Level: Critical

Purpose: After a recent DOS attack, some executable malicious files were found on servers, namely shiro.sh and loudscream. This alert will fire if any of these files are found on the server with executable permission.

Scenario: Potential DOS attack on the server.

Resolution: Log into the server and check if the following files are found

• shiro.sh
• loudscream
• KKveTTgaAAsecNNaaaa*

Manual Action Steps:

• Check for above files: sudo find / -xdev -executable -name “*<FILENAME>*”
• Make files non executable: sudo chmod 444 /path/to/file
• Run maldet check on all servers

Auto Clear: Yes