From c10808f752d494cb0442547ec4287de6396b3bff Mon Sep 17 00:00:00 2001 From: qjerome Date: Tue, 2 Jul 2024 11:15:55 +0200 Subject: [PATCH] add: [linux] samples readme --- .../README.md | 39 +++++++++++++++ .../README.md | 42 ++++++++++++++++ .../README.md | 44 +++++++++++++++++ .../README.md | 31 ++++++++++++ .../README.md | 38 +++++++++++++++ .../README.md | 38 +++++++++++++++ .../README.md | 46 ++++++++++++++++++ .../README.md | 44 +++++++++++++++++ .../README.md | 36 ++++++++++++++ .../README.md | 35 ++++++++++++++ .../README.md | 48 +++++++++++++++++++ .../README.md | 41 ++++++++++++++++ .../README.md | 39 +++++++++++++++ .../README.md | 25 ++++++++++ .../README.md | 35 ++++++++++++++ .../README.md | 48 +++++++++++++++++++ .../README.md | 42 ++++++++++++++++ .../README.md | 38 +++++++++++++++ .../README.md | 47 ++++++++++++++++++ 19 files changed, 756 insertions(+) create mode 100644 linux/15e67237cfda7a9b6cd6d27af76b315c79ad65daeec127f84128904b8c7757dd/README.md create mode 100644 linux/17d8569d683f39d71f051cc0d2d33a662e549635cd74460c72ba1e49224bc35c/README.md create mode 100644 linux/233e29773d33eec0dcb43eb133d4595735e98d83cbf59d2533f1a88e286dcabe/README.md create mode 100644 linux/43e4589a894146664907f21c8817d16b02d353d0d9af02bd8db67c21891b8c08/README.md create mode 100644 linux/44c21f98d1fe78e1466ddc9dfd1113e1e416934b6a0eb2b1da0bcf27535f7775/README.md create mode 100644 linux/6420f5d7d48b75d687b8356e93c82721bb536c633d773f8985f74c8977425f04/README.md create mode 100644 linux/6ebf51d169240f1c233aaf49da07005eca3529ae4c9b19b9de78f906ad7527a6/README.md create mode 100644 linux/713b699c04f21000fca981e698e1046d4595f423bd5741d712fd7e0bc358c771/README.md create mode 100644 linux/776ea636ee33aab6b2db5f46889b027c297280db37400efb091e0d4a9001a7d7/README.md create mode 100644 linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/README.md create mode 100644 linux/ad69790f301c6b7cebaa84a7fecd6431e87b09526d81a3c618bdf985e08edf3b/README.md create mode 100644 linux/b87ad7dba1d367c437db51045e57835f77e8d9735d5c917c6d16984fbde8a3c5/README.md create mode 100644 linux/bc70f90946d19b022fae8740cd3d5b349da29d1b3353cc01c3192ba0ba48ae79/README.md create mode 100644 linux/d14544d70f8193d9369020701d02a028408646cfd432e344da98c93ceaaa5e87/README.md create mode 100644 linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/README.md create mode 100644 linux/e27571a89dfbb256bdf2aa7ff0a062bd10bd712c46d7ddc045a8ac85c4903c2f/README.md create mode 100644 linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/README.md create mode 100644 linux/e89b79c039776ff64e4979a80fa95c020161a98f8cb434fbfd09f409ba73bd9e/README.md create mode 100644 linux/fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73/README.md diff --git a/linux/15e67237cfda7a9b6cd6d27af76b315c79ad65daeec127f84128904b8c7757dd/README.md b/linux/15e67237cfda7a9b6cd6d27af76b315c79ad65daeec127f84128904b8c7757dd/README.md new file mode 100644 index 0000000..97e8977 --- /dev/null +++ b/linux/15e67237cfda7a9b6cd6d27af76b315c79ad65daeec127f84128904b8c7757dd/README.md @@ -0,0 +1,39 @@ +# Detection Names + +a variant of Linux/Mirai.A +Backdoor.Linux.Mirai.wan +Backdoor.Mirai/Linux!1.BBED (CLOUD) +Backdoor.Mirai.Linux.80659 +Detected +E32/Mirai.ZT +ELF/Mirai.A!tr +GenericRXHY-TW!827461D60DCF +GenericRXHY-TW!827461D60DCF +HEUR:Backdoor.Linux.Mirai.b +HEUR:Backdoor.Linux.Mirai.b +Linux/DDoS-CI +Linux.Mirai +Linux.Mirai.754 +Linux.Mirai.BDA +LINUX/Mirai.krkyt +Malicious (score: 99) +malware (ai score=99) +Malware.LINUX/Mirai.krkyt +Other:Malware-gen [Trj] +Other:Malware-gen [Trj] +Static AI - Malicious ELF +Suspicious.Linux.Save.a +Trojan[Backdoor]/Linux.Mirai.b +Trojan.Elf32.Mirai.ftavlz +Trojan.Linux.Generic.112611 +Trojan.Linux.Generic.112611 +Trojan.Linux.Generic.112611 +Trojan.Linux.Generic.112611 +Trojan.Linux.Generic.112611 +Trojan.Linux.Generic.112611 +Trojan.Linux.Generic.112611 (B) +Trojan.Linux.Generic.D1B7E3 +Trojan.Linux.Linux.4!c +Trojan.Linux.Mirai +Trojan:Linux/Mirai +Unix.Malware.Agent-7052919-0 diff --git a/linux/17d8569d683f39d71f051cc0d2d33a662e549635cd74460c72ba1e49224bc35c/README.md b/linux/17d8569d683f39d71f051cc0d2d33a662e549635cd74460c72ba1e49224bc35c/README.md new file mode 100644 index 0000000..79fe456 --- /dev/null +++ b/linux/17d8569d683f39d71f051cc0d2d33a662e549635cd74460c72ba1e49224bc35c/README.md @@ -0,0 +1,42 @@ +# Detection Names + +Artemis!Trojan +Backdoor.linux.ganiw.h +Backdoor/Linux.ku +Backdoor.Linux.Tsunami.CK +Backdoor.Linux.Tsunami.CK +Backdoor.Linux.Tsunami.CK +Backdoor.Linux.Tsunami.CK +Backdoor.Linux.Tsunami.CK +Backdoor.Linux.Tsunami.CK +Backdoor.Linux.Tsunami.CK +Backdoor.Linux.Tsunami.CK (B) +Backdoor.Setag/Linux!1.A3E5 (CLOUD) +Detected +ELF:Elknot-AD [Cryp] +ELF:Elknot-AD [Cryp] +ELF/Setag.B!tr +ELF_SETAG.DM +ELF_SETAG.DM +HEUR:Backdoor.Linux.Ganiw.d +HEUR:Backdoor.Linux.Ganiw.d +Linux.BackDoor.Gates.9 +Linux.BackDoor.Gates.G +Linux.Chikdos.B!gen2 +Linux/DDoS-BD +Linux/Elknot.525288 +LINUX/Setag.332 +Linux/Setag.B +Malicious (score: 99) +Malware@#1fpleign4a7nr +malware (ai score=100) +Malware.LINUX/Setag.332 +Static AI - Malicious ELF +Suspicious.Linux.Save.a +Trojan[Backdoor]/Linux.Ganiw.d +Trojan.Elf32.Ganiw.eksrqh +Trojan.Linux.Agent +Trojan.Linux.Ganiw.m!c +Trojan:Linux/Multiverze +Trojan.Setag.Linux.79 +Unix.Malware.Agent-1639378 diff --git a/linux/233e29773d33eec0dcb43eb133d4595735e98d83cbf59d2533f1a88e286dcabe/README.md b/linux/233e29773d33eec0dcb43eb133d4595735e98d83cbf59d2533f1a88e286dcabe/README.md new file mode 100644 index 0000000..dab98e1 --- /dev/null +++ b/linux/233e29773d33eec0dcb43eb133d4595735e98d83cbf59d2533f1a88e286dcabe/README.md @@ -0,0 +1,44 @@ +# Detection Names + +Artemis +a variant of Linux/Mirai.CGA +Backdoor.Linux.iurg +Backdoor:Linux/Mirai.GO!MTB +Backdoor.Mirai/Linux!8.13285 (C64:YzY0OiCCCdak1Hd9) +DDoS:Linux/Mirai.CUZ +Detected +E32/Mirai.G.gen!Camelot +ELF:Mirai-CRS [Trj] +ELF:Mirai-CRS [Trj] +ELF/TrojanGen.A +EXP/ELF.Agent.J.12 +Exploit.EXP/ELF.Agent.J.12 +Gen:NN.Mirai.36808 +HEUR:Backdoor.Linux.Mirai.hh +HEUR:Backdoor.Linux.Mirai.hh +Linux.Backdoor.Mirai.hh +Linux.Generic.Threat +Linux.Mirai.8384 +Linux/Mirai.CGA!tr +Mal/Generic-S +Malicious (score: 99) +malware (ai score=99) +Static AI - Malicious ELF +Suspicious.Linux.Save.a +Trojan ( 0040f9431 ) +Trojan[Backdoor]/Linux.Mirai.hh +Trojan.Gen.NPE +Trojan.Linux.Generic.D7997 +Trojan.Linux.GenericKD.31127 +Trojan.Linux.GenericKD.31127 +Trojan.Linux.GenericKD.31127 +Trojan.Linux.GenericKD.31127 +Trojan.Linux.GenericKD.31127 +Trojan.Linux.GenericKD.31127 +Trojan.Linux.GenericKD.31127 (B) +Trojan.Linux.Mirai +Trojan.Linux.Mirai.cad +Trojan.Linux.Mirai.K!c +TROJ_GEN.R002C0DFD24 +TROJ_GEN.R002C0DFD24 +Unix.Trojan.Mirai-9950938-0 diff --git a/linux/43e4589a894146664907f21c8817d16b02d353d0d9af02bd8db67c21891b8c08/README.md b/linux/43e4589a894146664907f21c8817d16b02d353d0d9af02bd8db67c21891b8c08/README.md new file mode 100644 index 0000000..d72ffb2 --- /dev/null +++ b/linux/43e4589a894146664907f21c8817d16b02d353d0d9af02bd8db67c21891b8c08/README.md @@ -0,0 +1,31 @@ +# Detection Names + +a variant of Linux/Mirai.BR +Backdoor.Linux.ckja +Backdoor.Linux.Mirai.was +Backdoor.Mirai/Linux!1.BAF6 (CLOUD) +Backdoor.Mirai.Linux.50936 +HEUR:Backdoor.Linux.Mirai.dx +Linux.Mirai +Linux.Mirai.1439 +Linux/Mirai.BR!tr +Linux.Mirai.CDJ +LINUX/Mirai.mmvhk +Malicious (score: 99) +Other:Malware-gen [Trj] +Other:Malware-gen [Trj] +RDN/Generic BackDoor.vq +RDN/Generic BackDoor.vq +Trojan.Linux.Generic.48222 +Trojan.Linux.Generic.48222 +Trojan.Linux.Generic.48222 +Trojan.Linux.Generic.48222 +Trojan.Linux.Generic.48222 +Trojan.Linux.Generic.48222 +Trojan.Linux.Generic.48222 (B) +Trojan.Linux.Generic.DBC5E +Trojan.Linux.Mirai +Trojan.Linux.Mirai.K!c +Trojan.Mirai.fmuckw +Trojan:Win32/Mirai!ml +Unix.Malware.Agent-6885382-0 diff --git a/linux/44c21f98d1fe78e1466ddc9dfd1113e1e416934b6a0eb2b1da0bcf27535f7775/README.md b/linux/44c21f98d1fe78e1466ddc9dfd1113e1e416934b6a0eb2b1da0bcf27535f7775/README.md new file mode 100644 index 0000000..e88b4cb --- /dev/null +++ b/linux/44c21f98d1fe78e1466ddc9dfd1113e1e416934b6a0eb2b1da0bcf27535f7775/README.md @@ -0,0 +1,38 @@ +# Detection Names + +a variant of Linux/Gafgyt.AXI +Backdoor.Linux.Mirai.wan +DDoS +Detected +E32/ABRisk.EROA-7 +ELF/Mirai.A!tr +ELF/TrojanGen.A +Exploit.CVE-2017-17215!8.1058B (TFE:17:5yO1GHIYYTK) +HEUR:Backdoor.Linux.Mirai.b +HEUR:Backdoor.Linux.Mirai.b +Linux.Backdoor.Mirai.b +LINUX/Gafgyt.pvebx +Linux.Siggen.9999 +Mal/Generic-S +Malicious (score: 99) +Malware.LINUX/Gafgyt.pvebx +Other:Malware-gen [Trj] +Other:Malware-gen [Trj] +Possible_SMMODUPXA +Suspicious.Linux.Save.a +Trojan[Backdoor]/Linux.Gafgyt.a +TrojanDDoS.Linux.nk +Trojan.Generic.35965739 +Trojan.Generic.35965739 +Trojan.Generic.35965739 +Trojan.Generic.35965739 +Trojan.Generic.35965739 +Trojan.Generic.35965739 +Trojan.Generic.35965739 (B) +Trojan.Generic.D224CB2B +Trojan.Gen.NPE +Trojan.Linux.Gafgyt +Trojan.Linux.Mirai.K!c +Trojan:Linux/Multiverze +Trojan.Malware.121218.susgen +Unix.Trojan.DarkNexus-7679166-0 diff --git a/linux/6420f5d7d48b75d687b8356e93c82721bb536c633d773f8985f74c8977425f04/README.md b/linux/6420f5d7d48b75d687b8356e93c82721bb536c633d773f8985f74c8977425f04/README.md new file mode 100644 index 0000000..58b40e6 --- /dev/null +++ b/linux/6420f5d7d48b75d687b8356e93c82721bb536c633d773f8985f74c8977425f04/README.md @@ -0,0 +1,38 @@ +# Detection Names + +Artemis!Trojan +Detected +ELF:CVE-2010-3081-E [Expl] +ELF:CVE-2010-3081-E [Expl] +ELF_EXPLOYT.LL +ELF_EXPLOYT.LL +EXP/CVE-2010-3081.B +Exp:Linux/CVE.2010.3081 +Exploit.Agent!8.1B (TFE:14:90c1BLtlaUT) +Exploit.Agent.Linux.4 +Exploit.Elf32.CVE20103081.dxkfls +Exploit.EXP/CVE-2010-3081.B +Exploit.Linux.ahn +Exploit:Linux/CVE-2010-3081.A!MTB +Exploit.MS04.CVE-2004-0210-2010-3081.B +Hacktool.Linux.Agent.3!c +HEUR:Exploit.Linux.Agent.a +HEUR:Exploit.Linux.Agent.a +Linux.CornelGEN.1714 +Linux.CornelGEN.1714 +Linux.CornelGEN.1714 +Linux.CornelGEN.1714 +Linux.CornelGEN.1714 +Linux.CornelGEN.1714 +Linux.CornelGEN.1714 (B) +Linux.CornelGEN.D6B2 +Linux/Exploit.Agent.AY +Linux.Exploit.Agent.Qgil +Linux.Exploit.CVE-2010-3081.1 +Malicious (score: 99) +Malware@#57nwy1j6aalm +malware (ai score=96) +Static AI - Suspicious ELF +Trojan[Exploit]/Linux.Agent.a +Trojan.Gen.NPE +Unix.Malware.Agent-7437248-0 diff --git a/linux/6ebf51d169240f1c233aaf49da07005eca3529ae4c9b19b9de78f906ad7527a6/README.md b/linux/6ebf51d169240f1c233aaf49da07005eca3529ae4c9b19b9de78f906ad7527a6/README.md new file mode 100644 index 0000000..b922963 --- /dev/null +++ b/linux/6ebf51d169240f1c233aaf49da07005eca3529ae4c9b19b9de78f906ad7527a6/README.md @@ -0,0 +1,46 @@ +# Detection Names + +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H (B) +Backdoor/Linux.ii +Backdoor:Linux/Setag.A +Backdoor.Setag/Linux!1.A3E5 (CLASSIC) +Backdoor.Win32.S.Agent.1135000.U +Detected +Downloader.OpenConnection.JS.100251 +E32/Setag.B +ELF:Elknot-AE [Trj] +ELF:Elknot-AE [Trj] +ELF/Setag.B!tr +ELF_SETAG.SM +ELF_SETAG.SM +EXP/ELF.Backdoor.Setag.cc.e +Exploit.EXP/ELF.Backdoor.Setag.cc.e +HEUR:Backdoor.Linux.Ganiw.d +Legacy.Trojan.Agent-1388639 +Linux/Agent.A +Linux/Agent.A +Linux/Backdoor.1135000 +Linux.BackDoor.Gates.9 +Linux.BackDoor.Gates.G +Linux.Chikdos.B!gen2 +Linux/DDoS-BD +Linux/Setag.B.Gen +Linux.Trojan.Ganiw +Linux.Trojan.Siggen.D +Malicious (score: 99) +Malware@#2hph1ko0peawr +malware (ai score=100) +Static AI - Malicious ELF +Trojan.Elf32.Ganiw.dirahp +Trojan.Linux.Agent +Trojan.Linux.Elknot.atAE +Trojan.Linux.Ganiw.a +Trojan.Malware.121218.susgen +Trojan/Win32.PowerGhost.a diff --git a/linux/713b699c04f21000fca981e698e1046d4595f423bd5741d712fd7e0bc358c771/README.md b/linux/713b699c04f21000fca981e698e1046d4595f423bd5741d712fd7e0bc358c771/README.md new file mode 100644 index 0000000..3b8b82a --- /dev/null +++ b/linux/713b699c04f21000fca981e698e1046d4595f423bd5741d712fd7e0bc358c771/README.md @@ -0,0 +1,44 @@ +# Detection Names + +Detected +E64/DCFilcdr.JVGT- +ELF:Filecoder-CT [Trj] +ELF:Filecoder-CT [Trj] +ELF/TrojanGen.A +HEUR:Trojan-Ransom.Linux.Hive.b +HEUR:Trojan-Ransom.Linux.Hive.b +Linux.Encoder.119 +LINUX/Filecoder.gijrz +Linux/Filecoder_Hive.A!tr +Linux/Filecoder.Hive.D +Linux.Ransomware.Hive +Linux.Trojan-Ransom.Hive.Jqil +Linux.Troj.Generic.v +Mal/Generic-S +Malicious (score: 99) +malware (ai score=90) +Malware.LINUX/Filecoder.gijrz +Ransom-Hive!171D2A50C6D7 +Ransom.Hive!8.12EEE (CLOUD) +Ransom:Linux/Filecoder!MTB +Ransom.U.Hive.bot +RansomWare +Ransomware/Linux.Hive.2367488 +Trojan.Elf64.Ransom.jyhqzy +Trojan.Filecoder.Linux.78 +Trojan Horse +Trojan.Linux.btf +Trojan.Linux.FILECODERHIVE.USELVL521 +Trojan.Linux.FILECODERHIVE.USELVL521 +Trojan.Linux.Hive.j!c +Trojan.Linux.Ransom.224225 +Trojan.Linux.Ransom.224225 +Trojan.Linux.Ransom.224225 +Trojan.Linux.Ransom.224225 +Trojan.Linux.Ransom.224225 +Trojan.Linux.Ransom.224225 (B) +Trojan.Linux.Ransom.D36BE1 +Trojan-Ransom.Hive +Trojan.Ransom.Linux.Gen +Trojan[Ransom]/Linux.Hive.d +Unix.Ransomware.Deadbolt-9959009-0 diff --git a/linux/776ea636ee33aab6b2db5f46889b027c297280db37400efb091e0d4a9001a7d7/README.md b/linux/776ea636ee33aab6b2db5f46889b027c297280db37400efb091e0d4a9001a7d7/README.md new file mode 100644 index 0000000..b378d5f --- /dev/null +++ b/linux/776ea636ee33aab6b2db5f46889b027c297280db37400efb091e0d4a9001a7d7/README.md @@ -0,0 +1,36 @@ +# Detection Names + +a variant of Linux/Filecoder.Sodinokibi.A +Detected +E64/ABRansom.YAVB- +ELF:Filecoder-BN [Trj] +ELF:Filecoder-BN [Trj] +Gen:Variant.Trojan.Linux.Revil.1 +Gen:Variant.Trojan.Linux.Revil.1 +Gen:Variant.Trojan.Linux.Revil.1 +Gen:Variant.Trojan.Linux.Revil.1 +Gen:Variant.Trojan.Linux.Revil.1 +Gen:Variant.Trojan.Linux.Revil.1 +Gen:Variant.Trojan.Linux.Revil.1 (B) +HEUR:Trojan-Ransom.Linux.Agent.z +HEUR:Trojan-Ransom.Linux.Agent.z +Linux.Encoder.92 +Linux/Ransm-K +Linux.RansomSodinokibi +Linux.Ransomware.Sodinokibi +LINUX/Sodinokibi.a +LINUX/Sodinokibi.G +Linux.Trojan-Ransom.Agent.Pqil +Malicious (score: 99) +malware (ai score=84) +Malware.LINUX/Sodinokibi.G +Ransom:Linux/MoneyMessage.K!MTB +Ransom.Linux.SODINOKIBI.SMYXCFL +Ransom.Sodinokibi/Linux!1.D7B7 (CLASSIC) +Ransomware:Linux/Revil.3e7c0b8a +Static AI - Suspicious ELF +Trojan.Generic.gyagl +Trojan-Ransom.Elf.REvil +Trojan[Ransom]/Linux.Sodin.gen +Trojan.Trojan.Linux.Revil.1 +Unix.Ransomware.REvil-9876132-0 diff --git a/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/README.md b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/README.md new file mode 100644 index 0000000..2756119 --- /dev/null +++ b/linux/9e70725640c4284e2049e4b25c9cc46cca496053cebf69855ec25acc9bd63e05/README.md @@ -0,0 +1,35 @@ +# Detection Names + +Backdoor[shellcode]:Linux/fackexp.A +Detected +E64/Agent.OF +ELF:Agent-BIN [Expl] +ELF:Agent-BIN [Expl] +ELF/TrojanGen.A +EXP/AVI.Agent.ocayj +Exploit.Agent +Exploit.Agent/Linux!1.FD49 (CLASSIC) +Exploit.EXP/AVI.Agent.ocayj +GenericRXTD-TM!85ED1956D405 +GenericRXTD-TM!85ED1956D405 +HEUR:Trojan-Dropper.Linux.Agent.l +HEUR:Trojan-Dropper.Linux.Agent.l +Linux/Exploit.Agent.GU +Linux.MulDrop.85 +Linux.Trojan-Dropper.Agent.l +Linux.Trojan-Dropper.Agent.Tnkl +Malicious (score: 99) +TrojanDropper.Linux.ed +Trojan[Exploit]/Linux.Agent.gen +Trojan.Generic.36318000 +Trojan.Generic.36318000 +Trojan.Generic.36318000 +Trojan.Generic.36318000 +Trojan.Generic.36318000 +Trojan.Generic.36318000 +Trojan.Generic.36318000 (B) +Trojan.Generic.D22A2B30 +Trojan.Gen.NPE +Trojan.Linux.Agent.b!c +Trojan:Linux/Multiverze +TROJ_GEN.R002C0DFD24 diff --git a/linux/ad69790f301c6b7cebaa84a7fecd6431e87b09526d81a3c618bdf985e08edf3b/README.md b/linux/ad69790f301c6b7cebaa84a7fecd6431e87b09526d81a3c618bdf985e08edf3b/README.md new file mode 100644 index 0000000..d6dbb5c --- /dev/null +++ b/linux/ad69790f301c6b7cebaa84a7fecd6431e87b09526d81a3c618bdf985e08edf3b/README.md @@ -0,0 +1,48 @@ +# Detection Names + +a variant of Linux/Gafgyt.WN +Backdoor.Linux.BASHLITE.SMJC11 +Backdoor.Linux.BASHLITE.SMJC11 +Backdoor:Linux/DemonBot.Aa!MTB +Backdoor.Linux.ivck +Backdoor.Mirai/Linux!1.F3F6 (CLASSIC) +DDOS:Linux/Gafgyt +Detected +E32/Gafgyt.AU.gen!Camelot +ELF:Agent-AYQ [Trj] +ELF:Agent-AYQ [Trj] +ELF:Gafgyt-KS [Trj] +elf.Mirai.2002004 +ELF/Mirai.ASW!tr +Elf.trojan.A12367304 +Gen:NN.Mirai.36808 +HEUR:Backdoor.Linux.Gafgyt.dd +HEUR:Backdoor.Linux.Gafgyt.dd +Linux/DDoS-BI +Linux/Gafgyt.Gen28 +Linux.Lightaidra!g1 +LINUX/Mirai.Gafgyt. +Linux.Trojan.Gafgyt +Lnx/Gafgyt-FEEU!8022D0F0F168 +Lnx/Gafgyt-FEEU!8022D0F0F168 +Malicious (score: 99) +malware (ai score=100) +Malware.LINUX/Mirai.Gafgyt. +Static AI - Malicious ELF +Suspicious.Linux.Save.a +Trojan ( 0040f4a51 ) +Trojan.Elf32.Gafgyt.koqfyn +Trojan.Generic.36456695 +Trojan.Generic.36456695 +Trojan.Generic.36456695 +Trojan.Generic.36456695 +Trojan.Generic.36456695 +Trojan.Generic.36456695 +Trojan.Generic.36456695 (B) +Trojan.Generic.D22C48F7 +Trojan.Linux.Gafgyt +Trojan.Linux.Gafgyt.cab +Trojan.Linux.Gafgyt.m!c +Trojan/Linux.Mirai.a +Trojan.Malware.121218.susgen +Unix.Trojan.Tsunami-6981155-0 diff --git a/linux/b87ad7dba1d367c437db51045e57835f77e8d9735d5c917c6d16984fbde8a3c5/README.md b/linux/b87ad7dba1d367c437db51045e57835f77e8d9735d5c917c6d16984fbde8a3c5/README.md new file mode 100644 index 0000000..7ddd546 --- /dev/null +++ b/linux/b87ad7dba1d367c437db51045e57835f77e8d9735d5c917c6d16984fbde8a3c5/README.md @@ -0,0 +1,41 @@ +# Detection Names + +Artemis!Trojan +a variant of Linux/Exploit.Ptrace.F +Detected +ELF:Local-AN [Expl] +ELF:Local-AN [Expl] +EXP/Linux.Loc.G +Exploit.Elf32.Ptrace.gmrsfc +Exploit.EXP/Linux.Loc.G +Exploit.Linux.dc +Exploit.Linux.Local.g +Exploit.Linux.Local.g +Exploit:Linux/Local.G +Exploit.Linux.Local.V7mc +Exploit.Local.Linux.10 +Exploit.Ptrace +Exploit.Ptrace +Generic.Win32.620159aa1a!MD +Hack.Exploit.Local.b (CLASSIC) +Hacktool.Linux.Local.3!c +Hacktool.Rootkit +Linux.Exploit.Local.Gplw +Linux/Local.G!exploit +Malicious (score: 99) +Malware@#3v0p2sqqn68wd +malware (ai score=100) +Static AI - Malicious ELF +Trojan[Exploit]/Linux.Local.g +Trojan.Exploit.Linux.Local.G +Trojan.Exploit.Linux.Local.G +Trojan.Exploit.Linux.Local.G +Trojan.Exploit.Linux.Local.G +Trojan.Exploit.Linux.Local.G +Trojan.Exploit.Linux.Local.G +Trojan.Exploit.Linux.Local.G +Trojan.Exploit.Linux.Local.G (B) +Troj/ExpPtr-Gen +TROJ_Generic +TROJ_Generic +Unix.Malware.Agent-7437260-0 diff --git a/linux/bc70f90946d19b022fae8740cd3d5b349da29d1b3353cc01c3192ba0ba48ae79/README.md b/linux/bc70f90946d19b022fae8740cd3d5b349da29d1b3353cc01c3192ba0ba48ae79/README.md new file mode 100644 index 0000000..040a1e5 --- /dev/null +++ b/linux/bc70f90946d19b022fae8740cd3d5b349da29d1b3353cc01c3192ba0ba48ae79/README.md @@ -0,0 +1,39 @@ +# Detection Names + +a variant of Linux/Mirai.A +Backdoor.Linux.cvfs +Backdoor.Linux.Mirai.wam +Backdoor.Mirai/Linux!1.BBED (CLOUD) +Backdoor.Mirai.Linux.64830 +Detected +E32/DCMirai.HBVP-4 +ELF/Mirai.AT!tr +ELF:Mirai-GH [Trj] +ELF:Mirai-GH [Trj] +ELF:Mirai-GH [Trj] +GenericRXRF-AW!7EEA3513AE50 +GenericRXRF-AW!7EEA3513AE50 +HEUR:Backdoor.Linux.Mirai.b +HEUR:Backdoor.Linux.Mirai.b +Linux.Mirai +Linux.Mirai.BUK +LINUX/Mirai.vjxwx +Linux.Siggen.9999 +Mal/Generic-S +Malicious (score: 99) +Malware@#1v8msmkw4mn1l +malware (ai score=94) +Malware.LINUX/Mirai.vjxwx +Suspicious.Linux.Save.a +Trojan:JS/CoinHive +Trojan.Linux.Generic.64383 +Trojan.Linux.Generic.64383 +Trojan.Linux.Generic.64383 +Trojan.Linux.Generic.64383 +Trojan.Linux.Generic.64383 +Trojan.Linux.Generic.64383 +Trojan.Linux.Generic.64383 (B) +Trojan.Linux.Generic.DFB7F +Trojan.Linux.Mirai +Trojan.Linux.Mirai.K!c +Unix.Malware.Agent-6974494-0 diff --git a/linux/d14544d70f8193d9369020701d02a028408646cfd432e344da98c93ceaaa5e87/README.md b/linux/d14544d70f8193d9369020701d02a028408646cfd432e344da98c93ceaaa5e87/README.md new file mode 100644 index 0000000..61a9d17 --- /dev/null +++ b/linux/d14544d70f8193d9369020701d02a028408646cfd432e344da98c93ceaaa5e87/README.md @@ -0,0 +1,25 @@ +# Detection Names + +Backdoor.Linux.ayjk +Backdoor.Linux.Mirai +Backdoor:Linux/Mirai.YA!MTB +ELF/Agent.MKVM!tr +GenericRXJQ-YA!818F3611E82A +GenericRXJQ-YA!818F3611E82A +Linux/Hajime.18048 +Linux.Mirai.4338 +LINUX/Mirai.mznjr +Malicious (score: 99) +malware (ai score=99) +Trojan.ElfArm32.Mirai.hwjamu +Trojan.Generic.D207A4DB +Trojan.GenericKD.34055387 +Trojan.GenericKD.34055387 +Trojan.GenericKD.34055387 +Trojan.GenericKD.34055387 +Trojan.GenericKD.34055387 +Trojan.GenericKD.34055387 +Trojan.GenericKD.34055387 (B) +Trojan.Gen.NPE +Trojan.Linux.Generic.4!c +Trojan.Mirai.Linux.77146 diff --git a/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/README.md b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/README.md new file mode 100644 index 0000000..918d87b --- /dev/null +++ b/linux/d7df995dd45d5498770389d9e85064cdaa12f623ae9a22b6c61966c70eee5161/README.md @@ -0,0 +1,35 @@ +# Detection Names + +a variant of Linux/Packed.Obfuscated.B suspicious +Backdoor.Sliver!1.FCA0 (CLOUD) +Detected +E64/ABRisk.RBUI-4 +ELF:Sliver-G [Trj] +ELF:Sliver-G [Trj] +HEUR:Trojan.Multi.MalGO.gen +HEUR:Trojan.Multi.MalGO.gen +LINUX/AVA.Sliver.vqxpa +Linux.Troj.Unknown.a +Mal/Generic-S +Malicious (score: 99) +malware (ai score=99) +Malware.LINUX/AVA.Sliver.vqxpa +Multi.Trojan.Sliver +Program:Linux/Multiverze +Riskware/Application +Static AI - Malicious ELF +Trojan.Gen.NPE +Trojan.Linux.Generic.361606 +Trojan.Linux.Generic.361606 +Trojan.Linux.Generic.361606 +Trojan.Linux.Generic.361606 +Trojan.Linux.Generic.361606 +Trojan.Linux.Generic.361606 +Trojan.Linux.Generic.361606 (B) +Trojan.Linux.Generic.D58486 +Trojan/Linux.MalGO.gen +Trojan:Linux/MalGO.gyf +Trojan.Linux.Sliver.4!c +TROJ_GEN.R002H09FP24 +Unix.Malware.Sliver-10012938-0 +Win32.Trojan.Malgo.Ximw diff --git a/linux/e27571a89dfbb256bdf2aa7ff0a062bd10bd712c46d7ddc045a8ac85c4903c2f/README.md b/linux/e27571a89dfbb256bdf2aa7ff0a062bd10bd712c46d7ddc045a8ac85c4903c2f/README.md new file mode 100644 index 0000000..b9ba3f5 --- /dev/null +++ b/linux/e27571a89dfbb256bdf2aa7ff0a062bd10bd712c46d7ddc045a8ac85c4903c2f/README.md @@ -0,0 +1,48 @@ +# Detection Names + +Backdoor.Linux.Ganiw.a +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H +Backdoor.Linux.Ganiw.H (B) +Backdoor/Linux.ii +Backdoor:Linux/Setag.A +Backdoor.Setag/Linux!1.A3E5 (CLASSIC) +Detected +Downloader.OpenConnection.JS.100251 +E32/Setag.B +ELF:Elknot-AE [Trj] +ELF:Elknot-AE [Trj] +ELF/Setag.B!tr +ELF_SETAG.SM +ELF_SETAG.SM +HEUR:Backdoor.Linux.Ganiw.d +HEUR:Backdoor.Linux.Ganiw.d +Legacy.Trojan.Agent-1388639 +Linux/Agent.A +Linux/Agent.A +Linux/Backdoor.1135000 +Linux.BackDoor.Gates.9 +Linux.BackDoor.Gates.G +Linux.Chikdos.B!gen2 +Linux/DDoS-BD +LINUX/Setag.axyb +Linux/Setag.B.Gen +Linux.Trojan.Ganiw +Linux.Trojan.Siggen.D +Malicious (score: 99) +Malware@#3xsifarbkt6j +malware (ai score=100) +Malware.LINUX/Setag.axyb +Script.Ks.Malware.14758 +Static AI - Malicious ELF +Trojan.Elf32.Ganiw.dirahp +Trojan.Linux.Agent +Trojan.Linux.Elknot.atAE +Trojan.Linux.Ganiw.a +Trojan.Malware.121218.susgen +Trojan.U.Gen.tr +Trojan/Win32.PowerGhost.a diff --git a/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/README.md b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/README.md new file mode 100644 index 0000000..b744afc --- /dev/null +++ b/linux/e59dd13dc8dbb2c9e3612c6f1188622067ed388f6248567c56479d1677c79e5b/README.md @@ -0,0 +1,42 @@ +# Detection Names + +a variant of Linux/Tsunami.NCD +Backdoor.BDS/Katien.R +Backdoor.Linux.aeeb +Backdoor:Linux/Tsunami.C!MTB +Backdoor.Linux.Tsunami.x +Backdoor.Tsunami/Linux!1.A1B2 (CLASSIC) +BDS/Katien.R +DDoS:Linux/Tsunami +Detected +E32/Mirai.DJ.gen!Camelot +ELF_KAITEN.SM +ELF_KAITEN.SM +ELF:Tsunami-A +ELF:Tsunami-A +ELF:Tsunami-FP [Trj] +ELF/Tsunami.NCD!tr +Generic.Malware.GJIFg.78B1411A +Generic.Malware.GJIFg.78B1411A +Generic.Malware.GJIFg.78B1411A (B) +Gen:NN.Mirai.36808 +HEUR:Backdoor.Linux.Tsunami.bh +HEUR:Backdoor.Linux.Tsunami.bh +Linux/DDoS-Kaiten.gen.a +Linux/DDoS-Kaiten.gen.a +Linux.Kaiten +Linux.Siggen.9999 +Linux.Trojan.Gafgyt +Linux/Tsunami-A +Linux/Tsunami.Gen +Malicious (score: 99) +malware (ai score=100) +Script.Ks.Malware.3227 +Static AI - Malicious ELF +Suspicious.Linux.Save.a +Trojan ( 0040f09d1 ) +Trojan.Elf32.Tsunami.knlqdv +Trojan.Linux.Mirai +Trojan/Linux.Tsunami.a +Trojan.Linux.Tsunami.m!c +Win.Trojan.Tsunami-5 diff --git a/linux/e89b79c039776ff64e4979a80fa95c020161a98f8cb434fbfd09f409ba73bd9e/README.md b/linux/e89b79c039776ff64e4979a80fa95c020161a98f8cb434fbfd09f409ba73bd9e/README.md new file mode 100644 index 0000000..67d2d89 --- /dev/null +++ b/linux/e89b79c039776ff64e4979a80fa95c020161a98f8cb434fbfd09f409ba73bd9e/README.md @@ -0,0 +1,38 @@ +# Detection Names + +Adware/Miner +Application.Linux.Generic.23454 +Application.Linux.Generic.23454 +Application.Linux.Generic.23454 +Application.Linux.Generic.23454 +Application.Linux.Generic.23454 +Application.Linux.Generic.23454 +Application.Linux.Generic.23454 (B) +Application.Linux.Generic.D5B9E +Artemis!Trojan +a variant of Linux/CoinMiner.CP potentially unwanted +CoinMiner.Linux.Agent.Vnyp +Detected +E32/ABRisk.AUAW-18 +ELF/TrojanGen.A +Generic Reputation PUA (PUA) +GrayWare/Linux.CoinMiner.cp +Linux.Risktool.Bitcoinminer.Usmw +Linux.Siggen.7528 +Linux.Troj.Generic.v +Malicious (score: 99) +malware (ai score=90) +Miner:Multi/XMRig +not-a-virus:HEUR:RiskTool.Linux.BitCoinMiner.n +not-a-virus:HEUR:RiskTool.Linux.BitCoinMiner.n +Other:Malware-gen [Trj] +Other:Malware-gen [Trj] +PotentialRisk.PUA/AVI.CoinMiner.sphdl +PUA/AVI.CoinMiner.sphdl +PUA.CoinMiner/Linux!8.15288 (CLOUD) +RiskTool.Linux.dro +Riskware.Linux.BitCoinMiner.1!c +Trojan.Gen.NPE +Trojan:Linux/CoinMiner +TROJ_GEN.R002C0DF524 +TROJ_GEN.R002C0DF524 diff --git a/linux/fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73/README.md b/linux/fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73/README.md new file mode 100644 index 0000000..30ecccc --- /dev/null +++ b/linux/fa0defdabd9fd43fe2ef1ec33574ea1af1290bd3d763fdb2bed443f2bd996d73/README.md @@ -0,0 +1,47 @@ +# Detection Names + +a variant of Linux/BpfDoor.B +Backdoor.BPFDoor/Linux!1.EF16 (CLASSIC) +Backdoor.Linux.BPFDoor +Backdoor/Linux.Bpfdoor.28832 +Backdoor:Linux/BPFDoor.A!MTB +Backdoor.Linux.BPFDOOR.AS +Backdoor.Linux.BPFDOOR.AS +Backdoor.Linux.flhb +Backdoor.Trojan +Detected +E64/Agent.DI +ELF:Agent-AOI [Trj] +ELF:Agent-AOI [Trj] +ELF:Agent-BNJ [Trj] +ELF.Mirai.47214.GC +HEUR:Backdoor.Linux.Agent.co +HEUR:Backdoor.Linux.Agent.co +LINUX/Agent.awj +Linux/Agent.KC!tr +Linux.Backdoor.Agent.Xfow +Linux/Bckdr-RYJ +Linux.Siggen.3707 +Linux.Trojan.BPFDoor +Linux.Troj.Generic.yz +Malicious (score: 99) +Malware@#2va7z0hek31ce +malware (ai score=100) +Malware.LINUX/Agent.awj +RDN/Generic BackDoor +RDN/Generic BackDoor +Static AI - Malicious ELF +Suspicious.Linux.Save.a +Trojan[Backdoor]/Linux.Agent.co +Trojan.BpfDoor.Linux.5 +Trojan.Linux.Agent +Trojan.Linux.BPFDoor.m!c +Trojan.Linux.Generic.186585 +Trojan.Linux.Generic.186585 +Trojan.Linux.Generic.186585 +Trojan.Linux.Generic.186585 +Trojan.Linux.Generic.186585 +Trojan.Linux.Generic.186585 (B) +Trojan.Linux.Generic.D2D8D9 +Trojan:Linux/LinuxAgent +Unix.Backdoor.RedMenshen-9950338-1