Servers are attacked every day and sometimes, those attacks are successful. There is a lot of attention to Windows executables that come down on the wire, but I also wanted to know when my systems were downloading ELF files, typically used by Linux systems. With some recent exploits that target Linux web servers and the delivery of crypto-mining software, I wrote a parser that attempts to identify Linux ELF files and places that meta in the 'filetype' meta key.
This isn't limited to crypto-mining ELF files and has detected many others in testing. The parser is attached below.
I hope you find this parser useful, and as always, happy hunting.
Chris