Quimitchin Backdoor
select * from launchd where name = 'com.client.client.plist';View Full Query Details
Ramdisk
select * from block_devices where type = 'Virtual Interface';View Full Query Details
Ramen Worm
select * from file where path in ('/usr/lib/ldlibps.so', '/usr/lib/ldlibns.so', '/usr/lib/ldliblogin.so', '/usr/src/.poop', '/tmp/ramen.tgz', '/etc/xinetd.d/asp');View Full Query DetailsRecent Items
select username, key, value from plist p, (select * from users where directory like '/Users/%') u where p.path = u.directory || '/Library/Preferences/com.apple.recentitems.plist';View Full Query Details
Rh Sharpe
select * from file where path in ('/bin/.ps', '/usr/bin/cleaner', '/usr/bin/slice', '/usr/bin/vadim', '/usr/bin/.ps', '/bin/.lpstree', '/usr/bin/.lpstree', '/usr/bin/lnetstat', '/bin/lnetstat', '/usr/bin/ldu', '/bin/ldu', '/usr/bin/lkillall', '/bin/lkillall', '/usr/include/rpcsvc/du');View Full Query DetailsRk17
select * from file where path in ('/bin/rtty', '/bin/squit', '/sbin/pback', '/proc/kset', '/usr/src/linux/modules/autod.o', '/usr/src/linux/modules/soundx.o');View Full Query DetailsRomanian Rootkit
select * from file where path in ('/usr/sbin/initdl', '/usr/sbin/xntps');View Full Query DetailsRpm Packages
select * from rpm_packages;View Full Query Details
Rsha
select * from file where path in ('/usr/bin/kr4p', '/usr/bin/n3tstat', '/usr/bin/chsh2', '/usr/bin/slice2', '/etc/rc.d/rsha');View Full Query DetailsRule
select * from registry where key like 'HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\SrpV2\%\%\Value'View Full Query Details