YARA signature "exploit" classified file "cb1392724a62elf.bin" as "exploit" based on indicators: "set_fs_root,set_fs_pwd,_virt_addr_valid,init_task,init_fs,bad_file_ops,bad_file_aio_read,security_ops,default_security_ops,audit_enabled,commit_creds,prepare_kernel_cred,ptmx_fops,node_states" (Reference:, Author: xorseed) YARA signature "rootkit" classified file "cb1392724a62elf.bin" as "rootkit,backdoor" based on indicators: "sys_write,sys_getdents,sys_getdents64,sys_getpgid,sys_getsid,sys_setpgid,sys_kill,sys_tgkill,sys_tkill,sys_sched_setscheduler,sys_sched_setparam,sys_sched_getscheduler,sys_sched_getparam,sys_sched_setaffinity,sys_sched_getaffinity,sys_sched_rr_get_interval,sys_wait4,sys_waitid,sys_rt_tgsigqueueinfo,sys_rt_sigqueueinfo,sys_prlimit64,sys_ptrace,sys_migrate_pages,sys_move_pages,sys_get_robust_list,sys_perf_event_open,sys_uname,sys_unlink,sys_unlikat,sys_rename,sys_read,kobject_del,list_del_init,inet_ioctl" (Reference:, Author: xorseed) YARA signature "LinuxTsunami" classified file "cb1392724a62elf.bin" as "ddos,dofloo" based on indicators: "PRIVMSG %s :Hitting %s,NOTICE %s :TSUNAMI ,NOTICE %s :I'm having a problem resolving my host, someone will have to SPOOFS me manually."
YARA signature "LinuxMrBlack" classified file "cb1392724a62elf.bin" as "ddos,dofloo" based on indicators: "Mr.Black,VERS0NEX:%s|%d|%d|%s" YARA signature "Linu圎lknot" classified file "cb1392724a62elf.bin" as "ddos,elknot,dnsmp,botnet" based on indicators: "ZN8CUtility7DeCryptEPciPKci,ZN13CThreadAttack5StartEP11CCmdMessage" YARA signature "LinuxBillGates" classified file "cb1392724a62elf.bin" as "botnet,billgates" based on indicators: "12CUpdateGates,11CUpdateBill"
YARA signature "LinuxAESDDoS" classified file "cb1392724a62elf.bin" as "ddos" based on indicators: "3AES,Hacker,VERSONEX"
YARA signature "ChickenDOS_Linux" classified file "cb1392724a62elf.bin" as "chickenddos,ddos" based on indicators: "fake.cfg,ThreadAttack.cpp,Fake.cpp,dns_array,DomainRandEx,cpu %llu %llu %llu %llu, %s" (Author: Jason Jones )
#Irc co 3600 xscan Patch
YARA signature "ELF_Linux_Torte" classified file "cb1392724a62elf.bin" as "torte,botnet" based on indicators: "Mozilla/5.0 (Windows U Windows NT 5.1 en-US rv:1.7.6),Mozilla/5.0 (Windows U Windows NT 5.1 zh-CN (Author: signature "ELF_Linux_Torte_domains" classified file "cb1392724a62elf.bin" as "torte,botnet" based on indicators: "," (Author: signature "Linux_Dirt圜ow_Exploit" classified file "cb1392724a62elf.bin" as "exploit,dirtycow" based on indicators: "4889d641b9000000004189c0b902000000ba01000000bf00000000,e800fcffff488b45e8be000000004889c7e800fcffff488b45f0be000000004889,e800fcffffb800000000,madvise(map,100,MADV_DONTNEED) ,map,SEEK_SET) ,mmap %x,procselfmem %d,madvise %d, failed to patch payload, failed to win race condition., waiting for reverse connect shell.,/proc/self/mem,/proc/%d/mem,/proc/self/map,/proc/%d/map" (Reference:, Author: Florian Roth) " 2.2.2X-Mining-Extensionscpuminer 2.2.3X-Mining-ExtensionsUfasoft bitcoin-miner/0.20stratumsoftware\\microsoft\\systemcertificates\\spc\\.co.ukSOFTWARE\\Vitalwerks\\\\microsoft\\internet account managersoftware\\microsoft\\identitycrl\\credsSecurity\\Policy\\.dbcert8.dbke圓.32.dllNetShareGetInfoNetShareEnumultravnc.iniSta" (Indicator: "" File: "cb1392724a62elf.bin")