Source: unknown |
TCP traffic detected without corresponding DNS query: 91.189.91.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 208.67.106.33 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 208.67.106.33 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 208.67.106.33 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 34.196.200.1 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 213.223.108.162 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.126.138.58 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 118.55.100.58 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 179.100.216.194 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 196.207.30.117 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 24.115.44.80 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 165.14.99.245 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 243.55.137.136 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.99.170.148 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 216.72.48.251 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 63.87.34.207 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 85.191.128.179 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 178.117.176.43 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 250.121.216.21 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 172.99.97.86 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 85.85.156.204 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 247.143.53.199 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 153.195.100.147 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 20.162.48.51 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 83.100.124.145 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 202.95.72.248 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 218.72.48.7 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 81.83.174.195 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.55.253.24 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 95.227.201.237 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 148.193.195.219 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 135.73.167.4 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 81.116.113.66 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 74.67.21.210 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 60.67.32.108 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 124.91.82.9 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 164.124.144.11 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 57.136.201.248 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 144.3.73.153 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 4.160.44.112 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 182.54.215.204 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 161.144.42.95 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 159.248.85.135 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 159.165.131.77 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 183.202.75.168 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 37.208.213.227 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 152.128.119.234 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 196.53.232.254 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 45.100.207.75 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 218.13.131.203 |
Source: 6336.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 6336.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: 6229.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 6229.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: 6228.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 6228.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: 6342.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 6342.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: 6330.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 6330.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: 6235.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 6235.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: 6325.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 6325.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: 6226.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 6226.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6228, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6228, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6229, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6229, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6235, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6235, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6330, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6330, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6336, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6336, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 Author: unknown |
Source: Process Memory Space: HUIHmcbfpW PID: 6342, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c Author: unknown |
Source: 6336.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 6336.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: 6229.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 6229.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: 6228.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 6228.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: 6342.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 6342.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: 6330.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 6330.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: 6235.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 6235.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: 6325.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 6325.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: 6226.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: 6226.1.00007f8a6400b000.00007f8a64010000.r-x.sdmp, type: MEMORY |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6228, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6228, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6229, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6229, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6235, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6235, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6330, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6330, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6336, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6336, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_ea92cca8 os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = aa4aee9f3d6bedd8234eaf8778895a0f5d71c42b21f2a428f01f121e85704e8e, id = ea92cca8-bba7-4a1c-9b88-a2d051ad0021, last_modified = 2021-09-16 |
Source: Process Memory Space: HUIHmcbfpW PID: 6342, type: MEMORYSTR |
Matched rule: Linux_Trojan_Gafgyt_28a2fe0c os = linux, severity = x86, creation_date = 2021-01-12, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.Gafgyt, fingerprint = a2c6beaec18ca876e8487c11bcc7a29279669588aacb7d3027d8d8df8f5bcead, id = 28a2fe0c-eed5-4c79-81e6-3b11b73a4ebd, last_modified = 2021-09-16 |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/491/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/793/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/772/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/796/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/774/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/797/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/777/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/799/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/658/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/912/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/759/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/936/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/918/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/1/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/761/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/785/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/884/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/720/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/721/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/788/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/789/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/800/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/801/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/847/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6234) |
File opened: /proc/904/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/491/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/793/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/772/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/796/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/774/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/797/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/777/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/799/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/658/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/912/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/759/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/936/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/918/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/1/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/761/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/785/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/884/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/720/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/721/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/788/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/789/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/800/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/801/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/847/fd |
Jump to behavior |
Source: /tmp/HUIHmcbfpW (PID: 6228) |
File opened: /proc/904/fd |
Jump to behavior |
Source: HUIHmcbfpW, 6226.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6228.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6325.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6342.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6330.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6229.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6336.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6235.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp |
Binary or memory string: 8x86_64/usr/bin/qemu-ppc/tmp/HUIHmcbfpWSUDO_USER=saturninoPATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/binDISPLAY=:1.0XAUTHORITY=/run/user/1000/gdm/XauthoritySUDO_UID=1000TERM=xterm-256colorCOLORTERM=truecolorLOGNAME=rootUSER=rootLANG=en_US.UTF-8SUDO_COMMAND=/bin/bashHOME=/rootMAIL=/var/mail/rootSUDO_GID=1000SHELL=/bin/bash/tmp/HUIHmcbfpW |
Source: HUIHmcbfpW, 6226.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp |
Binary or memory string: !/etc/qemu-binfmt/ppc11!hotpluggableq |
Source: HUIHmcbfpW, 6228.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6325.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6342.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6330.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6229.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6336.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6235.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp |
Binary or memory string: !/etc/qemu-binfmt/ppc1 |
Source: HUIHmcbfpW, 6226.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6228.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6325.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6342.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6330.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6229.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6336.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp, HUIHmcbfpW, 6235.1.0000558ea9f73000.0000558eaa023000.rw-.sdmp |
Binary or memory string: /etc/qemu-binfmt/ppc |
Source: HUIHmcbfpW, 6226.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6228.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6325.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6342.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6330.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6229.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6336.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp, HUIHmcbfpW, 6235.1.00007ffda5dce000.00007ffda5def000.rw-.sdmp |
Binary or memory string: /usr/bin/qemu-ppc |