Modifies Watchdog functionality

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Unexpected DNS network traffic destination

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Creates/modifies Cron job

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

Modifies init.d

Adds/modifies system service, likely for persistence.

Modifies systemd

Adds/ modifies systemd service files. Likely to achieve persistence.

Writes file to system bin folder