Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.23:39044 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030489 ET TROJAN ELF/MooBot Mirai DDoS Variant Server Response 45.142.182.95:43957 -> 192.168.2.23:39044 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35196 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35198 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35200 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35202 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35204 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35206 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35208 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35210 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35212 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35214 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35216 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35218 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35220 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35222 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35224 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35226 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35228 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35230 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35232 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35234 -> 45.142.182.95:43957 |
Source: Traffic | Snort IDS: 2030490 ET TROJAN ELF/MooBot Mirai DDoS Variant CnC Checkin M1 (Group String Len 1) 192.168.2.14:35236 -> 45.142.182.95:43957 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_807911a2 Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d4227dbf Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d996d335 Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_620087b9 Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_0cd591cd Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_33b4111a Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_a33a8363 Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_1e0c5ce0 Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_520deeb8 Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_6a77af0f Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_01e4a728 Author: unknown |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_e0cf29e2 Author: unknown |
Source: Process Memory Space: bot.x86_64.elf PID: 5494, type: MEMORYSTR | Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16 |
Source: bot.x86_64.elf, type: SAMPLE | Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_9e9530a7 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = d6ad6512051e87c8c35dc168d82edd071b122d026dce21d39b9782b3d6a01e50, id = 9e9530a7-ad4d-4a44-b764-437b7621052f, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_807911a2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = f409037091b7372f5a42bbe437316bd11c655e7a5fe1fcf83d1981cb5c4a389f, id = 807911a2-f6ec-4e65-924f-61cb065dafc6, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d4227dbf reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 58c4b1d4d167876b64cfa10f609911a80284180e4db093917fea16fae8ccd4e3, id = d4227dbf-6ab4-4637-a6ba-0e604acaafb4, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d996d335 reference_sample = b511eacd4b44744c8cf82d1b4a9bc6f1022fe6be7c5d17356b171f727ddc6eda, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = e9ccb8412f32187c309b0e9afcc3a6da21ad2f1ffa251c27f9f720ccb284e3ac, id = d996d335-e049-4052-bf36-6cd07c911a8b, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_d0c57a2e os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 3ee7d3a33575ed3aa7431489a8fb18bf30cfd5d6c776066ab2a27f93303124b6, id = d0c57a2e-c10c-436c-be13-50a269326cf2, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_620087b9 reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 06cd7e6eb62352ec2ccb9ed48e58c0583c02fefd137cd048d053ab30b5330307, id = 620087b9-c87d-4752-89e8-ca1c16486b28, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_0cd591cd os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 96c4ff70729ddb981adafd8c8277649a88a87e380d2f321dff53f0741675fb1b, id = 0cd591cd-c348-4c3a-a895-2063cf892cda, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_33b4111a reference_sample = 01da73e0d425b4d97c5ad75c49657f95618b394d09bd6be644eb968a3b894961, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 9c3b63b9a0f54006bae12abcefdb518904a85f78be573f0780f0a265b12d2d6e, id = 33b4111a-e59e-48db-9d74-34ca44fcd9f5, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Gafgyt_a33a8363 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = 74f964eaadbf8f30d40cdec40b603c5141135d2e658e7ce217d0d6c62e18dd08, id = a33a8363-5511-4fe1-a0d8-75156b9ccfc7, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_1e0c5ce0 reference_sample = 5b1f95840caebf9721bf318126be27085ec08cf7881ec64a884211a934351c2d, os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 8e45538b59f9c9b8bc49661069044900c8199e487714c715c1b1f970fd528e3b, id = 1e0c5ce0-3b76-4da4-8bed-2e5036b6ce79, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_520deeb8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = f4dfd1d76e07ff875eedfe0ef4f861bee1e4d8e66d68385f602f29cc35e30cca, id = 520deeb8-cbc0-4225-8d23-adba5e040471, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_6a77af0f os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 4e436f509e7e732e3d0326bcbdde555bba0653213ddf31b43cfdfbe16abb0016, id = 6a77af0f-31fa-4793-82aa-10b065ba1ec0, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_01e4a728 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = d90477364982bdc6cd22079c245d866454475749f762620273091f2fab73c196, id = 01e4a728-7c1c-479b-aed0-cb76d64dbb02, last_modified = 2021-09-16 |
Source: 5494.1.0000000000400000.0000000000419000.r-x.sdmp, type: MEMORY | Matched rule: Linux_Trojan_Mirai_e0cf29e2 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Mirai, fingerprint = 3f124c3c9f124264dfbbcca1e4b4d7cfcf3274170d4bf8966b6559045873948f, id = e0cf29e2-88d7-4aa4-b60a-c24626f2b246, last_modified = 2021-09-16 |
Source: Process Memory Space: bot.x86_64.elf PID: 5494, type: MEMORYSTR | Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/1583/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/2672/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/110/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/111/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/112/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/113/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/234/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/1577/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/114/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/235/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/115/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/116/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/117/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/118/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/119/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/10/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/917/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/11/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/12/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/13/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/14/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/15/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/16/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/3770/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/17/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/3771/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/18/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/3772/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/19/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/1593/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/240/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/120/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/3094/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/121/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/242/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/3406/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/1/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/122/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/243/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/2/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/123/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/244/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/1589/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/3/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/124/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/245/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/1588/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/125/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/4/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/246/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/3402/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/126/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/5/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/247/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/127/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/6/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/248/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/128/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/7/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/249/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/8/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/129/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/800/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/9/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/801/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/803/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/20/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/806/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/21/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/807/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/928/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/22/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/23/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/24/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/25/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/26/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/27/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/28/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/29/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/3420/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/490/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/250/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/130/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/251/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/131/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/252/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/132/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/253/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/254/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/255/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/135/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/256/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/1599/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/257/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/378/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/258/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/3412/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/259/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/3773/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/30/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/35/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/1371/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/260/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/261/cmdline | Jump to behavior |
Source: /tmp/bot.x86_64.elf (PID: 5496) | File opened: /proc/262/cmdline | Jump to behavior |