b77604693a62617) Arguments: /usr/bin/xmnjiktnas gnome-terminal 6225
      • Di1p3oLnDb.elf New Fork (PID: 6348, Parent: 6225)
        • xmnjiktnas (PID: 6349, Parent: 6348, MD5: ddd43550bad564e41b77604693a62617) Arguments: /usr/bin/xmnjiktnas who 6225
      • Di1p3oLnDb.elf New Fork (PID: 6351, Parent: 6225)
        • xmnjiktnas (PID: 6352, Parent: 6351, MD5: ddd43550bad564e41b77604693a62617) Arguments: /usr/bin/xmnjiktnas "ifconfig eth0" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6353, Parent: 6225)
        • xmnjiktnas (PID: 6354, Parent: 6353, MD5: ddd43550bad564e41b77604693a62617) Arguments: /usr/bin/xmnjiktnas ls 6225
      • Di1p3oLnDb.elf New Fork (PID: 6357, Parent: 6225)
        • xmnjiktnas (PID: 6359, Parent: 6357, MD5: ddd43550bad564e41b77604693a62617) Arguments: /usr/bin/xmnjiktnas "netstat -an" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6365, Parent: 6225)
        • bvyxmkkmbp (PID: 6366, Parent: 6365, MD5: 1c69907b9b1ea6970ce38e0262ee82e1) Arguments: /usr/bin/bvyxmkkmbp gnome-terminal 6225
      • Di1p3oLnDb.elf New Fork (PID: 6368, Parent: 6225)
        • bvyxmkkmbp (PID: 6369, Parent: 6368, MD5: 1c69907b9b1ea6970ce38e0262ee82e1) Arguments: /usr/bin/bvyxmkkmbp ifconfig 6225
      • Di1p3oLnDb.elf New Fork (PID: 6370, Parent: 6225)
        • bvyxmkkmbp (PID: 6372, Parent: 6370, MD5: 1c69907b9b1ea6970ce38e0262ee82e1) Arguments: /usr/bin/bvyxmkkmbp bash 6225
      • Di1p3oLnDb.elf New Fork (PID: 6373, Parent: 6225)
        • bvyxmkkmbp (PID: 6374, Parent: 6373, MD5: 1c69907b9b1ea6970ce38e0262ee82e1) Arguments: /usr/bin/bvyxmkkmbp "sleep 1" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6375, Parent: 6225)
        • bvyxmkkmbp (PID: 6376, Parent: 6375, MD5: 1c69907b9b1ea6970ce38e0262ee82e1) Arguments: /usr/bin/bvyxmkkmbp "sleep 1" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6384, Parent: 6225)
        • hszflciagy (PID: 6385, Parent: 6384, MD5: 518f3cac4283fc9eee5d8d2f61a93231) Arguments: /usr/bin/hszflciagy bash 6225
      • Di1p3oLnDb.elf New Fork (PID: 6387, Parent: 6225)
        • hszflciagy (PID: 6388, Parent: 6387, MD5: 518f3cac4283fc9eee5d8d2f61a93231) Arguments: /usr/bin/hszflciagy uptime 6225
      • Di1p3oLnDb.elf New Fork (PID: 6389, Parent: 6225)
        • hszflciagy (PID: 6390, Parent: 6389, MD5: 518f3cac4283fc9eee5d8d2f61a93231) Arguments: /usr/bin/hszflciagy "ps -ef" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6393, Parent: 6225)
        • hszflciagy (PID: 6394, Parent: 6393, MD5: 518f3cac4283fc9eee5d8d2f61a93231) Arguments: /usr/bin/hszflciagy "ls -la" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6395, Parent: 6225)
        • hszflciagy (PID: 6396, Parent: 6395, MD5: 518f3cac4283fc9eee5d8d2f61a93231) Arguments: /usr/bin/hszflciagy "netstat -an" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6401, Parent: 6225)
        • dvisuvnfsi (PID: 6402, Parent: 6401, MD5: 34a7f54873746b3448c4e06af756c541) Arguments: /usr/bin/dvisuvnfsi ls 6225
      • Di1p3oLnDb.elf New Fork (PID: 6404, Parent: 6225)
        • dvisuvnfsi (PID: 6405, Parent: 6404, MD5: 34a7f54873746b3448c4e06af756c541) Arguments: /usr/bin/dvisuvnfsi bash 6225
      • Di1p3oLnDb.elf New Fork (PID: 6407, Parent: 6225)
        • dvisuvnfsi (PID: 6408, Parent: 6407, MD5: 34a7f54873746b3448c4e06af756c541) Arguments: /usr/bin/dvisuvnfsi "sleep 1" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6409, Parent: 6225)
        • dvisuvnfsi (PID: 6410, Parent: 6409, MD5: 34a7f54873746b3448c4e06af756c541) Arguments: /usr/bin/dvisuvnfsi "echo \"find\"" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6412, Parent: 6225)
        • dvisuvnfsi (PID: 6413, Parent: 6412, MD5: 34a7f54873746b3448c4e06af756c541) Arguments: /usr/bin/dvisuvnfsi "route -n" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6418, Parent: 6225)
        • zzdslzxygn (PID: 6419, Parent: 6418, MD5: 8dc652fcadce3231649681ae716b8941) Arguments: /usr/bin/zzdslzxygn "sleep 1" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6421, Parent: 6225)
        • zzdslzxygn (PID: 6422, Parent: 6421, MD5: 8dc652fcadce3231649681ae716b8941) Arguments: /usr/bin/zzdslzxygn "cat resolv.conf" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6423, Parent: 6225)
        • zzdslzxygn (PID: 6424, Parent: 6423, MD5: 8dc652fcadce3231649681ae716b8941) Arguments: /usr/bin/zzdslzxygn "netstat -an" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6426, Parent: 6225)
        • zzdslzxygn (PID: 6427, Parent: 6426, MD5: 8dc652fcadce3231649681ae716b8941) Arguments: /usr/bin/zzdslzxygn ifconfig 6225
      • Di1p3oLnDb.elf New Fork (PID: 6429, Parent: 6225)
        • zzdslzxygn (PID: 6430, Parent: 6429, MD5: 8dc652fcadce3231649681ae716b8941) Arguments: /usr/bin/zzdslzxygn sh 6225
      • Di1p3oLnDb.elf New Fork (PID: 6435, Parent: 6225)
        • koygrrjkon (PID: 6436, Parent: 6435, MD5: f52674a9af3a42b5b8edf7c4ca4a5159) Arguments: /usr/bin/koygrrjkon su 6225
      • Di1p3oLnDb.elf New Fork (PID: 6438, Parent: 6225)
        • koygrrjkon (PID: 6439, Parent: 6438, MD5: f52674a9af3a42b5b8edf7c4ca4a5159) Arguments: /usr/bin/koygrrjkon "netstat -antop" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6440, Parent: 6225)
        • koygrrjkon (PID: 6442, Parent: 6440, MD5: f52674a9af3a42b5b8edf7c4ca4a5159) Arguments: /usr/bin/koygrrjkon "ps -ef" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6443, Parent: 6225)
        • koygrrjkon (PID: 6444, Parent: 6443, MD5: f52674a9af3a42b5b8edf7c4ca4a5159) Arguments: /usr/bin/koygrrjkon pwd 6225
      • Di1p3oLnDb.elf New Fork (PID: 6446, Parent: 6225)
        • koygrrjkon (PID: 6447, Parent: 6446, MD5: f52674a9af3a42b5b8edf7c4ca4a5159) Arguments: /usr/bin/koygrrjkon "cd /etc" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6455, Parent: 6225)
        • uvilsmwwhk (PID: 6456, Parent: 6455, MD5: 599e094cfebd26a090e3c4d84dea2eec) Arguments: /usr/bin/uvilsmwwhk pwd 6225
      • Di1p3oLnDb.elf New Fork (PID: 6458, Parent: 6225)
        • uvilsmwwhk (PID: 6459, Parent: 6458, MD5: 599e094cfebd26a090e3c4d84dea2eec) Arguments: /usr/bin/uvilsmwwhk su 6225
      • Di1p3oLnDb.elf New Fork (PID: 6460, Parent: 6225)
        • uvilsmwwhk (PID: 6462, Parent: 6460, MD5: 599e094cfebd26a090e3c4d84dea2eec) Arguments: /usr/bin/uvilsmwwhk "sleep 1" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6463, Parent: 6225)
        • uvilsmwwhk (PID: 6464, Parent: 6463, MD5: 599e094cfebd26a090e3c4d84dea2eec) Arguments: /usr/bin/uvilsmwwhk "route -n" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6465, Parent: 6225)
        • uvilsmwwhk (PID: 6466, Parent: 6465, MD5: 599e094cfebd26a090e3c4d84dea2eec) Arguments: /usr/bin/uvilsmwwhk top 6225
      • Di1p3oLnDb.elf New Fork (PID: 6472, Parent: 6225)
        • ilrbozcctp (PID: 6473, Parent: 6472, MD5: 84093139500509d4abf65bf4368660c3) Arguments: /usr/bin/ilrbozcctp "netstat -an" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6475, Parent: 6225)
        • ilrbozcctp (PID: 6476, Parent: 6475, MD5: 84093139500509d4abf65bf4368660c3) Arguments: /usr/bin/ilrbozcctp "ps -ef" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6477, Parent: 6225)
        • ilrbozcctp (PID: 6478, Parent: 6477, MD5: 84093139500509d4abf65bf4368660c3) Arguments: /usr/bin/ilrbozcctp "netstat -antop" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6480, Parent: 6225)
        • ilrbozcctp (PID: 6481, Parent: 6480, MD5: 84093139500509d4abf65bf4368660c3) Arguments: /usr/bin/ilrbozcctp "netstat -antop" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6483, Parent: 6225)
        • ilrbozcctp (PID: 6484, Parent: 6483, MD5: 84093139500509d4abf65bf4368660c3) Arguments: /usr/bin/ilrbozcctp gnome-terminal 6225
      • Di1p3oLnDb.elf New Fork (PID: 6489, Parent: 6225)
        • gwqnqvffue (PID: 6490, Parent: 6489, MD5: 583764d38d6a3b24a072ba12c518ef07) Arguments: /usr/bin/gwqnqvffue "echo \"find\"" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6492, Parent: 6225)
        • gwqnqvffue (PID: 6493, Parent: 6492, MD5: 583764d38d6a3b24a072ba12c518ef07) Arguments: /usr/bin/gwqnqvffue pwd 6225
      • Di1p3oLnDb.elf New Fork (PID: 6494, Parent: 6225)
        • gwqnqvffue (PID: 6495, Parent: 6494, MD5: 583764d38d6a3b24a072ba12c518ef07) Arguments: /usr/bin/gwqnqvffue "ps -ef" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6497, Parent: 6225)
        • gwqnqvffue (PID: 6498, Parent: 6497, MD5: 583764d38d6a3b24a072ba12c518ef07) Arguments: /usr/bin/gwqnqvffue "ps -ef" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6499, Parent: 6225)
        • gwqnqvffue (PID: 6501, Parent: 6499, MD5: 583764d38d6a3b24a072ba12c518ef07) Arguments: /usr/bin/gwqnqvffue "netstat -an" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6507, Parent: 6225)
        • cbsypxwvhg (PID: 6508, Parent: 6507, MD5: ae6611a97543fac2cdd1c7b430747d8f) Arguments: /usr/bin/cbsypxwvhg whoami 6225
      • Di1p3oLnDb.elf New Fork (PID: 6510, Parent: 6225)
        • cbsypxwvhg (PID: 6511, Parent: 6510, MD5: ae6611a97543fac2cdd1c7b430747d8f) Arguments: /usr/bin/cbsypxwvhg gnome-terminal 6225
      • Di1p3oLnDb.elf New Fork (PID: 6512, Parent: 6225)
        • cbsypxwvhg (PID: 6514, Parent: 6512, MD5: ae6611a97543fac2cdd1c7b430747d8f) Arguments: /usr/bin/cbsypxwvhg "ifconfig eth0" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6515, Parent: 6225)
        • cbsypxwvhg (PID: 6516, Parent: 6515, MD5: ae6611a97543fac2cdd1c7b430747d8f) Arguments: /usr/bin/cbsypxwvhg id 6225
      • Di1p3oLnDb.elf New Fork (PID: 6518, Parent: 6225)
        • cbsypxwvhg (PID: 6519, Parent: 6518, MD5: ae6611a97543fac2cdd1c7b430747d8f) Arguments: /usr/bin/cbsypxwvhg "ls -la" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6524, Parent: 6225)
        • qozdbjhhph (PID: 6525, Parent: 6524, MD5: cbc9a7550ba8cc0a16d56fd5fa5962bd) Arguments: /usr/bin/qozdbjhhph id 6225
      • Di1p3oLnDb.elf New Fork (PID: 6527, Parent: 6225)
        • qozdbjhhph (PID: 6528, Parent: 6527, MD5: cbc9a7550ba8cc0a16d56fd5fa5962bd) Arguments: /usr/bin/qozdbjhhph ls 6225
      • Di1p3oLnDb.elf New Fork (PID: 6529, Parent: 6225)
        • qozdbjhhph (PID: 6531, Parent: 6529, MD5: cbc9a7550ba8cc0a16d56fd5fa5962bd) Arguments: /usr/bin/qozdbjhhph "netstat -antop" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6532, Parent: 6225)
        • qozdbjhhph (PID: 6533, Parent: 6532, MD5: cbc9a7550ba8cc0a16d56fd5fa5962bd) Arguments: /usr/bin/qozdbjhhph sh 6225
      • Di1p3oLnDb.elf New Fork (PID: 6536, Parent: 6225)
        • qozdbjhhph (PID: 6537, Parent: 6536, MD5: cbc9a7550ba8cc0a16d56fd5fa5962bd) Arguments: /usr/bin/qozdbjhhph "ls -la" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6542, Parent: 6225)
        • bcnljelvvj (PID: 6543, Parent: 6542, MD5: 09832f1b96069b9ed8a79c5ae07e8aa2) Arguments: /usr/bin/bcnljelvvj su 6225
      • Di1p3oLnDb.elf New Fork (PID: 6547, Parent: 6225)
        • bcnljelvvj (PID: 6548, Parent: 6547, MD5: 09832f1b96069b9ed8a79c5ae07e8aa2) Arguments: /usr/bin/bcnljelvvj whoami 6225
      • Di1p3oLnDb.elf New Fork (PID: 6550, Parent: 6225)
        • bcnljelvvj (PID: 6551, Parent: 6550, MD5: 09832f1b96069b9ed8a79c5ae07e8aa2) Arguments: /usr/bin/bcnljelvvj "cat resolv.conf" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6552, Parent: 6225)
        • bcnljelvvj (PID: 6553, Parent: 1860, MD5: 09832f1b96069b9ed8a79c5ae07e8aa2) Arguments: /usr/bin/bcnljelvvj "echo \"find\"" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6554, Parent: 6225)
        • bcnljelvvj (PID: 6555, Parent: 1860, MD5: 09832f1b96069b9ed8a79c5ae07e8aa2) Arguments: /usr/bin/bcnljelvvj su 6225
      • Di1p3oLnDb.elf New Fork (PID: 6563, Parent: 6225)
        • txgakcdvth (PID: 6564, Parent: 6563, MD5: e9d82c564dc16961ee51fdbc643f03f9) Arguments: /usr/bin/txgakcdvth "netstat -an" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6565, Parent: 6225)
        • txgakcdvth (PID: 6566, Parent: 1860, MD5: e9d82c564dc16961ee51fdbc643f03f9) Arguments: /usr/bin/txgakcdvth ifconfig 6225
      • Di1p3oLnDb.elf New Fork (PID: 6567, Parent: 6225)
        • txgakcdvth (PID: 6568, Parent: 1860, MD5: e9d82c564dc16961ee51fdbc643f03f9) Arguments: /usr/bin/txgakcdvth "netstat -an" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6570, Parent: 6225)
        • txgakcdvth (PID: 6571, Parent: 6570, MD5: e9d82c564dc16961ee51fdbc643f03f9) Arguments: /usr/bin/txgakcdvth "ps -ef" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6572, Parent: 6225)
        • txgakcdvth (PID: 6574, Parent: 1860, MD5: e9d82c564dc16961ee51fdbc643f03f9) Arguments: /usr/bin/txgakcdvth ifconfig 6225
      • Di1p3oLnDb.elf New Fork (PID: 6580, Parent: 6225)
        • kiykrkkimt (PID: 6581, Parent: 6580, MD5: 001b2d8ff6e0ddd4dd6c78aeca5375e7) Arguments: /usr/bin/kiykrkkimt "ifconfig eth0" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6582, Parent: 6225)
        • kiykrkkimt (PID: 6583, Parent: 1860, MD5: 001b2d8ff6e0ddd4dd6c78aeca5375e7) Arguments: /usr/bin/kiykrkkimt top 6225
      • Di1p3oLnDb.elf New Fork (PID: 6584, Parent: 6225)
        • kiykrkkimt (PID: 6585, Parent: 6584, MD5: 001b2d8ff6e0ddd4dd6c78aeca5375e7) Arguments: /usr/bin/kiykrkkimt top 6225
      • Di1p3oLnDb.elf New Fork (PID: 6587, Parent: 6225)
        • kiykrkkimt (PID: 6588, Parent: 1860, MD5: 001b2d8ff6e0ddd4dd6c78aeca5375e7) Arguments: /usr/bin/kiykrkkimt ifconfig 6225
      • Di1p3oLnDb.elf New Fork (PID: 6590, Parent: 6225)
        • kiykrkkimt (PID: 6592, Parent: 1860, MD5: 001b2d8ff6e0ddd4dd6c78aeca5375e7) Arguments: /usr/bin/kiykrkkimt ls 6225
      • Di1p3oLnDb.elf New Fork (PID: 6597, Parent: 6225)
        • siupwowznp (PID: 6598, Parent: 6597, MD5: 34e74d6766be7ba5c37e7750186592f1) Arguments: /usr/bin/siupwowznp su 6225
      • Di1p3oLnDb.elf New Fork (PID: 6599, Parent: 6225)
        • siupwowznp (PID: 6600, Parent: 1860, MD5: 34e74d6766be7ba5c37e7750186592f1) Arguments: /usr/bin/siupwowznp "ps -ef" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6601, Parent: 6225)
        • siupwowznp (PID: 6602, Parent: 1860, MD5: 34e74d6766be7ba5c37e7750186592f1) Arguments: /usr/bin/siupwowznp "cd /etc" 6225
      • Di1p3oLnDb.elf New Fork (PID: 6604, Parent: 6225)
        • siupwowznp (PID: 6605, Parent: 1860, MD5: 34e74d6766be7ba5c37e7750186592f1) Arguments: /usr/bin/siupwowznp whoami 6225
      • Di1p3oLnDb.elf New Fork (PID: 6606, Parent: 6225)
        • siupwowznp (PID: 6608, Parent: 1860, MD5: 34e74d6766be7ba5c37e7750186592f1) Arguments: /usr/bin/siupwowznp gnome-terminal 6225
      • Di1p3oLnDb.elf New Fork (PID: 6614, Parent: 6225)
        • urppslzpni (PID: 6615, Parent: 6614, MD5: b571204d591fa68cb55c7759de34143f) Arguments: /usr/bin/urppslzpni top 6225
      • Di1p3oLnDb.elf New Fork (PID: 6616, Parent: 6225)
        • urppslzpni (PID: 6617, Parent: 1860, MD5: b571204d591fa68cb55c7759de34143f) Arguments: /usr/bin/urppslzpni su 6225
      • Di1p3oLnDb.elf New Fork (PID: 6618, Parent: 6225)
        • urppslzpni (PID: 6619, Parent: 1860, MD5: b571204d591fa68cb55c7759de34143f) Arguments: /usr/bin/urppslzpni uptime 6225
      • Di1p3oLnDb.elf New Fork (PID: 6621, Parent: 6225)
        • urppslzpni (PID: 6622, Parent: 1860, MD5: b571204d591fa68cb55c7759de34143f) Arguments: /usr/bin/urppslzpni whoami 6225
      • Di1p3oLnDb.elf New Fork (PID: 6624, Parent: 6225)
        • urppslzpni (PID: 6625, Parent: 1860, MD5: b571204d591fa68cb55c7759de34143f) Arguments: /usr/bin/urppslzpni id 6225
  • systemd New Fork (PID: 6237, Parent: 6236)
  • snapd-env-generator (PID: 6237, Parent: 6236, MD5: 3633b075f40283ec938a2a6a89671b0e) Arguments: /usr/lib/systemd/system-environment-generators/snapd-env-generator
  • cleanup

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Di1p3oLnDb.elfJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
    Di1p3oLnDb.elfMALWARE_Linux_XORDDoSDetects XORDDoSditekSHen
    • 0x84cfb:$s1: for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done
    • 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6
    • 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab
    • 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
    Di1p3oLnDb.elfLinux_Trojan_Xorddos_2aef46a6unknownunknown
    • 0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
    Di1p3oLnDb.elfLinux_Trojan_Xorddos_884cab60unknownunknown
    • 0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
    • 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    /usr/bin/kihierzldeJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
      /usr/bin/kihierzldeMALWARE_Linux_XORDDoSDetects XORDDoSditekSHen
      • 0x84cfb:$s1: for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done
      • 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6
      • 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab
      • 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
      /usr/bin/kihierzldeLinux_Trojan_Xorddos_2aef46a6unknownunknown
      • 0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
      /usr/bin/kihierzldeLinux_Trojan_Xorddos_884cab60unknownunknown
      • 0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
      • 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
      /usr/bin/xmnjiktnasJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
        Click to see the 58 entries

        Memory Dumps

        SourceRuleDescriptionAuthorStrings
        6465.1.0000000008048000.00000000080cd000.r-x.sdmpJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
          6465.1.0000000008048000.00000000080cd000.r-x.sdmpMALWARE_Linux_XORDDoSDetects XORDDoSditekSHen
          • 0x84cfb:$s1: for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done
          • 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6
          • 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab
          • 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
          6465.1.0000000008048000.00000000080cd000.r-x.sdmpLinux_Trojan_Xorddos_2aef46a6unknownunknown
          • 0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
          6465.1.0000000008048000.00000000080cd000.r-x.sdmpLinux_Trojan_Xorddos_884cab60unknownunknown
          • 0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
          • 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
          6311.1.0000000008048000.00000000080cd000.r-x.sdmpJoeSecurity_XorDDoSYara detected XorDDoS BotJoe Security
            Click to see the 469 entries

            Snort Signatures

            Timestamp:192.168.2.238.8.8.838194532021326 10/05/22-13:40:01.525989
            SID:2021326
            Source Port:38194
            Destination Port:53
            Protocol:UDP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.238.8.4.454576532021326 10/05/22-13:40:01.546076
            SID:2021326
            Source Port:54576
            Destination Port:53
            Protocol:UDP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.231.1.1.159699532021326 10/05/22-13:40:01.563948
            SID:2021326
            Source Port:59699
            Destination Port:53
            Protocol:UDP
            Classtype:A Network Trojan was detected
            Timestamp:192.168.2.2379.137.1.1333916215232020381 10/05/22-13:40:01.726550
            SID:2020381
            Source Port:39162
            Destination Port:1523
            Protocol:TCP
            Classtype:A Network Trojan was detected

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus / Scanner detection for submitted sample
            Source: Di1p3oLnDb.elfAvira: detected
            Multi AV Scanner detection for submitted file
            Source: Di1p3oLnDb.elfReversingLabs: Detection: 75%
            Source: Di1p3oLnDb.elfVirustotal: Detection: 64%Perma Link
            Source: Di1p3oLnDb.elfMetadefender: Detection: 61%Perma Link
            Antivirus detection for dropped file
            Source: /usr/bin/cbsypxwvhgAvira: detection malicious, Label: LINUX/Xorddos.vcwea
            Source: /usr/lib/libudev.soAvira: detection malicious, Label: LINUX/Xorddos.dkabc
            Machine Learning detection for dropped file
            Source: /usr/bin/thgxtutpuwJoe Sandbox ML: detected
            Source: /usr/bin/cbsypxwvhgJoe Sandbox ML: detected
            Source: /usr/bin/xmnjiktnasJoe Sandbox ML: detected
            Source: /usr/bin/qhknhggmjfJoe Sandbox ML: detected
            Source: /usr/bin/koygrrjkonJoe Sandbox ML: detected
            Source: /usr/bin/zzdslzxygnJoe Sandbox ML: detected
            Source: /usr/bin/uvilsmwwhkJoe Sandbox ML: detected
            Source: /usr/bin/bvyxmkkmbpJoe Sandbox ML: detected
            Source: /usr/bin/ltaanxttrsJoe Sandbox ML: detected
            Source: /usr/bin/dwfhzeeiztJoe Sandbox ML: detected
            Source: /usr/bin/gwqnqvffueJoe Sandbox ML: detected
            Source: /usr/bin/dvisuvnfsiJoe Sandbox ML: detected
            Source: /usr/lib/libudev.soJoe Sandbox ML: detected
            Source: /usr/bin/hszflciagyJoe Sandbox ML: detected
            Source: /usr/bin/ilrbozcctpJoe Sandbox ML: detected
            Source: /usr/bin/kihierzldeJoe Sandbox ML: detected
            Machine Learning detection for sample
            Source: Di1p3oLnDb.elfJoe Sandbox ML: detected
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)Reads CPU info from proc file: /proc/cpuinfoJump to behavior

            Networking

            barindex
            Snort IDS alert for network traffic
            Source: TrafficSnort IDS: 2021326 ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org) 192.168.2.23:38194 -> 8.8.8.8:53
            Source: TrafficSnort IDS: 2021326 ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org) 192.168.2.23:54576 -> 8.8.4.4:53
            Source: TrafficSnort IDS: 2021326 ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org) 192.168.2.23:59699 -> 1.1.1.1:53
            Source: TrafficSnort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.23:39162 -> 79.137.1.133:1523
            Source: global trafficTCP traffic: 192.168.2.23:42836 -> 91.189.91.43:443
            Source: global trafficTCP traffic: 192.168.2.23:42516 -> 109.202.202.202:80
            Source: global trafficTCP traffic: 192.168.2.23:43928 -> 91.189.91.42:443
            Source: global trafficTCP traffic: 192.168.2.23:39162 -> 79.137.1.133:1523
            Source: unknownNetwork traffic detected: HTTP traffic on port 43928 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 42836 -> 443
            Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
            Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
            Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
            Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.43
            Source: unknownTCP traffic detected without corresponding DNS query: 109.202.202.202
            Source: unknownTCP traffic detected without corresponding DNS query: 91.189.91.42
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: Di1p3oLnDb.elf, 6224.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6226.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6227.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6228.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6257.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6259.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6262.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6265.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6267.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6275.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6278.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6282.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6285.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6288.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6294.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6296.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6299.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6302.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6304.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6311.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6314.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmpString found in binary or memory: http://aa.hostasa.org/config.rar
            Source: Di1p3oLnDb.elf, 6224.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6226.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6227.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6228.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6257.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6259.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6262.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6265.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6267.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6275.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6278.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6282.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6285.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6288.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6294.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6296.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6299.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6302.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6304.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6311.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6314.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmpString found in binary or memory: http://aa.hostasa.org/config.rartat456.com:1523
            Source: Di1p3oLnDb.elf, thgxtutpuw.11.dr, xmnjiktnas.11.dr, qhknhggmjf.11.dr, koygrrjkon.11.dr, zzdslzxygn.11.dr, uvilsmwwhk.11.dr, bvyxmkkmbp.11.dr, ltaanxttrs.11.dr, dwfhzeeizt.11.dr, gwqnqvffue.11.dr, dvisuvnfsi.11.dr, libudev.so.11.dr, hszflciagy.11.dr, ilrbozcctp.11.dr, kihierzlde.11.drString found in binary or memory: http://www.gnu.org/software/libc/bugs.html
            Source: unknownDNS traffic detected: queries for: aa.hostasa.org

            DDoS

            barindex
            Yara detected XorDDoS Bot
            Source: Yara matchFile source: Di1p3oLnDb.elf, type: SAMPLE
            Source: Yara matchFile source: 6465.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6418.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6499.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6429.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6550.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6278.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6373.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6426.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6348.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6518.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6282.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6294.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6336.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6524.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6393.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6527.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6409.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6299.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6395.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6529.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6480.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6345.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6387.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6365.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6226.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6421.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6472.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6351.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6483.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6497.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6489.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6532.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6494.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6370.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6259.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6224.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6227.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6288.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6492.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6404.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6512.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6407.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6477.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6384.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6321.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6304.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6257.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6285.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6339.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6275.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6228.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6507.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6389.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6265.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6353.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6267.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6515.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6224, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6226, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6227, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6228, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6257, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6259, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6262, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6265, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6267, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6275, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6278, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6282, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6285, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6288, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6294, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6296, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6299, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6302, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6304, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6311, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6314, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6316, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6319, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6321, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6328, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6331, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6333, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6336, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6339, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6345, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6348, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6351, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6353, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6357, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6365, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6368, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6370, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6373, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6375, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6384, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6387, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6389, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6393, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6395, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6401, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6404, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6407, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6409, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6412, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6418, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6421, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6423, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6426, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6429, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6435, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6438, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6440, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6443, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6446, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6455, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6458, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6460, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6463, type: MEMORYSTR
            Source: Yara matchFile source: /usr/bin/kihierzlde, type: DROPPED
            Source: Yara matchFile source: /usr/bin/xmnjiktnas, type: DROPPED
            Source: Yara matchFile source: /usr/bin/uvilsmwwhk, type: DROPPED
            Source: Yara matchFile source: /usr/lib/libudev.so, type: DROPPED
            Source: Yara matchFile source: /usr/bin/koygrrjkon, type: DROPPED
            Source: Yara matchFile source: /usr/bin/hszflciagy, type: DROPPED
            Source: Yara matchFile source: /usr/bin/qhknhggmjf, type: DROPPED
            Source: Yara matchFile source: /usr/bin/ilrbozcctp, type: DROPPED
            Source: Yara matchFile source: /usr/bin/cbsypxwvhg, type: DROPPED
            Source: Yara matchFile source: /usr/bin/dvisuvnfsi, type: DROPPED
            Source: Yara matchFile source: /usr/bin/dwfhzeeizt, type: DROPPED
            Source: Yara matchFile source: /usr/bin/gwqnqvffue, type: DROPPED
            Source: Yara matchFile source: /usr/bin/ltaanxttrs, type: DROPPED
            Source: Yara matchFile source: /usr/bin/bvyxmkkmbp, type: DROPPED
            Source: Yara matchFile source: /usr/bin/thgxtutpuw, type: DROPPED
            Source: Yara matchFile source: /usr/bin/zzdslzxygn, type: DROPPED

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: Di1p3oLnDb.elf, type: SAMPLEMatched rule: Detects XORDDoS Author: ditekSHen
            Source: Di1p3oLnDb.elf, type: SAMPLEMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Di1p3oLnDb.elf, type: SAMPLEMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6465.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6465.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6465.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6418.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6418.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6418.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6499.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6499.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6499.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6429.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6429.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6429.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6550.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6550.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6550.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6278.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6278.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6278.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6373.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6373.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6373.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6426.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6426.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6426.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6348.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6348.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6348.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6518.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6518.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6518.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6282.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6282.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6282.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6294.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6294.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6294.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6336.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6336.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6336.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6524.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6524.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6524.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6393.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6393.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6393.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6527.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6527.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6527.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6409.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6409.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6409.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6299.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6299.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6299.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6395.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6395.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6395.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6529.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6529.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6529.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6480.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6480.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6480.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6345.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6345.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6345.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6387.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6387.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6387.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6365.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6365.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6365.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6226.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6226.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6226.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6421.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6421.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6421.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6472.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6472.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6472.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6351.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6351.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6351.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6483.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6483.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6483.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6497.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6497.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6497.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6489.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6489.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6489.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6532.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6532.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6532.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6494.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6494.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6494.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6370.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6370.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6370.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6259.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6259.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6259.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6224.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6224.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6224.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6227.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6227.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6227.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6288.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6288.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6288.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6492.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6492.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6492.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6404.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6404.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6404.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6512.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6512.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6512.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6407.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6407.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6407.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6477.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6477.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6477.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6384.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6384.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6384.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6321.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6321.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6321.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6304.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6304.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6304.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6257.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6257.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6257.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6285.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6285.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6285.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6339.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6339.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6339.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6275.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6275.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6275.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6228.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6228.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6228.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6507.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6507.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6507.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6389.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6389.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6389.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6265.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6265.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6265.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6353.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6353.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6353.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6267.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6267.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6267.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: 6515.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Detects XORDDoS Author: ditekSHen
            Source: 6515.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: 6515.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6224, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6257, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6262, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6265, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6267, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6275, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6278, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6282, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6285, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6288, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6294, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6296, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6299, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6302, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6304, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6311, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6314, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6316, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6319, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6321, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6328, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6331, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6333, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6336, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6339, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6345, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6348, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6351, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6353, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6357, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6365, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6368, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6370, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6373, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6375, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6384, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6387, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6389, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6393, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6395, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6401, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6404, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6407, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6409, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6412, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6418, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6421, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6423, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6426, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6429, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6435, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6438, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6440, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6443, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6446, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6455, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6458, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6460, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6463, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/kihierzlde, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/kihierzlde, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/kihierzlde, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/xmnjiktnas, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/xmnjiktnas, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/xmnjiktnas, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/uvilsmwwhk, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/uvilsmwwhk, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/uvilsmwwhk, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/lib/libudev.so, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/lib/libudev.so, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/lib/libudev.so, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/koygrrjkon, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/koygrrjkon, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/koygrrjkon, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/hszflciagy, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/hszflciagy, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/hszflciagy, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/qhknhggmjf, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/qhknhggmjf, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/qhknhggmjf, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/ilrbozcctp, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/ilrbozcctp, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/ilrbozcctp, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/cbsypxwvhg, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/cbsypxwvhg, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/dvisuvnfsi, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/dvisuvnfsi, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/dvisuvnfsi, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/dwfhzeeizt, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/dwfhzeeizt, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/dwfhzeeizt, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/gwqnqvffue, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/gwqnqvffue, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/gwqnqvffue, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/ltaanxttrs, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/ltaanxttrs, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/ltaanxttrs, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/bvyxmkkmbp, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/thgxtutpuw, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/bvyxmkkmbp, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/bvyxmkkmbp, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/thgxtutpuw, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/thgxtutpuw, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: /usr/bin/zzdslzxygn, type: DROPPEDMatched rule: Detects XORDDoS Author: ditekSHen
            Source: /usr/bin/zzdslzxygn, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
            Source: /usr/bin/zzdslzxygn, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
            Source: Di1p3oLnDb.elf, type: SAMPLEMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: Di1p3oLnDb.elf, type: SAMPLEMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Di1p3oLnDb.elf, type: SAMPLEMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6465.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6465.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6465.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6418.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6418.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6418.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6499.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6499.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6499.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6429.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6429.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6429.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6550.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6550.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6550.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6278.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6278.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6278.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6373.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6373.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6373.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6426.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6426.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6426.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6348.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6348.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6348.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6518.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6518.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6518.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6282.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6282.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6282.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6294.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6294.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6294.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6336.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6336.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6336.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6524.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6524.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6524.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6393.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6393.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6393.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6527.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6527.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6527.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6409.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6409.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6409.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6299.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6299.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6299.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6395.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6395.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6395.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6529.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6529.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6529.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6480.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6480.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6480.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6345.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6345.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6345.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6387.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6387.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6387.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6365.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6365.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6365.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6226.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6226.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6226.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6421.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6421.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6421.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6472.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6472.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6472.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6351.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6351.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6351.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6483.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6483.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6483.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6497.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6497.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6497.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6489.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6489.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6489.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6532.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6532.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6532.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6494.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6494.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6494.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6370.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6370.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6370.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6259.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6259.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6259.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6224.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6224.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6224.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6227.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6227.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6227.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6288.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6288.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6288.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6492.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6492.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6492.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6404.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6404.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6404.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6512.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6512.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6512.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6407.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6407.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6407.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6477.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6477.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6477.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6384.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6384.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6384.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6321.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6321.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6321.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6304.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6304.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6304.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6257.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6257.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6257.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6285.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6285.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6285.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6339.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6339.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6339.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6275.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6275.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6275.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6228.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6228.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6228.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6507.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6507.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6507.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6389.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6389.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6389.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6265.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6265.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6265.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6353.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6353.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6353.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6267.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6267.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6267.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: 6515.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: 6515.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: 6515.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORYMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6224, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6226, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6227, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6228, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6257, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6259, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6262, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6265, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6267, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6275, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6278, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6282, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6285, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6288, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6294, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6296, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6299, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6302, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6304, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6311, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6314, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6316, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6319, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6321, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6328, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6331, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6333, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6336, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6339, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6345, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6348, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6351, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6353, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6357, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6365, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6368, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6370, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6373, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6375, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6384, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6387, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6389, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6393, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6395, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6401, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6404, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6407, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6409, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6412, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6418, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6421, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6423, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6426, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6429, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6435, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6438, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6440, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6443, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6446, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6455, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6458, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6460, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: Process Memory Space: Di1p3oLnDb.elf PID: 6463, type: MEMORYSTRMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/kihierzlde, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/kihierzlde, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/kihierzlde, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/xmnjiktnas, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/xmnjiktnas, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/xmnjiktnas, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/uvilsmwwhk, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/uvilsmwwhk, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/uvilsmwwhk, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/lib/libudev.so, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/lib/libudev.so, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/lib/libudev.so, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/koygrrjkon, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/koygrrjkon, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/koygrrjkon, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/hszflciagy, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/hszflciagy, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/hszflciagy, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/qhknhggmjf, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/qhknhggmjf, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/qhknhggmjf, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/ilrbozcctp, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/ilrbozcctp, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/ilrbozcctp, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/cbsypxwvhg, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/cbsypxwvhg, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/dvisuvnfsi, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/dvisuvnfsi, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/dvisuvnfsi, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/dwfhzeeizt, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/dwfhzeeizt, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/dwfhzeeizt, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/gwqnqvffue, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/gwqnqvffue, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/gwqnqvffue, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/ltaanxttrs, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/ltaanxttrs, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/ltaanxttrs, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/bvyxmkkmbp, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/thgxtutpuw, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/bvyxmkkmbp, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/bvyxmkkmbp, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/thgxtutpuw, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/thgxtutpuw, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: /usr/bin/zzdslzxygn, type: DROPPEDMatched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
            Source: /usr/bin/zzdslzxygn, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
            Source: /usr/bin/zzdslzxygn, type: DROPPEDMatched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
            Source: ELF static info symbol of initial sample.symtab present: no
            Source: classification engineClassification label: mal100.troj.evad.linELF@0/21@5/0
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)/run/gcc.pid: qxswbkrhglbryhoajlnppmfyfcglitiaJump to behavior

            Persistence and Installation Behavior

            barindex
            Sample tries to persist itself using System V runlevels
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/rc1.d/S90Di1p3oLnDb.elf -> /etc/init.d/Di1p3oLnDb.elfJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/rc2.d/S90Di1p3oLnDb.elf -> /etc/init.d/Di1p3oLnDb.elfJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/rc3.d/S90Di1p3oLnDb.elf -> /etc/init.d/Di1p3oLnDb.elfJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/rc4.d/S90Di1p3oLnDb.elf -> /etc/init.d/Di1p3oLnDb.elfJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/rc5.d/S90Di1p3oLnDb.elf -> /etc/init.d/Di1p3oLnDb.elfJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/rc.d/rc1.d/S90Di1p3oLnDb.elf -> /etc/init.d/Di1p3oLnDb.elfJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/rc.d/rc2.d/S90Di1p3oLnDb.elf -> /etc/init.d/Di1p3oLnDb.elfJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/rc.d/rc3.d/S90Di1p3oLnDb.elf -> /etc/init.d/Di1p3oLnDb.elfJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/rc.d/rc4.d/S90Di1p3oLnDb.elf -> /etc/init.d/Di1p3oLnDb.elfJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/rc.d/rc5.d/S90Di1p3oLnDb.elf -> /etc/init.d/Di1p3oLnDb.elfJump to behavior
            Sample tries to persist itself using cron
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/cron.hourly/gcc.shJump to behavior
            Source: /bin/sh (PID: 6230)File: /etc/crontabJump to behavior
            Source: /bin/sed (PID: 6231)File: /etc/crontabJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/lib/libudev.soJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/qhknhggmjfJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/ltaanxttrsJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/kihierzldeJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/thgxtutpuwJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/dwfhzeeiztJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/xmnjiktnasJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/bvyxmkkmbpJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/hszflciagyJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/dvisuvnfsiJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/zzdslzxygnJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/koygrrjkonJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/uvilsmwwhkJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/ilrbozcctpJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/gwqnqvffueJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File written: /usr/bin/cbsypxwvhgJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)Shell script file created: /etc/cron.hourly/gcc.shJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)Reads from proc file: /proc/statJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)Reads from proc file: /proc/meminfoJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)Reads from proc file: /proc/cpuinfoJump to behavior
            Source: /sbin/update-rc.d (PID: 6235)Systemctl executable: /bin/systemctl -> systemctl daemon-reloadJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6230)Shell command executed: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"Jump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)Writes shell script file to disk with an unusual file extension: /etc/init.d/Di1p3oLnDb.elfJump to dropped file

            Hooking and other Techniques for Hiding and Protection

            barindex
            Drops files in suspicious directories
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /etc/init.d/Di1p3oLnDb.elfJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/qhknhggmjfJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/ltaanxttrsJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/kihierzldeJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/thgxtutpuwJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/dwfhzeeiztJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/xmnjiktnasJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/bvyxmkkmbpJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/hszflciagyJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/dvisuvnfsiJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/zzdslzxygnJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/koygrrjkonJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/uvilsmwwhkJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/ilrbozcctpJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/gwqnqvffueJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/cbsypxwvhgJump to dropped file
            Sample deletes itself
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/qhknhggmjfJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/ltaanxttrsJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/kihierzldeJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/thgxtutpuwJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/dwfhzeeiztJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/xmnjiktnasJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/bvyxmkkmbpJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/hszflciagyJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/dvisuvnfsiJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/zzdslzxygnJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/koygrrjkonJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/uvilsmwwhkJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/ilrbozcctpJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/gwqnqvffueJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/cbsypxwvhgJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/qozdbjhhphJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/bcnljelvvjJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/txgakcdvthJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/kiykrkkimtJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/siupwowznpJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)File: /usr/bin/urppslzpniJump to behavior
            Source: /usr/bin/qhknhggmjf (PID: 6261)File: /usr/bin/qhknhggmjfJump to behavior
            Source: /usr/bin/qhknhggmjf (PID: 6264)File: /usr/bin/qhknhggmjfJump to behavior
            Source: /usr/bin/qhknhggmjf (PID: 6268)File: /usr/bin/qhknhggmjfJump to behavior
            Source: /usr/bin/qhknhggmjf (PID: 6270)File: /usr/bin/qhknhggmjfJump to behavior
            Source: /usr/bin/qhknhggmjf (PID: 6273)File: /usr/bin/qhknhggmjfJump to behavior
            Source: /usr/bin/ltaanxttrs (PID: 6277)File: /usr/bin/ltaanxttrsJump to behavior
            Source: /usr/bin/ltaanxttrs (PID: 6284)File: /usr/bin/ltaanxttrsJump to behavior
            Source: /usr/bin/ltaanxttrs (PID: 6287)File: /usr/bin/ltaanxttrsJump to behavior
            Source: /usr/bin/ltaanxttrs (PID: 6290)File: /usr/bin/ltaanxttrsJump to behavior
            Source: /usr/bin/ltaanxttrs (PID: 6291)File: /usr/bin/ltaanxttrsJump to behavior
            Source: /usr/bin/kihierzlde (PID: 6297)File: /usr/bin/kihierzldeJump to behavior
            Source: /usr/bin/kihierzlde (PID: 6301)File: /usr/bin/kihierzldeJump to behavior
            Source: /usr/bin/kihierzlde (PID: 6306)File: /usr/bin/kihierzldeJump to behavior
            Source: /usr/bin/kihierzlde (PID: 6307)File: /usr/bin/kihierzldeJump to behavior
            Source: /usr/bin/kihierzlde (PID: 6308)File: /usr/bin/kihierzldeJump to behavior
            Source: /usr/bin/thgxtutpuw (PID: 6313)File: /usr/bin/thgxtutpuwJump to behavior
            Source: /usr/bin/thgxtutpuw (PID: 6318)File: /usr/bin/thgxtutpuwJump to behavior
            Source: /usr/bin/thgxtutpuw (PID: 6324)File: /usr/bin/thgxtutpuwJump to behavior
            Source: /usr/bin/thgxtutpuw (PID: 6323)File: /usr/bin/thgxtutpuwJump to behavior
            Source: /usr/bin/thgxtutpuw (PID: 6325)File: /usr/bin/thgxtutpuwJump to behavior
            Source: /usr/bin/dwfhzeeizt (PID: 6330)File: /usr/bin/dwfhzeeiztJump to behavior
            Source: /usr/bin/dwfhzeeizt (PID: 6335)File: /usr/bin/dwfhzeeiztJump to behavior
            Source: /usr/bin/dwfhzeeizt (PID: 6338)File: /usr/bin/dwfhzeeiztJump to behavior
            Source: /usr/bin/dwfhzeeizt (PID: 6341)File: /usr/bin/dwfhzeeiztJump to behavior
            Source: /usr/bin/dwfhzeeizt (PID: 6342)File: /usr/bin/dwfhzeeiztJump to behavior
            Source: /usr/bin/xmnjiktnas (PID: 6347)File: /usr/bin/xmnjiktnasJump to behavior
            Source: /usr/bin/xmnjiktnas (PID: 6350)File: /usr/bin/xmnjiktnasJump to behavior
            Source: /usr/bin/xmnjiktnas (PID: 6358)File: /usr/bin/xmnjiktnasJump to behavior
            Source: /usr/bin/xmnjiktnas (PID: 6361)File: /usr/bin/xmnjiktnasJump to behavior
            Source: /usr/bin/xmnjiktnas (PID: 6360)File: /usr/bin/xmnjiktnasJump to behavior
            Source: /usr/bin/bvyxmkkmbp (PID: 6367)File: /usr/bin/bvyxmkkmbpJump to behavior
            Source: /usr/bin/bvyxmkkmbp (PID: 6371)File: /usr/bin/bvyxmkkmbpJump to behavior
            Source: /usr/bin/bvyxmkkmbp (PID: 6377)File: /usr/bin/bvyxmkkmbpJump to behavior
            Source: /usr/bin/bvyxmkkmbp (PID: 6378)File: /usr/bin/bvyxmkkmbpJump to behavior
            Source: /usr/bin/bvyxmkkmbp (PID: 6379)File: /usr/bin/bvyxmkkmbpJump to behavior
            Source: /usr/bin/hszflciagy (PID: 6386)File: /usr/bin/hszflciagyJump to behavior
            Source: /usr/bin/hszflciagy (PID: 6391)File: /usr/bin/hszflciagyJump to behavior
            Source: /usr/bin/hszflciagy (PID: 6392)File: /usr/bin/hszflciagyJump to behavior
            Source: /usr/bin/hszflciagy (PID: 6397)File: /usr/bin/hszflciagyJump to behavior
            Source: /usr/bin/hszflciagy (PID: 6398)File: /usr/bin/hszflciagyJump to behavior
            Source: /usr/bin/dvisuvnfsi (PID: 6403)File: /usr/bin/dvisuvnfsiJump to behavior
            Source: /usr/bin/dvisuvnfsi (PID: 6406)File: /usr/bin/dvisuvnfsiJump to behavior
            Source: /usr/bin/dvisuvnfsi (PID: 6411)File: /usr/bin/dvisuvnfsiJump to behavior
            Source: /usr/bin/dvisuvnfsi (PID: 6414)File: /usr/bin/dvisuvnfsiJump to behavior
            Source: /usr/bin/dvisuvnfsi (PID: 6415)File: /usr/bin/dvisuvnfsiJump to behavior
            Source: /usr/bin/zzdslzxygn (PID: 6420)File: /usr/bin/zzdslzxygnJump to behavior
            Source: /usr/bin/zzdslzxygn (PID: 6425)File: /usr/bin/zzdslzxygnJump to behavior
            Source: /usr/bin/zzdslzxygn (PID: 6428)File: /usr/bin/zzdslzxygnJump to behavior
            Source: /usr/bin/zzdslzxygn (PID: 6431)File: /usr/bin/zzdslzxygnJump to behavior
            Source: /usr/bin/zzdslzxygn (PID: 6432)File: /usr/bin/zzdslzxygnJump to behavior
            Source: /usr/bin/koygrrjkon (PID: 6437)File: /usr/bin/koygrrjkonJump to behavior
            Source: /usr/bin/koygrrjkon (PID: 6441)File: /usr/bin/koygrrjkonJump to behavior
            Source: /usr/bin/koygrrjkon (PID: 6445)File: /usr/bin/koygrrjkonJump to behavior
            Source: /usr/bin/koygrrjkon (PID: 6448)File: /usr/bin/koygrrjkonJump to behavior
            Source: /usr/bin/koygrrjkon (PID: 6451)File: /usr/bin/koygrrjkonJump to behavior
            Source: /usr/bin/uvilsmwwhk (PID: 6457)File: /usr/bin/uvilsmwwhkJump to behavior
            Source: /usr/bin/uvilsmwwhk (PID: 6461)File: /usr/bin/uvilsmwwhkJump to behavior
            Source: /usr/bin/uvilsmwwhk (PID: 6467)File: /usr/bin/uvilsmwwhkJump to behavior
            Source: /usr/bin/uvilsmwwhk (PID: 6469)File: /usr/bin/uvilsmwwhkJump to behavior
            Source: /usr/bin/uvilsmwwhk (PID: 6468)File: /usr/bin/uvilsmwwhkJump to behavior
            Source: /usr/bin/ilrbozcctp (PID: 6474)File: /usr/bin/ilrbozcctpJump to behavior
            Source: /usr/bin/ilrbozcctp (PID: 6479)File: /usr/bin/ilrbozcctpJump to behavior
            Source: /usr/bin/ilrbozcctp (PID: 6482)File: /usr/bin/ilrbozcctpJump to behavior
            Source: /usr/bin/ilrbozcctp (PID: 6485)File: /usr/bin/ilrbozcctpJump to behavior
            Source: /usr/bin/ilrbozcctp (PID: 6486)File: /usr/bin/ilrbozcctpJump to behavior
            Source: /usr/bin/gwqnqvffue (PID: 6491)File: /usr/bin/gwqnqvffueJump to behavior
            Source: /usr/bin/gwqnqvffue (PID: 6496)File: /usr/bin/gwqnqvffueJump to behavior
            Source: /usr/bin/gwqnqvffue (PID: 6500)File: /usr/bin/gwqnqvffueJump to behavior
            Source: /usr/bin/gwqnqvffue (PID: 6503)File: /usr/bin/gwqnqvffueJump to behavior
            Source: /usr/bin/gwqnqvffue (PID: 6502)File: /usr/bin/gwqnqvffueJump to behavior
            Source: /usr/bin/cbsypxwvhg (PID: 6509)File: /usr/bin/cbsypxwvhgJump to behavior
            Source: /usr/bin/cbsypxwvhg (PID: 6513)File: /usr/bin/cbsypxwvhgJump to behavior
            Source: /usr/bin/cbsypxwvhg (PID: 6517)File: /usr/bin/cbsypxwvhgJump to behavior
            Source: /usr/bin/cbsypxwvhg (PID: 6520)File: /usr/bin/cbsypxwvhgJump to behavior
            Source: /usr/bin/cbsypxwvhg (PID: 6521)File: /usr/bin/cbsypxwvhgJump to behavior
            Source: /usr/bin/qozdbjhhph (PID: 6526)File: /usr/bin/qozdbjhhphJump to behavior
            Source: /usr/bin/qozdbjhhph (PID: 6530)File: /usr/bin/qozdbjhhphJump to behavior
            Source: /usr/bin/qozdbjhhph (PID: 6534)File: /usr/bin/qozdbjhhphJump to behavior
            Source: /usr/bin/qozdbjhhph (PID: 6535)File: /usr/bin/qozdbjhhphJump to behavior
            Source: /usr/bin/qozdbjhhph (PID: 6538)File: /usr/bin/qozdbjhhphJump to behavior
            Source: /usr/bin/bcnljelvvj (PID: 6544)File: /usr/bin/bcnljelvvjJump to behavior
            Source: /usr/bin/bcnljelvvj (PID: 6549)File: /usr/bin/bcnljelvvjJump to behavior
            Source: /usr/bin/bcnljelvvj (PID: 6556)File: /usr/bin/bcnljelvvjJump to behavior
            Source: /usr/bin/bcnljelvvj (PID: 6557)File: /usr/bin/bcnljelvvjJump to behavior
            Source: /usr/bin/bcnljelvvj (PID: 6558)File: /usr/bin/bcnljelvvjJump to behavior
            Source: /usr/bin/txgakcdvth (PID: 6569)File: /usr/bin/txgakcdvthJump to behavior
            Source: /usr/bin/txgakcdvth (PID: 6573)File: /usr/bin/txgakcdvthJump to behavior
            Source: /usr/bin/txgakcdvth (PID: 6575)File: /usr/bin/txgakcdvthJump to behavior
            Source: /usr/bin/txgakcdvth (PID: 6576)File: /usr/bin/txgakcdvthJump to behavior
            Source: /usr/bin/txgakcdvth (PID: 6577)File: /usr/bin/txgakcdvthJump to behavior
            Source: /usr/bin/kiykrkkimt (PID: 6586)File: /usr/bin/kiykrkkimtJump to behavior
            Source: /usr/bin/kiykrkkimt (PID: 6589)File: /usr/bin/kiykrkkimtJump to behavior
            Source: /usr/bin/kiykrkkimt (PID: 6591)File: /usr/bin/kiykrkkimtJump to behavior
            Source: /usr/bin/kiykrkkimt (PID: 6593)File: /usr/bin/kiykrkkimtJump to behavior
            Source: /usr/bin/kiykrkkimt (PID: 6594)File: /usr/bin/kiykrkkimtJump to behavior
            Source: /usr/bin/siupwowznp (PID: 6603)File: /usr/bin/siupwowznpJump to behavior
            Source: /usr/bin/siupwowznp (PID: 6607)File: /usr/bin/siupwowznpJump to behavior
            Source: /usr/bin/siupwowznp (PID: 6609)File: /usr/bin/siupwowznpJump to behavior
            Source: /usr/bin/siupwowznp (PID: 6610)File: /usr/bin/siupwowznpJump to behavior
            Source: /usr/bin/siupwowznp (PID: 6611)File: /usr/bin/siupwowznpJump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)Path: /etc/cron.hourly/gcc.shJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)Path: /run/gcc.pidJump to dropped file
            Source: /tmp/Di1p3oLnDb.elf (PID: 6224)Queries kernel information via 'uname': Jump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/qhknhggmjf (PID: 6258)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/qhknhggmjf (PID: 6260)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/qhknhggmjf (PID: 6263)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/qhknhggmjf (PID: 6266)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/qhknhggmjf (PID: 6269)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/ltaanxttrs (PID: 6276)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/ltaanxttrs (PID: 6279)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/ltaanxttrs (PID: 6283)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/ltaanxttrs (PID: 6286)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/ltaanxttrs (PID: 6289)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/kihierzlde (PID: 6295)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/kihierzlde (PID: 6298)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/kihierzlde (PID: 6300)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/kihierzlde (PID: 6303)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/kihierzlde (PID: 6305)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/thgxtutpuw (PID: 6312)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/thgxtutpuw (PID: 6315)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/thgxtutpuw (PID: 6317)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/thgxtutpuw (PID: 6320)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/thgxtutpuw (PID: 6322)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/dwfhzeeizt (PID: 6329)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/dwfhzeeizt (PID: 6332)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/dwfhzeeizt (PID: 6334)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/dwfhzeeizt (PID: 6337)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/dwfhzeeizt (PID: 6340)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/xmnjiktnas (PID: 6346)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/xmnjiktnas (PID: 6349)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/xmnjiktnas (PID: 6352)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/xmnjiktnas (PID: 6354)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/xmnjiktnas (PID: 6359)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/bvyxmkkmbp (PID: 6366)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/bvyxmkkmbp (PID: 6369)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/bvyxmkkmbp (PID: 6372)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/bvyxmkkmbp (PID: 6374)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/bvyxmkkmbp (PID: 6376)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/hszflciagy (PID: 6385)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/hszflciagy (PID: 6388)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/hszflciagy (PID: 6390)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/hszflciagy (PID: 6394)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/hszflciagy (PID: 6396)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/dvisuvnfsi (PID: 6402)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/dvisuvnfsi (PID: 6405)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/dvisuvnfsi (PID: 6408)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/dvisuvnfsi (PID: 6410)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/dvisuvnfsi (PID: 6413)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/zzdslzxygn (PID: 6419)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/zzdslzxygn (PID: 6422)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/zzdslzxygn (PID: 6424)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/zzdslzxygn (PID: 6427)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/zzdslzxygn (PID: 6430)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/koygrrjkon (PID: 6436)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/koygrrjkon (PID: 6439)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/koygrrjkon (PID: 6442)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/koygrrjkon (PID: 6444)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/koygrrjkon (PID: 6447)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/uvilsmwwhk (PID: 6456)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/uvilsmwwhk (PID: 6459)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/uvilsmwwhk (PID: 6462)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/uvilsmwwhk (PID: 6464)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/uvilsmwwhk (PID: 6466)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/ilrbozcctp (PID: 6473)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/ilrbozcctp (PID: 6476)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/ilrbozcctp (PID: 6478)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/ilrbozcctp (PID: 6481)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/ilrbozcctp (PID: 6484)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gwqnqvffue (PID: 6490)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gwqnqvffue (PID: 6493)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gwqnqvffue (PID: 6495)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gwqnqvffue (PID: 6498)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/gwqnqvffue (PID: 6501)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/cbsypxwvhg (PID: 6508)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/cbsypxwvhg (PID: 6511)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/cbsypxwvhg (PID: 6514)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/cbsypxwvhg (PID: 6516)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/cbsypxwvhg (PID: 6519)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/qozdbjhhph (PID: 6525)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/qozdbjhhph (PID: 6528)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/qozdbjhhph (PID: 6531)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/qozdbjhhph (PID: 6533)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/qozdbjhhph (PID: 6537)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/bcnljelvvj (PID: 6543)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/bcnljelvvj (PID: 6548)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/bcnljelvvj (PID: 6551)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/bcnljelvvj (PID: 6553)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/bcnljelvvj (PID: 6555)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/txgakcdvth (PID: 6564)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/txgakcdvth (PID: 6566)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/txgakcdvth (PID: 6568)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/txgakcdvth (PID: 6571)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/txgakcdvth (PID: 6574)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/kiykrkkimt (PID: 6581)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/kiykrkkimt (PID: 6583)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/kiykrkkimt (PID: 6585)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/kiykrkkimt (PID: 6588)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/kiykrkkimt (PID: 6592)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/siupwowznp (PID: 6598)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/siupwowznp (PID: 6600)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/siupwowznp (PID: 6602)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/siupwowznp (PID: 6605)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/siupwowznp (PID: 6608)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/urppslzpni (PID: 6615)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/urppslzpni (PID: 6617)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/urppslzpni (PID: 6619)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/urppslzpni (PID: 6622)Queries kernel information via 'uname': Jump to behavior
            Source: /usr/bin/urppslzpni (PID: 6625)Queries kernel information via 'uname': Jump to behavior
            Source: /tmp/Di1p3oLnDb.elf (PID: 6225)Reads CPU info from proc file: /proc/cpuinfoJump to behavior

            Remote Access Functionality

            barindex
            Yara detected XorDDoS Bot
            Source: Yara matchFile source: Di1p3oLnDb.elf, type: SAMPLE
            Source: Yara matchFile source: 6465.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6311.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6418.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6499.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6429.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6550.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6458.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6278.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6373.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6262.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6426.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6348.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6518.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6331.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6282.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6294.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6336.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6319.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6475.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6524.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6393.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6314.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6527.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6440.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6409.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6460.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6299.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6395.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6443.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6529.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6542.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6328.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6480.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6345.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6387.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6365.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6226.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6438.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6421.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6472.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6547.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6351.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6483.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6497.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6489.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6532.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6494.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6375.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6370.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6296.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6259.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6224.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6536.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6227.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6510.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6288.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6492.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6404.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6512.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6407.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6477.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6384.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6321.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6304.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6257.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6435.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6285.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6463.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6455.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6339.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6275.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6228.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6333.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6507.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6389.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6316.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6265.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6446.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6353.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6267.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: 6515.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6224, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6226, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6227, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6228, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6257, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6259, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6262, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6265, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6267, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6275, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6278, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6282, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6285, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6288, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6294, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6296, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6299, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6302, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6304, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6311, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6314, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6316, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6319, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6321, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6328, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6331, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6333, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6336, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6339, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6345, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6348, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6351, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6353, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6357, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6365, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6368, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6370, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6373, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6375, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6384, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6387, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6389, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6393, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6395, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6401, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6404, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6407, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6409, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6412, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6418, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6421, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6423, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6426, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6429, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6435, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6438, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6440, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6443, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6446, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6455, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6458, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6460, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: Di1p3oLnDb.elf PID: 6463, type: MEMORYSTR
            Source: Yara matchFile source: /usr/bin/kihierzlde, type: DROPPED
            Source: Yara matchFile source: /usr/bin/xmnjiktnas, type: DROPPED
            Source: Yara matchFile source: /usr/bin/uvilsmwwhk, type: DROPPED
            Source: Yara matchFile source: /usr/lib/libudev.so, type: DROPPED
            Source: Yara matchFile source: /usr/bin/koygrrjkon, type: DROPPED
            Source: Yara matchFile source: /usr/bin/hszflciagy, type: DROPPED
            Source: Yara matchFile source: /usr/bin/qhknhggmjf, type: DROPPED
            Source: Yara matchFile source: /usr/bin/ilrbozcctp, type: DROPPED
            Source: Yara matchFile source: /usr/bin/cbsypxwvhg, type: DROPPED
            Source: Yara matchFile source: /usr/bin/dvisuvnfsi, type: DROPPED
            Source: Yara matchFile source: /usr/bin/dwfhzeeizt, type: DROPPED
            Source: Yara matchFile source: /usr/bin/gwqnqvffue, type: DROPPED
            Source: Yara matchFile source: /usr/bin/ltaanxttrs, type: DROPPED
            Source: Yara matchFile source: /usr/bin/bvyxmkkmbp, type: DROPPED
            Source: Yara matchFile source: /usr/bin/thgxtutpuw, type: DROPPED
            Source: Yara matchFile source: /usr/bin/zzdslzxygn, type: DROPPED

            Mitre Att&ck Matrix

            Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
            Valid Accounts2
            Scripting            		1
            Systemd Service            		1
            Systemd Service            		11
            Masquerading            		OS Credential Dumping1
            Security Software Discovery            		Remote ServicesData from Local SystemExfiltration Over Other Network Medium1
            Encrypted Channel            		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
            Default Accounts2
            At (Linux)            		2
            At (Linux)            		2
            At (Linux)            		2
            Scripting            		LSASS Memory2
            System Information Discovery            		Remote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth1
            Non-Standard Port            		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
            Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
            File Deletion            		Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration1
            Non-Application Layer Protocol            		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
            Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer2
            Application Layer Protocol            		SIM Card SwapCarrier Billing Fraud

            Malware Configuration

            No configs have been found

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Number of created Files
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 716619 Sample: Di1p3oLnDb.elf Startdate: 05/10/2022 Architecture: LINUX Score: 100 72 ppp.gggatat456.com 79.137.1.133, 1523, 39162 OVHFR France 2->72 74 aa.hostasa.org 2->74 76 3 other IPs or domains 2->76 78 Snort IDS alert for network traffic 2->78 80 Malicious sample detected (through community Yara rule) 2->80 82 Antivirus detection for dropped file 2->82 84 5 other signatures 2->84 10 Di1p3oLnDb.elf 2->10         started        12 systemd snapd-env-generator 2->12         started        signatures3 process4 process5 14 Di1p3oLnDb.elf 10->14         started        file6 64 /usr/lib/libudev.so, ELF 14->64 dropped 66 /usr/bin/zzdslzxygn, ELF 14->66 dropped 68 /usr/bin/xmnjiktnas, ELF 14->68 dropped 70 15 other malicious files 14->70 dropped 92 Drops files in suspicious directories 14->92 94 Sample deletes itself 14->94 96 Sample tries to persist itself using cron 14->96 98 Sample tries to persist itself using System V runlevels 14->98 18 Di1p3oLnDb.elf sh 14->18         started        22 Di1p3oLnDb.elf 14->22         started        24 Di1p3oLnDb.elf 14->24         started        26 105 other processes 14->26 signatures7 process8 file9 62 /etc/crontab, ASCII 18->62 dropped 86 Sample tries to persist itself using cron 18->86 28 sh sed 18->28         started        31 Di1p3oLnDb.elf qhknhggmjf 22->31         started        33 Di1p3oLnDb.elf qhknhggmjf 24->33         started        35 Di1p3oLnDb.elf qhknhggmjf 26->35         started        37 Di1p3oLnDb.elf qhknhggmjf 26->37         started        39 Di1p3oLnDb.elf qhknhggmjf 26->39         started        41 102 other processes 26->41 signatures10 process11 signatures12 90 Sample tries to persist itself using cron 28->90 43 qhknhggmjf 31->43         started        46 qhknhggmjf 33->46         started        48 qhknhggmjf 35->48         started        50 qhknhggmjf 37->50         started        52 qhknhggmjf 39->52         started        54 ltaanxttrs 41->54         started        56 ltaanxttrs 41->56         started        58 ltaanxttrs 41->58         started        60 98 other processes 41->60 process13 signatures14 88 Sample deletes itself 43->88

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            Di1p3oLnDb.elf76%ReversingLabsLinux.Network.XorDDoS
            Di1p3oLnDb.elf65%VirustotalBrowse
            Di1p3oLnDb.elf61%MetadefenderBrowse
            Di1p3oLnDb.elf100%AviraLINUX/Xorddos.dkabc
            Di1p3oLnDb.elf100%Joe Sandbox ML

            Dropped Files

            SourceDetectionScannerLabelLink
            /usr/bin/cbsypxwvhg100%AviraLINUX/Xorddos.vcwea
            /usr/lib/libudev.so100%AviraLINUX/Xorddos.dkabc
            /usr/bin/thgxtutpuw100%Joe Sandbox ML
            /usr/bin/cbsypxwvhg100%Joe Sandbox ML
            /usr/bin/xmnjiktnas100%Joe Sandbox ML
            /usr/bin/qhknhggmjf100%Joe Sandbox ML
            /usr/bin/koygrrjkon100%Joe Sandbox ML
            /usr/bin/zzdslzxygn100%Joe Sandbox ML
            /usr/bin/uvilsmwwhk100%Joe Sandbox ML
            /usr/bin/bvyxmkkmbp100%Joe Sandbox ML
            /usr/bin/ltaanxttrs100%Joe Sandbox ML
            /usr/bin/dwfhzeeizt100%Joe Sandbox ML
            /usr/bin/gwqnqvffue100%Joe Sandbox ML
            /usr/bin/dvisuvnfsi100%Joe Sandbox ML
            /usr/lib/libudev.so100%Joe Sandbox ML
            /usr/bin/hszflciagy100%Joe Sandbox ML
            /usr/bin/ilrbozcctp100%Joe Sandbox ML
            /usr/bin/kihierzlde100%Joe Sandbox ML
            /etc/cron.hourly/gcc.sh28%ReversingLabsLinux.Trojan.XorDDoS
            /etc/cron.hourly/gcc.sh0%MetadefenderBrowse
            /usr/bin/cbsypxwvhg46%ReversingLabsLinux.Network.Xor
            /usr/lib/libudev.so76%ReversingLabsLinux.Network.XorDDoS
            /usr/lib/libudev.so61%MetadefenderBrowse

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://aa.hostasa.org/config.rartat456.com:1523100%Avira URL Cloudmalware
            http://aa.hostasa.org/config.rar100%Avira URL Cloudmalware

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            ppp.gggatat456.com
            		79.137.1.133
            		truetrue
              		unknown
              aa.hostasa.org
              		unknown
              		unknowntrue
                		unknown

                URLs from Memory and Binaries

                NameSourceMaliciousAntivirus DetectionReputation
                http://www.gnu.org/software/libc/bugs.htmlDi1p3oLnDb.elf, thgxtutpuw.11.dr, xmnjiktnas.11.dr, qhknhggmjf.11.dr, koygrrjkon.11.dr, zzdslzxygn.11.dr, uvilsmwwhk.11.dr, bvyxmkkmbp.11.dr, ltaanxttrs.11.dr, dwfhzeeizt.11.dr, gwqnqvffue.11.dr, dvisuvnfsi.11.dr, libudev.so.11.dr, hszflciagy.11.dr, ilrbozcctp.11.dr, kihierzlde.11.drfalse
                  		high
                  http://aa.hostasa.org/config.rarDi1p3oLnDb.elf, 6224.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6226.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6227.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6228.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6257.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6259.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6262.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6265.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6267.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6275.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6278.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6282.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6285.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6288.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6294.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6296.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6299.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6302.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6304.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6311.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6314.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown
                  http://aa.hostasa.org/config.rartat456.com:1523Di1p3oLnDb.elf, 6224.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6226.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6227.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6228.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6257.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6259.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6262.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6265.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6267.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6275.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6278.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6282.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6285.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6288.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6294.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6296.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6299.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6302.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6304.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6311.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmp, Di1p3oLnDb.elf, 6314.1.00000000ff9ae000.00000000ff9cf000.rw-.sdmpfalse
                  • Avira URL Cloud: malware
                  		unknown

                  World Map of Contacted IPs

                  • No. of IPs < 25%
                  • 25% < No. of IPs < 50%
                  • 50% < No. of IPs < 75%
                  • 75% < No. of IPs

                  Public IPs

                  IPDomainCountryFlagASNASN NameMalicious
                  79.137.1.133
                  		ppp.gggatat456.comFrance
                  		16276OVHFRtrue
                  109.202.202.202
                  		unknownSwitzerland
                  		13030INIT7CHfalse
                  91.189.91.43
                  		unknownUnited Kingdom
                  		41231CANONICAL-ASGBfalse
                  91.189.91.42
                  		unknownUnited Kingdom
                  		41231CANONICAL-ASGBfalse

                  Joe Sandbox View / Context

                  IPs

                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                  109.202.202.202UB7qm0UAlo.elfGet hashmaliciousBrowse
                    VPTd0SSLBF.elfGet hashmaliciousBrowse
                      ijev08e8Zl.elfGet hashmaliciousBrowse
                        mjhnmvd9pD.elfGet hashmaliciousBrowse
                          TtakDaRaOK.elfGet hashmaliciousBrowse
                            iz6Ue364Ew.elfGet hashmaliciousBrowse
                              M3AlQ4qnD1.elfGet hashmaliciousBrowse
                                yhLIv1JXjE.elfGet hashmaliciousBrowse
                                  8CGsiHf6DR.elfGet hashmaliciousBrowse
                                    SecuriteInfo.com.Linux.Mirai.3982.5725.7823.elfGet hashmaliciousBrowse
                                      4Yqjr4tC9n.elfGet hashmaliciousBrowse
                                        sc8muOd7mo.elfGet hashmaliciousBrowse
                                          x86.elfGet hashmaliciousBrowse
                                            cKZac59X2j.elfGet hashmaliciousBrowse
                                              1CJjWJsHDl.elfGet hashmaliciousBrowse
                                                eo1u445yTK.elfGet hashmaliciousBrowse
                                                  ppLV4FVVqY.elfGet hashmaliciousBrowse
                                                    yshu93ItWh.elfGet hashmaliciousBrowse
                                                      hDSjcaupwB.elfGet hashmaliciousBrowse
                                                        829Gc0aLcJ.elfGet hashmaliciousBrowse

                                                          Domains

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          ppp.gggatat456.comxor1.oGet hashmaliciousBrowse
                                                          • 176.31.91.137
                                                          0Xorddos.oGet hashmaliciousBrowse
                                                          • 54.36.145.106
                                                          XZFWLZVF1ZGet hashmaliciousBrowse
                                                          • 54.36.15.99
                                                          CD2uXlYGfaGet hashmaliciousBrowse
                                                          • 51.68.183.111
                                                          7ZDbt9EUgmGet hashmaliciousBrowse
                                                          • 51.89.70.85
                                                          ygljglkjgfg0Get hashmaliciousBrowse
                                                          • 51.89.52.13
                                                          2wyzX8yBdRGet hashmaliciousBrowse
                                                          • 51.38.200.187

                                                          ASNs

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          OVHFRfile.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          DOCUMENTO DE RECEPCI#U00d3N AWB DHL57804239,pdf (2).exeGet hashmaliciousBrowse
                                                          • 5.196.141.86
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          Bestellbeleg _ TCW23955 _.exeGet hashmaliciousBrowse
                                                          • 5.196.141.86
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          Y59aRd28QW.exeGet hashmaliciousBrowse
                                                          • 51.89.96.41
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          https://l.facebook.com/l.php?u=http%3A%2F%2Fonlinestreamer24.com%2Fweapons-tour-of-meanjin%2F&h=AT03hesXA6I8i9r4SxtPrB930yoM3rTN7f9UIm9F8awnVt6H-uYq1p7XoNVRkEuLX03PeIKUipAqWKVv9ffO3dn95nzc3dkeY5cR7aY_fX59WOJQ3nf49j2Zqm94sbh-dIGvELhVN5D7kT67EY25&__tn__=R%5D-R&c%5B0%5D=AT3IPcBJQZQs3ir-5xvJwHUQRSjwafgFBswPir0uE4NWSintSjf-6HEZdHZLDC3uCd-rX4P9K8xIihnOo96anJcy5dXY9zkOONZJhscStr6JETeHf9RK27YVyvCOva5Hr10qQnfZj5Cjde73C_oEz1GVRFiiDjjgslRpKdiVv9nIni9zDO6Kqmd0TMSqekBHIjnmkxsKkk_wGzO_aF_FigWzqaLJdYaEWvDItjuhpRlDQEevGet hashmaliciousBrowse
                                                          • 46.105.201.240
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          dhl awb 3452778287 shipping delivery notification,pdf.exeGet hashmaliciousBrowse
                                                          • 5.196.141.86
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          Supplier_quality_agreements_fda (xyr).jsGet hashmaliciousBrowse
                                                          • 188.165.196.209
                                                          BatRyF58ou.exeGet hashmaliciousBrowse
                                                          • 51.83.171.223
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          x86.elfGet hashmaliciousBrowse
                                                          • 51.75.58.248
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          file.exeGet hashmaliciousBrowse
                                                          • 5.135.247.111
                                                          INIT7CHUB7qm0UAlo.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          VPTd0SSLBF.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          ijev08e8Zl.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          mjhnmvd9pD.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          TtakDaRaOK.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          iz6Ue364Ew.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          M3AlQ4qnD1.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          yhLIv1JXjE.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          8CGsiHf6DR.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          SecuriteInfo.com.Linux.Mirai.3982.5725.7823.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          4Yqjr4tC9n.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          sc8muOd7mo.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          x86.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          cKZac59X2j.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          1CJjWJsHDl.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          eo1u445yTK.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          ppLV4FVVqY.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          yshu93ItWh.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          hDSjcaupwB.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202
                                                          829Gc0aLcJ.elfGet hashmaliciousBrowse
                                                          • 109.202.202.202

                                                          JA3 Fingerprints

                                                          No context

                                                          Dropped Files

                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                          /etc/cron.hourly/gcc.shfuck.elfGet hashmaliciousBrowse
                                                            dkuidbsedpGet hashmaliciousBrowse
                                                              libudev.soGet hashmaliciousBrowse
                                                                23.virGet hashmaliciousBrowse
                                                                  23.virGet hashmaliciousBrowse
                                                                    xor1.oGet hashmaliciousBrowse
                                                                      CCCxor.oGet hashmaliciousBrowse
                                                                        2BAFxor.oGet hashmaliciousBrowse
                                                                          task2.binGet hashmaliciousBrowse
                                                                            task2.binGet hashmaliciousBrowse
                                                                              task2.binGet hashmaliciousBrowse
                                                                                0Xorddos.oGet hashmaliciousBrowse
                                                                                  x.oGet hashmaliciousBrowse
                                                                                    23Get hashmaliciousBrowse
                                                                                      23Get hashmaliciousBrowse
                                                                                        XZFWLZVF1ZGet hashmaliciousBrowse
                                                                                          EgrT0zBhDaGet hashmaliciousBrowse
                                                                                            4ljhdTTyiAGet hashmaliciousBrowse
                                                                                              7nJAEBDitlGet hashmaliciousBrowse
                                                                                                ygljglkjgfg0Get hashmaliciousBrowse

                                                                                                  Created / dropped Files

                                                                                                  /etc/cron.hourly/gcc.sh

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:POSIX shell script, ASCII text executable
                                                                                                  Category:dropped
                                                                                                  Size (bytes):228
                                                                                                  Entropy (8bit):4.807897441464882
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
                                                                                                  MD5:3BAB747CEDC5F0EBE86AAA7F982470CD
                                                                                                  SHA1:3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
                                                                                                  SHA-256:74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
                                                                                                  SHA-512:21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
                                                                                                  Malicious:true
                                                                                                  Antivirus:
                                                                                                  • Antivirus: ReversingLabs, Detection: 28%
                                                                                                  • Antivirus: Metadefender, Detection: 0%, Browse
                                                                                                  Joe Sandbox View:
                                                                                                  • Filename: fuck.elf, Detection: malicious, Browse
                                                                                                  • Filename: dkuidbsedp, Detection: malicious, Browse
                                                                                                  • Filename: libudev.so, Detection: malicious, Browse
                                                                                                  • Filename: 23.vir, Detection: malicious, Browse
                                                                                                  • Filename: 23.vir, Detection: malicious, Browse
                                                                                                  • Filename: xor1.o, Detection: malicious, Browse
                                                                                                  • Filename: CCCxor.o, Detection: malicious, Browse
                                                                                                  • Filename: 2BAFxor.o, Detection: malicious, Browse
                                                                                                  • Filename: task2.bin, Detection: malicious, Browse
                                                                                                  • Filename: task2.bin, Detection: malicious, Browse
                                                                                                  • Filename: task2.bin, Detection: malicious, Browse
                                                                                                  • Filename: 0Xorddos.o, Detection: malicious, Browse
                                                                                                  • Filename: x.o, Detection: malicious, Browse
                                                                                                  • Filename: 23, Detection: malicious, Browse
                                                                                                  • Filename: 23, Detection: malicious, Browse
                                                                                                  • Filename: XZFWLZVF1Z, Detection: malicious, Browse
                                                                                                  • Filename: EgrT0zBhDa, Detection: malicious, Browse
                                                                                                  • Filename: 4ljhdTTyiA, Detection: malicious, Browse
                                                                                                  • Filename: 7nJAEBDitl, Detection: malicious, Browse
                                                                                                  • Filename: ygljglkjgfg0, Detection: malicious, Browse
                                                                                                  Reputation:moderate, very likely benign file
                                                                                                  Preview:#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev|grep :|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

                                                                                                  /etc/crontab

                                                                                                  Download File
                                                                                                  Process:/bin/sh
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):41
                                                                                                  Entropy (8bit):3.8484226636198593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
                                                                                                  MD5:636299E19F3BFB8CDA661BC956C1CE7F
                                                                                                  SHA1:2B45273CCBFE139D58FC3554D6943D4338C18E15
                                                                                                  SHA-256:8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
                                                                                                  SHA-512:41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
                                                                                                  Malicious:true
                                                                                                  Reputation:moderate, very likely benign file
                                                                                                  Preview:*/3 * * * * root /etc/cron.hourly/gcc.sh.

                                                                                                  /etc/init.d/Di1p3oLnDb.elf

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:POSIX shell script, ASCII text executable
                                                                                                  Category:dropped
                                                                                                  Size (bytes):335
                                                                                                  Entropy (8bit):5.254076416520593
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:6:hUtoFdU9tVHLsKheJcHjBE21YJvmNeMwhYH11DzRIaVta6MzPVtq4:63t6SjBEMO1+Xzua6zPt
                                                                                                  MD5:393D23714F9525F6D07D01797D5B047D
                                                                                                  SHA1:AB739C5E3771B977DCD799ECC1D9BDD024A86028
                                                                                                  SHA-256:15C7238DF7035329D9334F3F7576C0A73676E335AD603287F86A427F20F8096C
                                                                                                  SHA-512:9B4F25D43EB9E979A8D2A8B01A44EE75F6AF869F4F56C87EB0AAAF09B41E3351E6F203025C01CA5A447CEBFED73299BA871B05491D03778D1B40F7ED4647B412
                                                                                                  Malicious:true
                                                                                                  Reputation:low
                                                                                                  Preview:#!/bin/sh.# chkconfig: 12345 90 90.# description: Di1p3oLnDb.elf.### BEGIN INIT INFO.# Provides:..Di1p3oLnDb.elf.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.Di1p3oLnDb.elf.### END INIT INFO.case $1 in.start)../tmp/Di1p3oLnDb.elf..;;.stop)..;;.*)../tmp/Di1p3oLnDb.elf..;;.esac.

                                                                                                  /memfd:snapd-env-generator (deleted)

                                                                                                  Download File
                                                                                                  Process:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                                  File Type:ASCII text
                                                                                                  Category:dropped
                                                                                                  Size (bytes):76
                                                                                                  Entropy (8bit):3.7627880354948586
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:+M4VMPQnMLmPQ9JEcwwbn:+M4m4MixcZb
                                                                                                  MD5:D86A1F5765F37989EB0EC3837AD13ECC
                                                                                                  SHA1:D749672A734D9DEAFD61DCA501C6929EC431B83E
                                                                                                  SHA-256:85889AB8222C947C58BE565723AE603CC1A0BD2153B6B11E156826A21E6CCD45
                                                                                                  SHA-512:338C4B776FDCC2D05E869AE1F9DB64E6E7ECC4C621AB45E51DD07C73306BACBAD7882BE8D3ACF472CAEB30D4E5367F8793D3E006694184A68F74AC943A4B7C07
                                                                                                  Malicious:false
                                                                                                  Reputation:moderate, very likely benign file
                                                                                                  Preview:PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin.

                                                                                                  /run/gcc.pid

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ASCII text, with no line terminators
                                                                                                  Category:dropped
                                                                                                  Size (bytes):32
                                                                                                  Entropy (8bit):4.288909765557392
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:3:EG2Xb0AAaXRFn:EnXb0AAaX/
                                                                                                  MD5:36A0169048788E37F54170151182E063
                                                                                                  SHA1:D4E5A82B09C423A0774A85C307B0FB97DF389FA3
                                                                                                  SHA-256:5D94BA83BE854A9C2F2AF26A26CF46724A0B1B91DF01670A047F037EA5E992CB
                                                                                                  SHA-512:0DCD2100AB79B82182F88446C4F38E26C44C8F27C72E199A7C56418BF8E3F5DDE66C95461EEF34E1026F36FC090DDAF1724D414ED7D70AA9532FD605B837C304
                                                                                                  Malicious:false
                                                                                                  Reputation:low
                                                                                                  Preview:qxswbkrhglbryhoajlnppmfyfcglitia

                                                                                                  /usr/bin/bvyxmkkmbp

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.19749821201247
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36EojO:/fUywKQ7Fb1pNL/p5ZfjQn36EuO
                                                                                                  MD5:1C69907B9B1EA6970CE38E0262EE82E1
                                                                                                  SHA1:FE1C8DC4B34DD6A811347C266910479A1FDC07E4
                                                                                                  SHA-256:FAD63AE792DA231A5A4117D624B0C3A5E7EE9507D43F28575CC3274B786C29E6
                                                                                                  SHA-512:87B975F32A6AA20FFD5F1ACAD53ECF0AD285BBA971EDE1FB602BE6E9320DF1A12ACC8B78FC3C294BECC68291D8CBAFB5E96B65EA879ABAC4E9BC9415B02DA227
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/bvyxmkkmbp, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/bvyxmkkmbp, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/bvyxmkkmbp, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/bvyxmkkmbp, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/cbsypxwvhg

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, missing section headers at 548576
                                                                                                  Category:dropped
                                                                                                  Size (bytes):438272
                                                                                                  Entropy (8bit):6.352499152117628
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66y2:/fUywKQ7Fb1pNL/p5ZV
                                                                                                  MD5:2FCC3F94F72994F0FFD6ADBF57F6BBC8
                                                                                                  SHA1:88A21ACE0ACF005F48E4FEEEECA3FB654BC34693
                                                                                                  SHA-256:C485480457299DAA2FCDA84840ED5F8E83A66E8CFC3472DA835E181559E36B6B
                                                                                                  SHA-512:E8BD94035807E3CAC8D74E91CC7C5049628D0AF62ABBFE710B72530287996E42087C03F977E7D415ACAC692E030C0479C632CCF9BDFE3417F2D1F1CDD65E6C39
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/cbsypxwvhg, Author: Joe Security
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/cbsypxwvhg, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/cbsypxwvhg, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 46%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/dvisuvnfsi

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.19749466561852
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36Eojo:/fUywKQ7Fb1pNL/p5ZfjQn36Euo
                                                                                                  MD5:34A7F54873746B3448C4E06AF756C541
                                                                                                  SHA1:EF84B993222393F85885B024175A5AC7EC5EBCFC
                                                                                                  SHA-256:CC4FFE8348B178083B1301C7A1CDFE105528B93F408DF9D143A93CC191F9EDED
                                                                                                  SHA-512:07FD83B595DECC1A44DEBB83CC19438FBE6243703EE8C49ED65DFBC4711AAC794F310B6B5F7D751C2C2AABF03B8CD5B81C34080D435F2D7B5F5970F16A9D2F91
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/dvisuvnfsi, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/dvisuvnfsi, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/dvisuvnfsi, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/dvisuvnfsi, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/dwfhzeeizt

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.197495057832178
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36EojO:/fUywKQ7Fb1pNL/p5ZfjQn36EuO
                                                                                                  MD5:2394C32C9BF33731BA0AEA110FFFAAF0
                                                                                                  SHA1:156AD582A11D4BCEAF3F11B50A5A4F8D77BC2D50
                                                                                                  SHA-256:04A557666A8C2DE1515B4B4DDEDC008D1196ABE1002D09B87089C8AB35AEC9CB
                                                                                                  SHA-512:515C6CC15767C54CEC7F62E7604E3325C45DFC405D696907FD7B2E38C1452E5C14FBE21CB99E4BBBACD1C92A7CBBE1D1FF0C4EA629392488099FCD7EA1AC9751
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/dwfhzeeizt, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/dwfhzeeizt, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/dwfhzeeizt, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/dwfhzeeizt, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/gwqnqvffue

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.197499417755948
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36EojL:/fUywKQ7Fb1pNL/p5ZfjQn36EuL
                                                                                                  MD5:583764D38D6A3B24A072BA12C518EF07
                                                                                                  SHA1:A2B877E26F8E475B41E5AFAC117EDA688631EF75
                                                                                                  SHA-256:5464F8E0571FE4E1E075230CC3452B32685512A87BAFFAC2E4BFB51EC2C69DEF
                                                                                                  SHA-512:24868679521B23AB6A5EC43D37FFF9D0E104404ED95DA885442E6BDC43B71612922DF4E9EB71A633CC00CB312D55D25459E9318BAA6D6F3744DAB902DBB138C2
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/gwqnqvffue, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/gwqnqvffue, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/gwqnqvffue, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/gwqnqvffue, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/hszflciagy

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.1974896361337235
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36Eojm:/fUywKQ7Fb1pNL/p5ZfjQn36Eum
                                                                                                  MD5:518F3CAC4283FC9EEE5D8D2F61A93231
                                                                                                  SHA1:A81201EC4050EF6C7328EEF91CDFB869CB306F88
                                                                                                  SHA-256:417B305DC09C32537749BB7762CE0037C0AC1CE6E04E322B757188A7750E2081
                                                                                                  SHA-512:A8E0CEE063135158951CEAFA74C00F43E9ABB89DAB681D752D5A276B6D72A985B2FF9BB4E97579CD459A4EF02DF359651C5D8057C59F765D4514422F839A3FCD
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/hszflciagy, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/hszflciagy, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/hszflciagy, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/hszflciagy, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/ilrbozcctp

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.197490346772504
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36EojV:/fUywKQ7Fb1pNL/p5ZfjQn36EuV
                                                                                                  MD5:84093139500509D4ABF65BF4368660C3
                                                                                                  SHA1:39429756A23CF7D20738DAE8DF92147237177C17
                                                                                                  SHA-256:FE534F56EC046014922383D8D6B81B41C1709891D2A85424C0AB530EAD057C40
                                                                                                  SHA-512:636998E5BAB190F274B8FCFB3DB5D855FB27531BD67E1687D16713B558C3F78F9495C18D9462BCCABA35E74C7D39CEB8323F339A72EBA21D4F9C32B0C17B302E
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ilrbozcctp, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ilrbozcctp, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ilrbozcctp, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ilrbozcctp, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/kihierzlde

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.197491291278909
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36Eoj7:/fUywKQ7Fb1pNL/p5ZfjQn36Eu7
                                                                                                  MD5:3AE356A1821888903E278250F3A77D3B
                                                                                                  SHA1:A917EDAB8F4BDA75A7824D5AA38770BE363F78E5
                                                                                                  SHA-256:3FFDAA63EACC27E13E09371F3DEF3013141BDE539B40FBA016C6D399A108D2D3
                                                                                                  SHA-512:9764A5E334A7E847CEAE379C7DE1BE6C2F320BCE7B30D1E0B71529159007AE589DFAF9787928DB7CA38E493FB6882CAB7C27189CD1AF8C850742C6E6E667C462
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/kihierzlde, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/kihierzlde, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/kihierzlde, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/kihierzlde, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/koygrrjkon

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.19749667970339
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36Eoj+:/fUywKQ7Fb1pNL/p5ZfjQn36Eu+
                                                                                                  MD5:F52674A9AF3A42B5B8EDF7C4CA4A5159
                                                                                                  SHA1:04257FBA3845A3D4823E9049F32EAF1D65E3FBFE
                                                                                                  SHA-256:6010BC7B1179CFD5E2F4C76A7D30F78EBEAF89AB915E218E0A16D789E56F7FBB
                                                                                                  SHA-512:2B758EF68DEE34F13A0A7A64F7DCA1F1F57E97CF83D66DC5FB26B6585BE4DC84A2ACF96392552FE5BB04EBEEAC0B7C13F524ED260FF05568A58ADECFF9684CC9
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/koygrrjkon, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/koygrrjkon, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/koygrrjkon, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/koygrrjkon, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/ltaanxttrs

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.197479404497621
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36Eoj1:/fUywKQ7Fb1pNL/p5ZfjQn36Eu1
                                                                                                  MD5:E51ED28589D76C5F8FC2AD7EA9C1CC03
                                                                                                  SHA1:AD9ACE4BAD7EA7D3732D3754F9A145296A0CEA45
                                                                                                  SHA-256:99689AA0171C04EABC09D0E43CD80FBD1BABB855394A48C45DC9E01683CA85BF
                                                                                                  SHA-512:5A68102539387DC1D50774F2002655D5B042A1F61D740C091F9E636CBB5BC331455E3524EE075F5C4BB5A63F7C66A4207DB9EB45B1C62C1F3C4635D6CDAF9F85
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ltaanxttrs, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ltaanxttrs, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ltaanxttrs, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ltaanxttrs, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/qhknhggmjf

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.197494228576118
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36EojI:/fUywKQ7Fb1pNL/p5ZfjQn36EuI
                                                                                                  MD5:7CD491E3750C0E09A84213102078562C
                                                                                                  SHA1:5E18825B2D5F370AA7F396AD97BF6F61720F6009
                                                                                                  SHA-256:6845AD055D348D4FD25FE628F95589816E5FCD1EA132E6135DD695C80E6E7078
                                                                                                  SHA-512:A2715BE2FCEAEB581E87B0A40E1A9AA5D42D902FB593F96F58D529520564919C3FDC9335D38E72A9E834EA68B5FD010FE8182915589F25C963EF6793EBC6D37F
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/qhknhggmjf, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/qhknhggmjf, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/qhknhggmjf, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/qhknhggmjf, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/thgxtutpuw

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.1974889780133
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36Eoj3:/fUywKQ7Fb1pNL/p5ZfjQn36Eu3
                                                                                                  MD5:DC66AC7EC93E0EC52D5B4C1039769DD1
                                                                                                  SHA1:45651D64886559C148C17C4BB112EAC57C977B7F
                                                                                                  SHA-256:17686455E843A06CA18F1948D42D740C743937BFDB496CD902CD95E324422B6F
                                                                                                  SHA-512:12D1DB69B6D6331E906D8B734EF9F06F38D2362C792DCF227DC057CFCC8E95F4EBE420B2CA051840B9DF7D22FC4997BC59897FBABBF9B83FF787AD37D0291AB6
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/thgxtutpuw, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/thgxtutpuw, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/thgxtutpuw, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/thgxtutpuw, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/uvilsmwwhk

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.197491544976262
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36EojP:/fUywKQ7Fb1pNL/p5ZfjQn36EuP
                                                                                                  MD5:599E094CFEBD26A090E3C4D84DEA2EEC
                                                                                                  SHA1:8AD77E8C05A8623054A80F640C4670B76D9F42B8
                                                                                                  SHA-256:16F56A5331DFEEFCA5BF910A76CC820D8C1FB168DFFB30E24E6289ECA3FD92DB
                                                                                                  SHA-512:AAA2307A0ECCBB2FFE3CA019E85076289176F88B014162251F68C27D3F0DD5FDC2BD32F7B81A4E324509C366FDA07B0FBEC7A8A62DE931D1991850DE7781921A
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/uvilsmwwhk, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/uvilsmwwhk, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/uvilsmwwhk, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/uvilsmwwhk, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/xmnjiktnas

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.1974888773600485
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36EojR:/fUywKQ7Fb1pNL/p5ZfjQn36EuR
                                                                                                  MD5:DDD43550BAD564E41B77604693A62617
                                                                                                  SHA1:36983000B0C2D566F99ADBE747247BAF5F6B677C
                                                                                                  SHA-256:B95746385BEE9C991BC23FCF36CDB42B9FDB3ADEC4506B76A5E567C1E46F35BB
                                                                                                  SHA-512:48E74097A90470AEF6E093ABAAA06ACC1050C2E87FB1B975FCA4D210A1286B10DCB338F210E51851707451F031A7A67202C141ED52ADDE007BEC93B43024D7CC
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/xmnjiktnas, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/xmnjiktnas, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/xmnjiktnas, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/xmnjiktnas, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/bin/zzdslzxygn

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548627
                                                                                                  Entropy (8bit):6.1974903145805404
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36EojV:/fUywKQ7Fb1pNL/p5ZfjQn36EuV
                                                                                                  MD5:8DC652FCADCE3231649681AE716B8941
                                                                                                  SHA1:7E85602671500AB341A0B13B79C2929D6CB9A3B3
                                                                                                  SHA-256:ABF38E38EDBFB853FAEFFFB813B48F8E6349A5528D23A03F05112880127DF0B0
                                                                                                  SHA-512:716EB94F360466BA5A3BFFF008B66BE117C4C3FC47C95EAE07039599C08B7282E8A2B0A2D4D5264DDFB288E620A437D9037D84A45254DCA7E970819F693E3D96
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zzdslzxygn, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zzdslzxygn, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/zzdslzxygn, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/zzdslzxygn, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  /usr/lib/libudev.so

                                                                                                  Download File
                                                                                                  Process:/tmp/Di1p3oLnDb.elf
                                                                                                  File Type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Category:dropped
                                                                                                  Size (bytes):548616
                                                                                                  Entropy (8bit):6.197441759715553
                                                                                                  Encrypted:false
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36Eoj:/fUywKQ7Fb1pNL/p5ZfjQn36Eu
                                                                                                  MD5:96671EAB0913C0003C63F4D2C50318DB
                                                                                                  SHA1:0EF56578885236F87AE7F1C7580B8ED50C9ADE77
                                                                                                  SHA-256:5A7D7F1D53F039E7B69CF8D040CC043D1264B14107A8A73034E6B90D8E81F87A
                                                                                                  SHA-512:198D02B0312A271E88A4C3749CB7B828FCFFD0FFB3327DC3E54C68953C99B03A0354192314E43691E0C02354A34D5CA074B0165568195D8ED0F6018B24857D82
                                                                                                  Malicious:true
                                                                                                  Yara Hits:
                                                                                                  • Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/lib/libudev.so, Author: Joe Security
                                                                                                  • Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/lib/libudev.so, Author: ditekSHen
                                                                                                  • Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown
                                                                                                  • Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/lib/libudev.so, Author: unknown
                                                                                                  Antivirus:
                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                  • Antivirus: ReversingLabs, Detection: 76%
                                                                                                  • Antivirus: Metadefender, Detection: 61%, Browse
                                                                                                  Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

                                                                                                  Static File Info

                                                                                                  General

                                                                                                  File type:ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
                                                                                                  Entropy (8bit):6.197441759715553
                                                                                                  TrID:
                                                                                                  • ELF Executable and Linkable format (Linux) (4029/14) 50.16%
                                                                                                  • ELF Executable and Linkable format (generic) (4004/1) 49.84%
                                                                                                  File name:Di1p3oLnDb.elf
                                                                                                  File size:548616
                                                                                                  MD5:96671eab0913c0003c63f4d2c50318db
                                                                                                  SHA1:0ef56578885236f87ae7f1c7580b8ed50c9ade77
                                                                                                  SHA256:5a7d7f1d53f039e7b69cf8d040cc043d1264b14107a8a73034e6b90d8e81f87a
                                                                                                  SHA512:198d02b0312a271e88a4c3749cb7b828fcffd0ffb3327dc3e54c68953c99b03a0354192314e43691e0c02354a34d5ca074b0165568195d8ed0f6018b24857d82
                                                                                                  SSDEEP:12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzZ66ySjQn36Eoj:/fUywKQ7Fb1pNL/p5ZfjQn36Eu
                                                                                                  TLSH:ADC45C56E283E2F7C82705B0134BF7BF4620B6359461CD86B7989D5AB9338F22A4D353
                                                                                                  File Content Preview:.ELF........................4....Z......4. ...(......................I...I...............I..............Ts.......................... ... ................I..............@...........Q.td........................................GNU.................U......5...

                                                                                                  Static ELF Info

                                                                                                  ELF header

                                                                                                  Class:
                                                                                                  Data:
                                                                                                  Version:
                                                                                                  Machine:
                                                                                                  Version Number:
                                                                                                  Type:
                                                                                                  OS/ABI:
                                                                                                  ABI Version:
                                                                                                  Entry Point Address:
                                                                                                  Flags:
                                                                                                  ELF Header Size:
                                                                                                  Program Header Offset:
                                                                                                  Program Header Size:
                                                                                                  Number of Program Headers:
                                                                                                  Section Header Offset:
                                                                                                  Section Header Size:
                                                                                                  Number of Section Headers:
                                                                                                  Header String Table Index:

                                                                                                  Sections

                                                                                                  NameTypeAddressOffsetSizeEntSizeFlagsFlags DescriptionLinkInfoAlign
                                                                                                  NULL0x00x00x00x00x0000
                                                                                                  .note.ABI-tagNOTE0x80480d40xd40x200x00x2A004
                                                                                                  .initPROGBITS0x80480f40xf40x170x00x6AX004
                                                                                                  .textPROGBITS0x80481100x1100x681f80x00x6AX0016
                                                                                                  __libc_freeres_fnPROGBITS0x80b03100x683100x100f0x00x6AX0016
                                                                                                  __libc_thread_freeres_fnPROGBITS0x80b13200x693200x1db0x00x6AX0016
                                                                                                  .finiPROGBITS0x80b14fc0x694fc0x1c0x00x6AX004
                                                                                                  .rodataPROGBITS0x80b15200x695200x152e00x00x2A0032
                                                                                                  __libc_subfreeresPROGBITS0x80c68000x7e8000x300x00x2A004
                                                                                                  __libc_atexitPROGBITS0x80c68300x7e8300x40x00x2A004
                                                                                                  __libc_thread_subfreeresPROGBITS0x80c68340x7e8340x80x00x2A004
                                                                                                  .eh_framePROGBITS0x80c683c0x7e83c0x60a00x00x2A004
                                                                                                  .gcc_except_tablePROGBITS0x80cc8dc0x848dc0x11b0x00x2A001
                                                                                                  .tdataPROGBITS0x80cd9f80x849f80x140x00x403WAT004
                                                                                                  .tbssNOBITS0x80cda0c0x84a0c0x2c0x00x403WAT004
                                                                                                  .ctorsPROGBITS0x80cda0c0x84a0c0x80x00x3WA004
                                                                                                  .dtorsPROGBITS0x80cda140x84a140xc0x00x3WA004
                                                                                                  .jcrPROGBITS0x80cda200x84a200x40x00x3WA004
                                                                                                  .data.rel.roPROGBITS0x80cda240x84a240x2c0x00x3WA004
                                                                                                  .gotPROGBITS0x80cda500x84a500x80x40x3WA004
                                                                                                  .got.pltPROGBITS0x80cda580x84a580xc0x40x3WA004
                                                                                                  .dataPROGBITS0x80cda800x84a800xb400x00x3WA0032
                                                                                                  .bssNOBITS0x80ce5c00x855c00x67780x00x3WA0032
                                                                                                  __libc_freeres_ptrsNOBITS0x80d4d380x855c00x140x00x3WA004
                                                                                                  .commentPROGBITS0x00x855c00x4220x00x0001
                                                                                                  .shstrtabSTRTAB0x00x859e20x1160x00x0001

                                                                                                  Program Segments

                                                                                                  TypeOffsetVirtual AddressPhysical AddressFile SizeMemory SizeEntropyFlagsFlags DescriptionAlignProg InterpreterSection Mappings
                                                                                                  LOAD0x00x80480000x80480000x849f70x849f76.20400x5R E0x1000.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
                                                                                                  LOAD0x849f80x80cd9f80x80cd9f80xbc80x73543.66490x6RW 0x1000.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
                                                                                                  NOTE0xd40x80480d40x80480d40x200x201.74870x4R 0x4.note.ABI-tag
                                                                                                  TLS0x849f80x80cd9f80x80cd9f80x140x402.66100x4R 0x4.tdata .tbss
                                                                                                  GNU_STACK0x00x00x00x00x00.00000x6RW 0x4

                                                                                                  Network Behavior

                                                                                                  Snort IDS Alerts

                                                                                                  TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                  192.168.2.238.8.8.838194532021326 10/05/22-13:40:01.525989UDP2021326ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)3819453192.168.2.238.8.8.8
                                                                                                  192.168.2.238.8.4.454576532021326 10/05/22-13:40:01.546076UDP2021326ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)5457653192.168.2.238.8.4.4
                                                                                                  192.168.2.231.1.1.159699532021326 10/05/22-13:40:01.563948UDP2021326ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)5969953192.168.2.231.1.1.1
                                                                                                  192.168.2.2379.137.1.1333916215232020381 10/05/22-13:40:01.726550TCP2020381ET TROJAN DDoS.XOR Checkin391621523192.168.2.2379.137.1.133

                                                                                                  Network Port Distribution

                                                                                                  TCP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Oct 5, 2022 13:40:01.359556913 CEST42836443192.168.2.2391.189.91.43
                                                                                                  Oct 5, 2022 13:40:01.553626060 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:01.581432104 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:40:01.581590891 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:01.615633965 CEST4251680192.168.2.23109.202.202.202
                                                                                                  Oct 5, 2022 13:40:01.638042927 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:01.726356030 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:40:01.726550102 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:01.754393101 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:40:01.754522085 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:11.789994955 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:40:11.790249109 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:17.232305050 CEST43928443192.168.2.2391.189.91.42
                                                                                                  Oct 5, 2022 13:40:21.822247982 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:40:21.822371006 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:25.261373043 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:40:25.261648893 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:27.474272013 CEST42836443192.168.2.2391.189.91.43
                                                                                                  Oct 5, 2022 13:40:31.566162109 CEST4251680192.168.2.23109.202.202.202
                                                                                                  Oct 5, 2022 13:40:35.292542934 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:40:35.292745113 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:45.324980021 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:40:45.325136900 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:55.357033968 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:40:55.357264042 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:40:58.188617945 CEST43928443192.168.2.2391.189.91.42
                                                                                                  Oct 5, 2022 13:41:00.343568087 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:41:00.343755007 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:41:10.374357939 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:41:10.374507904 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:41:20.422395945 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:41:20.422476053 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:41:30.454622984 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:41:30.454843998 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:41:35.441399097 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:41:35.441734076 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:41:45.472073078 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:41:45.472219944 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:41:55.504920959 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:41:55.505079031 CEST391621523192.168.2.2379.137.1.133
                                                                                                  Oct 5, 2022 13:42:05.552196980 CEST15233916279.137.1.133192.168.2.23
                                                                                                  Oct 5, 2022 13:42:05.552372932 CEST391621523192.168.2.2379.137.1.133

                                                                                                  UDP Packets

                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                  Oct 5, 2022 13:40:01.525989056 CEST3819453192.168.2.238.8.8.8
                                                                                                  Oct 5, 2022 13:40:01.533896923 CEST4040953192.168.2.238.8.8.8
                                                                                                  Oct 5, 2022 13:40:01.545794010 CEST53381948.8.8.8192.168.2.23
                                                                                                  Oct 5, 2022 13:40:01.546076059 CEST5457653192.168.2.238.8.4.4
                                                                                                  Oct 5, 2022 13:40:01.553262949 CEST53404098.8.8.8192.168.2.23
                                                                                                  Oct 5, 2022 13:40:01.563178062 CEST53545768.8.4.4192.168.2.23
                                                                                                  Oct 5, 2022 13:40:01.563947916 CEST5969953192.168.2.231.1.1.1
                                                                                                  Oct 5, 2022 13:40:01.729048014 CEST53596991.1.1.1192.168.2.23
                                                                                                  Oct 5, 2022 13:40:01.729336977 CEST5969953192.168.2.231.1.1.1
                                                                                                  Oct 5, 2022 13:40:01.746745110 CEST53596991.1.1.1192.168.2.23

                                                                                                  DNS Queries

                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                  Oct 5, 2022 13:40:01.525989056 CEST192.168.2.238.8.8.80x21e6Standard query (0)aa.hostasa.orgA (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.533896923 CEST192.168.2.238.8.8.80x6481Standard query (0)ppp.gggatat456.comA (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.546076059 CEST192.168.2.238.8.4.40x304aStandard query (0)aa.hostasa.orgA (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.563947916 CEST192.168.2.231.1.1.10xf99aStandard query (0)aa.hostasa.orgA (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.729336977 CEST192.168.2.231.1.1.10xf99aStandard query (0)aa.hostasa.orgA (IP address)IN (0x0001)false

                                                                                                  DNS Answers

                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                  Oct 5, 2022 13:40:01.545794010 CEST8.8.8.8192.168.2.230x21e6Name error (3)aa.hostasa.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.553262949 CEST8.8.8.8192.168.2.230x6481No error (0)ppp.gggatat456.com79.137.1.133A (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.553262949 CEST8.8.8.8192.168.2.230x6481No error (0)ppp.gggatat456.com54.36.145.104A (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.553262949 CEST8.8.8.8192.168.2.230x6481No error (0)ppp.gggatat456.com54.36.15.97A (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.553262949 CEST8.8.8.8192.168.2.230x6481No error (0)ppp.gggatat456.com54.36.15.99A (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.553262949 CEST8.8.8.8192.168.2.230x6481No error (0)ppp.gggatat456.com54.36.145.106A (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.553262949 CEST8.8.8.8192.168.2.230x6481No error (0)ppp.gggatat456.com176.31.91.137A (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.563178062 CEST8.8.4.4192.168.2.230x304aName error (3)aa.hostasa.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.729048014 CEST1.1.1.1192.168.2.230xf99aName error (3)aa.hostasa.orgnonenoneA (IP address)IN (0x0001)false
                                                                                                  Oct 5, 2022 13:40:01.746745110 CEST1.1.1.1192.168.2.230xf99aName error (3)aa.hostasa.orgnonenoneA (IP address)IN (0x0001)false

                                                                                                  System Behavior

                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:/tmp/Di1p3oLnDb.elf
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/sbin/update-rc.d
                                                                                                  Arguments:update-rc.d Di1p3oLnDb.elf defaults
                                                                                                  File size:3478464 bytes
                                                                                                  MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/sbin/update-rc.d
                                                                                                  Arguments:n/a
                                                                                                  File size:3478464 bytes
                                                                                                  MD5 hash:16a21f464119ea7fad1d3660de963637

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/bin/systemctl
                                                                                                  Arguments:systemctl daemon-reload
                                                                                                  File size:996584 bytes
                                                                                                  MD5 hash:4deddfb6741481f68aeac522cc26ff4b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/bin/sh
                                                                                                  Arguments:sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
                                                                                                  File size:129816 bytes
                                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/bin/sh
                                                                                                  Arguments:n/a
                                                                                                  File size:129816 bytes
                                                                                                  MD5 hash:1e6b1c887c59a315edb7eb9a315fc84c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:00
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/bin/sed
                                                                                                  Arguments:sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
                                                                                                  File size:121288 bytes
                                                                                                  MD5 hash:885062561f66aa1d4af4c54b9e7cc81a

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qhknhggmjf
                                                                                                  Arguments:/usr/bin/qhknhggmjf "sleep 1" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:7cd491e3750c0e09a84213102078562c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qhknhggmjf
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:7cd491e3750c0e09a84213102078562c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qhknhggmjf
                                                                                                  Arguments:/usr/bin/qhknhggmjf "netstat -an" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:7cd491e3750c0e09a84213102078562c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qhknhggmjf
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:7cd491e3750c0e09a84213102078562c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qhknhggmjf
                                                                                                  Arguments:/usr/bin/qhknhggmjf "netstat -an" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:7cd491e3750c0e09a84213102078562c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qhknhggmjf
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:7cd491e3750c0e09a84213102078562c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qhknhggmjf
                                                                                                  Arguments:/usr/bin/qhknhggmjf su 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:7cd491e3750c0e09a84213102078562c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qhknhggmjf
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:7cd491e3750c0e09a84213102078562c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:06
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qhknhggmjf
                                                                                                  Arguments:/usr/bin/qhknhggmjf pwd 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:7cd491e3750c0e09a84213102078562c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:08
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qhknhggmjf
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:7cd491e3750c0e09a84213102078562c

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ltaanxttrs
                                                                                                  Arguments:/usr/bin/ltaanxttrs "netstat -antop" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:e51ed28589d76c5f8fc2ad7ea9c1cc03

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ltaanxttrs
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:e51ed28589d76c5f8fc2ad7ea9c1cc03

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ltaanxttrs
                                                                                                  Arguments:/usr/bin/ltaanxttrs su 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:e51ed28589d76c5f8fc2ad7ea9c1cc03

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ltaanxttrs
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:e51ed28589d76c5f8fc2ad7ea9c1cc03

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ltaanxttrs
                                                                                                  Arguments:/usr/bin/ltaanxttrs pwd 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:e51ed28589d76c5f8fc2ad7ea9c1cc03

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ltaanxttrs
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:e51ed28589d76c5f8fc2ad7ea9c1cc03

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:12
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ltaanxttrs
                                                                                                  Arguments:/usr/bin/ltaanxttrs "cd /etc" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:e51ed28589d76c5f8fc2ad7ea9c1cc03

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ltaanxttrs
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:e51ed28589d76c5f8fc2ad7ea9c1cc03

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ltaanxttrs
                                                                                                  Arguments:/usr/bin/ltaanxttrs sh 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:e51ed28589d76c5f8fc2ad7ea9c1cc03

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ltaanxttrs
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:e51ed28589d76c5f8fc2ad7ea9c1cc03

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:18
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:18
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kihierzlde
                                                                                                  Arguments:/usr/bin/kihierzlde "cat resolv.conf" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:3ae356a1821888903e278250f3a77d3b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kihierzlde
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:3ae356a1821888903e278250f3a77d3b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kihierzlde
                                                                                                  Arguments:/usr/bin/kihierzlde gnome-terminal 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:3ae356a1821888903e278250f3a77d3b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kihierzlde
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:3ae356a1821888903e278250f3a77d3b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kihierzlde
                                                                                                  Arguments:/usr/bin/kihierzlde who 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:3ae356a1821888903e278250f3a77d3b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kihierzlde
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:3ae356a1821888903e278250f3a77d3b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kihierzlde
                                                                                                  Arguments:/usr/bin/kihierzlde ifconfig 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:3ae356a1821888903e278250f3a77d3b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:20
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kihierzlde
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:3ae356a1821888903e278250f3a77d3b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kihierzlde
                                                                                                  Arguments:/usr/bin/kihierzlde whoami 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:3ae356a1821888903e278250f3a77d3b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:20
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kihierzlde
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:3ae356a1821888903e278250f3a77d3b

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/thgxtutpuw
                                                                                                  Arguments:/usr/bin/thgxtutpuw "netstat -antop" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:dc66ac7ec93e0ec52d5b4c1039769dd1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/thgxtutpuw
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:dc66ac7ec93e0ec52d5b4c1039769dd1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/thgxtutpuw
                                                                                                  Arguments:/usr/bin/thgxtutpuw "echo \"find\"" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:dc66ac7ec93e0ec52d5b4c1039769dd1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/thgxtutpuw
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:dc66ac7ec93e0ec52d5b4c1039769dd1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/thgxtutpuw
                                                                                                  Arguments:/usr/bin/thgxtutpuw sh 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:dc66ac7ec93e0ec52d5b4c1039769dd1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:26
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/thgxtutpuw
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:dc66ac7ec93e0ec52d5b4c1039769dd1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/thgxtutpuw
                                                                                                  Arguments:/usr/bin/thgxtutpuw "cd /etc" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:dc66ac7ec93e0ec52d5b4c1039769dd1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:26
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/thgxtutpuw
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:dc66ac7ec93e0ec52d5b4c1039769dd1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/thgxtutpuw
                                                                                                  Arguments:/usr/bin/thgxtutpuw who 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:dc66ac7ec93e0ec52d5b4c1039769dd1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:26
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/thgxtutpuw
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:dc66ac7ec93e0ec52d5b4c1039769dd1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dwfhzeeizt
                                                                                                  Arguments:/usr/bin/dwfhzeeizt top 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:2394c32c9bf33731ba0aea110fffaaf0

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dwfhzeeizt
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:2394c32c9bf33731ba0aea110fffaaf0

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dwfhzeeizt
                                                                                                  Arguments:/usr/bin/dwfhzeeizt ifconfig 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:2394c32c9bf33731ba0aea110fffaaf0

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dwfhzeeizt
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:2394c32c9bf33731ba0aea110fffaaf0

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dwfhzeeizt
                                                                                                  Arguments:/usr/bin/dwfhzeeizt "echo \"find\"" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:2394c32c9bf33731ba0aea110fffaaf0

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dwfhzeeizt
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:2394c32c9bf33731ba0aea110fffaaf0

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dwfhzeeizt
                                                                                                  Arguments:/usr/bin/dwfhzeeizt bash 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:2394c32c9bf33731ba0aea110fffaaf0

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dwfhzeeizt
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:2394c32c9bf33731ba0aea110fffaaf0

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dwfhzeeizt
                                                                                                  Arguments:/usr/bin/dwfhzeeizt whoami 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:2394c32c9bf33731ba0aea110fffaaf0

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:32
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dwfhzeeizt
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:2394c32c9bf33731ba0aea110fffaaf0

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/xmnjiktnas
                                                                                                  Arguments:/usr/bin/xmnjiktnas gnome-terminal 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ddd43550bad564e41b77604693a62617

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/xmnjiktnas
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ddd43550bad564e41b77604693a62617

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/xmnjiktnas
                                                                                                  Arguments:/usr/bin/xmnjiktnas who 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ddd43550bad564e41b77604693a62617

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/xmnjiktnas
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ddd43550bad564e41b77604693a62617

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/xmnjiktnas
                                                                                                  Arguments:/usr/bin/xmnjiktnas "ifconfig eth0" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ddd43550bad564e41b77604693a62617

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/xmnjiktnas
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ddd43550bad564e41b77604693a62617

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/xmnjiktnas
                                                                                                  Arguments:/usr/bin/xmnjiktnas ls 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ddd43550bad564e41b77604693a62617

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/xmnjiktnas
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ddd43550bad564e41b77604693a62617

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/xmnjiktnas
                                                                                                  Arguments:/usr/bin/xmnjiktnas "netstat -an" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ddd43550bad564e41b77604693a62617

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/xmnjiktnas
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ddd43550bad564e41b77604693a62617

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bvyxmkkmbp
                                                                                                  Arguments:/usr/bin/bvyxmkkmbp gnome-terminal 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:1c69907b9b1ea6970ce38e0262ee82e1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bvyxmkkmbp
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:1c69907b9b1ea6970ce38e0262ee82e1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bvyxmkkmbp
                                                                                                  Arguments:/usr/bin/bvyxmkkmbp ifconfig 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:1c69907b9b1ea6970ce38e0262ee82e1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bvyxmkkmbp
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:1c69907b9b1ea6970ce38e0262ee82e1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bvyxmkkmbp
                                                                                                  Arguments:/usr/bin/bvyxmkkmbp bash 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:1c69907b9b1ea6970ce38e0262ee82e1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bvyxmkkmbp
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:1c69907b9b1ea6970ce38e0262ee82e1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bvyxmkkmbp
                                                                                                  Arguments:/usr/bin/bvyxmkkmbp "sleep 1" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:1c69907b9b1ea6970ce38e0262ee82e1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bvyxmkkmbp
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:1c69907b9b1ea6970ce38e0262ee82e1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bvyxmkkmbp
                                                                                                  Arguments:/usr/bin/bvyxmkkmbp "sleep 1" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:1c69907b9b1ea6970ce38e0262ee82e1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bvyxmkkmbp
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:1c69907b9b1ea6970ce38e0262ee82e1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/hszflciagy
                                                                                                  Arguments:/usr/bin/hszflciagy bash 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:518f3cac4283fc9eee5d8d2f61a93231

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/hszflciagy
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:518f3cac4283fc9eee5d8d2f61a93231

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/hszflciagy
                                                                                                  Arguments:/usr/bin/hszflciagy uptime 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:518f3cac4283fc9eee5d8d2f61a93231

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/hszflciagy
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:518f3cac4283fc9eee5d8d2f61a93231

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/hszflciagy
                                                                                                  Arguments:/usr/bin/hszflciagy "ps -ef" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:518f3cac4283fc9eee5d8d2f61a93231

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/hszflciagy
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:518f3cac4283fc9eee5d8d2f61a93231

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/hszflciagy
                                                                                                  Arguments:/usr/bin/hszflciagy "ls -la" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:518f3cac4283fc9eee5d8d2f61a93231

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/hszflciagy
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:518f3cac4283fc9eee5d8d2f61a93231

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/hszflciagy
                                                                                                  Arguments:/usr/bin/hszflciagy "netstat -an" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:518f3cac4283fc9eee5d8d2f61a93231

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:49
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/hszflciagy
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:518f3cac4283fc9eee5d8d2f61a93231

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dvisuvnfsi
                                                                                                  Arguments:/usr/bin/dvisuvnfsi ls 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:34a7f54873746b3448c4e06af756c541

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dvisuvnfsi
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:34a7f54873746b3448c4e06af756c541

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dvisuvnfsi
                                                                                                  Arguments:/usr/bin/dvisuvnfsi bash 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:34a7f54873746b3448c4e06af756c541

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dvisuvnfsi
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:34a7f54873746b3448c4e06af756c541

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dvisuvnfsi
                                                                                                  Arguments:/usr/bin/dvisuvnfsi "sleep 1" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:34a7f54873746b3448c4e06af756c541

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dvisuvnfsi
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:34a7f54873746b3448c4e06af756c541

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dvisuvnfsi
                                                                                                  Arguments:/usr/bin/dvisuvnfsi "echo \"find\"" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:34a7f54873746b3448c4e06af756c541

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dvisuvnfsi
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:34a7f54873746b3448c4e06af756c541

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dvisuvnfsi
                                                                                                  Arguments:/usr/bin/dvisuvnfsi "route -n" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:34a7f54873746b3448c4e06af756c541

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:55
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/dvisuvnfsi
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:34a7f54873746b3448c4e06af756c541

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/zzdslzxygn
                                                                                                  Arguments:/usr/bin/zzdslzxygn "sleep 1" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:8dc652fcadce3231649681ae716b8941

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/zzdslzxygn
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:8dc652fcadce3231649681ae716b8941

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/zzdslzxygn
                                                                                                  Arguments:/usr/bin/zzdslzxygn "cat resolv.conf" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:8dc652fcadce3231649681ae716b8941

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/zzdslzxygn
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:8dc652fcadce3231649681ae716b8941

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/zzdslzxygn
                                                                                                  Arguments:/usr/bin/zzdslzxygn "netstat -an" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:8dc652fcadce3231649681ae716b8941

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/zzdslzxygn
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:8dc652fcadce3231649681ae716b8941

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/zzdslzxygn
                                                                                                  Arguments:/usr/bin/zzdslzxygn ifconfig 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:8dc652fcadce3231649681ae716b8941

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/zzdslzxygn
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:8dc652fcadce3231649681ae716b8941

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/zzdslzxygn
                                                                                                  Arguments:/usr/bin/zzdslzxygn sh 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:8dc652fcadce3231649681ae716b8941

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/zzdslzxygn
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:8dc652fcadce3231649681ae716b8941

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/koygrrjkon
                                                                                                  Arguments:/usr/bin/koygrrjkon su 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:f52674a9af3a42b5b8edf7c4ca4a5159

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/koygrrjkon
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:f52674a9af3a42b5b8edf7c4ca4a5159

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/koygrrjkon
                                                                                                  Arguments:/usr/bin/koygrrjkon "netstat -antop" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:f52674a9af3a42b5b8edf7c4ca4a5159

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/koygrrjkon
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:f52674a9af3a42b5b8edf7c4ca4a5159

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/koygrrjkon
                                                                                                  Arguments:/usr/bin/koygrrjkon "ps -ef" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:f52674a9af3a42b5b8edf7c4ca4a5159

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/koygrrjkon
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:f52674a9af3a42b5b8edf7c4ca4a5159

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/koygrrjkon
                                                                                                  Arguments:/usr/bin/koygrrjkon pwd 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:f52674a9af3a42b5b8edf7c4ca4a5159

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/koygrrjkon
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:f52674a9af3a42b5b8edf7c4ca4a5159

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/koygrrjkon
                                                                                                  Arguments:/usr/bin/koygrrjkon "cd /etc" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:f52674a9af3a42b5b8edf7c4ca4a5159

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:07
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/koygrrjkon
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:f52674a9af3a42b5b8edf7c4ca4a5159

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/uvilsmwwhk
                                                                                                  Arguments:/usr/bin/uvilsmwwhk pwd 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:599e094cfebd26a090e3c4d84dea2eec

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/uvilsmwwhk
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:599e094cfebd26a090e3c4d84dea2eec

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/uvilsmwwhk
                                                                                                  Arguments:/usr/bin/uvilsmwwhk su 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:599e094cfebd26a090e3c4d84dea2eec

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/uvilsmwwhk
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:599e094cfebd26a090e3c4d84dea2eec

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/uvilsmwwhk
                                                                                                  Arguments:/usr/bin/uvilsmwwhk "sleep 1" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:599e094cfebd26a090e3c4d84dea2eec

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/uvilsmwwhk
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:599e094cfebd26a090e3c4d84dea2eec

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/uvilsmwwhk
                                                                                                  Arguments:/usr/bin/uvilsmwwhk "route -n" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:599e094cfebd26a090e3c4d84dea2eec

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:14
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/uvilsmwwhk
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:599e094cfebd26a090e3c4d84dea2eec

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:13
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/uvilsmwwhk
                                                                                                  Arguments:/usr/bin/uvilsmwwhk top 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:599e094cfebd26a090e3c4d84dea2eec

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:14
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/uvilsmwwhk
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:599e094cfebd26a090e3c4d84dea2eec

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ilrbozcctp
                                                                                                  Arguments:/usr/bin/ilrbozcctp "netstat -an" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:84093139500509d4abf65bf4368660c3

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ilrbozcctp
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:84093139500509d4abf65bf4368660c3

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ilrbozcctp
                                                                                                  Arguments:/usr/bin/ilrbozcctp "ps -ef" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:84093139500509d4abf65bf4368660c3

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ilrbozcctp
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:84093139500509d4abf65bf4368660c3

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ilrbozcctp
                                                                                                  Arguments:/usr/bin/ilrbozcctp "netstat -antop" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:84093139500509d4abf65bf4368660c3

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ilrbozcctp
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:84093139500509d4abf65bf4368660c3

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ilrbozcctp
                                                                                                  Arguments:/usr/bin/ilrbozcctp "netstat -antop" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:84093139500509d4abf65bf4368660c3

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ilrbozcctp
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:84093139500509d4abf65bf4368660c3

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:19
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ilrbozcctp
                                                                                                  Arguments:/usr/bin/ilrbozcctp gnome-terminal 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:84093139500509d4abf65bf4368660c3

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:20
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/ilrbozcctp
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:84093139500509d4abf65bf4368660c3

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/gwqnqvffue
                                                                                                  Arguments:/usr/bin/gwqnqvffue "echo \"find\"" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:583764d38d6a3b24a072ba12c518ef07

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/gwqnqvffue
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:583764d38d6a3b24a072ba12c518ef07

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/gwqnqvffue
                                                                                                  Arguments:/usr/bin/gwqnqvffue pwd 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:583764d38d6a3b24a072ba12c518ef07

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/gwqnqvffue
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:583764d38d6a3b24a072ba12c518ef07

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/gwqnqvffue
                                                                                                  Arguments:/usr/bin/gwqnqvffue "ps -ef" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:583764d38d6a3b24a072ba12c518ef07

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:26
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/gwqnqvffue
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:583764d38d6a3b24a072ba12c518ef07

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:25
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/gwqnqvffue
                                                                                                  Arguments:/usr/bin/gwqnqvffue "ps -ef" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:583764d38d6a3b24a072ba12c518ef07

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:26
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/gwqnqvffue
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:583764d38d6a3b24a072ba12c518ef07

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:26
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:26
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:26
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/gwqnqvffue
                                                                                                  Arguments:/usr/bin/gwqnqvffue "netstat -an" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:583764d38d6a3b24a072ba12c518ef07

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:26
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/gwqnqvffue
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:583764d38d6a3b24a072ba12c518ef07

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/cbsypxwvhg
                                                                                                  Arguments:/usr/bin/cbsypxwvhg whoami 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ae6611a97543fac2cdd1c7b430747d8f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/cbsypxwvhg
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ae6611a97543fac2cdd1c7b430747d8f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/cbsypxwvhg
                                                                                                  Arguments:/usr/bin/cbsypxwvhg gnome-terminal 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ae6611a97543fac2cdd1c7b430747d8f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/cbsypxwvhg
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ae6611a97543fac2cdd1c7b430747d8f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/cbsypxwvhg
                                                                                                  Arguments:/usr/bin/cbsypxwvhg "ifconfig eth0" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ae6611a97543fac2cdd1c7b430747d8f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/cbsypxwvhg
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ae6611a97543fac2cdd1c7b430747d8f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/cbsypxwvhg
                                                                                                  Arguments:/usr/bin/cbsypxwvhg id 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ae6611a97543fac2cdd1c7b430747d8f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/cbsypxwvhg
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ae6611a97543fac2cdd1c7b430747d8f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/cbsypxwvhg
                                                                                                  Arguments:/usr/bin/cbsypxwvhg "ls -la" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ae6611a97543fac2cdd1c7b430747d8f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:31
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/cbsypxwvhg
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:ae6611a97543fac2cdd1c7b430747d8f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qozdbjhhph
                                                                                                  Arguments:/usr/bin/qozdbjhhph id 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:cbc9a7550ba8cc0a16d56fd5fa5962bd

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qozdbjhhph
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:cbc9a7550ba8cc0a16d56fd5fa5962bd

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qozdbjhhph
                                                                                                  Arguments:/usr/bin/qozdbjhhph ls 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:cbc9a7550ba8cc0a16d56fd5fa5962bd

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qozdbjhhph
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:cbc9a7550ba8cc0a16d56fd5fa5962bd

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qozdbjhhph
                                                                                                  Arguments:/usr/bin/qozdbjhhph "netstat -antop" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:cbc9a7550ba8cc0a16d56fd5fa5962bd

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qozdbjhhph
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:cbc9a7550ba8cc0a16d56fd5fa5962bd

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qozdbjhhph
                                                                                                  Arguments:/usr/bin/qozdbjhhph sh 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:cbc9a7550ba8cc0a16d56fd5fa5962bd

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qozdbjhhph
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:cbc9a7550ba8cc0a16d56fd5fa5962bd

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qozdbjhhph
                                                                                                  Arguments:/usr/bin/qozdbjhhph "ls -la" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:cbc9a7550ba8cc0a16d56fd5fa5962bd

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:37
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/qozdbjhhph
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:cbc9a7550ba8cc0a16d56fd5fa5962bd

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bcnljelvvj
                                                                                                  Arguments:/usr/bin/bcnljelvvj su 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:09832f1b96069b9ed8a79c5ae07e8aa2

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bcnljelvvj
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:09832f1b96069b9ed8a79c5ae07e8aa2

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bcnljelvvj
                                                                                                  Arguments:/usr/bin/bcnljelvvj whoami 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:09832f1b96069b9ed8a79c5ae07e8aa2

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bcnljelvvj
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:09832f1b96069b9ed8a79c5ae07e8aa2

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:42
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bcnljelvvj
                                                                                                  Arguments:/usr/bin/bcnljelvvj "cat resolv.conf" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:09832f1b96069b9ed8a79c5ae07e8aa2

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bcnljelvvj
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:09832f1b96069b9ed8a79c5ae07e8aa2

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bcnljelvvj
                                                                                                  Arguments:/usr/bin/bcnljelvvj "echo \"find\"" 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:09832f1b96069b9ed8a79c5ae07e8aa2

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bcnljelvvj
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:09832f1b96069b9ed8a79c5ae07e8aa2

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bcnljelvvj
                                                                                                  Arguments:/usr/bin/bcnljelvvj su 6225
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:09832f1b96069b9ed8a79c5ae07e8aa2

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:43
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/bcnljelvvj
                                                                                                  Arguments:n/a
                                                                                                  File size:548627 bytes
                                                                                                  MD5 hash:09832f1b96069b9ed8a79c5ae07e8aa2

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/txgakcdvth
                                                                                                  Arguments:/usr/bin/txgakcdvth "netstat -an" 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:e9d82c564dc16961ee51fdbc643f03f9

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/txgakcdvth
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:e9d82c564dc16961ee51fdbc643f03f9

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/txgakcdvth
                                                                                                  Arguments:/usr/bin/txgakcdvth ifconfig 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:e9d82c564dc16961ee51fdbc643f03f9

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/txgakcdvth
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:e9d82c564dc16961ee51fdbc643f03f9

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/txgakcdvth
                                                                                                  Arguments:/usr/bin/txgakcdvth "netstat -an" 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:e9d82c564dc16961ee51fdbc643f03f9

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/txgakcdvth
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:e9d82c564dc16961ee51fdbc643f03f9

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/txgakcdvth
                                                                                                  Arguments:/usr/bin/txgakcdvth "ps -ef" 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:e9d82c564dc16961ee51fdbc643f03f9

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/txgakcdvth
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:e9d82c564dc16961ee51fdbc643f03f9

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/txgakcdvth
                                                                                                  Arguments:/usr/bin/txgakcdvth ifconfig 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:e9d82c564dc16961ee51fdbc643f03f9

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:48
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/txgakcdvth
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:e9d82c564dc16961ee51fdbc643f03f9

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kiykrkkimt
                                                                                                  Arguments:/usr/bin/kiykrkkimt "ifconfig eth0" 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:001b2d8ff6e0ddd4dd6c78aeca5375e7

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kiykrkkimt
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:001b2d8ff6e0ddd4dd6c78aeca5375e7

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kiykrkkimt
                                                                                                  Arguments:/usr/bin/kiykrkkimt top 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:001b2d8ff6e0ddd4dd6c78aeca5375e7

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kiykrkkimt
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:001b2d8ff6e0ddd4dd6c78aeca5375e7

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kiykrkkimt
                                                                                                  Arguments:/usr/bin/kiykrkkimt top 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:001b2d8ff6e0ddd4dd6c78aeca5375e7

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kiykrkkimt
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:001b2d8ff6e0ddd4dd6c78aeca5375e7

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kiykrkkimt
                                                                                                  Arguments:/usr/bin/kiykrkkimt ifconfig 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:001b2d8ff6e0ddd4dd6c78aeca5375e7

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kiykrkkimt
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:001b2d8ff6e0ddd4dd6c78aeca5375e7

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kiykrkkimt
                                                                                                  Arguments:/usr/bin/kiykrkkimt ls 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:001b2d8ff6e0ddd4dd6c78aeca5375e7

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:53
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/kiykrkkimt
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:001b2d8ff6e0ddd4dd6c78aeca5375e7

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/siupwowznp
                                                                                                  Arguments:/usr/bin/siupwowznp su 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:34e74d6766be7ba5c37e7750186592f1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/siupwowznp
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:34e74d6766be7ba5c37e7750186592f1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/siupwowznp
                                                                                                  Arguments:/usr/bin/siupwowznp "ps -ef" 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:34e74d6766be7ba5c37e7750186592f1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/siupwowznp
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:34e74d6766be7ba5c37e7750186592f1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/siupwowznp
                                                                                                  Arguments:/usr/bin/siupwowznp "cd /etc" 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:34e74d6766be7ba5c37e7750186592f1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/siupwowznp
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:34e74d6766be7ba5c37e7750186592f1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/siupwowznp
                                                                                                  Arguments:/usr/bin/siupwowznp whoami 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:34e74d6766be7ba5c37e7750186592f1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/siupwowznp
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:34e74d6766be7ba5c37e7750186592f1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/siupwowznp
                                                                                                  Arguments:/usr/bin/siupwowznp gnome-terminal 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:34e74d6766be7ba5c37e7750186592f1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:41:58
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/siupwowznp
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:34e74d6766be7ba5c37e7750186592f1

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/urppslzpni
                                                                                                  Arguments:/usr/bin/urppslzpni top 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:b571204d591fa68cb55c7759de34143f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/urppslzpni
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:b571204d591fa68cb55c7759de34143f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/urppslzpni
                                                                                                  Arguments:/usr/bin/urppslzpni su 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:b571204d591fa68cb55c7759de34143f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/urppslzpni
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:b571204d591fa68cb55c7759de34143f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/urppslzpni
                                                                                                  Arguments:/usr/bin/urppslzpni uptime 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:b571204d591fa68cb55c7759de34143f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/urppslzpni
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:b571204d591fa68cb55c7759de34143f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/urppslzpni
                                                                                                  Arguments:/usr/bin/urppslzpni whoami 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:b571204d591fa68cb55c7759de34143f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/urppslzpni
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:b571204d591fa68cb55c7759de34143f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/tmp/Di1p3oLnDb.elf
                                                                                                  Arguments:n/a
                                                                                                  File size:548616 bytes
                                                                                                  MD5 hash:96671eab0913c0003c63f4d2c50318db

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/urppslzpni
                                                                                                  Arguments:/usr/bin/urppslzpni id 6225
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:b571204d591fa68cb55c7759de34143f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:42:03
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/bin/urppslzpni
                                                                                                  Arguments:n/a
                                                                                                  File size:548638 bytes
                                                                                                  MD5 hash:b571204d591fa68cb55c7759de34143f

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/lib/systemd/systemd
                                                                                                  Arguments:n/a
                                                                                                  File size:1620224 bytes
                                                                                                  MD5 hash:9b2bec7092a40488108543f9334aab75

                                                                                                  Chronological Activities


                                                                                                  General

                                                                                                  Start time:13:40:01
                                                                                                  Start date:05/10/2022
                                                                                                  Path:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                                  Arguments:/usr/lib/systemd/system-environment-generators/snapd-env-generator
                                                                                                  File size:22760 bytes
                                                                                                  MD5 hash:3633b075f40283ec938a2a6a89671b0e

                                                                                                  Chronological Activities