Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37364 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37380 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37374 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37356 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37366 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37354 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37364 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37360 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37366 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37374 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37380 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37356 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37358 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37362 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37354 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37362 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37360 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37358 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37368 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37372 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37378 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37370 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37368 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37378 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37370 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37372 |
Source: Network traffic |
Suricata IDS: 2840515 - Severity 1 - ETPRO MALWARE ELF/BASHLITE Variant Reporting Arch Type (i586) : 192.168.2.13:37376 -> 207.244.199.83:8008 |
Source: Network traffic |
Suricata IDS: 2840516 - Severity 1 - ETPRO MALWARE ELF/BASHLITE/Mirai Cayosin Variant CnC Server Message : 207.244.199.83:8008 -> 192.168.2.13:37376 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 207.244.199.83 |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_9127f7be Author: unknown |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_9127f7be Author: unknown |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_9127f7be Author: unknown |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_c573932b Author: unknown |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_7167d08f Author: unknown |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_9127f7be Author: unknown |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_122ff2e6 Author: unknown |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_fa48b592 Author: unknown |
Source: Process Memory Space: cayo.i486.elf PID: 5433, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: Process Memory Space: cayo.i486.elf PID: 5435, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: Process Memory Space: cayo.i486.elf PID: 5436, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16 |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16 |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Gafgyt_9127f7be reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 72c742cb8b11ddf030e10f67e13c0392748dcd970394ec77ace3d2baa705a375, id = 9127f7be-6e82-46a1-9f11-0b3570b0cd76, last_modified = 2021-09-16 |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16 |
Source: cayo.i486.elf, type: SAMPLE |
Matched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16 |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16 |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16 |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_9127f7be reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 72c742cb8b11ddf030e10f67e13c0392748dcd970394ec77ace3d2baa705a375, id = 9127f7be-6e82-46a1-9f11-0b3570b0cd76, last_modified = 2021-09-16 |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16 |
Source: 5435.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16 |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16 |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16 |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_9127f7be reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 72c742cb8b11ddf030e10f67e13c0392748dcd970394ec77ace3d2baa705a375, id = 9127f7be-6e82-46a1-9f11-0b3570b0cd76, last_modified = 2021-09-16 |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16 |
Source: 5433.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16 |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_c573932b reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 18a3025ebb8af46605970ee8d7d18214854b86200001d576553e102cb71df266, id = c573932b-9b3f-4ab7-a6b6-32dcc7473790, last_modified = 2021-09-16 |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_7167d08f reference_sample = 4c6aeaa6f6a0c40a3f4116a2e19e669188a8b1678a8930350889da1bab531c68, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = b9df4ab322a2a329168f684b07b7b05ee3d03165c5b9050a4710eae7aeca6cd9, id = 7167d08f-bfeb-4d78-9783-3a1df2ef0ed3, last_modified = 2021-09-16 |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_9127f7be reference_sample = 899c072730590003b98278bdda21c15ecaa2f49ad51e417ed59e88caf054a72d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 72c742cb8b11ddf030e10f67e13c0392748dcd970394ec77ace3d2baa705a375, id = 9127f7be-6e82-46a1-9f11-0b3570b0cd76, last_modified = 2021-09-16 |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_122ff2e6 reference_sample = c7dd999a033fa3edc1936785b87cd69ce2f5cac5a084ddfaf527a1094e718bc4, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3c9ffd7537e30a21eefa6c174f801264b92a85a1bc73e34e6dc9e29f84658348, id = 122ff2e6-56e6-4aa8-a3ec-c19d31eb1f80, last_modified = 2021-09-16 |
Source: 5436.1.0000000008048000.000000000805b000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Mirai_fa48b592 reference_sample = c9e33befeec133720b3ba40bb3cd7f636aad80f72f324c5fe65ac7af271c49ee, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8838d2752b310dbf7d12f6cf023244aaff4fdf5b55cf1e3b71843210df0fcf88, id = fa48b592-8d80-45af-a3e4-232695b8f5dd, last_modified = 2021-09-16 |
Source: Process Memory Space: cayo.i486.elf PID: 5433, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: Process Memory Space: cayo.i486.elf PID: 5435, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: Process Memory Space: cayo.i486.elf PID: 5436, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: Initial sample |
User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; pl) Opera 11.00 |
Source: Initial sample |
User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; en) Opera 11.00 |
Source: Initial sample |
User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; ja) Opera 11.00 |
Source: Initial sample |
User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; de) Opera 11.01 |
Source: Initial sample |
User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; fr) Opera 11.00 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.79 Safari/537.36 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (iPhone; CPU iPhone OS 8_4 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12H143 Safari/600.1.4 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.80 Safari/537.36 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11) AppleWebKit/601.1.56 (KHTML, like Gecko) Version/9.0 Safari/601.1.56 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_1) AppleWebKit/601.2.7 (KHTML, like Gecko) Version/9.0.1 Safari/601.2.7 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko |
Source: Initial sample |
User agent string found: Opera/9.80 (Windows NT 5.2; U; ru) Presto/2.5.22 Version/10.51 |
Source: Initial sample |
User agent string found: Opera/9.80 (X11; Linux i686; Ubuntu/14.10) Presto/2.12.388 Version/12.16 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_3) AppleWebKit/537.75.14 (KHTML, like Gecko) Version/7.0.3 Safari/7046A194A |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.102 Safari/537.36 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.94 Safari/537.36 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Linux; Android 4.4.3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.89 Mobile Safari/537.36 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Linux; Android 4.4.3; HTC_0PCV2 Build/KTU84L) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/33.0.0.0 Mobile Safari/537.36 |
Source: Initial sample |
User agent string found: Mozilla/4.0 (compatible; MSIE 8.0; X11; Linux x86_64; pl) Opera 11.00 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:25.0) Gecko/20100101 Firefox/25.0 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:21.0) Gecko/20100101 Firefox/21.0 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0 |
Source: Initial sample |
User agent string found: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10; rv:33.0) Gecko/20100101 Firefox/33.0 |