Changes its process name

Modifies Watchdog functionality

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Renames itself

Unexpected DNS network traffic destination

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Enumerates active TCP sockets

Gets active TCP sockets from /proc virtual filesystem.

Enumerates running processes

Discovers information about currently running processes on the system